hijackthis log
- Thread starter kmontalto
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Please would you take a few moments to read this post. A message for all newcomers. Thanks.
Your computer is riddled with lots of nasty stuff.
First go and read these two posts, and follow all the instructions exactly.
How to remove trojans, and it`s ilk. and How to remove Begin2search / coolwebsearch and other nasties.
Once you have done that, you need to read this post in order to get rid of the Nail.exe problem you have.
How to remove Aurora/Nailfix
Finally see How to post your Hijackthis log-file as an ATTACHMENT.
Regards Howard :wave: :wave:
Please would you take a few moments to read this post. A message for all newcomers. Thanks.
Your computer is riddled with lots of nasty stuff.
First go and read these two posts, and follow all the instructions exactly.
How to remove trojans, and it`s ilk. and How to remove Begin2search / coolwebsearch and other nasties.
Once you have done that, you need to read this post in order to get rid of the Nail.exe problem you have.
How to remove Aurora/Nailfix
Finally see How to post your Hijackthis log-file as an ATTACHMENT.
Regards Howard :wave: :wave:
howard_hopkinso
Posts: 21,238 +17
First go into the Ewido quarantine and delete all the entries.
Go into add remove programmes, and remove anything to do with C:\Program Files\AIM Toolbar
Boot into safe mode, run HJT, and let HJT fix the following, if still there.
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\System32\bho.dll
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\System32\pkshxvhm.dll (file missing)
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.classlink2000.com/sites/FILES/wfica.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
Then post a new HJT log so I can make sure it`s clean.
Regards Howard
Go into add remove programmes, and remove anything to do with C:\Program Files\AIM Toolbar
Boot into safe mode, run HJT, and let HJT fix the following, if still there.
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\System32\bho.dll
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\System32\pkshxvhm.dll (file missing)
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.classlink2000.com/sites/FILES/wfica.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
Then post a new HJT log so I can make sure it`s clean.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
Your log looks clean now.
Regards Howard :grinthumb
Regards Howard :grinthumb
RealBlackStuff
Posts: 6,450 +3
That would be wishful thinking!
Boot in Safe Mode, see how here.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
Click the Processes tab, select the process (if there) and click End Process for:
fcxwyad.exe
ViewMgr.exe
inrbrbw.EXE
Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Next, click Start/Run and type services.msc and click OK. Look for the service:
fcxwyad.exe
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.
Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [inrbrbw] C:\WINDOWS\inrbrbw.EXE
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\fcxwyad.exe
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.
When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
XP only: Delete ALL files from C:\WINDOWS\Prefetch.
Boot normal. When all OK, switch System Restore back on.
Then it is really time to install XP SP2!
Boot in Safe Mode, see how here.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
Click the Processes tab, select the process (if there) and click End Process for:
fcxwyad.exe
ViewMgr.exe
inrbrbw.EXE
Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Next, click Start/Run and type services.msc and click OK. Look for the service:
fcxwyad.exe
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.
Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [inrbrbw] C:\WINDOWS\inrbrbw.EXE
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\fcxwyad.exe
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.
When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
XP only: Delete ALL files from C:\WINDOWS\Prefetch.
Boot normal. When all OK, switch System Restore back on.
Then it is really time to install XP SP2!
ok, here's my latest log.
I can't delete the 3 O23 entries in hijack this log with the "unknown owner" in them. I have tried 3 times to delete them, they keep coming back. I'm installing service pak 2 as soon as I'm done posting this.
Thanks again for the help, its' definitely getting better, but still some popups
I can't delete the 3 O23 entries in hijack this log with the "unknown owner" in them. I have tried 3 times to delete them, they keep coming back. I'm installing service pak 2 as soon as I'm done posting this.
Thanks again for the help, its' definitely getting better, but still some popups
RealBlackStuff
Posts: 6,450 +3
If you don't follow instructions, stop wasting our time.
inrbrbw.EXE is still there....
inrbrbw.EXE is still there....
howard_hopkinso
Posts: 21,238 +17
Sorry I forgot to say earlier.
In order to remove the 023 sevices with the missing files.
Click start/run and type "services.msc" without the quotes.
This will open the services window. Find the services, and click on them, and select stop if they are running, then change the startup type to disabled.
Regards Howard
In order to remove the 023 sevices with the missing files.
Click start/run and type "services.msc" without the quotes.
This will open the services window. Find the services, and click on them, and select stop if they are running, then change the startup type to disabled.
Regards Howard
howard_hopkinso said:Sorry I forgot to say earlier.
In order to remove the 023 sevices with the missing files.
Click start/run and type "services.msc" without the quotes.
This will open the services window. Find the services, and click on them, and select stop if they are running, then change the startup type to disabled.
Regards Howard
thanks, i'll try that now, I'm at work with nothing to do so I can work on it all day, haha
howard_hopkinso
Posts: 21,238 +17
Looks fine now.
Regards Howard :grinthumb
Regards Howard :grinthumb
- Status
