Problem - Please help

Question

Thanks in advance!   Logfile of HijackThis v1.99.1 Scan saved at 2:10:59 PM, on 07/09/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32undll32.exe C:\WINDOWS\Explorer.EXE C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [VAIO Update 2] 'C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe' /Stationary O4 - HKLM\..\Run: [ccApp] 'C:\Program Files\Common Files\Symantec Shared\ccApp.exe' O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [HP Software Update] 'C:\Program Files\HP\HP Software Update\HPWuSchd.exe' O4 - HKLM\..\Run: [HP Component Manager] 'C:\Program Files\HP\hpcoretech\hpcmpmgr.exe' O4 - HKLM\..\Run: [IMJPMIG8.1] 'C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE' /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteutd32.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16 O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe O4 - HKLM\..\Run: [nkesotj] c:\windows\system32\ljfdur.exe r O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin
pjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin
pjpi142_05.dll O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32
otapi32.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe' /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot='SOFTWARE\Sony Corporation\VAIO Media Platform\2.0' /RegExt='Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe' /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot='SOFTWARE\Sony Corporation\VAIO Media Platform\2.0' /RegExt='\Addons\Packages\Mobile\Gateway' /DisplayName='VAIO Media Gateway Server (file missing) O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe' /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName='VAIO Media Video Server (file missing) O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe' /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot='SOFTWARE\Sony Corporation\VAIO Media Platform\2.0' /RegExt='\Applications\VideoServer\HTTP (file missing) O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

ALgal · Answer

Hello and welcome CookieBabi, If you don't already have it, download, install and run AdAware SE Personal. - Next, check for, and download any available updates: 1.  click ' Check for updates now'. 2.  Click ' Connect'. 3.  If updates(definitions) are available click ' Ok', otherwise, click ' Ok'. 4.  Click ' Finish'. - Next, configure AdAware to be as effective as possible: 1.  Click the ' gear' in the upper-right hand corner of the AdAware Window. 2.  Click Scanning, and check(tick) the following:     Scan within archives   Scan active processes   Scan registry   Deep-scan registry   Scan my IE Favorites for banned URLs   Scan my Hosts file 3.  Click ' Tweak'. 4.  Click ' Scanning Engine', then check(tick) the following:     Unload recognized proceses & modules during scan 5.  Click ' Cleaning Engine', then check(tick) then following:    > Always try to unload modules before deletion   During removal, unload Explorer and IE if necessary   Let Winodws remove files in use at next reboot   Delete quarantined objects after retoring 6.  Then click ' Proceed' - Now, let AdAware locate and remove anything it finds, by: 1.  Click ' Start'. 2.  Check(tick) ' perform full system scan'. 3.  Click ' Next'. - Exit the program. f you don't already have it, download, install and run Spybot S & D. Next, update the current definitions by: - Next, check for, and download any available updates: 1. Click ' Search for Updates'. 2. Check(tick) all available updates. 3. Click ' Download Updates'. 4. Click ' Search & Destroy'. 5. Click ' Check for Problems'. - When the scan is completed: 1. Check(tick) everything that was found. 2. Click ' Fix selected problems'. - Click ' Ok', then exit the program. Go to www.trendmicro.com, and then: 1.  Click ' Free Online Scan'. 2.  Click ' Scan now, it's free'. It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down: 1.  Select all available drives. 2.  Check(tick) ' Auto Clean'. 3.  Click ' Scan'. When it completes, post back the full filename of any files that cannot be cleaned or deleted. Elite Toolbar Removal Download Elite Tool Bar Remover from http://www.softpedia.com/progDownload/EliteToolbar-Remover-Download-18774.html Extract the files from the Zip folder. Do not use yet. This tool must be used while in Safe Mode. Reboot into Safe Mode by hitting the F8 key repeatedly until a menu shows up ( and choose Safe Mode from the list).  In some systems, this may be the F5 key, so try that if F8 doesn't work. _ Locate the ETRemover_v130.exe and click to run. Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders: folders...     C:\Program Files\Viewpoint    C:\Program Files\EmpirePoker files...     C:\WINDOWS\cfgmgr52.dll     C:\WINDOWS\AuroraHandler.dll     C:\windows\system32\eliteutd32.exe     C:\WINDOWS\system32\exp.exe     C:\WINDOWS\system32\wintask.exe     C:\WINDOWS\wupdt.exe     c:\windows\system32\ljfdur.exe     C:\WINDOWS\system32
otapi32.dll Search for...     AUNPS2.DLL ...using ' Start | Search...'. - Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from ' Safe Mode'. Run HiJackThis and click ' Scan', then check(tick) the following, if present: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteutd32.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16 O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe O4 - HKLM\..\Run: [nkesotj] c:\windows\system32\ljfdur.exe r O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32
otapi32.dll Now, with all windows closed except HiJackThis, click ' Fix checked'. Reboot your computer and post back a new log.

Virus & Spyware

Was this post helpful?