« previous next »
Pages: [1] 2 3

Author Topic: bad attack...  (Read 2435 times)

Offline yodeb9

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
bad attack...
« on: August 12, 2006, 12:17:27 PM »
Logfile of HijackThis v1.99.1
Scan saved at 10:04:13 AM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1139964437\ee\services\sscFirewallPlugin\ver1_210_2_1\aolavupd.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\program files\common files\aol\1139964437\ee\services\sscAntiSpywarePlugin\ver1_210_2_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1139964437\ee\aolssc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Debi\Local Settings\Temporary Internet Files\Content.IE5\0YK9DEL4\HijackThis[1].exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
c:\program files\common files\aol\1139964437\ee\aolsoftware.exe
C:\DOCUME~1\Debi\LOCALS~1\Temp\Rar$EX00.234\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus Photo 2200" /O6 "USB001" /M "Stylus Photo 2200"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1139964437\ee\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139964437\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O17 - HKLM\System\CCS\Services\Tcpip\..\{724689B3-0029-4F6C-A42B-77B802E854E7}: NameServer = 68.87.69.146,68.87.85.98
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\j80s0id7e80.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1139964437\ee\services\sscFirewallPlugin\ver1_210_2_1\aolavupd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logged

Offline yodeb9

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
bad attack...
« Reply #1 on: August 12, 2006, 02:56:06 PM »
also had three desktop icons pop up that I can't get rid of....try deleting and says ":access denied"
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
bad attack...
« Reply #2 on: August 12, 2006, 05:21:38 PM »
Download this file - Combofix.exe and save it too desktop

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

+REDownload Hijackthis from my signature below and save too a permanent folder of it's own onto your harddrive
ONLY run hijackthis from this new location

Post a fresh hijackthis log too please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline yodeb9

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
bad attack...
« Reply #3 on: August 13, 2006, 09:43:58 AM »
Start Time= Sun 08/13/2006  7:30:03.29
Running from: C:\Documents and Settings\Debi\Desktop
 
(((((((((((((((((((((((((((((((((((((((((((((   Look2Me's Log   ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
 

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{06F2C52B-8DC6-419D-ABAC-336488FFA126}]
@=""

[HKEY_CLASSES_ROOT\clsid\{06F2C52B-8DC6-419D-ABAC-336488FFA126}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{06F2C52B-8DC6-419D-ABAC-336488FFA126}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{06F2C52B-8DC6-419D-ABAC-336488FFA126}\InprocServer32]
@="C:\\WINDOWS\\system32\\kldno.dll"
"ThreadingModel"="Apartment"
 
 Granting sedebugprivilege to Administrators   ... successful

 
((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-12     10:41:24                       ( .D... )   "C:\Documents and Settings\Debi\Application Data\AVG7"
2006-08-12     10:41:02                       ( .D... )   "C:\Program Files\Grisoft"
2006-08-12     06:04:30                       ( .D... )   "C:\Program Files\Windows Live Safety Center"
2006-08-11     19:33:50        50912       ( A.... )   "C:\WINDOWS\iconu.exe"
2006-08-04     08:44:46                       ( .D... )   "C:\Documents and Settings\Debi\Application Data\Prevx"
2006-08-02     11:40:50                       ( .D... )   "C:\Program Files\Common Files\InterVideo"
2006-08-02     11:40:42                       ( .D... )   "C:\Program Files\InterActual"
2006-08-02     11:40:40                       ( .D... )   "C:\Program Files\Creative"
2006-08-02     11:31:48                       ( .DSH. )   "C:\Program Files\winupdates"
2006-08-02     10:33:22                       ( .D... )   "C:\Documents and Settings\Debi\Application Data\InterVideo"
2006-08-01     21:34:50                       ( .D... )   "C:\Program Files\Microsoft ActiveSync"
2006-08-01     21:34:12                       ( .D... )   "C:\Program Files\Common Files\DESIGNER"
2006-08-01     21:33:52                       ( .D... )   "C:\Program Files\Microsoft.NET"
2006-07-30     09:17:28                       ( .D... )   "C:\Program Files\Common Files\aolback"
2006-07-30     09:16:46                       ( .D... )   "C:\Program Files\AOL Companion"
2006-07-30     09:16:06       157696       ( A.... )   "C:\WINDOWS\system32\rmoc3260.dll"
2006-07-30     09:14:14                       ( .D... )   "C:\Program Files\America Online 9.0"
2006-07-30     08:45:54                       ( .D... )   "C:\Program Files\Common Files\AOLSHARE"
2006-07-30     08:23:14                       ( .D... )   "C:\Program Files\Common Files\Napster Shared"
2006-07-29     10:40:02                       ( .D... )   "C:\Program Files\Common Files\Napster Shared(2)"
2006-07-26     15:49:24       159744       ( A.... )   "C:\WINDOWS\system32\cvn0.exe"
2006-07-14     08:31:40       332288       ( A.... )   "C:\WINDOWS\system32\netapi32.dll"
2006-07-03     07:53:04                       ( .D... )   "C:\Documents and Settings\Debi\Application Data\McAfee.com Personal Firewall"
2006-07-03     07:39:00          205       ( A.... )   "C:\WINDOWS\miqcx.dll"
2006-07-03     07:09:26       234272       ( ..S.R )   "C:\WINDOWS\system32\wyvcore.dll"
2006-07-03     06:45:56       235134       ( A.... )   "C:\WINDOWS\srvkqpjgtn.exe"
2006-07-03     06:45:18       234272       ( ..S.R )   "C:\WINDOWS\system32\ilv6mon.dll"
2006-07-03     06:45:12       234272       ( ..S.R )   "C:\WINDOWS\system32\it41_qc.dll"
2006-07-03     06:44:18            0       ( A.... )   "C:\WINDOWS\system32ghynf.exe"
2006-07-03     06:44:16        45056       ( A.... )   "C:\WINDOWS\system32\ghynf.exe"
2006-07-02     14:23:34                       ( .DSH. )   "C:\Program Files\outlook"
2006-07-02     14:06:22                       ( .D... )   "C:\Program Files\LG Software Innovations"
2006-06-22     20:05:36                       ( .D... )   "C:\Program Files\Sunbelt Software"
2006-06-13     22:23:50            0          ( A.... )   "C:\Documents and Settings\Debi\Application Data\wklnhst.dat"
2006-06-02     13:39:46       402736       ( ..... )   "C:\WINDOWS\system32\WgaLogon.dll"
2006-05-19     05:59:42       148480       ( A.... )   "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19     05:59:42       111616       ( A.... )   "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19     05:59:42        94720       ( A.... )   "C:\WINDOWS\system32\iphlpapi.dll"


((((((((((((((((((((((((((((((((((((((   Files Created - Last 30days   )))))))))))))))))))))))))))))))))))))))))))


2006-08-12   10:39   73,728      C:\WINDOWS\system32\asuninst.exe
2006-08-12   10:39   11,776      C:\WINDOWS\system32\ZPORT4AS.dll
2006-08-11   19:33   50,912      C:\WINDOWS\iconu.exe
2006-08-10   15:23   6,144      C:\WINDOWS\system32\snmpmib.dll
2006-08-10   09:33   39,936      C:\WINDOWS\system32\hostmib.dll
2006-08-10   09:19   1,072,156,672      C:\hiberfil.sys
2006-08-09   17:27   33,792      C:\WINDOWS\system32\lmmib2.dll
2006-08-02   11:40   77,824      C:\WINDOWS\system32\ctdvda32.dll
2006-07-30   09:15   24,659      C:\WINDOWS\system32\aolddial.dll
2006-07-30   09:15   153,088      C:\WINDOWS\system32\jgdwmie.dll
2006-07-30   09:14   65,536      C:\WINDOWS\wanmpsvc.exe
2006-07-30   09:14   1,706,800      C:\WINDOWS\system32\gdiplus.dll
2006-07-03   07:52   8,704      C:\WINDOWS\system32\MPFApi.dll
2006-07-03   07:18   41,018      C:\WINDOWS\system32\EntAPI.dll
2006-07-03   07:09   234,272      C:\WINDOWS\system32\wyvcore.dll
2006-07-03   06:47   205      C:\WINDOWS\miqcx.dll
2006-07-03   06:45   235,134      C:\WINDOWS\srvkqpjgtn.exe
2006-07-03   06:45   234,272      C:\WINDOWS\system32\it41_qc.dll
2006-07-03   06:45   234,272      C:\WINDOWS\system32\ilv6mon.dll
2006-07-03   06:44   45,056      C:\WINDOWS\system32\ghynf.exe
2006-07-03   06:44   159,744      C:\WINDOWS\system32\cvn0.exe
2006-07-03   06:44   0      C:\WINDOWS\system32ghynf.exe


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"EPSON Stylus Photo 2200"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus Photo 2200\" /O6 \"USB001\" /M \"Stylus Photo 2200\""
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"TVTunerLib"="C:\\Program Files\\Common Files\\Sony Shared\\TVTunerLib\\TVTLInstTool.exe"
"Mouse Suite 98 Daemon"="ICO.EXE"
"Alcmtr"="ALCMTR.EXE"
"VAIO Update 2"="\"C:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe\" /Stationary"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1139964437\\ee\\services\\sscFirewallPlugin\\ver1_210_2_1\\SSCRun.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"
"SonyPowerCfg"="C:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"VZRemoteCommander"="C:\\Program Files\\Sony\\VAIO Zone Remote Commander\\AvRmtCtr.exe"
"RTHDCPL"="RTHDCPL.EXE"
"EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Switcher.exe"="C:\\Program Files\\Sony\\Wireless Switch Setting Utility\\Switcher.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1139964437\\ee\\AOLSoftware.exe"
"MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"
"SsAAD.exe"="C:\\PROGRA~1\\sony\\SONICS~1\\SsAAD.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISBMgr.exe"="C:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\MSN Gaming Zone\\kyzeqemih.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
  03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
  00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Apoint\\howyn.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
  03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
  00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,20,03,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
  00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"="SpySubtract Shell Extension"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"
 
 
 

Contents of the 'Scheduled Tasks' folder

Completion time: Sun 08/13/2006  7:32:55.82
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-13.073003.txt




doing the hijack this thing now...

Logfile of HijackThis v1.99.1
Scan saved at 7:43:15 AM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1139964437\ee\services\sscFirewallPlugin\ver1_210_2_1\aolavupd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\1139964437\ee\aolsoftware.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files\common files\aol\1139964437\ee\services\sscAntiSpywarePlugin\ver1_210_2_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\program files\common files\aol\1139964437\ee\aolssc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus Photo 2200" /O6 "USB001" /M "Stylus Photo 2200"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1139964437\ee\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139964437\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{724689B3-0029-4F6C-A42B-77B802E854E7}: NameServer = 68.87.69.146,68.87.85.98
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1139964437\ee\services\sscFirewallPlugin\ver1_210_2_1\aolavupd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logged

Offline yodeb9

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
bad attack...
« Reply #4 on: August 13, 2006, 10:51:29 AM »
my anti virus ran a scan since i posted last. here are the results


Partition table (MBR)   - OK -   Quick checked
Boot sector of disk C:   - OK -   Quick checked
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load      Scanned
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit      Scanned
System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell      Scanned
System registry exefile\shell\open\command      Scanned
System registry scrfile\shell\open\command      Scanned
System registry scrfile\shell\config\command      Scanned
System registry batfile\shell\open\command      Scanned
System registry cmdfile\shell\open\command      Scanned
System registry comfile\shell\open\command      Scanned
System registry piffile\shell\open\command      Scanned
System registry giffile\shell\open\command      Scanned
System registry htmlfile\shell\open\command      Scanned
System registry htafile\shell\open\command      Scanned
System registry jpegfile\shell\open\command      Scanned
System registry txtfile\shell\open\command      Scanned
System registry regfile\shell\open\command      Scanned
System registry cplfile\shell\cplopen\command      Scanned
System registry Word.Document.8\shell\open\command      Scanned
System registry WordPad.Document.1\shell\open\command      Scanned
System registry inffile\shell\open\command      Scanned
System registry vbsfile\shell\open\command      Scanned
System registry vbefile\shell\open\command      Scanned
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe   - OK -   Quick checked
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe   - OK -   Quick checked
C:\PROGRA~1\sony\SONICS~1\SSAAD.exe   - OK -   Quick checked
C:\Program Files\Apoint\Apoint.exe   - OK -   Quick checked
C:\Program Files\Common Files\AOL\1139964437\ee\aolsoftware.exe   - OK -   Quick checked
C:\Program Files\Common Files\AOL\1139964437\ee\services\sscFirewallPlugin\ver1_210_2_1\sscRun.exe   - OK -   Quick checked
C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe   - OK -   Quick checked
C:\Program Files\Internet Explorer\IEXPLORE.EXE   - OK -   Quick checked
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE   - OK -   Quick checked
C:\Program Files\QuickTime\qttask.exe   - OK -   Quick checked
C:\Program Files\Real\RealPlayer\realplay.exe   - OK -   Quick checked
C:\Program Files\Sony\ISB Utility\ISBMgr.exe   - OK -   Quick checked
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe   - OK -   Quick checked
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe   - OK -   Quick checked
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe   - OK -   Quick checked
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe   - OK -   Quick checked
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe   - OK -   Quick checked
C:\Program Files\mcafee.com\antivirus\oasclnt.exe   - OK -   Quick checked
C:\Program Files\mcafee.com\personal firewall\MpfTray.exe   - OK -   Quick checked
C:\WINDOWS\ALCMTR.EXE   - OK -   Quick checked
C:\WINDOWS\RTHDCPL.EXE   - OK -   Quick checked
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE   - OK -   Quick checked
C:\WINDOWS\regedit.exe   - OK -   Quick checked
C:\WINDOWS\system32\hkcmd.exe   - OK -   Quick checked
C:\WINDOWS\system32\igfxtray.exe   - OK -   Quick checked
C:\WINDOWS\system32\mshta.exe   - OK -   Quick checked
C:\WINDOWS\system32\rundll32.exe   - OK -   Quick checked
C:\WINDOWS\system32\shell32.dll   - OK -   Quick checked
C:\WINDOWS\system32\shimgvw.dll   - OK -   Quick checked
C:\WINDOWS\system32\kernel32.dll   - OK -   Quick checked
C:\WINDOWS\system32\wsock32.dll   - OK -   Quick checked
C:\WINDOWS\system32\user32.dll   - OK -   Quick checked
C:\WINDOWS\system32\shell32.dll   - OK -   Quick checked
C:\WINDOWS\system32\ntoskrnl.exe   - OK -   Quick checked
C:\WINDOWS\system32\drivers\etc\hosts   - OK -   Quick checked
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\Fifoed\A0041920.exe   Trojan horse Downloader.Generic.HWZ   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\Fifoed\A0041921.exe   Trojan horse Downloader.Generic2.JFD   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\Fifoed\A0041922.exe   Trojan horse Downloader.Generic2.IBN   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\Fifoed\A0041923.exe   Trojan horse Downloader.Generic2.IBN   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\Fifoed\A0041924.exe   Trojan horse Downloader.Generic2.IBN   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\Fifoed\A0041927.exe   Trojan horse Downloader.Generic.HGT   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\Fifoed\A0041928.exe   Trojan horse Downloader.Generic.HGT   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\Fifoed\A0041929.exe   Trojan horse Dropper.Agent.PP   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\Fifoed\A0041931.exe   Trojan horse Downloader.Generic2.GDZ   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\Fifoed\A0041932.exe   Trojan horse Dropper.Agent.ALO   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\Fifoed\A0041934.exe   Trojan horse Dropper.Agent.PP   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0042206.exe   Trojan horse Clicker.COR   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0042243.exe   Trojan horse Downloader.Generic.VPJ   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0042245.exe   Trojan horse Downloader.Generic.YZD   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0042249.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0042698.exe   Trojan horse Downloader.Generic.HWZ   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0042699.exe   Trojan horse Downloader.Generic2.HQQ   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0042701.exe   Trojan horse Downloader.Generic2.HQR   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0042703.exe   Trojan horse Downloader.Generic.JAD   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0042705.exe   Trojan horse Downloader.Generic2.HQP   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0043261.exe   Trojan horse Downloader.Generic2.DXO   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0043289.exe   Trojan horse Clicker.BHH   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0043297.exe   Trojan horse Downloader.Generic2.JGM   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0043298.exe   Trojan horse Downloader.Generic2.JGB   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0043299.exe   Trojan horse Clicker.COR   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0043321.exe   Trojan horse Generic.YMN   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP135\A0043324.exe   Trojan horse Generic.YMN   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP136\A0043360.exe   Trojan horse Downloader.Dyfica.3.AP   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP141\A0044636.exe   Trojan horse Generic.YMN   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP141\A0044668.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP141\A0044722.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP142\A0044831.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP143\A0044885.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP143\A0044912.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP143\A0045912.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP143\A0045944.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP143\A0045949.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP145\A0046190.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP145\A0046209.dll   Trojan horse Downloader.Agent.ETT   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP145\A0046210.exe   Trojan horse Downloader.Generic2.JVR   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP145\A0046247.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP145\A0046248.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP145\A0046249.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP145\A0046250.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP145\A0046251.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP145\A0046252.DLL   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP145\A0046253.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP145\A0046254.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP145\A0046255.dll   Trojan horse Look2me   Infected
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP145\A0046256.dll   Trojan horse Look2me   Infected
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load      Scanned
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce      Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit      Scanned
System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell      Scanned
System registry exefile\shell\open\command      Scanned
System registry scrfile\shell\open\command      Scanned
System registry scrfile\shell\config\command      Scanned
System registry batfile\shell\open\command      Scanned
System registry cmdfile\shell\open\command      Scanned
System registry comfile\shell\open\command      Scanned
System registry piffile\shell\open\command      Scanned
System registry giffile\shell\open\command      Scanned
System registry htmlfile\shell\open\command      Scanned
System registry htafile\shell\open\command      Scanned
System registry jpegfile\shell\open\command      Scanned
System registry txtfile\shell\open\command      Scanned
System registry regfile\shell\open\command      Scanned
System registry cplfile\shell\cplopen\command      Scanned
System registry Word.Document.8\shell\open\command      Scanned
System registry WordPad.Document.1\shell\open\command      Scanned
System registry inffile\shell\open\command      Scanned
System registry vbsfile\shell\open\command      Scanned
System registry vbefile\shell\open\command      Scanned
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe   - OK -   Quick checked
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe   - OK -   Quick checked
C:\PROGRA~1\sony\SONICS~1\SSAAD.exe   - OK -   Quick checked
C:\Program Files\Apoint\Apoint.exe   - OK -   Quick checked
C:\Program Files\Common Files\AOL\1139964437\ee\aolsoftware.exe   - OK -   Quick checked
C:\Program Files\Common Files\AOL\1139964437\ee\services\sscFirewallPlugin\ver1_210_2_1\sscRun.exe   - OK -   Quick checked
C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe   - OK -   Quick checked
C:\Program Files\Internet Explorer\IEXPLORE.EXE   - OK -   Quick checked
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE   - OK -   Quick checked
C:\Program Files\QuickTime\qttask.exe   - OK -   Quick checked
C:\Program Files\Real\RealPlayer\realplay.exe   - OK -   Quick checked
C:\Program Files\Sony\ISB Utility\ISBMgr.exe   - OK -   Quick checked
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe   - OK -   Quick checked
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe   - OK -   Quick checked
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe   - OK -   Quick checked
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe   - OK -   Quick checked
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe   - OK -   Quick checked
C:\Program Files\mcafee.com\antivirus\oasclnt.exe   - OK -   Quick checked
C:\Program Files\mcafee.com\personal firewall\MpfTray.exe   - OK -   Quick checked
C:\WINDOWS\ALCMTR.EXE   - OK -   Quick checked
C:\WINDOWS\RTHDCPL.EXE   - OK -   Quick checked
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE   - OK -   Quick checked
C:\WINDOWS\regedit.exe   - OK -   Quick checked
C:\WINDOWS\system32\hkcmd.exe   - OK -   Quick checked
C:\WINDOWS\system32\igfxtray.exe   - OK -   Quick checked
C:\WINDOWS\system32\mshta.exe   - OK -   Quick checked
C:\WINDOWS\system32\rundll32.exe   - OK -   Quick checked
C:\WINDOWS\system32\shell32.dll   - OK -   Quick checked
C:\WINDOWS\system32\shimgvw.dll   - OK -   Quick checked
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
bad attack...
« Reply #5 on: August 13, 2006, 10:58:45 AM »
Download and save [color=\"red\"]Brute Force Uninstaller[/color][/b] to the desktop
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to, click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
[color=\"red\"]RIGHT-CLICK HERE[/color][/b] and choose "Save As" (in IE it's "Save Target As") in order to download [color=\"red\"]Alcan worm remover[/color].
Save it to the same folder you made earlier (c:\BFU)[/list].

==Go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Next to the scriptline to execute field click the folder icon and select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Please download The Avenger.zip by Swandog46 to your Desktop.

    * Click on Avenger.zip to open the file
    * Extract avenger.exe to your desktop

Copy all the text contained in the quote box below  to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard


Quote
files to delete:
C:\WINDOWS\iconu.exe
C:\WINDOWS\system32\wyvcore.dll
C:\WINDOWS\miqcx.dll
C:\WINDOWS\srvkqpjgtn.exe
C:\WINDOWS\system32\it41_qc.dll
C:\WINDOWS\system32\ilv6mon.dll
C:\WINDOWS\system32\ghynf.exe
C:\WINDOWS\system32\cvn0.exe
C:\WINDOWS\system32\kldno.dll
C:\Program Files\MSN Gaming Zone\kyzeqemih.html
C:\Program Files\Apoint\howyn.html

Now, start The Avenger program by clicking on its icon on your desktop

    * Under "Script file to execute" choose "Input Script Manually".
    * Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    * Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    * Click Done
    * Now click on the Green Light to begin execution of the script
    * Answer "Yes" twice when prompted.

Avenger should now Reboot your computer
Back in Windows

1. Open the Control Panel.
2. Open Display Properties.
3. Click the Desktop tab.
4. Click the Customize Desktop button.
5 Click the Web tab in the Desktop Items window.
7. Uncheck anything in this box except for My Current Home Page if it is selected

You have multiple Virus scanners installed
I would stick with ONE, more than one can cause conflicts and system instabilities
It's possible all of the next 3 are running
AVG, McAfee and AOL's AV
I would stick with either AVG OR McAfee and uninstall the others
Reboot after you decide which to keep

Can you post all the following back please
1. A fresh hijackthis log
2. The log created from avenger>>A copy of it is created here C:\Avenger.txt
« Last Edit: August 13, 2006, 11:01:02 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline yodeb9

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
bad attack...
« Reply #6 on: August 13, 2006, 11:25:39 AM »
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cvknnwyj

*******************

Script file located at: \??\C:\Documents and Settings\lihfyvby.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\iconu.exe deleted successfully.
File C:\WINDOWS\system32\wyvcore.dll deleted successfully.
File C:\WINDOWS\miqcx.dll deleted successfully.
File C:\WINDOWS\srvkqpjgtn.exe deleted successfully.
File C:\WINDOWS\system32\it41_qc.dll deleted successfully.
File C:\WINDOWS\system32\ilv6mon.dll deleted successfully.


File C:\WINDOWS\system32\ghynf.exe not found!
Deletion of file C:\WINDOWS\system32\ghynf.exe failed!

Could not process line:
C:\WINDOWS\system32\ghynf.exe
Status: 0xc0000034



File C:\WINDOWS\system32\cvn0.exe not found!
Deletion of file C:\WINDOWS\system32\cvn0.exe failed!

Could not process line:
C:\WINDOWS\system32\cvn0.exe
Status: 0xc0000034



File C:\WINDOWS\system32\kldno.dll not found!
Deletion of file C:\WINDOWS\system32\kldno.dll failed!

Could not process line:
C:\WINDOWS\system32\kldno.dll
Status: 0xc0000034



File C:\Program Files\MSN Gaming Zone\kyzeqemih.html not found!
Deletion of file C:\Program Files\MSN Gaming Zone\kyzeqemih.html failed!

Could not process line:
C:\Program Files\MSN Gaming Zone\kyzeqemih.html
Status: 0xc0000034



File C:\Program Files\Apoint\howyn.html not found!
Deletion of file C:\Program Files\Apoint\howyn.html failed!

Could not process line:
C:\Program Files\Apoint\howyn.html
Status: 0xc0000034


Completed script processing.

*******************

Finished!  Terminate.

Logfile of HijackThis v1.99.1
Scan saved at 9:25:00 AM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1139964437\ee\services\sscFirewallPlugin\ver1_210_2_1\aolavupd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\1139964437\ee\AOLSoftware.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\program files\common files\aol\1139964437\ee\services\sscAntiSpywarePlugin\ver1_210_2_1\AOLSP Scheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\aol\1139964437\ee\aolssc.exe
C:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus Photo 2200" /O6 "USB001" /M "Stylus Photo 2200"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1139964437\ee\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139964437\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{724689B3-0029-4F6C-A42B-77B802E854E7}: NameServer = 68.87.69.146,68.87.85.98
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1139964437\ee\services\sscFirewallPlugin\ver1_210_2_1\aolavupd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
bad attack...
« Reply #7 on: August 13, 2006, 11:32:24 AM »
As mentioned, having mulitple Virus scanners running in the background can really slow the machine down
and do more harm than good

I would still decide which scanner your happier with and disable or uninstall the others

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer

Let me know how everythings running afterwards, we just have some final cleanup
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline yodeb9

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
bad attack...
« Reply #8 on: August 13, 2006, 11:44:47 AM »
Took off the McAfee through Email Removed still have the unwanted desktop icons that won't remove...

here is the latest log

Logfile of HijackThis v1.99.1
Scan saved at 9:43:03 AM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1139964437\ee\AOLSoftware.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\aol\1139964437\ee\services\sscAntiSpywarePlugin\ver1_210_2_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1139964437\ee\aolssc.exe
C:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus Photo 2200" /O6 "USB001" /M "Stylus Photo 2200"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1139964437\ee\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139964437\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{724689B3-0029-4F6C-A42B-77B802E854E7}: NameServer = 68.87.69.146,68.87.85.98
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
bad attack...
« Reply #9 on: August 13, 2006, 11:49:53 AM »
What are the names of the desktop icons?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline yodeb9

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
bad attack...
« Reply #10 on: August 13, 2006, 11:58:05 AM »
Online dating, cheap holiday travel, free online music
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
bad attack...
« Reply #11 on: August 13, 2006, 12:04:13 PM »
Can you do the following, this isn't the same as your AV scanners
==Download, install, and update  Ewido anti-spyware[list=1]
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Close Ewido. Do not run it yet.
Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
Sign in with your normal user account

In safe mode try deleting the 3 unwanted desktop icons, if they won't remove carry on

Ewido Scan
  • Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan.  This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As".  This will create a text file.  Make sure you know where to find this file again (like on the Desktop).
Reboot back to Normal mode

Post the whole report from Ewido's
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline yodeb9

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
bad attack...
« Reply #12 on: August 13, 2006, 12:18:07 PM »
trying to run update for the Ewido, it says error Failed to connect to server ewido.updat.net
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
bad attack...
« Reply #13 on: August 13, 2006, 12:19:42 PM »
It could be your Firewall interfering

You can run the Manual updater from this link
http://www.ewido.net/en/download/updates/
Choose the Full Database
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline yodeb9

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
bad attack...
« Reply #14 on: August 13, 2006, 12:33:10 PM »
They came off in safe mode...
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
bad attack...
« Reply #15 on: August 13, 2006, 12:34:25 PM »
Can you still run Ewido please, if the computer is not in safe mode anymore
you can run it in Normal mode
But save the report when your done, reboot the computer

Come back here and post the whole report
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline yodeb9

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
bad attack...
« Reply #16 on: August 13, 2006, 01:15:45 PM »
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:   11:08:06 AM 8/13/2006

 + Scan result:   



C:\WINDOWS\RGViaQ\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/ilv6mon.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/it41_qc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/wyvcore.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/iconu.exe -> Adware.Zestyfind : Cleaned with backup (quarantined).


::Report end
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
bad attack...
« Reply #17 on: August 13, 2006, 02:01:52 PM »
Go ahead and delete this folder
C:\WINDOWS\RGViaQ <-this folder

Let me know how everythings running afterwards

Do you have either Ad-Aware SE Personal 1.06 or Spybot 1.4 installed on this computer?
Don't go trying to download them from a bogus link, just let me know and I can link you to them
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline yodeb9

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
bad attack...
« Reply #18 on: August 13, 2006, 02:17:33 PM »
InterMute's SpySubtract....this is what I have on this computer.

Got rid of the file, seems fine so far....
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
bad attack...
« Reply #19 on: August 13, 2006, 02:22:19 PM »
Was Intermute's spysubtract preinstalled on the computer?
Is it able to keep updated?

I would still download then update these next 2 anti-spyware programs
There both yours for free
Hold onto them

Download and Install
Ad-Aware SE Personal 1.06

Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Close out after it is updated, as we will need it later
Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process
===================================

Download and Install Spybot 1.4 from
HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer if any Red entries were found and fixed

NOTE: ALLOW both Ad-Aware and Spybot access thru your firewall so they can update
If you have trouble updating let me know please

After you have done the above, post back and let me know if they found anything
Some quick final steps and we are done here
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1] 2 3
« previous next »