Applehebi - Heard it before?

View previous topic View next topic Go down

Solved Applehebi - Heard it before?

Post by Stockers on Sat Nov 22, 2008 2:47 am

Hi all!

Downloaded winrar from cnet and installed it.

Now i get an "ok box" that displays the following message: "applehebi applehebi applehebi applehebis!!!" that pops up at regular intervals. My browser also redirects from google to a fake microsoft page trying to tell me to download some software.

I uninstalled winrar but am still having the issues.

Stockers
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-22
OS OS : Windows Vista
Points Points : 29360
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Stockers on Sat Nov 22, 2008 2:49 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:44 AM, on 22/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting

Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\explore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462

\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\SonicStage Mastering Studio\Audio

Filter\SSMSFilter.exe
C:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLLoginProxy.exe
C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary

Internet Files\Content.IE5\VY2PRX08\HiJackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 antispyware.com
O1 - Hosts: 204.16.197.121 antispy.com
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]

Stockers
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-22
OS OS : Windows Vista
Points Points : 29360
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Stockers on Sat Nov 22, 2008 2:49 am

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59

-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-

C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute

CS3/contributeieplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-

95DAC4DFA408} - C:\Program Files\Common Files\Symantec

Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-

4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1

\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045}

- (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-

8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-

E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-

009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-

0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-

2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute

CS3/contributeieplugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2

-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec

Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows

Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32

\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB

Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [E-Flyer] "C:\Program Files\Sony\E-

Flyer\SubFlyer.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program

Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1

\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program

Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program

Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [explore] C:\Windows\system32\explore.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows

Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common

Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows

Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.2.1128.5462

\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common

Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program

Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter]

rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Audio Filter.lnk = C:\Program

Files\Sony\SonicStage Mastering Studio\Audio

Filter\SSMSFilter.exe
O4 - Startup: Drobo Dashboard.lnk = C:\Program

Files\Drobo\Drobo Dashboard\DroboDashboard.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk =

C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Append to existing PDF -

[You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe

PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing

PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe

PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to

existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF

- [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing

PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -

[You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

[You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-

4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM

Control) -

[You must be registered and logged in to see this link.]

activex-2.2.3.7.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace

Uploader Control) -

[You must be registered and logged in to see this link.]
O23 - Service: Adobe Version Cue CS3 - Adobe Systems

Incorporated - C:\Program Files\Common Files\Adobe\Adobe

Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk -

C:\Program Files\Common Files\Autodesk

Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec

Corporation - C:\Program

Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service

(CLTNetCnService) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe

Ltd. - C:\Program Files\Common Files\Macrovision

Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google -

C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony

Corporation - C:\Program Files\Sony\Image Converter 3

\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation -

C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for

VAIO Entertainment - Sony Corporation - C:\Program

Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program

Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program

Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation

- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation

- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony

Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel,

Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Symantec Core LC - Unknown owner -

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA

CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba

Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration

Service - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\VAIO Entertainment

Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceMan

ager.exe
O23 - Service: VAIO Event Service - Sony Corporation -

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server

(VAIOMediaPlatform-IntegratedServer-AppServer) - Sony

Corporation - C:\Program Files\Sony\VAIO Media Integrated

Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP)

(VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation

- C:\Program Files\Sony\VAIO Media Integrated

Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP)

(VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation

- C:\Program Files\Sony\VAIO Media Integrated

Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-

Mobile-Gateway) - Sony Corporation - C:\Program

Files\Sony\VAIO Media Integrated

Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection

(VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation -

C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP)

(VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program

Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP)

(VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program

Files\Sony\VAIO Media Integrated

Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw)

- Sony Corporation - C:\Program Files\Common Files\Sony

Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc)

- Sony Corporation - C:\Program Files\Common Files\Sony

Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw)

- Sony Corporation - C:\Program Files\Common Files\Sony

Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. -

C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 18148 bytes

Stockers
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-22
OS OS : Windows Vista
Points Points : 29360
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Belahzur on Sat Nov 22, 2008 1:43 pm


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [explore] C:\Windows\system32\explore.exe


  • Press "Fix Checked"
  • Close Hijack This.


Delete this file:
C:\Windows\system32\explore.exe <--- Becareful of spelling, DO NOT delete explorer.exe

Submit a new Hijack This log, but this time take off word wrap.
In the Format menu in Notepad, untick Word Wrap.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Stockers on Sun Nov 23, 2008 3:08 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:53 PM, on 23/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
C:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Users\Jon\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 antispyware.com
O1 - Hosts: 204.16.197.121 antispy.com
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]

Stockers
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-22
OS OS : Windows Vista
Points Points : 29360
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Stockers on Sun Nov 23, 2008 3:08 am

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [E-Flyer] "C:\Program Files\Sony\E-Flyer\SubFlyer.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
O4 - Startup: Drobo Dashboard.lnk = C:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Append to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 18432 bytes

Stockers
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-22
OS OS : Windows Vista
Points Points : 29360
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Stockers on Sun Nov 23, 2008 7:15 am

Still getting the false microsoft security page instead of google.

Also experiencing HTTP 400 Bad request errors for alot of other pages.

Stockers
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-22
OS OS : Windows Vista
Points Points : 29360
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Jerry Parnell on Sun Nov 23, 2008 8:45 am

Bel,
I'm not taking over, i'm just going to ask the user one more question to see if a hunch that I have may be correct.

@Stockers
Have you noticed anything strange about websites you are visiting, such as bumps or strange address's loading in the bottom bar of your browser?
EDIT
Have you seen any of the problems above when visiting any/all of the websites in the following list?
Please read over each item in the following list very carefully.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


Last edited by Jerry Parnell on Sun Nov 23, 2008 9:03 am; edited 1 time in total (Reason for editing : Removed a few items from the list, changed some wording, ect...)

Jerry Parnell
Leader
Leader

Posts Posts : 670
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : Windows Vista Home Basic
Points Points : 30724
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Stockers on Sun Nov 23, 2008 10:26 am

Yep. Those are the ones.

Stockers
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-22
OS OS : Windows Vista
Points Points : 29360
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Belahzur on Sun Nov 23, 2008 12:51 pm

No problem Jerry, not worried about the host file, can repair that easily.

Hello Stockers, please do this next.

Download HostsXpert from [You must be registered and logged in to see this link.]

  • Unzip it.
  • Open the program.
  • Click on "Make read only"
  • Then press "Restore MS Hosts File'
OK the prompt, and exit HostsXpert.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Stockers on Sun Nov 23, 2008 10:48 pm

Error

ERROR: Cannot create file C:\Windows\system32\DRIVERS\ETC\hosts




Thats the error message I am recieving when I attempt to restore the mshosts file.

Stockers
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-22
OS OS : Windows Vista
Points Points : 29360
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Belahzur on Sun Nov 23, 2008 10:52 pm

Darn, vista. I forgot.
Right click the program > run as administrator.

Can you get it to do it's job now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Stockers on Sun Nov 23, 2008 11:01 pm

Negative.

Same error.

Stockers
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-22
OS OS : Windows Vista
Points Points : 29360
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Belahzur on Sun Nov 23, 2008 11:07 pm

Sigh. Fine, we can do this via HJT.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
    O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
    O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
    O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
    O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
    O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
    O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
    O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
    O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
    O1 - Hosts: 204.16.197.121 antispyware.com
    O1 - Hosts: 204.16.197.121 antispy.com
    O1 - Hosts: 204.16.197.121 [You must be registered and logged in to see this link.]
    Tick the rest of the 01 entries


  • Press "Fix Checked"
  • Close Hijack This.


Any better?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Jerry Parnell on Sun Nov 23, 2008 11:58 pm

The reason that the program is giving the error is because the malware already made the hosts file read-only.

Jerry Parnell
Leader
Leader

Posts Posts : 670
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : Windows Vista Home Basic
Points Points : 30724
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Belahzur on Mon Nov 24, 2008 12:06 am

Ah, thanks Jerry.
We'll see if my HJT fix works before changing the attributes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Stockers on Mon Nov 24, 2008 10:53 am

[You must be registered and logged in to see this link.] wrote:
We'll see if my HJT fix works before changing the attributes.

Fixed.

Thank you so much...

Is there anything else that needs doing?

Stockers
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-22
OS OS : Windows Vista
Points Points : 29360
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Belahzur on Mon Nov 24, 2008 1:27 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.
===
Everything looks great --- your HijackThis log appears to be clean. Smile
Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Applehebi - Heard it before?

Post by Doctor Inferno on Mon Dec 01, 2008 2:16 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104600
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum