| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 64905 | 2006-01-01 21:08:00 | task manager problems | AbbyAlvarez (9519) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 417164 | 2006-01-01 21:08:00 | Okay, I am sick and tired of everything. I hate this computer! :badpc: Ive been trying to load my task manager. Nothing happens. No icon, nothing. I really need help. I tried loading a whole bunch of codes in notepad, saving it as some specific name, and opening it. I got that idea from one of these posts. But nothings working. I seriously need help. I did an virus scan, everything. And I did have problems. But my virus scanner said it deleted everything. But the task manager still wont load. Someone help me! :help:! | AbbyAlvarez (9519) | ||
| 417165 | 2006-01-01 21:16:00 | Rus a System File Check Start - Run - tper SFC /scannow in the Run box and hit enter Make sure you put the space between SFC and /scannow. A progress box will appear as it checks/replaces any damaged files. It will take several minutes or more to complete. |
godfather (25) | ||
| 417166 | 2006-01-01 21:17:00 | Get this (www.merijn.org) Unzip this file into its own folder, and run it scan and copy and paste the log here. We'll soon find out whats causing the prob. |
Speedy Gonzales (78) | ||
| 417167 | 2006-01-01 21:39:00 | Logfile of HijackThis v1.99.1 Scan saved at 1:33:28 PM, on 1/1/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Jqzmfv\Gybe.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\AOL\1135851132\ee\AOLSoftware.exe C:\Program Files\winupdates\winupdates.exe C:\Program Files\winsupdater\winsupdater.exe C:\Program Files\Softwin\BitDefender8\bdnagent.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\America Online 9.0a\aoltray.exe C:\Program Files\AOL Companion\companion.exe C:\WINDOWS\system32\winlog.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\Common Files\Windows\services32.exe C:\Program Files\America Online 9.0a\waol.exe C:\Program Files\America Online 9.0a\shellmon.exe C:\WINDOWS\system32\regsrv.exe C:\PROGRA~1\MICROS~3\OFFICE11\ois.exe C:\WINDOWS\System32\WScript.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Documents and Settings\Abby\Local Settings\Temporary Internet Files\Content.IE5\G9UVSHUB\hijackthis[1]\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\system32\qlink32.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [17Wdey1B] C:\WINDOWS\qskmvxs.exe O4 - HKLM\..\Run: [Ybrjaup] C:\Program Files\Jqzmfv\Gybe.exe O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\Kernel32.win O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\system32\Israfel.vbs O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135851132\ee\AOLSoftware.exe O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto O4 - HKLM\..\Run: [] winlog.exe O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\RunServices: [] winlog.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ Yahoo! Pager] C:\Program Files\ Yahoo! \Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - bar.mywebsearch.com O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\ Yahoo! \Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - makeover.ivillage.co.uk O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.imgfarm.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - aolcc.aol.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - objects.aol.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - objects.aol.com O17 - HKLM\System\CCS\Services\Tcpip\..\{822E810A-2823-4391-B757-CAD8F3131691}: NameServer = 205.188.146.145 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardware ResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) There's the logfile. What do I do now? ps; thanks for the help people are giving me. I appreciate it! :D |
AbbyAlvarez (9519) | ||
| 417168 | 2006-01-01 23:16:00 | It looks like you have a worm (securityresponse.symantec.com) Follow the info on the site above. Or print it out. Boot into safe mode, and run hijackthis again, and turn system restore OFF. Then tick these entries, and tick fix checked. C:\Program Files\Jqzmfv\Gybe.exe C:\Program Files\winupdates\winupdates.exe C:\Program Files\winsupdater\winsupdater.exe C:\WINDOWS\system32\winlog.exe R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [17Wdey1B] C:\WINDOWS\qskmvxs.exe O4 - HKLM\..\Run: [Ybrjaup] C:\Program Files\Jqzmfv\Gybe.exe O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\Kernel32.win O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\system32\Israfel.vbs O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto O4 - HKLM\..\Run: [] winlog.exe O4 - HKLM\..\RunServices: [] winlog.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: &Search - bar.mywebsearch.com O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - makeover.ivillage.co.uk O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.imgfarm.com Then reboot, and post another log here. |
Speedy Gonzales (78) | ||
| 417169 | 2006-01-02 00:23:00 | And also this entry C:\WINDOWS\system32\regsrv.exe If its the same size as the Symantec link Regsrv.exe: 17,409 bytes. Detected as Trojan.KillAV. |
Speedy Gonzales (78) | ||
| 417170 | 2006-01-02 00:55:00 | Logfile of HijackThis v1.99.1 Scan saved at 4:50:54 PM, on 1/1/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\AOL\1135851132\ee\AOLSoftware.exe C:\Program Files\winsupdater\winsupdater.exe C:\WINDOWS\system32\winlog.exe C:\WINDOWS\system32\regsrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\America Online 9.0a\waol.exe C:\Program Files\America Online 9.0a\shellmon.exe C:\WINDOWS\system32\SNDVOL32.EXE C:\Program Files\AIM\aim.exe C:\Documents and Settings\Abby\Local Settings\Temporary Internet Files\Content.IE5\G9UVSHUB\hijackthis[1]\HijackThis.exe F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135851132\ee\AOLSoftware.exe O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto O4 - HKLM\..\Run: [] winlog.exe O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\Kernel32.win O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\system32\Israfel.vbs O4 - HKLM\..\RunServices: [] winlog.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{822E810A-2823-4391-B757-CAD8F3131691}: NameServer = 205.188.146.145 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) |
AbbyAlvarez (9519) | ||
| 417171 | 2006-01-02 01:13:00 | You still have a file resident that is added by the Gaggle virus and a bunch of useless stuff Did you turn off system restore as speedy suggested? Run HJT again and remove C:\Program Files\winsupdater\winsupdater.exe C:\WINDOWS\system32\winlog.exe F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto O4 - HKLM\..\Run: [] winlog.exe O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\system32\Israfel.vbs O4 - HKLM\..\RunServices: [] winlog.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) also these O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{822E810A-2823-4391-B757-CAD8F3131691}: NameServer = 205.188.146.145 Also download ewido from http://www.ewido.net/ install update online and do a full scan |
bartsdadhomer (80) | ||
| 417172 | 2006-01-02 01:31:00 | I would say that winupdates file belongs to this (securityresponse.symantec.com) Another worm. I would get rid of Limewire. And then copy and paste the info from the other site (securityresponse.symantec.com) to restore the entries in the registry. ie: this REGEDIT4 [HKEY_CLASSES_ROOT\regfile\shell\open\command] @="regedit.exe \"%1\"" [-HKEY_CLASSES_ROOT\keyfile] [HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings] "Timeout"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Scripting Host\Settings] "Timeout"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System] "DisableRegistryTools"=- [HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\Cur rentVersion\Policies\System] "DisableRegistryTools"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "DisableRegistryTools"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "Kernel32"=- "Israfel"=- |
Speedy Gonzales (78) | ||
| 1 | |||||