spywareno again and hjt log- ping bambam

[Lizard]

here is the hjt log. thanks for everyones input.

maybe someone can find the culprit

tia

Logfile of HijackThis v1.99.1
Scan saved at 9:04:56 PM, on 13 Feb 2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn
\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform
\UPnPFramework.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~
1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:
\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32
\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery
\PartSeal.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm
\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:
\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~
1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LOUGLUXSYDIFUUPYX - Sysinternals - www.sysinternals.com -
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LOUGLUXSYDIFUUPYX.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation
- C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files
\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program
Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program
Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files
\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:
\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-
AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated
Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer
/DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-
MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media
Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-
MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform
\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-
MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media
Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-
AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media
Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-
PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media
Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-
PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform
\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-
PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media
Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-
AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated
Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer
/DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-
VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media
Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-
VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform
\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-
VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media
Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:
\WINDOWS\system32\ZoneLabs\vsmon.exe

 

[bambam]

here is the hjt log. thanks for everyones input.

maybe someone can find the culprit

I can't see anything wrong with your log file, apart from the obvious
missing files.
I like this online hjt analyser-

http://hijackthis.de/index.php#anl

You definatly don't have the entries mentioned here-

http://forums.majorgeeks.com/showthread.php?t=65945

As a matter of interest, and as I hadn't done a scan with AdAware since the
last update, I did a scan and I also found "SpywareNo". Cleaned it and it
hasn't returned after a reboot.
Same operating system and reference file as yours.
Better be a false positive.

 

[Matt]

here is the hjt log. thanks for everyones input.

Wouln't that be best sent to a proper group?

alt.privacy.spyware

Even these guys are closer to the right group.
alt.comp.anti-virus

 

[Lizard]

thanks bambam.

i quess it is fp but still curious as to why it comes back and suddenly
showed up again. it looks like its been around for a while from reading
the wildersecurity links.

i did a hjt scan in the safe mode and it looks reveals more entries.
don't know if that is the way to use the applet tho.

at least i don't have to worry right away.

 

[jmatt]

"i did a hjt scan in the safe mode and it looks reveals more entries.
don't know if that is the way to use the applet tho"

Don't think you read my original post Lizard.
http://groups.google.com/group/alt.comp.freeware/browse_thread/thread/a47665b02ebadc89?hl=en

f you want to go down the HiJackThis path, here is the info.

Download HiJackThis, install & run to get a log file. Don't fix
anything yet.
Important: Create a specific folder on your hard drive called
HijackThis to keep its backups.
You can do this by going to My Computer (Windows key+e) then double
click on C: then right click and select New then Folder and name it
HijackThis. Download and unzip HijackThis.exe into this folder.
You then post the log file at a site provided below & it will tell you
what to fix.
http://www.merijn.org/downloads.html
http://tomcoyote.com/hjt/
Securing Your Computer: Temporarily Disable Real Time Monitoring
Programs
http://wiki.castlecops.com/Securing_Your_Computer:_Temporarily_Disabl...
Some security programs with active monitoring processes are known to
interfere with automatic scanners and can actually prevent HJT fixes
from taking effect.
Please turn off or disable any of the following programs you may have,
before running your preliminary scans and for the duration of your HJT
cleanup (should you post a log). To do disable these programs, please
follow the instructions provided in the respective sections. (After
your cleanup is complete, you should reactivate these protective
programs.) :
HJT Tutorials
http://www.bleepingcomputer.com/forums/tutorial42.html
http://www.spywareinfo.com/~merijn/htlogtutorial.html#r
http://www.spywareinfo.com/~merijn/htlogtutorial.html
http://castlecops.com/HijackThis.html

HijackThis log file analysis ( online )
http://hijackthis.de/index.php?langselect=english
Or,
http://startup.networktechs.com/page-68.html
http://hjt.iamnotageek.com/

 

[Lizard]

jmatt,
thanks, i did read it but the issue is now solved. i did the hijackthis
scan as the directions said and a few minor things showed. i turned off
some suspicious stuff in services. i got the latest adaware definitions
and ran it this morning and it didn't show anymore. i appear to be clean
now.

lizard



thanks for the help.

(e-mail address removed) wrote in

 

[Lizard]

jmatt, sorry i forgot.


i did post the hjt log i created and i liked the online analysis. it made
things clear to me an gave me the hints of what to try. i will be using
that again to keep on top of things.



(e-mail address removed) wrote in

 

[ellis_jay]

HJT question

Don't know about the Sony crap and all that but after wrestling with my
dad's virus problem this looks similar to his Cassandra virus:

Service: LOUGLUXSYDIFUUPYX - Sysinternals - www.sysinternals.com -
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LOUGLUXSYDIFUUPYX.exe


Yes I am familiar with the systeminternals program-I use it. But the exe
looks rather familar and ominous. Do a search on your computer for :
Melkosoft
greg-search
super spider
Roma here
solongas.com
win-eto.com
kita-search.com
t.swapx.cc
69.31.79.180
greg-tut.com
t34rulit.com
66.250.130.200
ccforeva.com
mig29here.com
istbar/xxxtoobar
/Sidefind

This one is nasty and hard to stop from making itself come back. Lots of
registry keys to fix. I hope my suspicions are false.





--
I don't know what's more pathetic, Jack Abramoff's sleaze or Republican
paralysis in the face of it. Abramoff walks out of a D.C. courthouse in
his pseudo-Hasidic homburg, and all that leading Republicans can do is
promise to return his money and remind everyone that some Democrats are
involved in the scandal, too.

That's a great G.O.P. talking point: some Democrats are so sleazy, they
get involved with the likes of us.

_______David Brooks


Ellis_Jay

 

[jmatt]

Lizard.
"i did post the hjt log i created and i liked the online analysis. it
made
things clear to me an gave me the hints of what to try. i will be
using
that again to keep on top of things"

Anything you are not sure of, just put the name into a search engine
like Google.