Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problem with BackDoor.sdbot.xd and eraseme [RESOLVED]

Started by SoonerBro , Nov 06 2005 06:02 AM

  • This topic is locked This topic is locked

#16
SoonerBro
Posted 18 November 2005 - 06:13 PM

SoonerBro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
LTP,

Here are the results from the registry search...


-------------------------------------------
registry search
-------------------------------------------

REGEDIT4

; Registry Search by Bobbi Flekman
; Version: 1.0.2.1

; Results at 11/18/2005 6:04:57 PM for strings:
; 'eraseme_'
; 'winbin.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions]
"Melt"="C:\\WINDOWS\\system32\\eraseme_31605.exe"

; End Of The Log...
  • 0

Advertisements

#17
lovethepirk
Posted 18 November 2005 - 08:12 PM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Soonerbro,

Nice work, we found that file :tazz: Let's get rid of it...

Instructions: Copy and paste the quoted text into a text editor such as Notepad.
Save this text as Fixme.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
Double-click on Fixme.reg. When it asks you to merge the information to the registry click Yes.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions]
"Melt"=-


Then,

1) Please download the Killbox.
Unzip it to the desktop and run it.

2) Select "Delete on Reboot".

3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\eraseme_31605.exe

4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" to reboot next.

Now, After reboot please scan with AVG again to make sure the file is now gone :)

Also for my own satisfaction please run another registry search for erasme again...

Doubleclick Registry Search.
Enter this in the top section and click "Ok".

eraseme_

Notepad will be opened with text in it (the file will be saved in the program's folder as well). Save the Notepad file to your desktop.

Post the notepad results for the registry search for us to look at with feedback on how everything went.

Thanks,

LTP
  • 0

#18
SoonerBro
Posted 19 November 2005 - 02:04 AM

SoonerBro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
LTP,

Everything went fine per your last instructions. Here are the registry search results after using the fixme.reg and killbox tools. The AVG scan came back clean.

What about those other items the MWAV scan found? Were they anything to be concerned about?

--------------------------------------------
registry search
--------------------------------------------

REGEDIT4

; Registry Search by Bobbi Flekman
; Version: 1.0.2.1

; Results at 11/19/2005 1:53:41 AM for strings:
; 'eraseme_'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...
  • 0

#19
lovethepirk
Posted 19 November 2005 - 10:19 AM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Soonerbro,

We got that bad file finally :)

MWAV is a very good, but 'touchy' scanner, it finds every itty bitty thing that can be malware/virus related. I wanted you to scan your computer with it because I figured it would find that erasme file, but it did not :woot: We had you delete two files from the MWAV scan, but the rest of the scan includes what we call "orphaned" entries. These are just registry entries that are missing an associated file to become 'active'. They are harmless, usually we like to leave them alone :)

Finally, if you have not upgraded Windows to sp2 I would suggest that. And to be on the safe side I would like to look at one last Hijackthis log. Please post a new HJT log and then for the second time I can issue you a clean bill of health :tazz:


Thanks,

LTP
  • 0

#20
SoonerBro
Posted 19 November 2005 - 11:57 PM

SoonerBro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
LTP,

I updated to Service Pack 2 and got rid of several unnecessary software bundles on the computer from a previous owner (games, etc). I ran all my scans again and they all came back clean (Ad-Aware SE found some cookies). I also ran CCleaner again and everything seems to be cool.

The only weird thing is that when I got on this forum, some of the words in our posts are underlined (twice) in green and when I hover over them with my cursor an ad box appears (like a google ad box...text only). This is happening on words groupings like "Windows XP" or "scan your computer."

It strikes me as some kind of adware that highlights key words on the text I am viewing. But it is only happening on this forum (Geeks to Go). So I don't know?? Maybe it's nothing.

Here is the log below. Let me know what you think and maybe we can wrap this up. Thanks. I'll be sure and make a donation. :tazz: :) :)

----------------------------------------------
HJT log
----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:48:06 PM, on 11/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
C:\Program Files\Common Files\Anoto\DockingEngine.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coachesaid.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coachesaid.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Logitech Pen TrayIcon Server] C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
O4 - HKLM\..\Run: [Logitech Pen Docking Engine Server] C:\Program Files\Common Files\Anoto\DockingEngine.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by SoonerBro, 19 November 2005 - 11:59 PM.

  • 0

#21
lovethepirk
Posted 20 November 2005 - 02:02 PM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Soonerbro,

We appreciate any donations and remember we are always here for you so you can always come back and get looked at :tazz:

Let's try to clean up that problem. Also you had a line in your log that was brought to my attention that was part of a specific infection. You seem to be totally clean from it but we might as well run the fix.
I promise we are about there :)

1) Reset your web setttings...
open Internet Explorere > tools > internet options > programs tab

Click on "reset web setting"

Please download this program, but do not run them yet:

* rdrivRem.zip
  • Unzip it to your desktop.
*

Then open up Ewido and update the definitions.

You need to save this response as a notepad or word document on your desktop for use later when we go into safe mode(no internet access).
You can also print out this response for easy use as well :)


Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' from the menu. explained here if needed.

1.) Please go into the rdrivrem folder and double-click rdrivRem.bat to run the program - follow the instructions on the screen. After it's complete, rdriv.txt will be created in the rdrivRem folder.

2.) Double-click the Ewido Security Suite icon to run the program.
  • Click on scanner
  • Click Complete System Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
  • Exit Ewido
Reboot back into normal mode please.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Now we need these logs from you:
1) The uninstall_list.txt that you just made.
2) The rdriv.txt file from the rdriveRem folder
3) A new HJT log
4) The Ewido log

Thanks for your patience,

Lovethepirk
  • 0

#22
SoonerBro
Posted 21 November 2005 - 08:41 AM

SoonerBro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
LTP -- No, thank you for your patience. :) Although I had to be pretty patient with that Ewido scan in safe mode (took 3.5 hours). It found 60 problems (most were cookies, but there was an "Aureate" thing it found that it rated as high risk).

I don't know what that thing was with certain "keyword(s)" being highlighted (linked and underlined in green) on this forum yesterday. I hadn't seen it at any other time while on this forum and only saw it yesterday (not back today). Very strange. :tazz: Like I said, when I hovered over them with the pointer an ad similar in style to a google ad would appear above the word. My guess was that it had to be some form of adware on my computer?

Anyway, here are the results from the latest scans. I hope I did the rdrivREM.bat tool right. My results are pretty plain jane looking. :)

----------------------------------------
uninstall_list
----------------------------------------

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
AMBIT Wireless LAN
America Online
ATI Display Driver
AVG Free Edition
CCleaner (remove only)
Click to DVD 1.1
Command and ConquerTM Generals Zero Hour
CuteFTP
Drag'n Drop CD+DVD
DVD Creation
DVgate
EAX Unified
ewido security suite
Experience VAIO
Help and Support
HijackThis 1.99.1
HotKey Utility
HP PSC & OfficeJet 3.5
Intel® PRO Ethernet Adapter and Software
InterVideo WinDVD 4
iPod Updater 2004-11-15
iTunes
J2SE Runtime Environment 5.0 Update 5
Logitech® io™ Software
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 Premium
Microsoft PhotoDraw 2000
MovieShaker 3.3
Mozilla Firefox (1.0.7)
Music Visualizer Library 1.4.00
OpenMG Limited Patch 3.1-02-10-23-01
Panda ActiveScan
PictureGear Studio 1.0
PowerPanel
Quicken 2003 New User Edition
QuickTime
RealOne Player
RealProducer Basic 8.5
Rio Internet Update
Rio Music Manager
Rio Taxi
Roxio EasyWrite Reader
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Shockwave
SoftK56 Data Fax
SoftK56 Data Fax
SonicStage 1.5.05
Sony Certificate PCH
Sony DV Shared Library
Sony Notebook Setup
Sony on Yahoo! Essentials
Sony USB Mouse
Sony Utilities DLL
Spybot - Search & Destroy 1.4
Support Actions WinXP
Synaptics Pointing Device Driver
Update for Windows XP (KB898461)
VAIO Edit Components LE
VAIO Media 2.0
VAIO Media Installer 2.0
VAIO Media Music Server 2.0
VAIO Media Photo Server 2.0
VAIO Media Platform 2.0
VAIO Registration
VAIO Serenus Wallpaper
VAIO Support
VAIO Survey Standalone
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2

--------------------------------------------------
rdriv.txt
--------------------------------------------------

~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~


~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~



~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~


~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~



~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~


---------------------------------------------
Ewido Scan Results
---------------------------------------------

+ Created on: 7:15:31 AM, 11/21/2005
+ Report-Checksum: 47ADB25B

+ Scan result:

HKLM\SOFTWARE\Aureate -> Spyware.Aureate : Cleaned with backup
HKLM\SOFTWARE\Aureate\Advertising -> Spyware.Aureate : Cleaned with backup
HKLM\SOFTWARE\Classes\Software\Aureate -> Spyware.Aureate : Cleaned with backup
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising -> Spyware.Aureate : Cleaned with backup
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Default Server -> Spyware.Aureate : Cleaned with backup
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers -> Spyware.Aureate : Cleaned with backup
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers\1 -> Spyware.Aureate : Cleaned with backup
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers\2 -> Spyware.Aureate : Cleaned with backup
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers\3 -> Spyware.Aureate : Cleaned with backup
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers\4 -> Spyware.Aureate : Cleaned with backup
HKU\S-1-5-21-1778901567-3651685964-3571739995-1007\Software\Aureate -> Spyware.Aureate : Cleaned with backup
HKU\S-1-5-21-1778901567-3651685964-3571739995-1007\Software\Aureate\Advertising -> Spyware.Aureate : Cleaned with backup
HKU\S-1-5-21-1778901567-3651685964-3571739995-1007\Software\Aureate\Advertising\Cookies -> Spyware.Aureate : Cleaned with backup
HKU\S-1-5-21-1778901567-3651685964-3571739995-1007\Software\Aureate\Advertising\Demographics -> Spyware.Aureate : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Heath\Application Data\Mozilla\Firefox\Profiles\3cueyuvk.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\heath@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\heath@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\heath@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\heath@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\heath@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\heath@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\heath@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\heath@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\heath@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Heath\Cookies\heath@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Heath\Local Settings\Temporary Internet Files\Content.IE5\RXF05NJK\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\WINDOWS\system32\advert.dll -> Spyware.Aureate : Cleaned with backup


::Report End

------------------------------------------
HJT log
------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:40:46 AM, on 11/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
C:\Program Files\Common Files\Anoto\DockingEngine.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coachesaid.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Logitech Pen TrayIcon Server] C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
O4 - HKLM\..\Run: [Logitech Pen Docking Engine Server] C:\Program Files\Common Files\Anoto\DockingEngine.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by SoonerBro, 21 November 2005 - 08:42 AM.

  • 0

#23
lovethepirk
Posted 21 November 2005 - 01:17 PM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Soonerbro,

Looks like everything you did was right :)

Just some house cleaning here...

Go to start > run and type: services.msc and click OK
Scroll down in that list until you find the AOL Instant Messanger
Doubleclick on it. In the window that will appear, click on "Stop" (if not greyed out) and change the Startup Type to disabled.
Click apply and OK and close all open windows.

Then please run another HJT log and post it he for me.


This should about do it so I will repost the ending protection post for you after I see that last HJT log.
Then I will leave this thread open for a week in case you have any trouble in the near future. After that please feel free to come back and post another topic :tazz:

Regards,

LTP

Edited by lovethepirk, 21 November 2005 - 01:18 PM.

  • 0

#24
SoonerBro
Posted 22 November 2005 - 12:31 AM

SoonerBro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here's the HJT log.

Thanks for your help. I was very impressed with how easy your instructions are and how promptly you reply to people. I had never received online help for problems such as these and I'm just amazed at the quantity and quality of help this site provides. Bravo! :tazz: :) :)


----------------------------------------
HJT log
----------------------------------------
Logfile of Hijackthis v1.99.1
Scan saved at 12:25:41 AM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Common Files\Anoto\DockingEngine.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coachesaid.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coachesaid.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Logitech Pen TrayIcon Server] C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
O4 - HKLM\..\Run: [Logitech Pen Docking Engine Server] C:\Program Files\Common Files\Anoto\DockingEngine.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#25
lovethepirk
Posted 22 November 2005 - 12:45 AM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Soonerbro,

Glad you had a good experience. I have had some time off so that might be where the promptness came from.
Anyway you are looking very clean now. Again here is the protectionary measures post for you to look at. All you need is one antivirus, and you have a good free one right now :)

Please look carefully at this post for some excellent preventative measures to take so you do not get infected again.
Prevention is good :tazz:

To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:
1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupd...t.aspx?ln=en-us
http://www.microsoft.../ie/default.asp

2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com...ast_4_home.html

3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
Adaware SE: http://www.download....ubj=dl&tag=top5
Spybot S&D: http://www.download....tml?tag=lst-0-1
MS Antispyware beta: http://www.microsoft...re/default.mspx

4. Consider using a free firewall if you are not already using one. Some good free ones are:
Sygate: http://smb.sygate.co...pf_standard.htm
Zone Alarm: http://www.zonelabs....n.jsp?lid=ho_za

5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: http://www.mozilla.o...oducts/firefox/

6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacools...ywareguard.html
SpywareBlaster will increase browser protection by blocking hundreds of known malware sites by adding them to IE's restricted sites zone. Download it here: http://www.javacools...areblaster.html

If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/

IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiu...ww/resource.htm

*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis.


It was enjoyable working with you and look us up if you ever have issues again.

Peace,

LTP
  • 0

Advertisements

#26
SoonerBro
Posted 23 November 2005 - 12:12 AM

SoonerBro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Everything is running great and I have installed several of your suggested tips.

I made a $30 donation to the cause. It's the least I could do for your help. Thanks again and if I ever need help in the future, I know where to turn.

Happy Thanksgiving! :tazz:

Heath Ritchie
  • 0

#27
lovethepirk
Posted 23 November 2005 - 01:30 AM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Soonerbro,

Thanks :) That is very kind of you. Whenever you need help in the future, stop by and give us a shout. Make sure that along with starting a topic that you pm me so I can get right to you immediately and offer my help or get the word out for you amoung our staff. You have a home here at GeekstoGo :tazz:

I will leave this thread open for a short while so we know you are surfing safely. After that, this topic will be closed and in the future if problems surface just start a new topic, but we hope you only have to stop by to say hello :).

Sincerely,

LTP
  • 0

#28
lovethepirk
Posted 27 November 2005 - 09:45 PM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP