I'm not sure what the problem is, but I need help.
4Nmissile
New
Hello. I'm not quite sure what got into my laptop. I get a strange pop up at start up everytime now. I just got whatever it is tonight. I tried to clean up my laptop using Spybot, Spider and I loaded up Zone Alarm to stop anything else. (I just wish I had loaded it up a little earlier) I've get three applications (.exe's) in my C drive now that I can't delete. I can rename them just not delete them. I ran a hijackthis scan but for some reason when I select save log it won't open up a window to save the file. I will try it again, but if it does not do it I will try and type in the list here manually.
Here is the list. I have not been able to save the file as a log so I will type this all manually. Please note that there may be typing errors, but I have gone over this post thoroughly.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO:AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~\COMMON~1\{30790~1\Bar888.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{30790~1\Bar888.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE]C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\jogServ2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKLM\..\Run: [adirka] C:\WINDWOS\System32\adirka.exe
O4 - Global Startup: Adobe Gamma Loader.exe.Ink = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft office.Ink = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.Ink = ?
O4 - Global Startup: Real-time Monitor.Ink = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95c95fe080-8f5d-11d2a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdowvw.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173286572199
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173286562104
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O21 - SSODL: MKxbu - 5079092B-FAD3-A381-978D-DB4671D28767} - C:\WINDOWS\System32\fp.dll
O23 - Service: Microsoft ASPI Manager - Unknown - C:\WINDOWS\System32\aspi283403.exe
O23 - Service: Ati HotKay Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Client IP-IPX - Unknown - C:\WINDOWS\System32\svchosts.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Here is the list. I have not been able to save the file as a log so I will type this all manually. Please note that there may be typing errors, but I have gone over this post thoroughly.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO:AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~\COMMON~1\{30790~1\Bar888.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{30790~1\Bar888.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE]C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\jogServ2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKLM\..\Run: [adirka] C:\WINDWOS\System32\adirka.exe
O4 - Global Startup: Adobe Gamma Loader.exe.Ink = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft office.Ink = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.Ink = ?
O4 - Global Startup: Real-time Monitor.Ink = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95c95fe080-8f5d-11d2a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdowvw.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Unknown file in Winsock LSP: c:\windwos\system32\jzxowprct.dll
O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173286572199
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173286562104
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O21 - SSODL: MKxbu - 5079092B-FAD3-A381-978D-DB4671D28767} - C:\WINDOWS\System32\fp.dll
O23 - Service: Microsoft ASPI Manager - Unknown - C:\WINDOWS\System32\aspi283403.exe
O23 - Service: Ati HotKay Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Client IP-IPX - Unknown - C:\WINDOWS\System32\svchosts.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
This discussion has been closed.
Comments
I must warn that one or more of the identified infections is a backdoor trojan
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.
I can help you in the cleaning if you don't want to reformat but there is a possibility that we can't get you 100% clean.
Please let us know what you have decided to do in your next post.
Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Spyware & Virus Removal Forum
If you wish this topic reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead