djbrink1
asked on
Hijackthis log review for removal of Spysheriff/Unspy from registry
I have been trying to get rid of adware and have a Hijack this log that I would like to have analized to prevent reinstallation. Please advise as to malicious scripts.
Here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 5:35:36 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\System32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.ex e
C:\WINDOWS\System32\snmp.e xe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr .exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll 32.exe
C:\WINDOWS\system32\ICO.EX E
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_P x.exe
C:\program files\support.com\client\b in\tgcmd.e xe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Java\jre1.5.0_06\bin \jusched.e xe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\PspCon tr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\privat e.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.ex e
C:\Program Files\PowerPanel\Program\P cfMgr.exe
D:\rpointpr.exe
C:\Program Files\Sony\BlueSpace\BlueS paceNE.exe
D:\Program Files\Dragon\NaturallySpea king\Progr am\natspea k.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\dbrink\LOCALS~ 1\Temp\Tem porary Directory 1 for hijackthis.zip\HijackThis. exe
C:\Program Files\Hijackthis\HijackThi s.exe
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: (no name) - {53C9615E-A369-691F-FEB3-5 B7F9A30715 3} - NsCplTray.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-0 00874180BB 3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2 09B6AD74AC C} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-1 0AC9BABA46 C} - C:\Program Files\Canon\Easy-WebPrint\ Toolband.d ll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAg ent] rundll32.exe bthprops.cpl,,BluetoothAut henticatio nAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P x.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\b in\tgcmd.e xe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin \jusched.e xe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCh eck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgd update.exe -Embedding -boot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\privat e.exe internat.dll,LoadMouseCarp etProfile
O4 - HKLM\..\Run: [msag] ActionScr.exe
O4 - HKLM\..\Run: [_ctcp] init32.exe
O4 - HKCU\..\Run: [msag] ParisM.exe
O4 - HKCU\..\Run: [Shaitan1678] Shaitan1678.exe
O4 - HKCU\..\Run: [mozilla-text] syspanel.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\Sony\BlueSpace\BlueS paceNE.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = D:\Program Files\Dragon\NaturallySpea king\Progr am\natspea k.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: RemotePoint Presenter.lnk = D:\rpointpr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2 D05CB95953 7} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127238620574
O16 - DPF: {6F750200-1362-4815-A476-8 8533DE61D0 C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-0 0105A1F0D6 8} (InstallShield International Setup Player) - http://www.lowrance.com/Software/Upgrades/LCX/LCX-104C_180/isetup.cab
O17 - HKLM\System\CCS\Services\T cpip\Param eters: Domain = featherdownmedical.com
O17 - HKLM\Software\..\Telephony : DomainName = featherdownmedical.com
O17 - HKLM\System\CCS\Services\T cpip\..\{3 2DD8EE3-80 7D-44CC-83 C8-59AE818 A5665}: NameServer = 85.255.113.202,85.255.112. 186
O17 - HKLM\System\CCS\Services\T cpip\..\{4 4F0B9BB-94 EC-4961-AA 8F-6100A8B 51B86}: NameServer = 85.255.113.202,85.255.112. 186
O17 - HKLM\System\CCS\Services\T cpip\..\{5 803FC70-31 26-4994-B6 11-8A27760 B0CC3}: NameServer = 85.255.113.202,85.255.112. 186
O17 - HKLM\System\CCS\Services\T cpip\..\{9 BAC1233-E6 5D-4DA9-A1 32-E16CE6D D35F0}: NameServer = 85.255.113.202,85.255.112. 186
O17 - HKLM\System\CCS\Services\T cpip\..\{D 5140C53-3C 4E-4C68-AA 14-8887635 75643}: NameServer = 85.255.113.202,85.255.112. 186
O17 - HKLM\System\CCS\Services\T cpip\..\{D D853F96-F8 44-4CE2-94 AA-7DE4714 C9F0A}: NameServer = 85.255.113.202,85.255.112. 186
O17 - HKLM\System\CS1\Services\T cpip\Param eters: Domain = featherdownmedical.com
O17 - HKLM\System\CS1\Services\T cpip\..\{3 2DD8EE3-80 7D-44CC-83 C8-59AE818 A5665}: NameServer = 85.255.113.202,85.255.112. 186
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2ev xx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.ex e
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1050\Inte l 32\IDriverT.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYS H~1\AVLib\ Sptisrv.ex e
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicSe rver-AppSe rver) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform -MusicServ er-AppServ er /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicSe rver-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.e xe" /Service=VAIOMediaPlatform -MusicServ er-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\Musi cServer\HT TP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicSe rver-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramew ork.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoSe rver-AppSe rver) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoA ppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoSe rver-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.e xe" /Service=VAIOMediaPlatform -PhotoServ er-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\Pho toServer\H TTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoSe rver-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramew ork.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoSe rver-AppSe rver) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform -VideoServ er-AppServ er /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoSe rver-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.e xe" /Service=VAIOMediaPlatform -VideoServ er-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\Vid eoServer\H TTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoSe rver-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramew ork.exe
Here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 5:35:36 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\System32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\svchos
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.ex
C:\WINDOWS\System32\snmp.e
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll
C:\WINDOWS\system32\ICO.EX
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_P
C:\program files\support.com\client\b
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Java\jre1.5.0_06\bin
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\PspCon
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\privat
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.ex
C:\Program Files\PowerPanel\Program\P
D:\rpointpr.exe
C:\Program Files\Sony\BlueSpace\BlueS
D:\Program Files\Dragon\NaturallySpea
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\dbrink\LOCALS~
C:\Program Files\Hijackthis\HijackThi
R1 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: (no name) - {53C9615E-A369-691F-FEB3-5
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-1
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAg
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\b
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCh
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgd
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\privat
O4 - HKLM\..\Run: [msag] ActionScr.exe
O4 - HKLM\..\Run: [_ctcp] init32.exe
O4 - HKCU\..\Run: [msag] ParisM.exe
O4 - HKCU\..\Run: [Shaitan1678] Shaitan1678.exe
O4 - HKCU\..\Run: [mozilla-text] syspanel.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\Sony\BlueSpace\BlueS
O4 - Startup: Dragon NaturallySpeaking.lnk = D:\Program Files\Dragon\NaturallySpea
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: RemotePoint Presenter.lnk = D:\rpointpr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {6F750200-1362-4815-A476-8
O16 - DPF: {90C9629E-CD32-11D3-BBFB-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS1\Services\T
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2ev
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.ex
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYS
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicSe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicSe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicSe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoSe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoSe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoSe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoSe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoSe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoSe
Greetings, djbrink1 !
Use SmitRem to remove SpySheriff.
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Run SmitRem in Safe Mode. I will look at your HighjackThis log next.
Best wishes!
Use SmitRem to remove SpySheriff.
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Run SmitRem in Safe Mode. I will look at your HighjackThis log next.
Best wishes!
Hi
Run Evido : http://www.ewido.net/en/
Dont' forget to update the definitions before running the scan, after that make a new loh with hijackthis and post them on-line.
Miguel
Run Evido : http://www.ewido.net/en/
Dont' forget to update the definitions before running the scan, after that make a new loh with hijackthis and post them on-line.
Miguel
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
djbrink1,
Did you mean to post a 50-points question?
Did you mean to post a 50-points question?
ASKER
War1 thank you for id of the wareout virus. I removed it and followed you guidelines to correct registry with hijackthis
I don't know what the dmgpy.exe is but it looks legit; anybody know for sure?
O4 - HKLM\..\Run: [dmgpy.exe] C:\WINDOWS\system32\dmgpy. exe
Here is my new log:
Logfile of HijackThis v1.99.1
Scan saved at 6:58:56 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\System32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.ex e
C:\WINDOWS\System32\snmp.e xe
C:\WINDOWS\system32\wdfmgr .exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.ex e
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll 32.exe
C:\WINDOWS\system32\ICO.EX E
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_P x.exe
C:\Program Files\Apoint\Apntex.exe
C:\program files\support.com\client\b in\tgcmd.e xe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Java\jre1.5.0_06\bin \jusched.e xe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\PspCon tr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\PowerPanel\Program\P cfMgr.exe
D:\rpointpr.exe
C:\Program Files\Sony\BlueSpace\BlueS paceNE.exe
D:\Program Files\Dragon\NaturallySpea king\Progr am\natspea k.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis\HijackThi s.exe
C:\WINDOWS\system32\NOTEPA D.EXE
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-1 0AC9BABA46 C} - C:\Program Files\Canon\Easy-WebPrint\ Toolband.d ll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAg ent] rundll32.exe bthprops.cpl,,BluetoothAut henticatio nAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P x.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\b in\tgcmd.e xe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin \jusched.e xe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCh eck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgd update.exe -Embedding -boot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dmgpy.exe] C:\WINDOWS\system32\dmgpy. exe
O4 - HKCU\..\Run: [mozilla-text] syspanel.exe
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\Sony\BlueSpace\BlueS paceNE.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = D:\Program Files\Dragon\NaturallySpea king\Progr am\natspea k.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: RemotePoint Presenter.lnk = D:\rpointpr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2 D05CB95953 7} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127238620574
O16 - DPF: {6F750200-1362-4815-A476-8 8533DE61D0 C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-0 0105A1F0D6 8} (InstallShield International Setup Player) - http://www.lowrance.com/Software/Upgrades/LCX/LCX-104C_180/isetup.cab
O17 - HKLM\System\CCS\Services\T cpip\Param eters: Domain = featherdownmedical.com
O17 - HKLM\Software\..\Telephony : DomainName = featherdownmedical.com
O17 - HKLM\System\CS1\Services\T cpip\Param eters: Domain = featherdownmedical.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2ev xx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.ex e
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1050\Inte l 32\IDriverT.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYS H~1\AVLib\ Sptisrv.ex e
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicSe rver-AppSe rver) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform -MusicServ er-AppServ er /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicSe rver-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.e xe" /Service=VAIOMediaPlatform -MusicServ er-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\Musi cServer\HT TP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicSe rver-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramew ork.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoSe rver-AppSe rver) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoA ppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoSe rver-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.e xe" /Service=VAIOMediaPlatform -PhotoServ er-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\Pho toServer\H TTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoSe rver-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramew ork.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoSe rver-AppSe rver) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform -VideoServ er-AppServ er /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoSe rver-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.e xe" /Service=VAIOMediaPlatform -VideoServ er-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\Vid eoServer\H TTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoSe rver-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramew ork.exe
I don't know what the dmgpy.exe is but it looks legit; anybody know for sure?
O4 - HKLM\..\Run: [dmgpy.exe] C:\WINDOWS\system32\dmgpy.
Here is my new log:
Logfile of HijackThis v1.99.1
Scan saved at 6:58:56 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\System32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\svchos
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.ex
C:\WINDOWS\System32\snmp.e
C:\WINDOWS\system32\wdfmgr
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.ex
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll
C:\WINDOWS\system32\ICO.EX
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_P
C:\Program Files\Apoint\Apntex.exe
C:\program files\support.com\client\b
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Java\jre1.5.0_06\bin
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\PspCon
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\PowerPanel\Program\P
D:\rpointpr.exe
C:\Program Files\Sony\BlueSpace\BlueS
D:\Program Files\Dragon\NaturallySpea
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis\HijackThi
C:\WINDOWS\system32\NOTEPA
R1 - HKCU\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-1
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAg
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\b
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCh
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgd
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dmgpy.exe] C:\WINDOWS\system32\dmgpy.
O4 - HKCU\..\Run: [mozilla-text] syspanel.exe
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\Sony\BlueSpace\BlueS
O4 - Startup: Dragon NaturallySpeaking.lnk = D:\Program Files\Dragon\NaturallySpea
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: RemotePoint Presenter.lnk = D:\rpointpr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {6F750200-1362-4815-A476-8
O16 - DPF: {90C9629E-CD32-11D3-BBFB-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2ev
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.ex
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYS
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicSe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicSe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicSe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoSe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoSe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoSe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoSe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoSe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoSe
ASKER
I thought I had to give 50 points to get an answer
djbrink1, 50 points mean you are looking for an easy answer. You posted 500 previously, so I wonder if it was a mistake.
Here is your analyzed log.
http://hijackthis.de/logfiles/599f3f492e0b4c8e4731300c84700ba4.html
Make sure you are running HijackThis from its own folder, and not temp folder. Have HijackThis remove the file
O4 - HKLM\..\Run: [dmgpy.exe] C:\WINDOWS\system32\dmgpy. exe
Do you have anymore symtoms of spyware? Popups? Slow computer? Webpage redirect?
Here is your analyzed log.
http://hijackthis.de/logfiles/599f3f492e0b4c8e4731300c84700ba4.html
Make sure you are running HijackThis from its own folder, and not temp folder. Have HijackThis remove the file
O4 - HKLM\..\Run: [dmgpy.exe] C:\WINDOWS\system32\dmgpy.
Do you have anymore symtoms of spyware? Popups? Slow computer? Webpage redirect?
Hi djbrink1,
Here's your analyzed log: http://www.hijackthis.de/logfiles/2c5a54768b288299284d84b489332e96.html
I have no ideia about dmgpy.exe
Miguel
Here's your analyzed log: http://www.hijackthis.de/logfiles/2c5a54768b288299284d84b489332e96.html
I have no ideia about dmgpy.exe
Miguel
You need to allocate points to ask a question, but it doesn't matter how much points you allocate, Experts will still help you.
Your Hijackthis log is still not clean.
This entry belongs to wareout still present in your log.
O4 - HKCU\..\Run: [mozilla-text] syspanel.exe
This one is bad too, random bad file:
O4 - HKLM\..\Run: [dmgpy.exe] C:\WINDOWS\system32\dmgpy. exe
Delete this files:
C:\WINDOWS\system32\dmgpy. exe
syspanel.exe <-- delete this file too.
Your Hijackthis log is still not clean.
This entry belongs to wareout still present in your log.
O4 - HKCU\..\Run: [mozilla-text] syspanel.exe
This one is bad too, random bad file:
O4 - HKLM\..\Run: [dmgpy.exe] C:\WINDOWS\system32\dmgpy.
Delete this files:
C:\WINDOWS\system32\dmgpy.
syspanel.exe <-- delete this file too.
ASKER
I removed syspanel.exe and dmgpy.exe.
here is my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:11:05 AM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\System32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.ex e
C:\WINDOWS\System32\snmp.e xe
C:\WINDOWS\system32\wdfmgr .exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.ex e
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll 32.exe
C:\WINDOWS\system32\ICO.EX E
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_P x.exe
C:\Program Files\Apoint\Apntex.exe
C:\program files\support.com\client\b in\tgcmd.e xe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Java\jre1.5.0_06\bin \jusched.e xe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\PspCon tr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\PowerPanel\Program\P cfMgr.exe
D:\rpointpr.exe
C:\Program Files\Sony\BlueSpace\BlueS paceNE.exe
D:\Program Files\Dragon\NaturallySpea king\Progr am\natspea k.exe
C:\Program Files\Hijackthis\HijackThi s.exe
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-1 0AC9BABA46 C} - C:\Program Files\Canon\Easy-WebPrint\ Toolband.d ll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAg ent] rundll32.exe bthprops.cpl,,BluetoothAut henticatio nAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P x.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\b in\tgcmd.e xe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin \jusched.e xe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCh eck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgd update.exe -Embedding -boot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\Sony\BlueSpace\BlueS paceNE.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = D:\Program Files\Dragon\NaturallySpea king\Progr am\natspea k.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: RemotePoint Presenter.lnk = D:\rpointpr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2 D05CB95953 7} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127238620574
O16 - DPF: {6F750200-1362-4815-A476-8 8533DE61D0 C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-0 0105A1F0D6 8} (InstallShield International Setup Player) - http://www.lowrance.com/Software/Upgrades/LCX/LCX-104C_180/isetup.cab
O17 - HKLM\System\CCS\Services\T cpip\Param eters: Domain = featherdownmedical.com
O17 - HKLM\Software\..\Telephony : DomainName = featherdownmedical.com
O17 - HKLM\System\CS1\Services\T cpip\Param eters: Domain = featherdownmedical.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2ev xx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.ex e
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1050\Inte l 32\IDriverT.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYS H~1\AVLib\ Sptisrv.ex e
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicSe rver-AppSe rver) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform -MusicServ er-AppServ er /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicSe rver-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.e xe" /Service=VAIOMediaPlatform -MusicServ er-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\Musi cServer\HT TP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicSe rver-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramew ork.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoSe rver-AppSe rver) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoA ppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoSe rver-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.e xe" /Service=VAIOMediaPlatform -PhotoServ er-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\Pho toServer\H TTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoSe rver-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramew ork.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoSe rver-AppSe rver) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform -VideoServ er-AppServ er /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoSe rver-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.e xe" /Service=VAIOMediaPlatform -VideoServ er-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\Vid eoServer\H TTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoSe rver-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramew ork.exe
here is my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:11:05 AM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\System32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\svchos
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.ex
C:\WINDOWS\System32\snmp.e
C:\WINDOWS\system32\wdfmgr
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.ex
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll
C:\WINDOWS\system32\ICO.EX
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_P
C:\Program Files\Apoint\Apntex.exe
C:\program files\support.com\client\b
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Java\jre1.5.0_06\bin
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\PspCon
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\PowerPanel\Program\P
D:\rpointpr.exe
C:\Program Files\Sony\BlueSpace\BlueS
D:\Program Files\Dragon\NaturallySpea
C:\Program Files\Hijackthis\HijackThi
R1 - HKCU\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-1
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAg
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\b
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCh
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgd
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\Sony\BlueSpace\BlueS
O4 - Startup: Dragon NaturallySpeaking.lnk = D:\Program Files\Dragon\NaturallySpea
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: RemotePoint Presenter.lnk = D:\rpointpr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {6F750200-1362-4815-A476-8
O16 - DPF: {90C9629E-CD32-11D3-BBFB-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2ev
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.ex
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYS
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicSe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicSe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicSe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoSe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoSe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoSe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoSe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoSe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoSe
Hi djbrink1,
More one time, the analyzed log is in here:
http://www.hijackthis.de/logfiles/b66c11f86891d98baac4a510008f067c.html
For me seems ok.
Miguel
More one time, the analyzed log is in here:
http://www.hijackthis.de/logfiles/b66c11f86891d98baac4a510008f067c.html
For me seems ok.
Miguel
You analyzer log is here: http://www.hijackthis.de/logfiles/f92690719bb163f13ada6e9223feb9c1.html
Now lets take a look to them ....
Miguel