psyk0tic Posted October 26, 2006 Report Share Posted October 26, 2006 im trying to help my girlfriend fix her laptop right now, it started out, she couldn't log into SSL secured pages/windows/programs. the login boxes would come up as a page cannot be displayed window or window portion. first checked all browser settings, tried a different browser, and nothing. noticed she was slacking on her windows updates, so i ran spybot and adaware then installed windows updates, but the problem still wasnt fixed. booted into safe mode and all works fine. she needs her laptop for school/work, so she currently has it. i'd greatly appreciate any help with this problem, i have visited several support forums already, and i'm either waiting in line, or had some problem with registration, hopefully this one will provide the solution! here is the latest HJT log that I saved from her computer:Logfile of HijackThis v1.99.1Scan saved at 9:05:42 PM, on 10/20/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Kati Byers\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimtoday.aim.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeopleR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://a.tribalfusion.com/p.media/SRCVOTPD...300956/pop.htmlO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXEO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exeO4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exeO4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exeO4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXEO4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129076522\ee\AOLSoftware.exeO4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfeeVirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -aO4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exeO4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odlO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk572YYUSO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeopleO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...876/mcfscan.cabO20 - AppInit_DLLs: O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exeO23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\McAfeeVirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\McAfeeVirusScan\VsTskMgr.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exeO23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exeO23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exeO23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeO23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exeO23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exeO23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeO23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeO23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeO23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe Quote Link to post Share on other sites
baker7 Posted October 26, 2006 Report Share Posted October 26, 2006 noticed she was slacking on her windows updates, so i ran spybot and adaware then installed windows updates, but the problem still wasnt fixedJust an FYI - and I rarely post in reply to HJT logs. You should always wait until a HJT expert tells you that you are CLEAN before you install any Windows Updates. If you do this on a system that has problems/infections dealing with malware or spyware, you could possibly make finding and fixing the problem harder for the HJT Experts.....Brian Quote Link to post Share on other sites
therock247uk Posted October 27, 2006 Report Share Posted October 27, 2006 I see you have Norton installed was the SSL problems on the laptop before you installed it? Quote Link to post Share on other sites
psyk0tic Posted October 27, 2006 Author Report Share Posted October 27, 2006 I see you have Norton installed was the SSL problems on the laptop before you installed it?i believe so, nothing was added after all of the problems except for HJT, avg, spybot, and ad-aware. she has no idea when or why the problem started, one of the virus scans picks up a win32: agent - BVS trojan, im not sure if that is the source of the problem, but it was found to contaminate some .exe files, and every time i clean/quarantine one, it shows up in another when i scan again... hope it helps a bit.thanks again. Quote Link to post Share on other sites
therock247uk Posted October 27, 2006 Report Share Posted October 27, 2006 Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report Quote Link to post Share on other sites
psyk0tic Posted October 27, 2006 Author Report Share Posted October 27, 2006 is it alright to be going through all of these processes while in safe mode? as of now it seems to be the only way possible to get anything done, as trying to open any files/programs/websites in regular mode takes quite a long time. Quote Link to post Share on other sites
psyk0tic Posted October 27, 2006 Author Report Share Posted October 27, 2006 here are the results of the panda activescan report:Incident Status Location Virus:Trj/Lowzones.SU Disinfected Operating system thanks again. Quote Link to post Share on other sites
therock247uk Posted October 28, 2006 Report Share Posted October 28, 2006 First download AVG Anti-Spyware from HERE and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".[*]Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.Once the scan is complete do the following:If you have any infections you will prompted, then select "Apply all actions"Next select the "Reports" icon at the top.Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan. Quote Link to post Share on other sites
psyk0tic Posted October 28, 2006 Author Report Share Posted October 28, 2006 (edited) done, found 96 instances of one virus, and 1 of another, here is the AVG log:---------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 10:21:53 PM 10/27/2006 + Scan result: C:\Program Files\Apoint\Apoint.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0398NAV~.TMP -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\Program Files\Sony\ISB Utility\ISBMgr.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\Program Files\Sony\VAIO Power Management\SPMgr.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\Program Files\SymNetDrv\SNDMon.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\Program Files\verizon\Servicepoint\VerizonServicepoint.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023689.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023690.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023691.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023692.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023693.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023694.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023695.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023696.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023697.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023698.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023699.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023700.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023701.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023702.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023703.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023704.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023705.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023706.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023707.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023708.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023709.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023710.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023711.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP144\A0023712.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP145\A0023723.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026034.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026035.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026036.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026037.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026038.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026039.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026040.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026041.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026042.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026043.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026044.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026045.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026046.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026047.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026048.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026049.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026050.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026051.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026052.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026053.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026054.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026055.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP166\A0026056.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026401.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026402.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026403.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026404.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026405.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026406.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026407.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026408.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026409.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026410.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026411.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026412.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026413.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026414.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026415.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026416.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026417.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026418.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026419.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026420.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026421.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026422.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026423.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0026424.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0033068.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0033069.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0033070.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0033071.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0033083.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0033084.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0033085.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0033086.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0033087.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0036105.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0036107.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0036108.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0036109.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0036110.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0036115.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP168\A0037318.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP168\A0037319.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP167\A0033072.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).::Report endthank you again.edit: in addition, upon restarting her computer and booting into normal mode, her wallpaper loads up, but no desktop icons appear, and nothing seems to work. Edited October 28, 2006 by psyk0tic Quote Link to post Share on other sites
therock247uk Posted October 28, 2006 Report Share Posted October 28, 2006 Does safemode work? Quote Link to post Share on other sites
psyk0tic Posted October 28, 2006 Author Report Share Posted October 28, 2006 yes, safemode is still working, i ran AVG again after restarting again in safemode, and another 6 instances of the trojan came up in the restore files...restarted again, scanned again, and it came up clean, booted into normal mode again, and the desktop came up, but the original problem is still there, and it runs extremely slow... Quote Link to post Share on other sites
therock247uk Posted October 28, 2006 Report Share Posted October 28, 2006 Download http://noahdfear.geekstogo.com/FindAWF.exe Save to desktop and run and post me the log it makes. Quote Link to post Share on other sites
psyk0tic Posted October 28, 2006 Author Report Share Posted October 28, 2006 Here is the log as per requested: Find AWF report by noahdfear ©2006 21504 byte files found ~~~~~~~~~~~~~ 21504 byte files sorted with strings ~~~~~~~~~~~~~~~~~~~~~ 25600 byte files found ~~~~~~~~~~~~~ 25600 C:\DOCUME~1\KATIBY~1\DESKTOP\EDUCAT~1\SOCIAL~1\AFRICA~1.WPS 25600 byte files sorted with strings ~~~~~~~~~~~~~~~~~~~~~ 26450 byte files found ~~~~~~~~~~~~~ 26450 byte files sorted with strings ~~~~~~~~~~~~~~~~~~~~~ bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\APOINT\BAK11/07/2003 08:21 PM 114,688 Apoint.exe 1 File(s) 114,688 bytes Directory of C:\PROGRA~1\QUICKT~1\BAK10/11/2005 08:24 PM 98,304 qttask.exe 1 File(s) 98,304 bytes Directory of C:\PROGRA~1\SYMNET~1\BAK10/17/2005 09:11 PM 100,056 SNDMon.exe 1 File(s) 100,056 bytes Directory of C:\WINDOWS\SYSTEM32\BAK06/29/2005 05:33 PM 77,824 hkcmd.exe06/29/2005 05:33 PM 114,688 igfxpers.exe06/29/2005 05:33 PM 94,208 igfxtray.exe 3 File(s) 286,720 bytes Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK10/05/2005 06:06 PM 48,752 ccApp.exe 1 File(s) 48,752 bytes Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK08/15/2006 08:42 PM 3,661,824 googletalk.exe 1 File(s) 3,661,824 bytes Directory of C:\PROGRA~1\PLAXO\262~1.15\BAK04/12/2006 12:40 PM 182,860 PlaxoHelper.exe 1 File(s) 182,860 bytes Directory of C:\PROGRA~1\REALTEK\INSTAL~1\BAK04/29/2005 05:56 PM 45,056 AzMixerSel.exe 1 File(s) 45,056 bytes Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK05/08/2003 01:00 PM 49,152 OpwareSE2.exe 1 File(s) 49,152 bytes Directory of C:\PROGRA~1\SONY\ISBUTI~1\BAK02/20/2004 05:12 PM 32,768 ISBMgr.exe 1 File(s) 32,768 bytes Directory of C:\PROGRA~1\SONY\VAIOPO~1\BAK05/15/2005 08:51 AM 184,320 SPMgr.exe 1 File(s) 184,320 bytes Directory of C:\PROGRA~1\SONY\VAIOZO~1\BAK01/31/2005 01:10 PM 192,512 AvRmtCtr.exe 1 File(s) 192,512 bytes Directory of C:\PROGRA~1\VERIZON\SERVIC~1\BAK02/01/2006 07:33 PM 1,880,064 VerizonServicepoint.exe 1 File(s) 1,880,064 bytes Directory of C:\PROGRA~1\VERIZO~1\HELPSU~1\BAK05/23/2005 02:20 PM 50,744 VERIZO~1.EXE 1 File(s) 50,744 bytes Directory of C:\WINDOWS\SONYSYS\VAIORE~1\BAK04/20/2003 12:08 AM 28,672 PartSeal.exe 1 File(s) 28,672 bytes Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK02/17/2006 12:59 PM 124,520 IPHSend.exe 1 File(s) 124,520 bytes Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK08/09/2004 09:03 AM 81,920 issch.exe08/09/2004 09:03 AM 221,184 isuspm.exe 2 File(s) 303,104 bytes Directory of C:\PROGRA~1\COMMON~1\SONYSH~1\TVTUNE~1\BAK02/16/2005 09:41 PM 245,760 TVTLInstTool.exe 1 File(s) 245,760 bytes Directory of C:\PROGRA~1\JAVA\JRE15~2.0_0\BIN\BAK06/03/2005 06:52 AM 36,975 jusched.exe 1 File(s) 36,975 bytes Directory of C:\PROGRA~1\COMMON~1\AOL\112907~1\EE\BAK04/20/2006 01:10 PM 50,792 AOLSoftware.exe 1 File(s) 50,792 bytes Directory of C:\PROGRA~1\WALGRE~1\WALGRE~1\DATA\XTRAS\BAK05/19/2005 05:59 PM 176,128 mssysmgr.exe 1 File(s) 176,128 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 114688 Nov 7 2003 "C:\Program Files\Apoint\bak\Apoint.exe" 114688 Nov 7 2003 "C:\WINDOWS\Drivers\TOUCHPAD\Apoint.exe" 98304 Oct 11 2005 "C:\Program Files\QuickTime\bak\qttask.exe" 100056 Oct 17 2005 "C:\Program Files\SymNetDrv\bak\SNDMon.exe" 77824 Jun 29 2005 "C:\WINDOWS\Drivers\INTEL 915G GRAPHICS\hkcmd.exe" 77824 Jun 29 2005 "C:\WINDOWS\system32\bak\hkcmd.exe" 114688 Jun 29 2005 "C:\WINDOWS\Drivers\INTEL 915G GRAPHICS\igfxpers.exe" 114688 Jun 29 2005 "C:\WINDOWS\system32\bak\igfxpers.exe" 94208 Jun 29 2005 "C:\WINDOWS\Drivers\INTEL 915G GRAPHICS\igfxtray.exe" 94208 Jun 29 2005 "C:\WINDOWS\system32\bak\igfxtray.exe" 48752 Oct 5 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe" 32768 Feb 20 2004 "C:\Program Files\Sony\ISB Utility\bak\ISBMgr.exe" 184320 May 15 2005 "C:\Program Files\Sony\VAIO Power Management\bak\SPMgr.exe" 192512 Jan 31 2005 "C:\Program Files\Sony\VAIO Zone Remote Commander\bak\AvRmtCtr.exe" 1880064 Feb 1 2006 "C:\Program Files\verizon\Servicepoint\bak\VerizonServicepoint.exe" 50744 May 23 2005 "C:\Program Files\Verizon Online\Help Support\bak\VERIZO~1.EXE" 122660 Apr 13 2005 "C:\Program Files\Verizon Online\Help Support\SmartBridge\VerizonSetPanFolder.exe" 28672 Apr 20 2003 "C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe" 124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe" 81920 Aug 9 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe" 221184 Aug 9 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe" 36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" 36975 Jun 3 2005 "C:\Program Files\Java\jre1.5.0_04\bin\bak\jusched.exe" 176128 May 19 2005 "C:\Program Files\Walgreens\Walgreens PhotoShow\data\Xtras\bak\mssysmgr.exe" end of report Quote Link to post Share on other sites
therock247uk Posted October 28, 2006 Report Share Posted October 28, 2006 Ok you have a infection which replaced legit files with a copy of its own as you see in Ewido..C:\Program Files\Apoint\Apoint.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0398NAV~.TMP -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\Program Files\Sony\ISB Utility\ISBMgr.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\Program Files\Sony\VAIO Power Management\SPMgr.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\Program Files\SymNetDrv\SNDMon.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).C:\Program Files\verizon\Servicepoint\VerizonServicepoint.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).In C:\WINDOWS\SYSTEM32\BAK are backups it made of the legit file you need to copy them back over to the real folders from above.Let me know if you have any problems then we need to clear out your system restore points as they are infected to...To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. (Windows XP)1. Turn off System Restore.On the Desktop, right-click My Computer.Click Properties.Click the System Restore tab.Check Turn off System Restore.Click Apply, and then click OK.2. Reboot.3. Turn ON System Restore.On the Desktop, right-click My Computer.Click Properties.Click the System Restore tab.UN-Check *Turn off System Restore*.Click Apply, and then click OK.How to Turn On and Turn Off System Restore in Windows XPhttp://support.microsoft.com/default.aspx?...kb;en-us;310405After doing all that do...Please do an online scan with Kaspersky WebScannerClick on Kaspersky Online ScannerYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information in your next post. Quote Link to post Share on other sites
psyk0tic Posted October 28, 2006 Author Report Share Posted October 28, 2006 (edited) in C:\WINDOWS\System32\bak are 3 files:hkcmd.exe, igfxpers.exe, and igfxtray.exei do not see any backup files in this folderEdit: ahhh sorry, thought you meant backups of the files you posted in the quote. i think i got it now... Edited October 28, 2006 by psyk0tic Quote Link to post Share on other sites
therock247uk Posted October 28, 2006 Report Share Posted October 28, 2006 hkcmd.exe, igfxpers.exe, and igfxtray.exeThem files need to be moved back to c:\windows\system32 to.There should be folders in C:\WINDOWS\SYSTEM32\BAK to. Quote Link to post Share on other sites
psyk0tic Posted October 28, 2006 Author Report Share Posted October 28, 2006 here are the results of the Kaspersky scan:------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, October 28, 2006 6:15:40 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 28/10/2006 Kaspersky Anti-Virus database records: 235957-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - My Computer: C:\ E:\Scan Statistics: Total number of scanned objects: 50434 Number of viruses found: 2 Number of infected objects: 3 / 0 Number of suspicious objects: 0 Duration of the scan process: 00:33:16Infected Object Name / Virus Name / Last ActionC:\Documents and Settings\Kati Byers\.housecall6.6\Quarantine\A0024332.dll.bac_a01640 Infected: not-a-virus:AdWare.Win32.Comet.c skippedC:\Documents and Settings\Kati Byers\.housecall6.6\Quarantine\A0026908.dll.bac_a01640 Infected: not-a-virus:AdWare.Win32.Comet.c skippedC:\Documents and Settings\Kati Byers\Cookies\index.dat Object is locked skippedC:\Documents and Settings\Kati Byers\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\Kati Byers\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\Kati Byers\Local Settings\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\Kati Byers\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\Kati Byers\ntuser.dat Object is locked skippedC:\Documents and Settings\Kati Byers\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skippedC:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5BFE212F.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ac skippedC:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skippedC:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP1\change.log Object is locked skippedC:\WINDOWS\Debug\PASSWD.LOG Object is locked skippedC:\WINDOWS\system32\CatRoot2\edb.log Object is locked skippedC:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skippedC:\WINDOWS\system32\config\AppEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\default Object is locked skippedC:\WINDOWS\system32\config\default.LOG Object is locked skippedC:\WINDOWS\system32\config\SAM Object is locked skippedC:\WINDOWS\system32\config\SAM.LOG Object is locked skippedC:\WINDOWS\system32\config\SecEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\SECURITY Object is locked skippedC:\WINDOWS\system32\config\SECURITY.LOG Object is locked skippedC:\WINDOWS\system32\config\software Object is locked skippedC:\WINDOWS\system32\config\software.LOG Object is locked skippedC:\WINDOWS\system32\config\SysEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\system Object is locked skippedC:\WINDOWS\system32\config\system.LOG Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skippedScan process completed.all bak files were moved back to their folders. thank you again Quote Link to post Share on other sites
therock247uk Posted October 28, 2006 Report Share Posted October 28, 2006 Post a new Hijackthis log here in a reply and let me know how things are running. Quote Link to post Share on other sites
psyk0tic Posted October 28, 2006 Author Report Share Posted October 28, 2006 Here is the new HiJackthis log. going to try to boot into normal mode again, will post with an update.Logfile of HijackThis v1.99.1Scan saved at 6:41:13 PM, on 10/28/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\HJT\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimtoday.aim.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeopleR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://a.tribalfusion.com/p.media/SRCVOTPD...300956/pop.htmlO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXEO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exeO4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exeO4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exeO4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exeO4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exeO4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odlO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk572YYUSO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeopleO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...876/mcfscan.cabO20 - AppInit_DLLs: O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exeO23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exeO23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exeO23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exeO23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeO23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exeO23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exeO23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeO23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeO23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeO23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe Quote Link to post Share on other sites
therock247uk Posted October 28, 2006 Report Share Posted October 28, 2006 Ok let me know how normal mode is and post me a log from it. Quote Link to post Share on other sites
psyk0tic Posted October 28, 2006 Author Report Share Posted October 28, 2006 windows still running ridiculously slow in normal mode, takes a long time for all programs to boot up, internet explorer still doesnt work =\I click on the explorer icon, and it acts like its about to open, but it doesnt, IEXPLORER.exe does show up in task manger though. Quote Link to post Share on other sites
psyk0tic Posted October 28, 2006 Author Report Share Posted October 28, 2006 sorry, didnt see your reply to post with the normal-mode log, after waiting about 5 min for hjt to load up, finally got the scan done:Logfile of HijackThis v1.99.1Scan saved at 6:58:07 PM, on 10/28/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Sony\VAIO Event Service\VESMgr.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Framework\UpdaterUI.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exeC:\Program Files\aim\aim.exeC:\Program Files\Network Associates\VirusScan\MCUPDATE.EXEC:\Program Files\Common Framework\McScript_InUse.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJT\HijackThis.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\HJT\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimtoday.aim.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeopleR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://a.tribalfusion.com/p.media/SRCVOTPD...300956/pop.htmlO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXEO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exeO4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exeO4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exeO4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exeO4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exeO4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odlO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk572YYUSO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeopleO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...876/mcfscan.cabO20 - AppInit_DLLs: O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exeO23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exeO23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exeO23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exeO23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeO23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exeO23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exeO23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeO23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeO23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeO23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe Quote Link to post Share on other sites
therock247uk Posted October 28, 2006 Report Share Posted October 28, 2006 Can you see if a repair of Internet Explorer makes a differance? http://www.geekstogo.com/forum/How_to_repa...er_60-t251.html Quote Link to post Share on other sites
psyk0tic Posted October 28, 2006 Author Report Share Posted October 28, 2006 attempting the method 1, although i do not have the windows xp cdrom Quote Link to post Share on other sites
psyk0tic Posted October 29, 2006 Author Report Share Posted October 29, 2006 method 1 completed, i think... i had to run away from the computer while it was scanning, when i came back there were no errors or any windows.internet explorer now loads, extremely slowly i might add...but the original problem is still there. still cannot access ssl secured login pages or windows. gmail, aol webmail, bank accounts, etc. =\ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.