Hello,
My computer (Sony Vaio/Windows XP) is majorly disturbed. On the night it last worked I noticed it took several minutes to shut down. The next morning nothing would work. When I click on a program, the hourglass appears for less than a minute, then goes away, then nothing. I cannot even shut it down properly.
A friend tinkered it with one night at which point I was able to start the mbam scanner, but it froze before it finished. Haven't been able to open it since.
Is there any information I can give you to help determine if this is malicious code, and if so any suggestions?
Thanks,
Mindy
Full Version: [Resolved] Malware Suspected, But Not Sure.
Suggest A Fix PC Support Forums > Security > Malicious Code: Viruses, Trojans, Spyware and Browser HiJacking
Welcome to SAF, Mindy.
Can you get HijackThis to run? You can read about HijackThis in this tutorial. Post the log file it generates.
If you have a clean USB/flash drive handy, you could try downloading the MBAM setup file to it, then installing MBAM on the flash drive itself. Do this on a known clean computer, then transfer the drive over to affected computer and try running it from the flash drive.
Can you get HijackThis to run? You can read about HijackThis in this tutorial. Post the log file it generates.
If you have a clean USB/flash drive handy, you could try downloading the MBAM setup file to it, then installing MBAM on the flash drive itself. Do this on a known clean computer, then transfer the drive over to affected computer and try running it from the flash drive.
Thanks HKEd,
No, I cannot run hijack this.
I am inexperienced with flash drives- so before I run out and buy one- I want to clarify that I cannot access anything, including my drives. Is it possible to run a program from a flash drive when you can't access any of your drives?
Thanks again,
Mindy
No, I cannot run hijack this.
I am inexperienced with flash drives- so before I run out and buy one- I want to clarify that I cannot access anything, including my drives. Is it possible to run a program from a flash drive when you can't access any of your drives?
Thanks again,
Mindy
Hi Mindy...if Windows will not load, using MBAM is not an option. A flash drive won't help.
Can you let me know what make and model of computer it is. Also, do you have a full XP CD or a recovery disk from the manufacturer?
What exactly happens when you turn on the computer?
Can you let me know what make and model of computer it is. Also, do you have a full XP CD or a recovery disk from the manufacturer?
What exactly happens when you turn on the computer?
Hi again Ed,
It is a Sony Vaio, and I do have the Vaio recovery cd's. I might even have the XP cd- need to check on that.
When I turn on the computer, Windows does seem to load. The desktop appears to be normal, only none of the programs will run. When I said I couldn't access the drives, I meant that when I click on the C drive icon for example, the hourglass appears, then disappears, and nothing happens. Sorry for any confusion in my descriptions- my ignorance is revealed!
Actually right now I can view the C drive contents. I am able to open the folders as well.
And I just tried a flash drive. When I click on 'Memory Stick (D:)' I get the "Insert disk" message, despite the disk being inserted and the light coming on.
Just tried hijack this again. It opened, and I was able to start the "do a system scan and save a logfile". But it stopped at "04- registry & start menu autoruns..." If I click on anything I get "this action cannot be completed because the other application is busy..."
Thanks and bye for now,
Mindy
It is a Sony Vaio, and I do have the Vaio recovery cd's. I might even have the XP cd- need to check on that.
When I turn on the computer, Windows does seem to load. The desktop appears to be normal, only none of the programs will run. When I said I couldn't access the drives, I meant that when I click on the C drive icon for example, the hourglass appears, then disappears, and nothing happens. Sorry for any confusion in my descriptions- my ignorance is revealed!
Actually right now I can view the C drive contents. I am able to open the folders as well.
And I just tried a flash drive. When I click on 'Memory Stick (D:)' I get the "Insert disk" message, despite the disk being inserted and the light coming on.
Just tried hijack this again. It opened, and I was able to start the "do a system scan and save a logfile". But it stopped at "04- registry & start menu autoruns..." If I click on anything I get "this action cannot be completed because the other application is busy..."
Thanks and bye for now,
Mindy
Hi Mindi...will HijackThis run in safe mode? Restart the computer and tap the F8 key repeatedly as it boots. You should get a boot menu where you can select Safe Mode from the list of options using the arrow keys. Press Enter. If you haven't been in safe mode previously, don't worry if it all looks quite different. The icons will be bigger and there is no wallpaper.
See if you can access the drives and open programs there.
See if you can access the drives and open programs there.
Good morning Ed,
After I select safe mode a blue screen very briefly appears- 'windows has detected a problem...' followed by a few more paragraphs I can't read quickly enough. Then it begins restarting and after I tap F8 a different boot menu appears. It suggests that I select 'last good configuration' for certain criteria, or that I 'reboot windows normally'. If I select Safe Mode again, the cycle repeats.
After I select safe mode a blue screen very briefly appears- 'windows has detected a problem...' followed by a few more paragraphs I can't read quickly enough. Then it begins restarting and after I tap F8 a different boot menu appears. It suggests that I select 'last good configuration' for certain criteria, or that I 'reboot windows normally'. If I select Safe Mode again, the cycle repeats.
Have you tried 'Last Known Good Configuration'?
Yes, I have now- but still cannot access the flash drive. Was able to open windows media player but not use it.
Was able to start the MBAM scan, but it froze about half way through. Avast alerted me to Win32:Trojan-gen{other} and I moved it to chest as recommended. MBAM showed 0 objects infected until it froze.
Was able to start the MBAM scan, but it froze about half way through. Avast alerted me to Win32:Trojan-gen{other} and I moved it to chest as recommended. MBAM showed 0 objects infected until it froze.
Trojan.Gen could be anything. Do you remember where Avast found the infection?
See if you can get RSIT to run: Download RSIT to the desktop and run it there. Post the logs it generates.
See if you can get RSIT to run: Download RSIT to the desktop and run it there. Post the logs it generates.
Hi again, Avast found it in a temp folder, but that's all I can remember.
I cannot access the internet from there, but I did find RSIT (probably outdated) on the desktop. It gets stuck on Writing header information. Then the desktop disappears until I power it off and back on.
In a nutshell,
I cannot access the internet to download anything.
I cannot run anything that's already there.
The flash drive is not recognized.
Yikes!
I cannot access the internet from there, but I did find RSIT (probably outdated) on the desktop. It gets stuck on Writing header information. Then the desktop disappears until I power it off and back on.
In a nutshell,
I cannot access the internet to download anything.
I cannot run anything that's already there.
The flash drive is not recognized.
Yikes!
Yikes indeed! Looks like it's time to bite the bullet and reinstall XP.
Are there any files that you need to recover? What I'm thinking is to make a Linux DVD on a clean computer, then boot with it to access the hard drive. You should be able to backup any needed data.
Are there any files that you need to recover? What I'm thinking is to make a Linux DVD on a clean computer, then boot with it to access the hard drive. You should be able to backup any needed data.
Hi HKEd,
I'm traveling- without the dysfunctional laptop of course- for a couple weeks. Is the backup & reinstall something you can help with when I return, or do I need to find a different forum?
Thanks for all your help so far- I really appreciate it!
Mindy
I'm traveling- without the dysfunctional laptop of course- for a couple weeks. Is the backup & reinstall something you can help with when I return, or do I need to find a different forum?
Thanks for all your help so far- I really appreciate it!
Mindy
I should be able to help with that, Mindy. If there's anything beyond my scope of experience, I'll ask someone else to advise.
Post back when you're ready.
Post back when you're ready.
Well I certainly won't refuse your offer to help!
I have access to clean computers daily, so maybe you could get me started on making a Linux DVD?
I have access to clean computers daily, so maybe you could get me started on making a Linux DVD?
You need to install ImgBurn first.
Once that's installed, download Knoppix from here. It's all in German, so I'll walk you through it:
Click on Download, then on the Knoppix Mirrors page, scroll down to the bottom of the page and click on the Purdue University link. On the next page, click on 'Akzeptieren', then click on KNOPPIX_V5.1.0CD-2006-12-30-EN.iso, 7th line from the top. Download the file to the desktop, pop a new DVD blank in the drive and click on the downloaded file. ImgBurn will handle the rest.
Once that's installed, download Knoppix from here. It's all in German, so I'll walk you through it:
Click on Download, then on the Knoppix Mirrors page, scroll down to the bottom of the page and click on the Purdue University link. On the next page, click on 'Akzeptieren', then click on KNOPPIX_V5.1.0CD-2006-12-30-EN.iso, 7th line from the top. Download the file to the desktop, pop a new DVD blank in the drive and click on the downloaded file. ImgBurn will handle the rest.
Hi Ed, I'm back in town, and ready for the next step when you have a chance...
thanks again,
Mindy
thanks again,
Mindy
Hi Mindy...put the Knoppix CD in the drive and restart the computer. Wait until all the icons have loaded on the desktop. The drive icons will be there as well. Click on each and familiarise yourself with what's what. Attach the USB drive you have for backups and see if you can copy/paste files freely.
If you encounter a problem, right-click on sda2 (or whatever the USB drive is) and select 'Change read/write mode'. You'll get this message: "Do you really want to change the partition to be writable?". Click Yes.
Let me know how that goes.
If you encounter a problem, right-click on sda2 (or whatever the USB drive is) and select 'Change read/write mode'. You'll get this message: "Do you really want to change the partition to be writable?". Click Yes.
Let me know how that goes.
So far so good...
By the way, is it an option to install Linux rather than XP?
By the way, is it an option to install Linux rather than XP?
QUOTE
By the way, is it an option to install Linux rather than XP?
You mean to format the laptop and install Linux instead of XP? Sure.
You could also reinstall XP, then add a Linux distro like Ubuntu, making it a dual-boot machine. When you start the computer, you get a menu offering either XP or Ubuntu (that's what I have, but I don't often boot to Ubuntu as it completely screwed up my Firefox bookmarks last time).
The dual-boot option sounds good, thanks.
Turns out I do not have an XP disc though. Hope the Vaio recovery discs are enough...
I've finished backing up files, so ready when you are...
Turns out I do not have an XP disc though. Hope the Vaio recovery discs are enough...
I've finished backing up files, so ready when you are...
The Vaio recovery disks should reinstall XP and whatever else is needed. It should just be a case of putting the recovery CD in the drive and restarting the computer. Should be menu-driven from there.
Once XP is up and running, we can look at installing Ubuntu. I'm not sure Ubuntu is the best of the Linux distros, but it's real easy to install within XP.
Is your hard drive divided into partitions?
Once XP is up and running, we can look at installing Ubuntu. I'm not sure Ubuntu is the best of the Linux distros, but it's real easy to install within XP.
Is your hard drive divided into partitions?
Yes, the hard drive is divided into sda1 and sda2.
Presumably that's C: and D: in XP.
I just wanted to check as it would better to install Ubuntu on D:. If the drive wasn't partitioned, there would be an option for you to do so during XP setup. No worries.
Let me know how the XP reinstall goes.
I just wanted to check as it would better to install Ubuntu on D:. If the drive wasn't partitioned, there would be an option for you to do so during XP setup. No worries.
Let me know how the XP reinstall goes.
Uh oh. "Error 262 occurred when restoring the system. Cannot continue."
And when restarting:
PXE-E61: Media test failure, check cable
PXE-M0F: Exiting PXE ROM
invlaid partition table
And when restarting:
PXE-E61: Media test failure, check cable
PXE-M0F: Exiting PXE ROM
invlaid partition table
Could be a hardware problem, but try cleaning the recovery CD first.
What model Vaio is it?
What model Vaio is it?
It's a VGN-FJ270.
Tried cleaning the CD but it's still saying Invalid partition table.
The previous owner included two DVD's that appear to be recovery discs that he created or burned. I could try those tomorrow.
Tried cleaning the CD but it's still saying Invalid partition table.
The previous owner included two DVD's that appear to be recovery discs that he created or burned. I could try those tomorrow.
I didn't see your edit above before posting.
The PXE error could mean hard drive failure. Can you check the BIOS (press Del of F12 or whatever the boot screen shows to enter Setup). See if the hard drive is set to boot first. Change it to the CD drive if you can. If you're not sure of what you're doing, post what you see.
Also, try removing the battery and run it off the mains.
The PXE error could mean hard drive failure. Can you check the BIOS (press Del of F12 or whatever the boot screen shows to enter Setup). See if the hard drive is set to boot first. Change it to the CD drive if you can. If you're not sure of what you're doing, post what you see.
Also, try removing the battery and run it off the mains.
Yes, the hard drive is set to boot first, but it won't let me select optical drive.
Tried removing the battery but still receiving PXE errors.
Tried removing the battery but still receiving PXE errors.
Hi Mindy...can you still boot to Knoppix?
Looking back over this thread, it may have been a hardware problem all along.
Do you know if the hard drive file system is NTFS of FAT32? There may be a way of fixing the partition table in Knoppix, but I'm getting out of my depth here.
I'm best man at my friend's wedding today, so I won't be able to get back to you until tomorrow.
Looking back over this thread, it may have been a hardware problem all along.
Do you know if the hard drive file system is NTFS of FAT32? There may be a way of fixing the partition table in Knoppix, but I'm getting out of my depth here.
I'm best man at my friend's wedding today, so I won't be able to get back to you until tomorrow.
Hi Ed,
No, I can no longer boot to Knoppix. Unless there's a way other than placing the cd in the drive and starting the computer.
Not sure about the file system.
It seems to be running hotter than usual. Maybe it's toast!
Anyway, hope you enjoy the wedding. Til tomorrow....
Mindy
No, I can no longer boot to Knoppix. Unless there's a way other than placing the cd in the drive and starting the computer.
Not sure about the file system.
It seems to be running hotter than usual. Maybe it's toast!
Anyway, hope you enjoy the wedding. Til tomorrow....
Mindy
It looks like the hard drive is indeed toast.
I'll ask one of our hardware guys to have a look at this thread for a second opinion.
I'll ask one of our hardware guys to have a look at this thread for a second opinion.
hi mindy
not good news i'm afraid. if y'all can't access bios to set the cd drive to boot first and the cd drive and hard drive are giving errors i'd have to say the connections between the drives and motherboard are flakey tho unlikely that both would fail simultaneously or both drives, hard drive and cd drive, have failed, equally unlikely. i'd have to suspect the mother board as the problem.
not good news i'm afraid. if y'all can't access bios to set the cd drive to boot first and the cd drive and hard drive are giving errors i'd have to say the connections between the drives and motherboard are flakey tho unlikely that both would fail simultaneously or both drives, hard drive and cd drive, have failed, equally unlikely. i'd have to suspect the mother board as the problem.
Well shucks!
Thanks for the assessment.
And Ed, thanks for all of your help, I really do appreciate it.
Take care,
Mindy
Thanks for the assessment.
And Ed, thanks for all of your help, I really do appreciate it.
Take care,
Mindy
At least you managed to retrieve your data. Small comfort, I know, but I think losing my files would be worse than losing the computer.
It may be repairable. This user guide for that 262 error suggests that any decent technician could fix it.
It may be repairable. This user guide for that 262 error suggests that any decent technician could fix it.
Thanks Ed, you're right- I'm glad to have backed up my files. As you can probably tell this is the first computer I've ever owned and hadn't considered that one day it might abruptly not work. Not the best timing, as I've lost my job thanks to our current state of corporate fascism. The time I need it most is the time I can't afford to have it repaired!
Again, thanks for trying to get it up and running. You and this website are a great resource. And thanks for the link- I'll keep it on hand for future reference....
Mindy
Again, thanks for trying to get it up and running. You and this website are a great resource. And thanks for the link- I'll keep it on hand for future reference....
Mindy
You're welcome, Mindy.
I'll close this thread and mark it resolved. If you need it reopened for any reason, please PM a moderator.
I'll close this thread and mark it resolved. If you need it reopened for any reason, please PM a moderator.
Thread reopened at Mindy's request.
Hi Mindy...what happens when you try to boot from the Vaio CD? Do you get a Repair option?
QUOTE
Turns out I can boot from cd (just figured out all I needed to do was move it to top of list) and now can boot from the Knoppix disc. Maybe it's not a Major Malfunction after all!
Hi Mindy...what happens when you try to boot from the Vaio CD? Do you get a Repair option?
Hi Ed, Thanks for reopening...
I am getting the same two PXE errors and invalid partition table message with the recovery cd's.
I am getting the same two PXE errors and invalid partition table message with the recovery cd's.
Hi Mindy...at what stage of the boot process do you get the errors?
When you see the initial BIOS screen, press the F10 key repeatedly. That may allow you to boot from the hidden Vaio recovery partition.
When you see the initial BIOS screen, press the F10 key repeatedly. That may allow you to boot from the hidden Vaio recovery partition.
Hi Ed,
The errors occur just after the Vaio splash screen. There are only six lines total:
Intel UNDI, PXE-2.0 (build 082)
Copywright etc
For Realtek RTL8139etc... PCI Fast Ethernet Controller v2.12....
PXE-E61 Media test failure, check cable
PXE-M0F: Exiting PXE ROM
Invalid partition table_
I can't figure out how to access the hidden recovery partition. Once I am in BIOS, F10 just brings me to save and exit. I've tried the other Function keys, and I've tried F10 at earlier stages only to hear a beep. It very well could be that I just don't know what I'm doing. Does it sound like I'm missing something?
The errors occur just after the Vaio splash screen. There are only six lines total:
Intel UNDI, PXE-2.0 (build 082)
Copywright etc
For Realtek RTL8139etc... PCI Fast Ethernet Controller v2.12....
PXE-E61 Media test failure, check cable
PXE-M0F: Exiting PXE ROM
Invalid partition table_
I can't figure out how to access the hidden recovery partition. Once I am in BIOS, F10 just brings me to save and exit. I've tried the other Function keys, and I've tried F10 at earlier stages only to hear a beep. It very well could be that I just don't know what I'm doing. Does it sound like I'm missing something?
Hi Mindy...
I meant for you to tap F10 as the computer starts, not when in the BIOS.
It may be that the CMOS battery needs replacing. That's the dime-sized battery on the motherboard. Opening a laptop is not something I'd try though. Best to bring it to a local computer shop.
Hardware is not my forte. If you can't get F10 to work, I suggest you start a new thread in the Hardware forum for better advice.
QUOTE
Once I am in BIOS, F10 just brings me to save and exit.
I meant for you to tap F10 as the computer starts, not when in the BIOS.
It may be that the CMOS battery needs replacing. That's the dime-sized battery on the motherboard. Opening a laptop is not something I'd try though. Best to bring it to a local computer shop.
Hardware is not my forte. If you can't get F10 to work, I suggest you start a new thread in the Hardware forum for better advice.
Hi again Ed, this is my second reply. Please also see previous post.
In trying to learn more about Vaio recovery I stumbled upon a link to this update from Sony eSupport. I did not receive the error mentioned but am wondering if you think the DMI information disappearing might be relevant here. My BIOS version is R0090X6.
"This utility updates the BIOS to version R0140X6 and provides the following benefits:
* Improves thermal fan control.
* Resolves an issue where the VAIOŽ startup sound is too loud.
* Resolves an issue where it is not possible to perform a System Recovery due to the computer's DMI information disappearing. The computer will display an error message indicating that the software is not for the computer."
Also, is connecting to the internet when booting from Knoppix something you can help me with? I'm presently at a friend's house where there is an AirPort base station. I can get as far as finding his wireless network but can't connect. I am trying to learn via Knoppix help and other forums, etc, and not making much progress.
In trying to learn more about Vaio recovery I stumbled upon a link to this update from Sony eSupport. I did not receive the error mentioned but am wondering if you think the DMI information disappearing might be relevant here. My BIOS version is R0090X6.
"This utility updates the BIOS to version R0140X6 and provides the following benefits:
* Improves thermal fan control.
* Resolves an issue where the VAIOŽ startup sound is too loud.
* Resolves an issue where it is not possible to perform a System Recovery due to the computer's DMI information disappearing. The computer will display an error message indicating that the software is not for the computer."
Also, is connecting to the internet when booting from Knoppix something you can help me with? I'm presently at a friend's house where there is an AirPort base station. I can get as far as finding his wireless network but can't connect. I am trying to learn via Knoppix help and other forums, etc, and not making much progress.
Sorry, didn't see your reply before I posted the previous one. You can disregard.
I had first tried F10 when the computer started- that's when I heard the beeping. Indeed F10 does not appear to be working, so I'll try the hardware forum as suggested. Thanks for the input.
And I'll post my internet question on a different forum as well.
Thanks again for all of your help- take care,
Mindy
I had first tried F10 when the computer started- that's when I heard the beeping. Indeed F10 does not appear to be working, so I'll try the hardware forum as suggested. Thanks for the input.
And I'll post my internet question on a different forum as well.
Thanks again for all of your help- take care,
Mindy
Good news Ed- it was just recovery disc failure, which Surfer from the hardware forum says is not uncommon. (I'm sorry about throwing things off track when I thought the computer would not boot from disc. And thanks again for helping me get this far.) I'm posting a few questions and a couple logs here, but of course let me know if I should start a new thread...
So Windows is up and running (!) - if there was malicious code to begin with, would the recovery process wipe everything out? Anything you recommend doing post-recovery?
Also, I installed the aol free 6 month trial, not before reading about the increased vulnerability to malware that comes with that. Do you know anything about that? Does it make a difference that I browse with firefox? I really don't have the money for internet right now, but if this is true I'm thinking I better uninstall it and just stick with public wireless spots for my job searching.
Avira has alerted me to detections even when I'm not connected to the internet, but they mostly point to aol files, i.e.:
Virus or unwanted program 'ADSPY/AdSpy.Gen [adware]'
detected in file 'C:\Program Files\Common Files\AOL\1255911344\ee\services\browser\ver1_1_2000\uninst.exe.
Action performed: Deny access
I've run MBAM and HJT, and the logs follow:
Malwarebytes' Anti-Malware 1.41
Database version: 3037
Windows 5.1.2600 Service Pack 2
10/26/2009 2:20:26 PM
mbam-log-2009-10-26 (14-20-26).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 133610
Time elapsed: 28 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:05 PM, on 10/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\1255911344\ee\AOLHostManager.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\AOL\1255911344\ee\AOLServiceHost.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HobonickelThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1255911344\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O17 - HKLM\System\CCS\Services\Tcpip\..\{81675818-C795-4D56-8CD9-229A8D265339}: NameServer = 205.188.146.145
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 9965 bytes
So Windows is up and running (!) - if there was malicious code to begin with, would the recovery process wipe everything out? Anything you recommend doing post-recovery?
Also, I installed the aol free 6 month trial, not before reading about the increased vulnerability to malware that comes with that. Do you know anything about that? Does it make a difference that I browse with firefox? I really don't have the money for internet right now, but if this is true I'm thinking I better uninstall it and just stick with public wireless spots for my job searching.
Avira has alerted me to detections even when I'm not connected to the internet, but they mostly point to aol files, i.e.:
Virus or unwanted program 'ADSPY/AdSpy.Gen [adware]'
detected in file 'C:\Program Files\Common Files\AOL\1255911344\ee\services\browser\ver1_1_2000\uninst.exe.
Action performed: Deny access
I've run MBAM and HJT, and the logs follow:
Malwarebytes' Anti-Malware 1.41
Database version: 3037
Windows 5.1.2600 Service Pack 2
10/26/2009 2:20:26 PM
mbam-log-2009-10-26 (14-20-26).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 133610
Time elapsed: 28 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:05 PM, on 10/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\1255911344\ee\AOLHostManager.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\AOL\1255911344\ee\AOLServiceHost.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HobonickelThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1255911344\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O17 - HKLM\System\CCS\Services\Tcpip\..\{81675818-C795-4D56-8CD9-229A8D265339}: NameServer = 205.188.146.145
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 9965 bytes
Hi Mindy...good to hear your computer is up and running again.
If you performed a format (wiping the hard drive clean), then everything is gone, including any malware that may have been lurking.
You need to install all critical updates from Microsoft for SP2. It's up to you whether or not you install SP3 - I haven't and never will. I like things as they are.
Once that's done, post back and I'll recommend a few programs to add to your security.
EDIT - Don't know anything about AOL.
QUOTE
if there was malicious code to begin with, would the recovery process wipe everything out?
If you performed a format (wiping the hard drive clean), then everything is gone, including any malware that may have been lurking.
QUOTE
Anything you recommend doing post-recovery?
You need to install all critical updates from Microsoft for SP2. It's up to you whether or not you install SP3 - I haven't and never will. I like things as they are.
Once that's done, post back and I'll recommend a few programs to add to your security.
EDIT - Don't know anything about AOL.
Okay, the critical updates are installed. I'm with you - I'll be staying with SP2.
And I have no choice but to 86 AOL, as my friends are ostracizing me for installing it in the first place (deservedly so).
And I have no choice but to 86 AOL, as my friends are ostracizing me for installing it in the first place (deservedly so).
Run HijackThis and click on 'Do a system scan only'. Put a checkmark in the box next to this line:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Click on 'Fix checked' and close HijackThis.
Locate Alcmtr.exe and rename it to Alcmtr.OLD. It's a file from Realtek, the sound card makers, that is used to gather info about customers. Renaming the file will not affect your sound in any way.
Do you use a router to connect to the internet? If not, you should consider installing a firewall. The Windows firewall is no good. ZoneAlarm is free and good.
Also install Spyware Blaster. It's a passive program that blocks Active-X based malware. You won't notice it at all.
Use Firefox exclusively. I have never had any infection using Firefox. It's much safer than IE.
Keep Malwarebytes, update it and scan regularly.
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Click on 'Fix checked' and close HijackThis.
Locate Alcmtr.exe and rename it to Alcmtr.OLD. It's a file from Realtek, the sound card makers, that is used to gather info about customers. Renaming the file will not affect your sound in any way.
Do you use a router to connect to the internet? If not, you should consider installing a firewall. The Windows firewall is no good. ZoneAlarm is free and good.
Also install Spyware Blaster. It's a passive program that blocks Active-X based malware. You won't notice it at all.
Use Firefox exclusively. I have never had any infection using Firefox. It's much safer than IE.
Keep Malwarebytes, update it and scan regularly.
Thanks,
The closest I can find is ALCMTR.EXE-354B51CE.pf. Should I rename this?
The closest I can find is ALCMTR.EXE-354B51CE.pf. Should I rename this?
No...that's a Prefetch file.
Are all hidden files and folders showing? Probably not after a fresh install. Open My Computer > Tools menu > Folder Options > View tab > 'Show Hidden Files and Folders' > Apply > OK. Look for the file in C:\Windows and rename it.
Are all hidden files and folders showing? Probably not after a fresh install. Open My Computer > Tools menu > Folder Options > View tab > 'Show Hidden Files and Folders' > Apply > OK. Look for the file in C:\Windows and rename it.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.