Tarun

I like Simon's and Martin L's third one.

I think the EazyShare.com domain expired.

HTML instead of code. It's your friend.

Generated by Tarun's HijackThis Converter v0.44 Beta. Default-color items are optional, red are known to be malicious. Created registry value R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com Created extra registry value where only one should be R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) Change in prefs.js of Netscape 7.x N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\default\4e33cqua.slt\prefs.js) Enumeration of existing IE's toolbars O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing) O3 - Toolbar: SuperBar - {FD020830-9D53-4DE4-8739-DB020258D684} - C:\Program Files\SUPERBAR\SUPERBAR1.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing) Enumeration of suspicious auto-loading registry entries O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe" Extra IE context menu items O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html Extra "Tools" menu items and buttons O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm Changing of IERESET.INF O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople Downloaded Program Files item O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\fp6q03j5e.dll Enumeration of NT Services O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe (file missing) O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing) O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing) O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe (file missing)

Easy there champ. Take note of these items. The date you posted the rules. The date some of these posts were made, such as this one. "Nov 27 2005, 07:05 PM"

I'm wondering which one (if any) xper would prefer to see on other sites.

sure http://www.md5summer.org/ Thank you sir!

thats not the same program... its dos based. Yep. That was why I asked.

Off topic: Got a link for that app, Digerati?

There's references to him in GW too.

Mozilla Firefox project (formerly Firebird, which was formerly Phoenix) is a redesign of Mozilla's browser component, written using the XUL user interface language and designed to be cross-platform. It includes a popup blocker, tabbed browsing, a smarter search, hassle free downloading, and improved privacy and security. Although Firefox 1.5 is not officially released until 3PM EST, 12PM PST; Lunarsoft.net did a little investigating and found the official release is already set for download. The other language builds will be released soon. Enjoy and happy surfing! Download: Firefox 1.5 (5.0MB, *.exe) | Other Systems & Languages Changelog: Release Notes Source: Lunarsoft.net

None of the buttons actually work. Http does go to wanting an email. Firefox 1.5 RC3.

Welcome Lord!

Thanks prathapml!

First refer to this thread. For a great free anti-virus for a year, get eTrust EZ Anti-Virus. That should help with the issues at hand. Also, post a HijackThis log when you're finished.

Here's a little something I whipped up after a few minutes in Photoshop. Pretty basic, can be improved. I have the PSD too. Edit: Added MSFN.ORG graphic.

Microsoft Windows Genuine Advantage program is an online validation process that enables you to verify that your copy of Windows XP is genuine (non-pirated). You are prompted to validate your copy of Windows if you request a genuine Windows download from the Microsoft Download Center or Windows Update. The WGA Plug-in for Mozilla Firefox provides the same Windows validation as the IE ActiveX control.

The initial WGA 1.0 program downloaded an ActiveX control to check the authenticity of your Windows software. Since it was an ActiveX control, only Internet Explorer (IE) users could use it. But the recent growth of Firefox has forced Microsoft to rethink their strategy. Microsoft Genuine Windows Validation process now works in Firefox and other Mozilla browsers. Firefox users can download and install the Windows Genuine Advantage validation Firefox plug-in - WGAPluginInstall.exe available on Microsoft's website to complete the Windows validation process. Does this mean that soon we may be able to use Windows Update through Firefox itself? At this time Microsoft still wants people to use Internet Explorer. This WGAPlugin for Firefox could be a taste of what's to come. Perhaps in due time we will be able to update Windows using Firefox instead of Internet Explorer, but we can only hope. Download: Windows Genuine Advantage Plugin for Firefox Source: Lunarsoft.net

Install my Anti-Malware Pro package on his machine.

Planet Sony Rootkit Infections: USA Europe Asia

Generated by Tarun's HijackThis Converter v0.44 Beta. Default-color items are optional, red are known to be malicious. You have a malicious running process, it is a virus/worm: C:\WINDOWS\lsass.exe Note: lsass.exe also relates to the Windang.worm, irc.ratsou.b, Webus.B, MyDoom.L, Randex.AR, Nimos.worm which spread via floppy disk drives, mass-mailing and peer-to-peer sharing. Please review file path for clarification of this. Created registry value R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html Changed registry value R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial Created registry value R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com Enumeration of existing IE's BHO's O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll Enumeration of suspicious auto-loading registry entries O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Extra IE context menu items O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 Extra "Tools" menu items and buttons O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe Downloaded Program Files item O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab Domain hijack O17 - HKLM\System\CCS\Services\Tcpip\..\{30DB7401-E150-4495-ACA3-E45B1F6517FE}: NameServer = 151.164.1.8 206.13.28.12 Enumeration of existing protocols and filters O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) Enumeration of NT Services O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe Ctrl Alt Delete and kill lsass.exe, then navigate to C:\Windows and delete the lsass.exe. If it refuses to delete, you can use HijackThis to delete it by going to Config... Misc Tools, Delete a file on reboot... You will also want to Delete an NT service... and follow the directions for deletion.

No need to apologize, it's quite understandable. It's funny how they really sock it to eBaums, yet are also being informative at the same time.

Don't worry, that's normal for P4's.

Look closer. You can make any kind of button there.

http://kalsey.com/tools/buttonmaker/ I figured they'd want something more custom and advanced than that though.