Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sgooter's Infected PC [RESOLVED]


  • This topic is locked This topic is locked

#76
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi Michelle,
There is no company listed in the Properties for that particular file - again on my wife's PC.
On my (this) PC, I have the same type of javaw.exe file in my system32 folder - around 25KB in size.
Sgooer
  • 0

Advertisements


#77
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Michelle,
After reading thru your instructions again I note that you refer to a Version tab in the Properties window for this file. However, in my Properties window, there is no Version tab.
  • 0

#78
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Does the one on your system say Sun Microsystems when you go to properties?
  • 0

#79
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Michelle & Matt,
No, on my system there is no company listed for this file; same as my wife's PC. The size of the javaw.exe file on her PC is 29KB, and was created in Aug 2003, which was the general time frame when we purchased her PC.

Please note:
At this juncture, my main interest is getting my wife's PC connection to the Internet restored since I will be away for 3 days, and she has several "must do" tasks to take care of during that time. If we are unable to come up with a solution to the current puzzle within the next 30 minutes, then I request your concurrence for me to do a system restore on her PC to yesterday's date. Hopefully, this action will restore her internet connectivity, and we can resume the fixes to her PC when I return (back online with you on Thursday evening) OK with you?

Thanks,
Sgooter
  • 0

#80
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Yes, I know that's your main objective tonight based on what you said previously. I was just trying to find out if the legitimate file was deleted by mistake and if it was we could restore it... But the correct file was deleted. We're going to see if we can come up with anymore ideas in the next few minutes and if nothing I'll post to let you know to do a system restore in which case we will have to use Recovery Console again when you get back.

Also, what happens exactly when you try to connect?
  • 0

#81
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
When I double click on IE or Firefox, I see no outgoing "send" activity in my ZoneAlarm box down in the system tray.
Soon thereafter, I get "The page cannot be displayed" in the IE browser window; similar result using Firefox.
  • 0

#82
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Go to Start > Run and type cmd

Paste the following into the black window:

ping www.google.com

Hit enter.

Please tell me what it says.
  • 0

#83
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Ping result is:
"Ping request could not find host www.google.com. Please check the name and try again."
  • 0

#84
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
hmm ok.. I guess the next option is a system restore and hope Internet comes back, but that stubborn file (vundo) will be back as well...
  • 0

#85
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
OK, thanks very much for the hard effort.
I will now do a system restore on my wife's PC to yesterday's date, in hopes that internet connectivity will be restored as well. If successful, then I'll run a new HJT log on her PC and post it here for your examination and instructions, which I will complete on Thursday evening.
Sgooter
  • 0

Advertisements


#86
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
No success in doing a System Restore on my wife's PC. I went back to yesterday - no restore; to Friday - no restore; and finally to Thursday - and again the box appears during the start up sequence stating that "Your computer cannot be restored to [the date I selected].

I also rechecked for internet connectivity -- and still nothing.

Any suggestions at this point? I fear I'm in big trouble here at home now.
  • 0

#87
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I noticed on my wife's PC (computer name VaioPC) that when I opened My Computer, at the bottom of the list of drives there is an entry called Network Drives, and it indicates that a network drive called "Windows on VaioPC drive"(Z:) and the status of it is: "Disconnected Network Drive."

Our two PCs are on a home peer-to-peer LAN.

I have no such network drive that appears on my PC under My Compter.
  • 0

#88
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Go to Start > Control Panel > Administrative Tools and double-click Event Viewer. Click to highlight Application on the left. Are there any items with a red circle (white X) next to them that say "error" (from today). If there is double-click on it and highlight everything under description, press CTRL + C to copy it and paste it here. Then click System on the left and look for errors there as well - from today - do the same thing.

Right-click on that Z: drive and tell me what you see on the menu that comes up. If properties is there go to it and tell me what you see but do NOT click anything until we see what it is. It would be better to take a screenshot of the properties:
  • You can do this by pressing the PrintScreen key.
  • Then go to Start > All Programs > Accessories > Paint
  • In Paint, go up to Edit > Paste
  • Then Go up to File > Save As. Click the drop-down box to change the "Save As Type" to "JPEG", name it what you want, and save it where you want.
  • Then click Add Reply in this topic.
  • Click the Browse button.
  • Locate the file you just saved, click on it, then click Open.
  • Click Add This Attachment.

  • 0

#89
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Go figure!
This reply is coming from my wife's infected PC, so we're back online.
I shutdown my entire home network completely, then brought it back up, and all is working fine now.
I'm now signing off with you until Thursday evening (around 7pm EST).

Thanks again for all the great help.

Just to be safe and proper, here's a fresh HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:27:34 AM, on 12/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
d:\Program Files\ewido\security suite\ewidoctrl.exe
d:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ShopSafe\ShopSafe.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
D:\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\Giga Pocket\gps.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\pskapoor\Application Data\Mozilla\Profiles\default\ijku3ppn.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ShopSafe] C:\Program Files\ShopSafe\ShopSafe.exe /dontopenmycards
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "D:\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Reminders.lnk = D:\Broderbund\AG Spirit\AGremind.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#90
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I'm glad to hear that! I'm also glad to see that Vundo is still gone :)

Matt will finish up with you on Thursday! :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP