Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W-FIND HIJACK


  • This topic is locked This topic is locked
8 replies to this topic

#1 Starzman

Starzman

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 05 June 2005 - 07:20 PM

:thumbsup: Thanks for any help- I just got this darn computer and got hijacked during windows update.

Here is my log-

Logfile of HijackThis v1.99.1
Scan saved at 7:15:31 PM, on 6/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\yrbguwa.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [moqspxh] c:\windows\yrbguwa.exe
O4 - HKCU\..\Run: [teuyaly] c:\windows\yrbguwa.exe
O4 - HKCU\..\Run: [jcmbvir] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ptcgxkb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [spomulo] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ixykstf] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [oofmbeb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [iqlcihg] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [hsyoevs] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [qbkkevo] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [gbxyryi] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [xspyygj] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [giperle] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [oidibuc] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [rdvsaeb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [bjxekmi] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [hddmxex] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ylklaeq] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [mpeukmx] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [kqvfcgo] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [wiqteye] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [himipoh] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [eswttaw] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [xiuuqtb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [mmqgxsg] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [fgsjwtw] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [nhygumu] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [khehjqd] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [dwypjok] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [sdhouxh] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [gsbxrkq] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [wmfmpxp] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [uoqsrxy] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ypggnse] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [aonxjih] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [chyhjhn] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [yrumqye] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [jglnbsx] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [fkkqyxn] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [upjilhe] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [upwgymc] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [gwlinhs] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [jdiljga] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [kdvwfna] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [vdgrsio] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [bnmtsyk] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [lflfmya] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [fiqfstq] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [joflvle] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [dvlbnph] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [hrigvjp] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [yamomhu] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ucewmdf] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [udqciqi] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [fpavwtn] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ibpqpwb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [dvhpofm] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [doydidw] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [havxooy] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [gbsljfa] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [jcngcel] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ymrngys] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [vfltqkt] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [jbxwrtc] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [amqhrky] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [wlkknfy] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [yypvenc] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [meqlmip] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [nfalamg] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [dmchycy] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [srifxtn] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [bklxeam] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [qdspcda] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [kgwxxii] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [xnrkxua] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [pdhcajl] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [xbhlxpf] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [dgauyhv] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [gttfsms] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [bbckrvt] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [cxvdvsw] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [yayagch] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [vspayuc] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [jmyqpqi] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [oxwwwgm] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [dgesuxn] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [sfevtfn] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [sryqkdl] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [wrhuivj] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ydbcfdj] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ipgwdsq] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [hsdbmyw] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [bofqbnb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [liyuwlo] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [qykengb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [gxhudgu] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [dscedox] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [hicwpeq] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [bjwicpg] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [pagaiuq] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [nkoeawj] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [tnkeujx] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [kaqehus] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [memoafd] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [laibeeo] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [wpqggam] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [rienghq] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [lkdvkdc] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [nkejmco] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [akeydga] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [kimtdxa] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [cpbktmn] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [aavupjc] c:\windows\xfkufcv.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: winupdate63234965[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...llInstaller.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:15 AM

Posted 06 June 2005 - 12:57 AM

Hello,

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* Download HSFix to your desktop.
Doubleclick HSFix.exe and it will automatically unpack it for you.

* Download and install CCleaner
Do not use it yet.

Please download LSPfix and save it to the Desktop and unzip it.

* Run LSPfix and place a check against the I know what I am doing checkbox.

Highlight every instance of the following name and move it from the Keep to the Remove panel. Be sure to move nothing other than the file listed below!

flsmngr.dll

When done, click on Finish to exit the program; do not use the X in the top right-hand corner as nothing will happen!

open notepad and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background"


Save this as fix.reg Choose to save as *all files and place it on your desktop.

* Boot your system into SAFE MODE.
°To get into the Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu".
Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Doubleclick on fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.

* Locate the HSFix-folder on your desktop, open it and doubleclick hsfix.bat
Allow it to run.

*Start hijackthis and place a checkmark before the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: winupdate63234965[1].exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


*Close ALL open windows except hijackthis and click: fix checked.

* Search and delete next files manually:

C:\windows\yrbguwa.exe
c:\windows\xfkufcv.exe

* Still in safe mode Run Ccleaner and click Run Cleaner (bottom right)

* Reboot your system back to normal again and do an online virusscan:
housecall and/or Bitdefender

* Reboot again and post a new HijackThis log together with the HSFix-log that you will find on C:/hslog.txt
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Starzman

Starzman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 06 June 2005 - 08:32 AM

Thanks so much for the help!

Ok- when I go into safe mode I cannot see any of the programs I downloaded to the desktop, or the notepad instructions I saved. How do I remedy this.

Also I got bored last night and followed the advice I saw on another website and ran some scans and spyware removal tools so here is my latest HJT log-


Logfile of HijackThis v1.99.1
Scan saved at 10:33:20 PM, on 6/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\yrbguwa.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [moqspxh] c:\windows\yrbguwa.exe
O4 - HKCU\..\Run: [teuyaly] c:\windows\yrbguwa.exe
O4 - HKCU\..\Run: [jcmbvir] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ptcgxkb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [spomulo] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ixykstf] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [oofmbeb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [iqlcihg] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [hsyoevs] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [qbkkevo] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [gbxyryi] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [xspyygj] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [giperle] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [oidibuc] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [rdvsaeb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [bjxekmi] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [hddmxex] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ylklaeq] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [mpeukmx] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [kqvfcgo] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [wiqteye] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [himipoh] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [eswttaw] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [xiuuqtb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [mmqgxsg] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [fgsjwtw] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [nhygumu] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [khehjqd] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [dwypjok] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [sdhouxh] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [gsbxrkq] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [wmfmpxp] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [uoqsrxy] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ypggnse] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [aonxjih] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [chyhjhn] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [yrumqye] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [jglnbsx] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [fkkqyxn] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [upjilhe] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [upwgymc] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [gwlinhs] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [jdiljga] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [kdvwfna] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [vdgrsio] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [bnmtsyk] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [lflfmya] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [fiqfstq] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [joflvle] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [dvlbnph] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [hrigvjp] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [yamomhu] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ucewmdf] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [udqciqi] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [fpavwtn] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ibpqpwb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [dvhpofm] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [doydidw] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [havxooy] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [gbsljfa] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [jcngcel] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ymrngys] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [vfltqkt] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [jbxwrtc] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [amqhrky] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [wlkknfy] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [yypvenc] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [meqlmip] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [nfalamg] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [dmchycy] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [srifxtn] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [bklxeam] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [qdspcda] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [kgwxxii] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [xnrkxua] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [pdhcajl] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [xbhlxpf] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [dgauyhv] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [gttfsms] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [bbckrvt] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [cxvdvsw] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [yayagch] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [vspayuc] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [jmyqpqi] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [oxwwwgm] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [dgesuxn] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [sfevtfn] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [sryqkdl] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [wrhuivj] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ydbcfdj] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ipgwdsq] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [hsdbmyw] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [bofqbnb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [liyuwlo] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [qykengb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [gxhudgu] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [dscedox] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [hicwpeq] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [bjwicpg] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [pagaiuq] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [nkoeawj] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [tnkeujx] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [kaqehus] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [memoafd] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [laibeeo] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [wpqggam] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [rienghq] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [lkdvkdc] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [nkejmco] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [akeydga] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [kimtdxa] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [cpbktmn] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [aavupjc] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [cjygwos] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [xseqslo] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [nuorlom] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [gcconen] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [jrprjvl] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ccavtlp] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ojporgb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [jumhwdv] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [miafjtm] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [mbitlqb] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [kanhsgd] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [iojnmpp] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [gmpxcvl] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [ymofubg] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [bgawnfo] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [scvsquv] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [vnfqnqj] c:\windows\xfkufcv.exe
O4 - HKCU\..\Run: [bqudpvl] c:\windows\txqtrek.exe
O4 - HKCU\..\Run: [tarkaie] c:\windows\txqtrek.exe
O4 - HKCU\..\Run: [mtxfadu] c:\windows\txqtrek.exe
O4 - HKCU\..\Run: [raithxi] c:\windows\txqtrek.exe
O4 - HKCU\..\Run: [tcjmtyf] c:\windows\txqtrek.exe
O4 - HKCU\..\Run: [wblrkpl] c:\windows\txqtrek.exe
O4 - HKCU\..\Run: [tggqyag] c:\windows\txqtrek.exe
O4 - HKCU\..\Run: [sfvsfwx] c:\windows\txqtrek.exe
O4 - HKCU\..\Run: [nufbufl] c:\windows\txqtrek.exe
O4 - HKCU\..\Run: [gytqlbr] c:\windows\txqtrek.exe
O4 - HKCU\..\Run: [cbuwlaa] c:\windows\txqtrek.exe
O4 - HKCU\..\Run: [imcpqws] c:\windows\txqtrek.exe
O4 - HKCU\..\Run: [vebdqww] c:\windows\txqtrek.exe
O4 - HKCU\..\Run: [ljoiroq] c:\windows\txqtrek.exe
O4 - HKCU\..\Run: [kssxqxn] c:\windows\ckxdpql.exe
O4 - HKCU\..\Run: [hjxlali] c:\windows\ckxdpql.exe
O4 - HKCU\..\Run: [wxtbmkm] c:\windows\ckxdpql.exe
O4 - HKCU\..\Run: [ufomeyf] c:\windows\ckxdpql.exe
O4 - HKCU\..\Run: [ahadomc] c:\windows\ckxdpql.exe
O4 - HKCU\..\Run: [dvhkeiv] c:\windows\ckxdpql.exe
O4 - HKCU\..\Run: [xlstwsf] c:\windows\ckxdpql.exe
O4 - HKCU\..\Run: [cjhgkot] c:\windows\ekmltgd.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...llInstaller.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

I will await further intructions so I don't mess up. Thanks again!

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:15 AM

Posted 06 June 2005 - 08:37 AM

Hello, can you please perform the steps I was asking you?
If you can't save it on your desktop, save it somewhere in 'my documents' then.

Also make sure your hidden files and folder are visible:

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

It is really important you perform everything in the right order!! I asked you to perform lspfix first -- and then perform the rest of my steps -- booting in safe mode etc..
It seems like you also didn't perform that.
So once again, read my instructions very carefully and perform exactly as I tell you. Otherwise your problem wont get fixed. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Starzman

Starzman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 06 June 2005 - 10:06 AM

Ok- tasks complete. Here is the new HJT log-


Logfile of HijackThis v1.99.1
Scan saved at 9:47:55 AM, on 6/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\TRIPP\Local Settings\Temp\{A45A84B7-5E81-43D4-B0EB-2873B6666AC8}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...llInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe


and here is the hs-fix log

Horseserver Removal Tool v1.03
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
WINLOW
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


vdmt16
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


memlow
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


vdnt32
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


-
3. Finding files Located on system
-
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
-


I'll await your response. Thank you!

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:15 AM

Posted 06 June 2005 - 10:15 AM

I see a clean hijackthislog again. Well done. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Avoid illegal sites, because that's where most malware is present.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Kaspersky online and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

More info on how to prevent malware you can also find here (By Tony Klein)

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Starzman

Starzman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 06 June 2005 - 10:40 AM

:thumbsup: Thanks so much! You are awesome- can I make a donation to you or on your behalf?

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:15 AM

Posted 06 June 2005 - 10:51 AM

Glad I could help you. :thumbsup:
You don't have to donate, my help is always free, but if you want to donate to me, it's much appreciated.
You can find the link in my sig. Or you can donate to bleeping computers. :flowers:

Thx.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:15 AM

Posted 15 June 2005 - 02:20 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users