Rick210468 Posted May 10, 2005 Report Share Posted May 10, 2005 Dear All,I have had some spyware intalled onto my laptop. My home page resets itself to about:blankthe scan from spybot search and destroy provides confirms the following: confirmation of Coolwwwsearch.aff.winshowURL.SearchHook.AtlpzStartpage-EH is installed on my laptop.I have run a hijackthis scan on my system and this is the result:Logfile of HijackThis v1.99.1Scan saved at 21:23:40, on 10/05/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\ALURIA~1\asKernel.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Dantz\Retrospect\retrorun.exeC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\Program Files\TightVNC\WinVNC.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\ezSP_Px.exeC:\WINDOWS\system32\ICO.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Sony\HotKey Utility\HKserv.exeC:\Program Files\sony\vaio power management\SPMgr.exeC:\Program Files\sony\vaio update 2\VAIOUpdt.exeC:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exeC:\WINDOWS\Logi_MwX.ExeC:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exeC:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\WINDOWS\system32\appvy.exeC:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeC:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exeC:\Program Files\Maximizer\Mxalarm.exeC:\Program Files\Maximizer\Mxfinder.exeC:\Program Files\Nikon\NkView6\NkvMon.exeC:\Program Files\sony\BlueSpace\BlueSpaceNE.exeC:\Program Files\Sony\HotKey Utility\HKWnd.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exeC:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556R3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Class - {B784881A-C236-6F52-D86B-285DC0FC4011} - C:\WINDOWS\syskb32.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exeO4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXEO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exeO4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exeO4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /StationaryO4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelperO4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exeO4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exeO4 - HKLM\..\Run: [appvy.exe] C:\WINDOWS\system32\appvy.exeO4 - HKLM\..\RunOnce: [ipju32.exe] C:\WINDOWS\system32\ipju32.exeO4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exeO4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeO4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exeO4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exeO4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/O15 - Trusted Zone: *.sony-europe.comO15 - Trusted Zone: *.sonystyle-europe.comO15 - Trusted Zone: *.vaio-link.comO15 - Trusted IP range: http://192.168.0.1O15 - Trusted IP range: http://81.77.11.109O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dllO23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntsg32.exe (file missing)O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exeO23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exeO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeO23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exeO23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeO23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeO23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeO23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeO23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)Could someone please help me find my way through this maze and help me resolve this trouble.Thank you.R. Quote Link to post Share on other sites
Matt Posted May 10, 2005 Report Share Posted May 10, 2005 Hi Rick210468To get better results for your cleaning, I would suggest posting your log in the HijackThis section, along with the information you provided in this post.Matt Quote Link to post Share on other sites
Rick210468 Posted May 10, 2005 Author Report Share Posted May 10, 2005 Matt,sorry to be really thick but this is the first time I have used this kind of forum. How do i place this information into the hijackthis section? Quote Link to post Share on other sites
thesidekickcat Posted May 10, 2005 Report Share Posted May 10, 2005 Hello Rick,Welcome to the boards here, but I am sorry you are having so much trouble with your computer. Matt is right to suggest posting this to the hijackthis section.Do a copy of the log from here, or the one saved on your system, and then start a new thread in Hijackthis logs and paste it in that thread.Here is the link to the security hijackthis log section.Hijackthis log section of BesttechieI know it is hard when you have computer troubles, but patience is a big help, besides giving you a time to calm down from being upset with the evil things attacking you, it also gives the experts (their avatars will denote their hjt expertise), time to get home from work or school and to read your log. So start a new thread in the hjt log area, copy the log to it, and wait for help.Again welcome to the boards, looking forward to seeing you post in other areas, once you get the problems solved with the computer.God bless everyone. Quote Link to post Share on other sites
Rick210468 Posted May 11, 2005 Author Report Share Posted May 11, 2005 Thank you for your calma. Very helpful.It's just not knowing how this all works. Quote Link to post Share on other sites
Vile_DR Posted May 11, 2005 Report Share Posted May 11, 2005 Well don't worry about Stressing out just yet Rick, well get you up to speed on as much as you want to know...Welcome to the Thread Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.