|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 Please analyze this, URGENT!!!!(Click here to view the original thread with full colors/images)Posted by: crueltrit Logfile of HijackThis v1.99.1 Scan saved at 11:14:19 AM, on 01/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\SONY\sHotKey\sHotKey.exe C:\WINDOWS\System32\ezSP_Px.exe C:\program files\support.com\client\bin\tgcmd.exe C:\WINDOWS\AGRSMMSG.exe D:\Programs\Spyware Doctor\Spyware Doctor\swdoctor.exe D:\Programs\Ad-Awre SE Pro\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Sony\Shared Plug Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe D:\Programs\Spyware Doctor\Spyware Doctor\sdhelp.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\System32\svchost.exe D:\Programs\Mozilla\FIREFOX\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.sony.com/vaiopeople[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.sony.com/vaiopeople[/url] R3 - URLSearchHook: (no name) - {E8A0B27D-0E9C-7732-C0F8-7A222AF87C94} - C:\WINDOWS\system32\xtth.dll (file missing) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,fsscdwv.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\Programs\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - C:\WINDOWS\system32\fontextb.dll (file missing) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00403} - C:\WINDOWS\system32\fontextc.dll (file missing) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00405} - C:\WINDOWS\fontexte.dll (file missing) O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programs\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\Programs\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100407} - C:\WINDOWS\system32\d3dxofa.dll O2 - BHO: (no name) - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - C:\WINDOWS\admparsez.dll O2 - BHO: (no name) - {E8A0B27D-0E9C-7732-C0F8-7A222AF87C94} - C:\WINDOWS\system32\xtth.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programs\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe O4 - HKCU\..\Run: [Spyware Doctor] "D:\Programs\Spyware Doctor\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [AWMON] "D:\Programs\Ad-Awre SE Pro\Ad-Aware SE Professional\Ad-Watch.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Programs\Adobe Acrobat 8 Pro\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: Append to existing PDF - res://D:\Programs\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programs\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programs\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programs\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programs\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programs\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programs\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programs\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\g1354078.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\g1354078.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\g1354078.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\g1354078.dll O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\g1354078.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O15 - Trusted Zone: [url]http://locator.cdn.imageservr.com[/url] O15 - Trusted Zone: [url]http://scanner.sysprotect.com[/url] O15 - Trusted Zone: [url]http://*.systemdoctor.com[/url] O15 - Trusted IP range: [url]http://202.67.220.225[/url] O15 - Trusted IP range: [url]http://59.148.220.121[/url] O15 - Trusted IP range: [url]http://62.4.84.53[/url] O15 - Trusted IP range: [url]http://82.98.235.58[/url] O15 - Trusted IP range: [url]http://85.12.25.90[/url] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153073609062[/url] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: ajauyyrjbktm - C:\WINDOWS\system32\ajauyyrjbktm.dll O20 - Winlogon Notify: h618 - C:\WINDOWS\g22893687.dll (file missing) O20 - Winlogon Notify: h619 - C:\WINDOWS\g1354078.dll O20 - Winlogon Notify: h61È - C:\WINDOWS\g1354078.dll O20 - Winlogon Notify: sunqhuldrqfv - C:\WINDOWS\system32\sunqhuldrqfv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Programs\Spyware Doctor\Spyware Doctor\sdhelp.exe O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing) O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing) O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing) O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing) O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing) O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe Posted by: Warez Monster what problems you having? remove these: R3 - URLSearchHook: (no name) - {E8A0B27D-0E9C-7732-C0F8-7A222AF87C94} - C:\WINDOWS\system32\xtth.dll (file missing) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,fsscdwv.exe O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - C:\WINDOWS\system32\fontextb.dll (file missing) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00403} - C:\WINDOWS\system32\fontextc.dll (file missing) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00405} - C:\WINDOWS\fontexte.dll (file missing) O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100407} - C:\WINDOWS\system32\d3dxofa.dll O2 - BHO: (no name) - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - C:\WINDOWS\admparsez.dll O2 - BHO: (no name) - {E8A0B27D-0E9C-7732-C0F8-7A222AF87C94} - C:\WINDOWS\system32\xtth.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\g1354078.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O20 - Winlogon Notify: ajauyyrjbktm - C:\WINDOWS\system32\ajauyyrjbktm.dll O20 - Winlogon Notify: h618 - C:\WINDOWS\g22893687.dll (file missing) O20 - Winlogon Notify: h619 - C:\WINDOWS\g1354078.dll O20 - Winlogon Notify: h61È - C:\WINDOWS\g1354078.dll O20 - Winlogon Notify: sunqhuldrqfv - C:\WINDOWS\system32\sunqhuldrqfv.dll you may need to go thru my guide Posted by: crueltrit most of these files i cannot delete because it says that "access is denied. make sure the disk is not full or write protected and that the file is not currently in use." Some problems I am having: - Sometimes windows doesnt recognize my password in login - Internet Explorer pop-ups always happen when system is idle - Sytem CPU usage seems to increase when its idle - My computer has seriously slowed down I am a pretty tech savvy guy so I have already fixed some problems. But now I dont know what to do. I have scanned my computer severl times etc. Please do advise as to how i can delete these files and solve my problems!!! Posted by: Warez Monster you may need to boot into safe mode did you go thru my guide yet? Posted by: crueltrit yes i went through your guide. I have pretty much alredy done most of that stuff myself. SOme more problems are that my computer seems to restart by itself sometimes and then the next time it boots it tells me that winlogon.exe had had an unexpected error. Please help!!! Posted by: Warez Monster well you didnt uninstall viewpoint yet so you need to uninstall that or delete the program files directory...... did you try safemode yet? vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |