Jump to content

iworm attck and others? HJT log help please


Recommended Posts

Now i got this message popping up from the yellow cation triangle about iworm attck or your computer has slown down.... I am also thinking that there is other stuff on there that i don't need/want on there also. I have done full scans with norton and spybot. so here is my HJT log

Logfile of HijackThis v1.99.1

Scan saved at 7:18:16 PM, on 15/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ishost.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\system32\ismon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Sony\VAIO Launcher\Launcher.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\NJStar Communicator\Njcom32.exe

C:\WINDOWS\TEMP\winB4F.tmp.exe

C:\WINDOWS\system32\issearch.exe

D:\Albums\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\isnotify.exe

C:\HJT\HijackThis.exe

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL (file missing)

O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)

O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/

O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/88d165a268...e27fee89_35.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://iconnect.cathaypacific.com/vdesk/te...=5500,0,50510,1

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) -

O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://iconnect.cathaypacific.com/vdesk/te...=5500,0,50517,1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = haeco.com

O17 - HKLM\Software\..\Telephony: DomainName = haeco.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{3D6CD16B-5309-4B57-9922-D5B24C3261E3}: NameServer = 218.102.62.71 205.252.144.126

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = haeco.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = haeco.com

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll

O20 - Winlogon Notify: winmqx32 - C:\WINDOWS\SYSTEM32\winmqx32.dll

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

Link to post
Share on other sites

Hi again DamageInc! Can you do the following please:

 

Download SmitfraudFix (by S!Ri) to your Desktop.

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

 

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press Enter

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

 

IMPORTANT: Do NOT run any other options until you are asked to do so!

 

Also, I would like to see another log from HijackThis.

  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button. It will open a Notepad file.
  • Copy & Paste the entire contents of that file in your in your next post.
=====

 

Please post the following in your next reply:

 

1) Contents of C:\rapport.txt

2) Uninstall list

Link to post
Share on other sites

SmitFraudFix v2.81

 

Scan done at 13:13:08.56, 16/08/2006

Run from C:\Documents and Settings\sm_leung\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix ran in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\ishost.exe FOUND !

C:\WINDOWS\system32\ismon.exe FOUND !

C:\WINDOWS\system32\isnotify.exe FOUND !

C:\WINDOWS\system32\issearch.exe FOUND !

C:\WINDOWS\system32\ixt?.dll FOUND !

C:\WINDOWS\system32\ixt??.dll FOUND !

C:\WINDOWS\system32\ot.ico FOUND !

C:\WINDOWS\system32\ts.ico FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\sm_leung\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\sm_leung\FAVORI~1

 

C:\DOCUME~1\sm_leung\FAVORI~1\Antivirus Test Online.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

C:\Program Files\Safety Bar\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

Adobe Flash Player 9

Adobe Photoshop Elements 2.0

Adobe Reader 7.0

BitComet 0.70

CCleaner (remove only)

CE Fonts Package For Adobe Reader

Citrix ICA Client

Click to DVD 2.0.02 Menu Data

Click to DVD 2.2.10

Cowabanga by OIN

DivX Player

DivX Pro Trial

DVgate Plus

eDonkey2000

eMule

ewido anti-spyware 4.0

Google Toolbar for Internet Explorer

HDAUDIO SoftV92 Data Fax Modem with SmartCP

High Definition Audio Driver Package - KB835221

HijackThis 1.99.1

HxmainVersion1Setup

Intel® PRO Network Connections Drivers

Intel® PROSet/Wireless Software

InterVideo WinDVD 3.0

InterVideo WinDVD 5 for VAIO

InterVideo WinDVDX

iTunes

J2SE Runtime Environment 5.0

J2SE Runtime Environment 5.0 Update 2

Macromedia Flash Player

mCore

mDriver

Memory Stick Formatter

Microsoft .NET Framework (English)

Microsoft .NET Framework (English) v1.0.3705

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft GB18030 Support Package

Microsoft Office Professional Edition 2003

Microsoft Office Project Standard 2003

Microsoft Office Visio Standard 2003

mMHouse

Mozilla Firefox (1.5)

mPfMgr

mProSafe

mWlsSafe

mXML

Need2Find Bar

NETVIGATOR BROADBAND

NJStar Communicator

Nokia Connectivity Cable Driver

NVIDIA Drivers

oggcodecs 0.69.8924

OpenMG Limited Patch 4.0-04-08-02-01

OpenMG Secure Module 4.0.00

P2P Networking

Panda ActiveScan

PictureGear Studio 2.0

QuickTime

RealPlayer

Realtek High Definition Audio Driver

Safety Bar

SAMSUNG CDMA Modem Driver Set

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung PC Studio

Samsung PC Studio 3 USB Driver Installer

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Setting Utility Series

Smart Protector Pro

Sonic RecordNow!

SonicStage 2.1.02

SonicStage Mastering Studio 1.4

SonicStage Mastering Studio Audio Filter

SonicStage Mastering Studio Audio Filter Custom Preset

SonicStage Mastering Studio Plugins

Sony USB Mouse

Sony Utilities DLL

Sony Video Shared Library

Steam

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

VAIO Control Center

VAIO Edit Components

VAIO Entertainment Platform

VAIO Event Service

VAIO Launcher

VAIO Manual

VAIO Media 3.1

VAIO Media Integrated Server 3.1

VAIO Media Redistribution 3.1

VAIO Original Screen Saver

VAIO Original Screen Saver VAIO Motion SD Wide Contents

VAIO Original Screen Saver VAIO Scene SD Wide Contents

VAIO Power Management

VAIO Sea Glitter Wallpaper

VAIO SLIT on Snaps Wallpaper

VAIO SLIT Scene Wallpaper

VAIO Sparkle Wallpaper

VAIO Update 2

VAIO Zone

Vodafone 804SS USB driver Software

Windows Installer 3.1 (KB893803)

Windows Live Messenger

Windows Media Format Runtime

Windows Media Player 10

Windows Registry Repair Pro

Windows XP Hotfix - KB307154

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB884018

Windows XP Hotfix - KB884020

Windows XP Hotfix - KB884575

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

WinRAR archiver

Wireless Switch Setting Utility

Yahoo! Toolbar

 

Thanks for replying by the way

Link to post
Share on other sites

Hi again DamageInc! Sorry for the long delay. I'l try to make sure it won't happen again. :)

 

Lets start! :)

 

I don't see any indication of an Anti-Virus or Firewall protection. Before we go any furhter, Please download one of each - They are Free!

 

Firewall

Zone Alarm << I recommend this

Sunbelt Kerio PF

Outpost Firewall

 

AV

AVG Free Edition << I recommend this

AntiVir

avast! 4 Home Edition

 

Update the Anti-Virus of your choice, and run a full system scan. Make a note of any files that could not be deleted, and post them here.

 

Post a new HijackThis log, along with a new Uninstall list. :)

Link to post
Share on other sites

It showed 3 infected files but it didnt ask me if i wanted to delete them or not so I went into the folders and look for them but they werent there.

 

the files were

C:\\Windows\system32\winmqx32.dll

C:\\Windows\Temp\win501.tmp

C:\\Windows\Temp\win501.tmp.exe

 

and my HJT log

 

Logfile of HijackThis v1.99.1

Scan saved at 9:27:18 AM, on 17/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ishost.exe

C:\WINDOWS\system32\isnotify.exe

C:\WINDOWS\system32\issearch.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\WINDOWS\system32\ismon.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Sony\VAIO Launcher\Launcher.exe

D:\Albums\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\TEMP\idd41E.tmp.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program Files\Grisoft\AVG Free\avgcc.exe

C:\Program Files\Grisoft\AVG Free\avgwb.dat

C:\Program Files\iTunes\iTunes.exe

D:\BitComet\BitComet.exe

C:\HJT\HijackThis.exe

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL (file missing)

O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)

O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/

O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/88d165a268...e27fee89_35.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://iconnect.cathaypacific.com/vdesk/te...=5500,0,50510,1

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) -

O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://iconnect.cathaypacific.com/vdesk/te...=5500,0,50517,1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = haeco.com

O17 - HKLM\Software\..\Telephony: DomainName = haeco.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{3D6CD16B-5309-4B57-9922-D5B24C3261E3}: NameServer = 218.102.62.71 205.252.144.126

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = haeco.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = haeco.com

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll

O20 - Winlogon Notify: winmqx32 - C:\WINDOWS\SYSTEM32\winmqx32.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

 

and the uninstall list

 

Adobe Flash Player 9

Adobe Photoshop Elements 2.0

Adobe Reader 7.0

Adobe Reader Chinese Simplified Fonts

Adobe Reader Chinese Traditional Fonts

Adobe Reader Japanese Fonts

Adobe Reader Korean Fonts

AVG Free Edition

BitComet 0.70

CCleaner (remove only)

CE Fonts Package For Adobe Reader

Citrix ICA Client

Click to DVD 2.0.02 Menu Data

Click to DVD 2.2.10

Cowabanga by OIN

DivX Player

DivX Pro Trial

DVgate Plus

eDonkey2000

eMule

ewido anti-spyware 4.0

Google Toolbar for Internet Explorer

GTA San Andreas

HDAUDIO SoftV92 Data Fax Modem with SmartCP

High Definition Audio Driver Package - KB835221

HijackThis 1.99.1

HxmainVersion1Setup

Intel® PRO Network Connections Drivers

Intel® PROSet/Wireless Software

InterVideo WinDVD 3.0

InterVideo WinDVD 5 for VAIO

InterVideo WinDVDX

iTunes

J2SE Runtime Environment 5.0

J2SE Runtime Environment 5.0 Update 2

Kazaa 3.0

Macromedia Flash Player

mCore

mDriver

Memory Stick Formatter

Microsoft .NET Framework (English)

Microsoft .NET Framework (English) v1.0.3705

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft GB18030 Support Package

Microsoft Office Professional Edition 2003

Microsoft Office Project Standard 2003

Microsoft Office Visio Standard 2003

mMHouse

Mozilla Firefox (1.5)

mPfMgr

mProSafe

mWlsSafe

mXML

Need2Find Bar

NETVIGATOR BROADBAND

NJStar Communicator

Nokia Connectivity Cable Driver

NVIDIA Drivers

oggcodecs 0.69.8924

OpenMG Limited Patch 4.0-04-08-02-01

OpenMG Secure Module 4.0.00

P2P Networking

Panda ActiveScan

PictureGear Studio 2.0

QuickTime

RealPlayer

Realtek High Definition Audio Driver

Safety Bar

SAMSUNG CDMA Modem Driver Set

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung PC Studio

Samsung PC Studio 3 USB Driver Installer

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Setting Utility Series

Smart Protector Pro

Sonic RecordNow!

SonicStage 2.1.02

SonicStage Mastering Studio 1.4

SonicStage Mastering Studio Audio Filter

SonicStage Mastering Studio Audio Filter Custom Preset

SonicStage Mastering Studio Plugins

Sony USB Mouse

Sony Utilities DLL

Sony Video Shared Library

Steam

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

VAIO Control Center

VAIO Edit Components

VAIO Entertainment Platform

VAIO Event Service

VAIO Launcher

VAIO Manual

VAIO Media 3.1

VAIO Media Integrated Server 3.1

VAIO Media Redistribution 3.1

VAIO Original Screen Saver

VAIO Original Screen Saver VAIO Motion SD Wide Contents

VAIO Original Screen Saver VAIO Scene SD Wide Contents

VAIO Power Management

VAIO Sea Glitter Wallpaper

VAIO SLIT on Snaps Wallpaper

VAIO SLIT Scene Wallpaper

VAIO Sparkle Wallpaper

VAIO Update 2

VAIO Zone

Vodafone 804SS USB driver Software

Windows Installer 3.1 (KB893803)

Windows Live Messenger

Windows Media Format Runtime

Windows Media Player 10

Windows Registry Repair Pro

Windows XP Hotfix - KB307154

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB884018

Windows XP Hotfix - KB884020

Windows XP Hotfix - KB884575

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

WinRAR archiver

Wireless Switch Setting Utility

Yahoo! Toolbar

ZoneAlarm

Edited by DamageInc
Link to post
Share on other sites

Hi again DamageInc!

 

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

 

Preparation

 

1) Download the trial version of Ewido anti-spyware from here and save it to your Desktop.

If you already have this program installed, skip to Updating Ewido: below.

 

* Please note that these instructions are for the new version - Ewido anti-spyware. If you have the old version - Ewido anti-malware and it is the:

  • paid-for version - you will need to go here and obtain an updated license code before you upgrade.
  • free version - you will need to uninstall it and reboot before installing the new version.
Double click the ewido-setup file to begin installation and follow the prompts.

When the program has been installed, and you click the Finish button, Ewido anti-spyware will open.

  • Updating Ewido:

     

    By default Ewido is configured to update automatically so, if you have an active internet connection, it should do so following installation. If you are unsure whether or not it has done so, do the following:

  • Click the Update icon at the top and under "Manual Update" - click the Start update button.
  • Either Ewido will update or inform you that no update was available.

     

    Disabling the Resident Shield:

  • By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.

    (When the PC has been cleaned you can activate the shield again, if you wish.)

  • Click the Shield icon at the top and under "Resident shield is..." - click active.
  • This should now change to inactive.

     

    Changing Recommended Actions

  • Click the Scanner icon at the top and then click the Settings Tab.
  • Under "How to act?" click Recommended actions and select "Quarantine" from the menu.
You can now close Ewido anti-spyware.

 

Ewido anti-spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.

Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that Ewido will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.

Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now button.

 

2) You will need to know how to boot into Safe Mode.

Instructions can be found here.

 

3) You will need to set Windows to show All Hidden Files and Folders.

Instructions can be found here.

** These files are hidden to stop you accidentally removing something important.

It is advisable to hide them again after fixing your computer. **

 

4) Log off from the internet and disconnect your modem cable for the duration of the fix.

 

Removal

 

1) Run HJT and click on Open the Misc Tools section.

Click on delete a file on reboot...

Copy and paste the following into the "File name:" text box and then click Open:

 

C:\WINDOWS\SYSTEM32\winmqx32.dll

 

When you are asked "Do you want to restart your computer now?", click OK.

 

Your PC MUST reboot to delete the file!

 

2) Once your PC has fully rebooted, continue below:

 

Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

 

Cowabanga by OIN

Need2Find Bar

Safety Bar

 

I strongly advise that you also uninstall the following programs, as they are likely to be the culprits of your problems.

 

BitComet 0.70

eDonkey2000

eMule

P2P Networking

 

3) Boot into Safe Mode.

 

4) Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Press "2" and then <ENTER> to start the cleaning process.

  • Wait for the tool to complete and disk cleanup to finish.
  • You will be prompted "Registry cleaning - Do you want to clean the registry ? Press "Y" and then <ENTER>.
  • The tool will also check if wininet.dll is infected. You may be prompted to "Replace infected file ?" - press "Y" and then <ENTER>.
Your PC now needs to be rebooted. If this does not happen automatically, you will need to do so manually. Either way, your PC will need to be booted back INTO SAFE MODE.

 

5) Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.

Place a checkmark in the boxes to the left of the following entries, by clicking on them:

 

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL (file missing)

O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)

O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll

 

O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll

 

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

 

O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/88d165a268...e27fee89_35.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

 

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

 

O20 - Winlogon Notify: winmqx32 - C:\WINDOWS\SYSTEM32\winmqx32.dll

 

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

 

6) Find and Delete the following, if present:

 

C:\WINDOWS\system32\ixt0.dll << this file

C:\Program Files\Need2Find << this folder

C:\Program Files\InstantFinder << this folder

C:\Program Files\Safety Bar << this folder

c:\Program Files\altnet << this folder

C:\Program Files\RXToolBar << this folder

 

7) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.

Do this for all Usernames.

 

8) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.

Do this for all Usernames.

 

9) Go to Start > Control Panel > Internet Options and under Temporary Internet files, click on Delete Files...

Check the box to the left of 'Delete all offline content' and then click on OK.

 

10) Go to Start > Control Panel > Display.

Select the Desktop Tab, click on Customise Desktop... and then select the Web Tab.

Under Web pages: you should see a checked entry called Security info - or similar. Highlight this entry and then click the Delete button.

Finally click OK > Apply > OK.

 

11) Empty the Recycle Bin.

 

12) Ensure that ALL open Windows / Programs / Folders are closed and then run Ewido anti-spyware.

  • If it is not already selected, click the Scanner icon at the top and then select the Scan Tab.
  • Click "Complete System Scan"
  • While the scan is in progress the PC should be left otherwise idle - so if you fancy a cuppa, now's the time to put the kettle on!
  • When the scan has completed, any threats that Ewido has detected will be displayed.
  • Click the Apply all actions button at the bottom.
  • When Ewido has finished, it will display the message "All actions have been applied".

     

    Saving a report:

  • Click the Save Report button at the bottom left and the "Reports" window will open.
  • The content of the scan report will be displayed in the right hand pane and a copy will be automatically saved as Report-Scan-date-time.txt into the C:\Program Files\ewido anti-spyware 4.0\Reports folder.
  • You will need to post a copy of this report into your next reply, so if it is more convenient, you can save another copy of this report elsewhere:

    Click the Save report as button and select a destination by clicking the down arrow to the right of the Save in: text box and then click Save.

Close Ewido Anti-Spyware.

 

13) Reboot into Normal Mode.

 

14) Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Press "3" and then <ENTER> to "Delete Trusted Zone".

When prompted "Restore Trusted Zone ?", press "Y" and then <ENTER>.

 

* Please Note: If you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection *

 

Will you then post the following:

  • A new HJT log,
  • The Ewido log,
  • The text file rapport.txt that will be found in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.

    For most, this file can be found by double-clicking My Computer and then Local Disk (C:)

  • A description of how your PC is behaving.
Link to post
Share on other sites

Thanks soooo much dude you're awesome.

 

Logfile of HijackThis v1.99.1

Scan saved at 2:48:55 AM, on 19/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Sony\VAIO Launcher\Launcher.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\Program Files\NJStar Communicator\Njcom32.exe

C:\WINDOWS\system32\svchost.exe

C:\HJT\HijackThis.exe

D:\Albums\Mozilla Firefox\firefox.exe

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/

O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://iconnect.cathaypacific.com/vdesk/te...=5500,0,50510,1

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) -

O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://iconnect.cathaypacific.com/vdesk/te...=5500,0,50517,1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = haeco.com

O17 - HKLM\Software\..\Telephony: DomainName = haeco.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{3D6CD16B-5309-4B57-9922-D5B24C3261E3}: NameServer = 218.102.62.71 205.252.144.126

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = haeco.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = haeco.com

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

 

SmitFraudFix v2.81

 

Scan done at 16:59:12.31, Fri 08/18/2006

Run from C:\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix ran in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 6:35:30 PM 8/18/2006

 

+ Scan result:

 

 

 

:mozilla.445:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.446:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.447:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.448:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.449:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.450:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.451:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.452:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.453:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.454:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.455:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.456:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.457:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.458:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.459:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.460:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.461:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.513:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.100:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.101:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.112:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.113:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.114:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.115:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.98:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.99:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][3].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).

:mozilla.23:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.24:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.25:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.27:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.28:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.247:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

:mozilla.526:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).

:mozilla.625:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).

:mozilla.606:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).

:mozilla.607:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).

:mozilla.608:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).

:mozilla.44:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.49:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.50:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.51:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.52:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.53:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.54:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.56:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.58:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.821:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).

:mozilla.822:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).

:mozilla.817:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).

:mozilla.818:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).

:mozilla.440:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).

:mozilla.575:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Counted : Cleaned with backup (quarantined).

:mozilla.524:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Dbbsrv : Cleaned with backup (quarantined).

:mozilla.330:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.Etracker : Cleaned with backup (quarantined).

:mozilla.563:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.564:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.565:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.566:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.531:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.532:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.533:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.535:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.537:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.807:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.808:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.809:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.810:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.85:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.86:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.90:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.91:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.92:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.93:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.94:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.95:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.96:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.97:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.224:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).

:mozilla.549:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.550:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.551:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.704:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.705:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.715:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.761:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.762:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.838:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.842:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).

:mozilla.643:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).

:mozilla.485:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).

:mozilla.663:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).

:mozilla.664:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).

:mozilla.339:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).

:mozilla.340:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).

:mozilla.538:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).

:mozilla.539:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).

:mozilla.581:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

:mozilla.583:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

:mozilla.597:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).

:mozilla.480:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).

:mozilla.481:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).

:mozilla.723:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).

:mozilla.527:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.528:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.529:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.530:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.518:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).

:mozilla.520:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).

:mozilla.521:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).

:mozilla.366:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.367:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.368:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.369:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.370:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.371:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.372:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.373:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.374:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.375:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.376:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.377:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.378:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.379:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.380:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.381:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.382:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.560:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

:mozilla.561:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

:mozilla.562:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

:mozilla.318:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).

:mozilla.319:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).

:mozilla.12:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).

:mozilla.302:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.303:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.304:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.305:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.306:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.307:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.308:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.767:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).

:mozilla.32:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.33:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.34:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.35:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

C:\Documents and Settings\sm_leung\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.582:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).

:mozilla.584:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).

:mozilla.585:C:\Documents and Settings\sm_leung\Application Data\Mozilla\Firefox\Profiles\4qdotmhp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).

 

 

::Report end

 

i couldnt find the files you told me to delete and i couldnt uninstall need2find bar or whatever but everything is working fine and the thing doesnt pop up at the corner anymore.

 

thanks alot :D

Link to post
Share on other sites

Hi DamageInc,

 

I'm glad your PC is back to normal. :)

 

There is one or two more things to do, so don't go just yet. Please do the following...

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

 

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement."
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove the following...
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 2
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.
=====

 

If you had problems with removing the files found by AVG, you may want to read this link...

 

http://free.grisoft.com/softw/70free/doc/a...ref_en_71_5.pdf

 

=====

 

With that said, your HijackThis log is clean. Good job! :)

 

Here are some measures you can take to stay more secure online:

 

Secure your Internet Explorer by going here and following the instructions there.

 

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera.

 

Use a firewall to help prevent your PC(s) from being usurped by undesireables. If you don't have a Firewall, then choose one from the list here

 

Install an Anti-Virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often. If you don't have an Anti-Virus program, choose one from the list here

 

Install and keep updated, Ad-Aware SE and Spybot Search & Destroy.

Run them both on a regular basis, following the manufacturer's recommendations.

 

Install and keep updated, SpywareBlaster and SpywareGuard

 

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.

 

Clear your Temp folders.

Go to Start > Control Panel > Internet Options.

Under the General tab click the Delete Files... button; check the Delete all offline content box and press OK. Next, click the Delete Cookies... button and press OK

 

Go to "Start" -> "Run" and type in the box: "cleanmgr" press OK. Select the drive where your Operating System is installed (Default is C:) and press OK. Let Disk Cleanup scan your system for files to remove (it takes a few minutes!). On the next screen make sure these 3 options are checked

  • Temporary Files
  • Temporary Internet Files
  • Recycle Bin
and then press "OK" to remove:

 

Go to Start > Find/Search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

 

Empty/delete the entire contents from within the following folders:

C:\Windows\temp

C:\temp <-- if you have one.

Note: Empty the contents but do not delete the folder(s).

 

Clear out temp files from the following location. Change "username" to whatever you have on your computer.

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

 

Empty the Recycle Bin!

 

Hide system files

It is very important that system files and folders are hidden again, so that they DO NOT get deleted by mistake. To hide system files and folders, do the following for your operating system...

 

Windows XP

* Click Start.

* Open My Computer.

* Select the Tools menu and click Folder Options.

* Select the View Tab.

* Under the Hidden files and folders heading, uncheck Do not show hidden files and folders

* Check the Hide protected operating system files (recommended) option.

* Click Yes to confirm.

* Click OK.

 

 

For XP users.

It's a good idea to Flush your System Restore points after ridding yourself of malware: You can clean this by doing the following:

  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C:) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.

 

===============

 

If you have any more problems, post back. Otherwise, respond once more so we may archive this thread. :)

Link to post
Share on other sites

Thanks

 

I already use firefox :D Theres one more problem but i dont know if i can fix it. This is not my computer and im only on it because i am on vacation and i leave in 2 days so i dont know if ill be able to fix it but whenever i use firefox to open some stuff it says i dont have flash player and i download it and everything but it still doesnt work....?

Link to post
Share on other sites

Uninstall Macromedia Flash Player from Add/Remove programs, reboot the computer, and download it again.

 

If that doesn't work, then I recommend visiting the User to User Help forum here.

 

Good Luck! :)

Link to post
Share on other sites
×
×
  • Create New...