Jump to content
Sign in to follow this  
MrHappyGoLucky12

My HJL [resolved]

Recommended Posts

I also ran some other programs and generated logs for them before I ran HJT; they can be found in this post: http://pcpitstop.invisionzone.com/index.ph...=0entry982042. You may want to see those too.

 

Logfile of HijackThis v1.99.1

Scan saved at 6:56:12 PM, on 7/20/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\sami\emia.exe

C:\WINDOWS\system32\?vchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Organize Quick and Easy\QNE.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\John J. Porterfield\Desktop\HJT\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\John J. Porterfield\Application Data\Mozilla\Profiles\default\vjtyzpea.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {90749428-029C-2C13-CBF9-5550D68876B1} - C:\WINDOWS\system32\unvujpke.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [PestPatrolCL] C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe c:\

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [iinl] C:\Program Files\sami\emia.exe

O4 - HKCU\..\Run: [Euth] C:\WINDOWS\system32\?vchost.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/EN/mdldetect/VaioInfo.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {38911EED-5726-41B4-9612-265534EC7A13} (Address Magic Web Edition Download Stub) - http://www.returnpath.net/registration/WebEdition.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/SymAData.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer...nnerInstall.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

Edited by MrHappyGoLucky12

Share this post


Link to post
Share on other sites

Hi MrHappyGoLucky12

 

Please read through the instructions before you start (you may want to print this out).

 

Please set your system to show all files; please see here if you're unsure how to do this.

 

Please download and install AD-Aware se.

Click Here on how setup and use it - please make sure you update it first. Don't run yet.

 

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

 

Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/

This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.

Ewido will auto-udate. Don't run yet

 

Reboot into Safe Mode: please see here if you are not sure how to do this.

 

Run Ewido full scan. Save the scan.log.

 

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

 

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:

O2 - BHO: (no name) - {90749428-029C-2C13-CBF9-5550D68876B1} - C:\WINDOWS\system32\unvujpke.dll

O4 - HKCU\..\Run: [iinl] C:\Program Files\sami\emia.exe

O4 - HKCU\..\Run: [Euth] C:\WINDOWS\system32\?vchost.exe

Click on Fix Checked when finished and exit HijackThis.

 

Run Ad-aware se let remove all it finds

 

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

 

Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

C:\WINDOWS\system32\unvujpke.dll

C:\Program Files\sami\emia.exe

Let the system reboot.

 

Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.stevengould.org/cleanup/CleanUp40.exe

It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingcomputer.com/forums/tutorial93.html

Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button

When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

 

Please run the following free, online virus scans.

http://www.pandasoftware.com/activescan/co...n_principal.htm

Please post the logs From Panda, Ewido and HJT.logWe will need them to remove previous infections that have left files on your system.

 

Kc :thumbsup:

Share this post


Link to post
Share on other sites

"Run Ad-aware se let remove all it finds"

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Friday, July 22, 2005 1:50:38 AM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R56 21.07.2005

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):17 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

7-22-2005 1:50:38 AM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Administrator\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-500\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-500\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-500\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-500\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-500\software\microsoft\mediaplayer\preferences

Description : last cd record path used in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-500\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-500\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-500\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-500\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 388

ThreadCreationTime : 7-22-2005 4:29:18 AM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 444

ThreadCreationTime : 7-22-2005 4:29:39 AM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 468

ThreadCreationTime : 7-22-2005 4:29:42 AM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 512

ThreadCreationTime : 7-22-2005 4:29:44 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 524

ThreadCreationTime : 7-22-2005 4:29:44 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 668

ThreadCreationTime : 7-22-2005 4:29:47 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 732

ThreadCreationTime : 7-22-2005 4:29:48 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 788

ThreadCreationTime : 7-22-2005 4:29:49 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 852

ThreadCreationTime : 7-22-2005 4:29:49 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 892

ThreadCreationTime : 7-22-2005 4:29:50 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1544

ThreadCreationTime : 7-22-2005 4:30:55 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:12 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 568

ThreadCreationTime : 7-22-2005 5:49:39 AM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

 

Deep scanning and examining files (D:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for D:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

 

Deep scanning and examining files (G:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for G:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 17

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

1:59:44 AM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:09:06.736

Objects scanned:145407

Objects identified:0

Objects ignored:0

New critical objects:0

Share this post


Link to post
Share on other sites

"Please post the logs From Panda"

 

 

Incident Status Location

 

Adware:adware/purityscan No disinfected C:\WINDOWS\SYSTEM32\wnscpcc.exe

Spyware:spyware/searchcentrix No disinfected HKEY_CURRENT_USER\SOFTWARE\DYNAMIC TOOLBAR

Share this post


Link to post
Share on other sites

"Run Ewido full scan. Save the scan.log."

 

---------------------------------------------------------

ewido security suite - Scan report

---------------------------------------------------------

 

+ Created on: 12:56:16 AM, 7/22/2005

+ Report-Checksum: BD63A13C

 

+ Scan result:

 

:mozilla.9:C:\Documents and Settings\John J. Porterfield\Application Data\Mozilla\Profiles\default\vjtyzpea.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup

:mozilla.10:C:\Documents and Settings\John J. Porterfield\Application Data\Mozilla\Profiles\default\vjtyzpea.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup

C:\Documents and Settings\John J. Porterfield\Cookies\john j. porterfield@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup

C:\Documents and Settings\John J. Porterfield\Cookies\john j. porterfield@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup

C:\Documents and Settings\John J. Porterfield\Cookies\john j. porterfield@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup

C:\Documents and Settings\John J. Porterfield\Cookies\john j. porterfield@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup

C:\Documents and Settings\John J. Porterfield\Cookies\john j. porterfield@ehg-tfl.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup

C:\Documents and Settings\John J. Porterfield\Cookies\john j. porterfield@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup

C:\Documents and Settings\John J. Porterfield\Cookies\john j. porterfield@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@2o7[1].txt -> Spyware.Cookie.2o7 : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@advertising[1].txt -> Spyware.Cookie.Advertising : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@atdmt[2].txt -> Spyware.Cookie.Atdmt : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@centrport[2].txt -> Spyware.Cookie.Centrport : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@counter.hitslink[2].txt -> Spyware.Cookie.Hitslink : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@counter2.hitslink[1].txt -> Spyware.Cookie.Hitslink : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@ehg-cbs.hitbox[1].txt -> Spyware.Cookie.Hitbox : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@hitbox[2].txt -> Spyware.Cookie.Hitbox : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@w101.hitbox[1].txt -> Spyware.Cookie.Hitbox : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@ehg-pharmacia.hitbox[2].txt -> Spyware.Cookie.Hitbox : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@ehg-sonyny.hitbox[1].txt -> Spyware.Cookie.Hitbox : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@ehg-win2000mag.hitbox[2].txt -> Spyware.Cookie.Hitbox : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@fastclick[1].txt -> Spyware.Cookie.Fastclick : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@spylog[1].txt -> Spyware.Cookie.Spylog : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Error during cleaning

C:\Program Files\PestPatrol\Quarantine\20050519145300.zip/Documents and Settings/John J. Porterfield/Cookies/john j. porterfield@web4.realtracker[2].txt -> Spyware.Cookie.Realtracker : Error during cleaning

 

 

::Report End

Share this post


Link to post
Share on other sites

"Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:

O2 - BHO: (no name) - {90749428-029C-2C13-CBF9-5550D68876B1} - C:\WINDOWS\system32\unvujpke.dll

O4 - HKCU\..\Run: [iinl] C:\Program Files\sami\emia.exe

O4 - HKCU\..\Run: [Euth] C:\WINDOWS\system32\?vchost.exe

Click on Fix Checked when finished and exit HijackThis."

 

Logfile of HijackThis v1.99.1

Scan saved at 6:56:12 PM, on 7/20/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\sami\emia.exe

C:\WINDOWS\system32\?vchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Organize Quick and Easy\QNE.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\John J. Porterfield\Desktop\HJT\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\John J. Porterfield\Application Data\Mozilla\Profiles\default\vjtyzpea.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {90749428-029C-2C13-CBF9-5550D68876B1} - C:\WINDOWS\system32\unvujpke.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [PestPatrolCL] C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe c:\

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [iinl] C:\Program Files\sami\emia.exe

O4 - HKCU\..\Run: [Euth] C:\WINDOWS\system32\?vchost.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/EN/mdldetect/VaioInfo.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {38911EED-5726-41B4-9612-265534EC7A13} (Address Magic Web Edition Download Stub) - http://www.returnpath.net/registration/WebEdition.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/SymAData.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer...nnerInstall.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

Share this post


Link to post
Share on other sites

Hi MrHappyGoLucky12

 

Please read through the instructions before you start (you may want to print this out).

 

Please set your system to show all files; please see here if you're unsure how to do this.

 

Reboot into Safe Mode: please see here if you are not sure how to do this.

 

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:

O2 - BHO: (no name) - {90749428-029C-2C13-CBF9-5550D68876B1} - C:\WINDOWS\system32\unvujpke.dll

O4 - HKCU\..\Run: [iinl] C:\Program Files\sami\emia.exe

O4 - HKCU\..\Run: [Euth] C:\WINDOWS\system32\?vchost.exe

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer...nnerInstall.cab

Click on Fix Checked when finished and exit HijackThis.

 

Using Windows Explorer, locate the following files/folders, and delete them:

C:\Program Files\sami<--Delete the whole folder

C:\WINDOWS\system32\?vchost.exe<--Delete this filemaking sure you do not delete the real svchost.exe

Exit Explorer.

 

If you were unable to find any of the files then please follow these additional instructions:

Download Pocket Killbox and unzip it; save it to your Desktop.

Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

C:\WINDOWS\system32\unvujpke.dll

 

Let the system reboot as normal.

 

Please run the following free, online virus scans.

http://www.pandasoftware.com/activescan/co...n_principal.htm

Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

 

Kc ;)

Share this post


Link to post
Share on other sites

Incident Status Location

 

Adware:adware/purityscan No disinfected C:\WINDOWS\SYSTEM32\wnscpcc.exe

Spyware:spyware/searchcentrix No disinfected HKEY_CURRENT_USER\SOFTWARE\DYNAMIC TOOLBAR

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 12:46:12 PM, on 7/22/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [PestPatrolCL] C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe c:\

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/EN/mdldetect/VaioInfo.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {38911EED-5726-41B4-9612-265534EC7A13} (Address Magic Web Edition Download Stub) - http://www.returnpath.net/registration/WebEdition.cab

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install.exe

O16 - DPF: {86ED3659-02F6-465D-8F19-A9334614CCC3} (TCBrowseForFolder Class) - http://www.passalong.com/Music/activex/TPActiveX.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/SymAData.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer...nnerInstall.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

Share this post


Link to post
Share on other sites

Hi MrHappyGoLucky12

 

Please read through the instructions before you start (you may want to print this out).

 

Please set your system to show all files; please see here if you're unsure how to do this.

 

Please download and install AD-Aware se.

Click Here on how setup and use it - please make sure you update it first. Don't run yet.

 

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

 

Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/

This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.

Ewido will auto-udate. Don't run yet

 

Reboot into Safe Mode: please see here if you are not sure how to do this.

 

Run Ewido full scan. Save the scan.log.

 

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

 

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an check in the boxes, only next to these following items:

O16 - DPF: {38911EED-5726-41B4-9612-265534EC7A13} (Address Magic Web Edition Download Stub) - http://www.returnpath.net/registration/WebEdition.cab

O16 - DPF: {86ED3659-02F6-465D-8F19-A9334614CCC3} (TCBrowseForFolder Class) - http://www.passalong.com/Music/activex/TPActiveX.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer...nnerInstall.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

Click on Fix Checked when finished and exit HijackThis.

 

Run Ad-aware se let it remove all it finds

 

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

 

Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer (Yes.)

C:\WINDOWS\SYSTEM32\wnscpcc.exe

 

Let the system reboot as normal.

 

Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.stevengould.org/cleanup/CleanUp40.exe

It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingcomputer.com/forums/tutorial93.html

Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button

When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

 

Please run the following free, online virus scans.

http://www.pandasoftware.com/activescan/co...n_principal.htm

Please post the logs From Panda, Ewido and HJT.log. We will need them to remove previous infections that have left files on your system.

 

Kc :tup:

Share this post


Link to post
Share on other sites

Ad-Aware SE Build 1.06r1

Logfile Created on:Saturday, July 23, 2005 6:46:45 PM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R56 21.07.2005

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):36 total references

Tracking Cookie(TAC index:3):5 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

7-23-2005 6:46:45 PM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\John J. Porterfield\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\John J. Porterfield\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles

Description : list of recently used files in adobe reader

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\google\navclient\1.1\history

Description : list of recently used search terms in the google toolbar

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\internet explorer\main

Description : last save directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\mediaplayer\medialibraryui

Description : last selected node in the microsoft windows media player media library

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\mediaplayer\player\settings

Description : last save as directory used in jasc paint shop pro

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\mediaplayer\player\settings

Description : last open directory used in jasc paint shop pro

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\mediaplayer\preferences

Description : last cd record path used in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\mediaplayer\preferences

Description : last search path used in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru

Description : list of recent documents opened by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru

Description : list of recent documents saved by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\office\10.0\excel\recent files

Description : list of recent files used by microsoft excel

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\office\10.0\publisher\recent file list

Description : list of recent files used by microsoft publisher

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\office\10.0\word\recent templates

Description : list of recent templates used by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\realnetworks\realplayer\6.0\preferences

Description : last login time in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\smartftp\connection data

Description : list of recently accessed servers using smartftp

 

 

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2552542017-1305069860-63507335-1005\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

Share this post


Link to post
Share on other sites

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 480

ThreadCreationTime : 7-23-2005 6:13:39 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 540

ThreadCreationTime : 7-23-2005 6:13:57 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 568

ThreadCreationTime : 7-23-2005 6:14:00 PM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 616

ThreadCreationTime : 7-23-2005 6:14:04 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 628

ThreadCreationTime : 7-23-2005 6:14:04 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 784

ThreadCreationTime : 7-23-2005 6:14:08 PM

BasePriority : Normal

 

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 816

ThreadCreationTime : 7-23-2005 6:14:09 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 888

ThreadCreationTime : 7-23-2005 6:14:12 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 940

ThreadCreationTime : 7-23-2005 6:14:13 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1004

ThreadCreationTime : 7-23-2005 6:14:14 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1056

ThreadCreationTime : 7-23-2005 6:14:15 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [ccproxy.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1360

ThreadCreationTime : 7-23-2005 6:14:21 PM

BasePriority : Normal

FileVersion : 103.0.4.3

ProductVersion : 103.0.4.3

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Network Proxy Service

InternalName : ccProxy

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccProxy.exe

 

#:13 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1404

ThreadCreationTime : 7-23-2005 6:14:22 PM

BasePriority : Normal

FileVersion : 103.0.4.3

ProductVersion : 103.0.4.3

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:14 [issvc.exe]

FilePath : C:\Program Files\Norton Internet Security\

ProcessID : 1416

ThreadCreationTime : 7-23-2005 6:14:22 PM

BasePriority : Normal

FileVersion : 8.0.5.14

ProductVersion : 8.0

ProductName : Norton Internet Security

CompanyName : Symantec Corporation

FileDescription : IS Service

InternalName : ISSVC.exe

LegalCopyright : Copyright © 2004 Symantec Corporation

OriginalFilename : ISSVC.exe

 

#:15 [sndsrvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1488

ThreadCreationTime : 7-23-2005 6:14:23 PM

BasePriority : Normal

FileVersion : 5.5.1.6

ProductVersion : 5.5

ProductName : Symantec Security Drivers

CompanyName : Symantec Corporation

FileDescription : Network Driver Service

InternalName : SndSrvc

LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation

OriginalFilename : SndSrvc.exe

 

#:16 [spbbcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\

ProcessID : 1544

ThreadCreationTime : 7-23-2005 6:14:25 PM

BasePriority : Normal

FileVersion : 1,0,1,47

ProductVersion : 1,0,1,47

ProductName : SPBBC

CompanyName : Symantec Corporation

FileDescription : SPBBC Service

InternalName : SPBBCSvc

LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : SPBBCSvc.exe

 

#:17 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1604

ThreadCreationTime : 7-23-2005 6:14:25 PM

BasePriority : Normal

FileVersion : 103.0.4.3

ProductVersion : 103.0.4.3

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:18 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1976

ThreadCreationTime : 7-23-2005 6:14:29 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:19 [dkservice.exe]

FilePath : C:\Program Files\Executive Software\Diskeeper\

ProcessID : 220

ThreadCreationTime : 7-23-2005 6:14:30 PM

BasePriority : Normal

FileVersion : 8.0.478.0

ProductVersion : 8.0.478.0

ProductName : Diskeeper Disk Defragmenter

CompanyName : Executive Software International, Inc.

FileDescription : DKSERVICE.EXE

InternalName : DKSERVICE

LegalCopyright : © 1995-2004 Executive Software Int'l, Inc.

OriginalFilename : DKSERVICE

 

#:20 [ewidoctrl.exe]

FilePath : C:\Program Files\ewido\security suite\

ProcessID : 248

ThreadCreationTime : 7-23-2005 6:14:30 PM

BasePriority : Normal

FileVersion : 3, 0, 0, 1

ProductVersion : 3, 0, 0, 1

ProductName : ewido control

CompanyName : ewido networks

FileDescription : ewido control

InternalName : ewido control

LegalCopyright : Copyright © 2004

OriginalFilename : ewidoctrl.exe

 

#:21 [navapsvc.exe]

FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\

ProcessID : 348

ThreadCreationTime : 7-23-2005 6:14:31 PM

BasePriority : Normal

FileVersion : 11.0.9.16

ProductVersion : 11.0.9

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:22 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1136

ThreadCreationTime : 7-23-2005 6:14:32 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:23 [symlcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\

ProcessID : 1152

ThreadCreationTime : 7-23-2005 6:14:33 PM

BasePriority : Normal

FileVersion : 1, 8, 54, 478

ProductVersion : 1, 8, 54, 478

ProductName : Symantec Core Component

CompanyName : Symantec Corporation

FileDescription : Symantec Core Component

InternalName : symlcsvc

LegalCopyright : Copyright © 2003

OriginalFilename : symlcsvc.exe

 

#:24 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1232

ThreadCreationTime : 7-23-2005 6:14:33 PM

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:25 [vzfw.exe]

FilePath : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\

ProcessID : 1320

ThreadCreationTime : 7-23-2005 6:14:34 PM

BasePriority : Normal

Share this post


Link to post
Share on other sites

#:26 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2356

ThreadCreationTime : 7-23-2005 6:14:47 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:27 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2072

ThreadCreationTime : 7-23-2005 10:24:04 PM

BasePriority : Normal

 

 

#:28 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 3072

ThreadCreationTime : 7-23-2005 10:24:04 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:29 [apoint.exe]

FilePath : C:\Program Files\Apoint\

ProcessID : 688

ThreadCreationTime : 7-23-2005 10:24:07 PM

BasePriority : Normal

FileVersion : 5.5.7.136

ProductVersion : 5.5.7.136

ProductName : Alps Pointing-device Driver

CompanyName : Alps Electric Co., Ltd.

FileDescription : Alps Pointing-device Driver

InternalName : Alps Pointing-device Driver

LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd.

OriginalFilename : Apoint.exe

 

#:30 [reminder.exe]

FilePath : C:\WINDOWS\Sonysys\VAIO Recovery\

ProcessID : 3112

ThreadCreationTime : 7-23-2005 10:24:08 PM

BasePriority : Normal

FileVersion : 2.3.0.0

ProductVersion : 2.3.0.0

ProductName : Reminder Application

CompanyName : Sony Electronics, Inc

FileDescription : VAIO Recovery Media Kit Creation Reminder

InternalName : Reminder

LegalCopyright : Copyright © 2002, 2003

OriginalFilename : Reminder.EXE

 

#:31 [spmgr.exe]

FilePath : C:\Program Files\Sony\VAIO Power Management\

ProcessID : 2648

ThreadCreationTime : 7-23-2005 10:24:08 PM

BasePriority : Normal

FileVersion : 1.1.00.11060

ProductVersion : 1.1.0

ProductName : Sony Power Management

CompanyName : Sony Corporation

FileDescription : SPM Module

LegalCopyright : © Sony Corporation. All rights reserved.

 

#:32 [hkserv.exe]

FilePath : C:\Program Files\Sony\HotKey Utility\

ProcessID : 1640

ThreadCreationTime : 7-23-2005 10:24:08 PM

BasePriority : Normal

 

 

#:33 [vaioupdt.exe]

FilePath : C:\Program Files\Sony\VAIO Update 2\

ProcessID : 2120

ThreadCreationTime : 7-23-2005 10:24:08 PM

BasePriority : Normal

 

 

#:34 [ezsp_px.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2040

ThreadCreationTime : 7-23-2005 10:24:08 PM

BasePriority : Normal

 

 

#:35 [ppcontrol.exe]

FilePath : C:\PROGRA~1\PESTPA~1\

ProcessID : 2564

ThreadCreationTime : 7-23-2005 10:24:09 PM

BasePriority : Normal

FileVersion : 4, 4, 4, 73

ProductVersion : 4.4

ProductName : PestPatrol

CompanyName : Computer Associates International

FileDescription : PestPatrol tray application

InternalName : ppcontrol

LegalCopyright : Copyright © 2004 Computer Associates International

OriginalFilename : ppcontrol.exe

 

#:36 [ppmemcheck.exe]

FilePath : C:\PROGRA~1\PESTPA~1\

ProcessID : 3524

ThreadCreationTime : 7-23-2005 10:24:09 PM

BasePriority : Normal

 

 

#:37 [cookiepatrol.exe]

FilePath : C:\PROGRA~1\PESTPA~1\

ProcessID : 3752

ThreadCreationTime : 7-23-2005 10:24:09 PM

BasePriority : Normal

FileVersion : 4, 4, 4, 82

ProductVersion : 4, 4, 4, 0

ProductName : PestPatrol

CompanyName : Computer Associates International

FileDescription : CookiePatrol Application

InternalName : CookiePatrol

LegalCopyright : Copyright © 2005 Computer Associates International, Inc.

OriginalFilename : CookiePatrol.exe

 

#:38 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 3852

ThreadCreationTime : 7-23-2005 10:24:10 PM

BasePriority : Normal

FileVersion : 103.0.4.3

ProductVersion : 103.0.4.3

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:39 [apntex.exe]

FilePath : C:\Program Files\Apoint\

ProcessID : 3876

ThreadCreationTime : 7-23-2005 10:24:11 PM

BasePriority : Normal

FileVersion : 5.0.1.15

ProductVersion : 5.0.1.15

ProductName : Alps Pointing-device Driver for Windows NT/2000/XP

CompanyName : Alps Electric Co., Ltd.

FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP

InternalName : Alps Pointing-device Driver for Windows NT/2000/XP

LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd.

OriginalFilename : ApntEx.exe

 

#:40 [hkwnd.exe]

FilePath : C:\Program Files\Sony\HotKey Utility\

ProcessID : 3280

ThreadCreationTime : 7-23-2005 10:24:12 PM

BasePriority : Normal

 

 

#:41 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ProcessID : 1228

ThreadCreationTime : 7-23-2005 10:24:13 PM

BasePriority : Normal

FileVersion : 4.9.0.17

ProductVersion : 4.9.0.17

ProductName : iTunes

CompanyName : Apple Computer, Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

 

#:42 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ProcessID : 3584

ThreadCreationTime : 7-23-2005 10:24:14 PM

BasePriority : Normal

FileVersion : 0.1.0.3275

ProductVersion : 0.1.0.3275

ProductName : RealPlayer (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

 

#:43 [ipodservice.exe]

FilePath : C:\Program Files\iPod\bin\

ProcessID : 2304

ThreadCreationTime : 7-23-2005 10:24:16 PM

BasePriority : Normal

FileVersion : 4.9.0.17

ProductVersion : 4.9.0.17

ProductName : iTunes

CompanyName : Apple Computer, Inc.

FileDescription : iPodService Module

InternalName : iPodService

LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.

OriginalFilename : iPodService.exe

 

#:44 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ProcessID : 3124

ThreadCreationTime : 7-23-2005 10:33:03 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:45 [nsmdtr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\AdBlocking\

ProcessID : 1396

ThreadCreationTime : 7-23-2005 10:33:04 PM

BasePriority : Normal

FileVersion : 8.0.0.64

ProductVersion : 8.0

ProductName : Norton Internet Security

CompanyName : Symantec Corporation

FileDescription : Norton Internet Security Mediator

LegalCopyright : Copyright © 2004 Symantec Corporation

 

#:46 [aim.exe]

FilePath : C:\Program Files\AIM\

ProcessID : 3184

ThreadCreationTime : 7-23-2005 10:33:24 PM

BasePriority : Normal

FileVersion : 5.9.3797

ProductVersion : 5.9.3797

ProductName : AOL Instant Messenger

CompanyName : America Online, Inc.

FileDescription : AOL Instant Messenger

InternalName : AIM

LegalCopyright : Copyright © 1996-2004 America Online, Inc.

OriginalFilename : AIM.EXE

 

#:47 [qne.exe]

FilePath : C:\Program Files\Organize Quick and Easy\

ProcessID : 2592

ThreadCreationTime : 7-23-2005 10:34:30 PM

BasePriority : Normal

 

 

#:48 [msimn.exe]

FilePath : C:\Program Files\Outlook Express\

ProcessID : 1164

ThreadCreationTime : 7-23-2005 10:37:16 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Outlook Express

InternalName : MSIMN

LegalCopyright : © 2004 Microsoft Corporation. All rights reserved.

OriginalFilename : MSIMN.EXE

 

#:49 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 172

ThreadCreationTime : 7-23-2005 10:43:44 PM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:50 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ProcessID : 440

ThreadCreationTime : 7-23-2005 10:45:57 PM

BasePriority : Normal

FileVersion : 4.7.3001

ProductVersion : Version 4.7.3001

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

Share this post


Link to post
Share on other sites

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 36

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 36

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 36

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : john j. porterfield@atdmt[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:john j. porterfield@atdmt.com/

Expires : 7-21-2010 8:00:00 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : john j. porterfield@servedby.advertising[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:john j. porterfield@servedby.advertising.com/

Expires : 8-22-2005 6:48:16 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : john j. porterfield@tribalfusion[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:john j. porterfield@tribalfusion.com/

Expires : 12-31-2037 8:00:00 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : john j. porterfield@doubleclick[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:john j. porterfield@doubleclick.net/

Expires : 7-22-2008 6:41:42 PM

LastSync : Hits:3

UseCount : 0

Hits : 3

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : john j. porterfield@advertising[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:john j. porterfield@advertising.com/

Expires : 7-22-2010 6:48:16 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 5

Objects found so far: 41

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 41

 

 

Deep scanning and examining files (D:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for D:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 41

 

 

Deep scanning and examining files (G:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for G:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 41

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 41

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 41

 

6:58:46 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:12:00.777

Objects scanned:132931

Objects identified:5

Objects ignored:0

New critical objects:5

Share this post


Link to post
Share on other sites

Scan started at 7/24/2005 1:19:15 AM

 

Scanning memory...

Scanning boot sectors...

Scanning files...

G:\My Documents\Backup\Outlook Express\Inbox.dbx->Message.362: ("eBay Security Service" [security Issues])->(part0000:) - TrojanSpy:HTML/Bayfraud.C* -> Infected

G:\My Documents\Backup\Outlook Express\Inbox.dbx->Message.141: ( [Mail Delivery (failure jxp1676@sru.edu)])->(ContentMismatch*) - MIME/ContentMismatch -> Suspicious

G:\My Documents\Backup\Outlook Express\Inbox.dbx->Message.140: ( [Mail Delivery (failure jxp1676@sru.edu)])->(ContentMismatch*) - MIME/ContentMismatch -> Suspicious

G:\My Documents\Backup\Outlook Express\Inbox.dbx->Message.139: ( [Mail Delivery (failure jxp1676@sru.edu)])->(ContentMismatch*) - MIME/ContentMismatch -> Suspicious

G:\My Documents\Backup\Outlook Express\Inbox.dbx->Message.89: ( [Mail Delivery (failure jxp1676@sru.edu)])->(ContentMismatch*) - MIME/ContentMismatch -> Suspicious

G:\My Documents\Backup\Outlook Express\Inbox.dbx->Message.86: ( [Mail Delivery (failure jxp1676@sru.edu)])->(ContentMismatch*) - MIME/ContentMismatch -> Suspicious

G:\My Documents\Backup\Outlook Express\SPAMfighter.dbx->Message.1122: ( [Mail Delivery (failure jxp1676@sru.edu)])->(ContentMismatch*) - MIME/ContentMismatch -> Suspicious

 

Scanned

============================

Objects: 49632

Directories: 3619

Archives: 19318

Size(Kb): -626079

Infected files: 1

 

Found

============================

Viruses found: 1

Suspicious files: 6

Disinfected files: 0

Mail files: 7150

Share this post


Link to post
Share on other sites

---------------------------------------------------------

ewido security suite - Scan report

---------------------------------------------------------

 

+ Created on: 1:12:49 PM, 7/24/2005

+ Report-Checksum: 7C12A95F

 

+ Scan result:

 

C:\Documents and Settings\John J. Porterfield\Cookies\john j. porterfield@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup

C:\Documents and Settings\John J. Porterfield\Cookies\john j. porterfield@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup

 

 

::Report End

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 1:29:24 PM, on 7/24/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\John J. Porterfield\Desktop\HJT\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\John J. Porterfield\Application Data\Mozilla\Profiles\default\vjtyzpea.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [PestPatrolCL] C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe c:\

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/EN/mdldetect/VaioInfo.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/SymAData.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

Share this post


Link to post
Share on other sites

thatman--

 

Which of the following Startup items can I safely disable (to prevent hogging of system resources and memory)?

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\John J. Porterfield\Desktop\HJT\HijackThis.exe

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...