TechSpot

hijackthis log

By kmontalto
Sep 14, 2005
Topic Status:
Not open for further replies.
  1. my laptop is getting a million popups, i've run adaware and spybot multiple times, nothing seems to help, here's my hijackthis log, can anyone analyze it for me? TIA

    Logfile of HijackThis v1.99.1

    Removed
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Please would you take a few moments to read this post. A message for all newcomers. Thanks.

    Your computer is riddled with lots of nasty stuff.

    First go and read these two posts, and follow all the instructions exactly.

    How to remove trojans, and it`s ilk. and How to remove Begin2search / coolwebsearch and other nasties.

    Once you have done that, you need to read this post in order to get rid of the Nail.exe problem you have.

    How to remove Aurora/Nailfix

    Finally see How to post your Hijackthis log-file as an ATTACHMENT.

    Regards Howard :wave: :wave:
     
  3. kmontalto

    kmontalto TS Rookie Topic Starter

    hijack this log

    ok Howard, thanks for all of the advice, I've been working through all of those fixes tonight, here's my latest hijack this log. I'll post my latest ewido log in the next post in this thread. Thanks a lot.
     
  4. kmontalto

    kmontalto TS Rookie Topic Starter

    he is my latest log from ewido.

    Thanks again, I'm sure I still have some work ahead of me.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    First go into the Ewido quarantine and delete all the entries.

    Go into add remove programmes, and remove anything to do with C:\Program Files\AIM Toolbar

    Boot into safe mode, run HJT, and let HJT fix the following, if still there.

    O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
    O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\System32\bho.dll
    O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\System32\pkshxvhm.dll (file missing)

    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.classlink2000.com/sites/FILES/wfica.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)

    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)

    Then post a new HJT log so I can make sure it`s clean.

    Regards Howard :)
     
  6. kmontalto

    kmontalto TS Rookie Topic Starter

    latest log

    Ok Howard, here's my latest hijackthis log, thanks again for all your help
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your log looks clean now.

    Regards Howard :grinthumb
     
  8. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    That would be wishful thinking!

    Boot in Safe Mode, see how here.
    Switch System restore OFF, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.

    Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
    Click the Processes tab, select the process (if there) and click End Process for:
    fcxwyad.exe
    ViewMgr.exe
    inrbrbw.EXE

    Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    Next, click Start/Run and type services.msc and click OK. Look for the service:
    fcxwyad.exe
    Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

    Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    ...................................................................................................
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [inrbrbw] C:\WINDOWS\inrbrbw.EXE
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\fcxwyad.exe
    ...................................................................................................
    Now click on the Fix Checked button in HJT. Exit HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
    Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    XP only: Delete ALL files from C:\WINDOWS\Prefetch.
    Boot normal. When all OK, switch System Restore back on.

    Then it is really time to install XP SP2!
     
  9. kmontalto

    kmontalto TS Rookie Topic Starter

    ok, here's my latest log.

    I can't delete the 3 O23 entries in hijack this log with the "unknown owner" in them. I have tried 3 times to delete them, they keep coming back. I'm installing service pak 2 as soon as I'm done posting this.

    Thanks again for the help, its' definitely getting better, but still some popups
     
  10. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    If you don't follow instructions, stop wasting our time.
    inrbrbw.EXE is still there....
     
  11. kmontalto

    kmontalto TS Rookie Topic Starter

    not wasting anyone's time, i've said i appreciate the help. I must have missed it by mistake, no need for such a harsh response
     
     
  12. kmontalto

    kmontalto TS Rookie Topic Starter

    here is my latest log with my oversight removed

    hopefully I should be pretty close to clean with this computer
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Sorry I forgot to say earlier.

    In order to remove the 023 sevices with the missing files.

    Click start/run and type "services.msc" without the quotes.

    This will open the services window. Find the services, and click on them, and select stop if they are running, then change the startup type to disabled.

    Regards Howard :) :)
     
  14. kmontalto

    kmontalto TS Rookie Topic Starter

    thanks, i'll try that now, I'm at work with nothing to do so I can work on it all day, haha
     
  15. kmontalto

    kmontalto TS Rookie Topic Starter

    here's the latest, no more "file missing" or the file I missed before, how does it look?
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Looks fine now.

    Regards Howard :grinthumb
     
  17. kmontalto

    kmontalto TS Rookie Topic Starter

    thanks a lot for all the help!

    :grinthumb
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.