Jump to content

Trojan and rbot variants? Help!

BobbyJpost

By BobbyJpost
in Resolved Malware Removal Logs

 Share

Recommended Posts

BobbyJpost

BobbyJpost

Posted
Posted

I am frustrated up to -HERE- with this! I've tried using SUPERAntiSpyware, Spybot, and Counterspy, but the viruses still plague my cpu... most of the viruses were destroyed by the spyware programs but a few persist. Can you look through my hijackthis log and tell me the problems? Thank you very very very very much!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:37:40 PM, on 11/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\WINDOWS\system32\Brmfrmps.exe

C:\Program Files\Norton Internet Security\ccPxySvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\ehome\ehSched.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\System32\msdtc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\SONY\sHotKey\sHotKey.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\USBStorage\USBDetector.exe

C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\anonymous\Desktop\spyware tools\FixZotob.exe

C:\Documents and Settings\anonymous\Desktop\spyware tools\BullGuard_80_x64.exe

C:\Documents and Settings\anonymous\Desktop\spyware tools\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANONYMOUS\Application Data\Mozilla\Profiles\default\0b8b5w3s.slt\prefs.js)

O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4CB8F4B4-5F66-4D9E-BC3B-184596A58824} - C:\WINDOWS\system32\ljjgdbb.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)

O2 - BHO: (no name) - {92F8A433-418C-1C0D-DA2F-4AE676860995} - C:\WINDOWS\system32\tbhtuk.dll

O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)

O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)

O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)

O2 - BHO: {da7bdc96-ede8-75e9-2664-ceca4996799f} - {f9976994-acec-4662-9e57-8ede69cdb7ad} - C:\WINDOWS\system32\tmbxistv.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [uSBDetector] C:\USBStorage\USBDetector.exe

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY

O4 - HKLM\..\Run: [hosycal] C:\Program Files\MSN\hosycal22011.exe

O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinsldq.exe CHD001

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"

O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe

O4 - HKCU\..\Run: [Yahoo! Pager] 1

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [wifw] C:\PROGRA~1\COMMON~1\wifw\wifwm.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [sjxqkbx] C:\WINDOWS\??mbols\m?config.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user')

O4 - Startup: 2WireSetup.lnk = D:\Program Files\2Wire\WebWorks.exe

O4 - Startup: findfast.exe

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: autorun.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/313b41d46da531...ip/RdxIE601.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514296937

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514221593

O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab

O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,0

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: ljjgdbb - C:\WINDOWS\SYSTEM32\ljjgdbb.dll

O20 - Winlogon Notify: pmnmmlk - pmnmmlk.dll (file missing)

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe

O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe

O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--

End of file - 14778 bytes

Link to post
Share on other sites
MysteryFCM

MysteryFCM

Posted
Posted

Please print or save these instructions before continuing.

Please first download ComboFix (DO NOT run it yet);

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

and AVG AntiSpyware:

http://www.ewido.net/en/download/

Next, re-start your computer in safe mode. To do this, tap F8 whilst the computer is loading, and select Safe Mode from the list of options.

Once in Safe Mode, load HiJack This and have it fix the following;

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe

O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)

O2 - BHO: (no name) - {4CB8F4B4-5F66-4D9E-BC3B-184596A58824} - C:\WINDOWS\system32\ljjgdbb.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)

O2 - BHO: (no name) - {92F8A433-418C-1C0D-DA2F-4AE676860995} - C:\WINDOWS\system32\tbhtuk.dll

O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)

O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)

O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)

O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)

O2 - BHO: {da7bdc96-ede8-75e9-2664-ceca4996799f} - {f9976994-acec-4662-9e57-8ede69cdb7ad} - C:\WINDOWS\system32\tmbxistv.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [hosycal] C:\Program Files\MSN\hosycal22011.exe

O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinsldq.exe CHD001

O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"

O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe

O4 - HKCU\..\Run: [Yahoo! Pager] 1

O4 - HKCU\..\Run: [wifw] C:\PROGRA~1\COMMON~1\wifw\wifwm.exe

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [sjxqkbx] C:\WINDOWS\??mbols\m?config.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user')

O4 - Startup: 2WireSetup.lnk = D:\Program Files\2Wire\WebWorks.exe

O4 - Startup: findfast.exe

O4 - Global Startup: autorun.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll

O20 - Winlogon Notify: ljjgdbb - C:\WINDOWS\SYSTEM32\ljjgdbb.dll

O20 - Winlogon Notify: pmnmmlk - pmnmmlk.dll (file missing)

Once done, load ComboFix and follow the prompts. Once it is finished, a log will be produced for you, please attach that here.

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Next, if still present, locate and delete the following;

C:\WINDOWS\shell.exe

C:\WINDOWS\system32\vvgeowbv.exe

C:\WINDOWS\system32\ljjgdbb.dll

C:\WINDOWS\system32\tbhtuk.dll

C:\WINDOWS\system32\tmbxistv.dll

c:\windows\system32\mqrt.dll

C:\Program Files\MSN\hosycal22011.exe

C:\WINDOWS\system32\pwinsldq.exe

C:\WINDOWS\winshow.exe

C:\WINDOWS\system32\printer.exe

C:\PROGRA~1\COMMON~1\wifw\wifwm.exe

C:\WINDOWS\??mbols\m?config.exe

c:\windows\system32\tscupgrd.exe

C:\windows\system32\MIDIDEF.EXE

c:\windows\system32\findfast.exe

c:\windows\system32\autorun.exe

c:\windows\system32\ldcore.dll

C:\WINDOWS\SYSTEM32\ljjgdbb.dll

Next, re-start your computer and load AVG AntiSpyware. First, allow it to update (you will need an active internet connection) by clicking the Update Now option on the main screen, then have it run a full system scan and remove anything it finds.

Finally, load HiJack This and have it produce a new log file.

To finish, please post the HiJack This, AVG AntiSpyware and Combofix logs here.

Link to post
Share on other sites
BobbyJpost

BobbyJpost

Posted
  • Author
Posted

Steven Burn! Thank you SO very much!! All my cpu functions have returned to normal!!! I really can't thank you enough for your help. There was one thing I couldn't delete after running hijack this... it was the ljjgdbb.dll file. My computer said that ljjgdbb.dll was in use and couldn't be deleted. But everything has returned to normal, I can finally access control panel and task manager. Thank you sincerely for taking the time to help! Here are the logs from Hijack this, Combofix, and AVG:

HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:41:50 AM, on 11/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\shell.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\anonymous\Desktop\spyware tools\HiJackThis.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANONYMOUS\Application Data\Mozilla\Profiles\default\0b8b5w3s.slt\prefs.js)

O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2FE8C64D-BA48-41B0-BDA6-7E5E5229AE6B} - C:\WINDOWS\system32\pmnnm.dll

O2 - BHO: (no name) - {4CB8F4B4-5F66-4D9E-BC3B-184596A58824} - C:\WINDOWS\system32\ljjgdbb.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)

O2 - BHO: (no name) - {92F8A433-418C-1C0D-DA2F-4AE676860995} - C:\WINDOWS\system32\tbhtuk.dll

O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)

O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)

O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)

O2 - BHO: {da7bdc96-ede8-75e9-2664-ceca4996799f} - {f9976994-acec-4662-9e57-8ede69cdb7ad} - C:\WINDOWS\system32\tmbxistv.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"

O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [uSBDetector] C:\USBStorage\USBDetector.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe

O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [hosycal] C:\Program Files\MSN\hosycal22011.exe

O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinsldq.exe CHD001

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe

O4 - HKCU\..\Run: [Yahoo! Pager] 1

O4 - HKCU\..\Run: [wifw] C:\PROGRA~1\COMMON~1\wifw\wifwm.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [sjxqkbx] C:\WINDOWS\??mbols\m?config.exe

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spoolsv] C:\WINDOWS\system32\spoolvs.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user')

O4 - Startup: 2WireSetup.lnk = D:\Program Files\2Wire\WebWorks.exe

O4 - Startup: findfast.exe

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: autorun.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/313b41d46da531...ip/RdxIE601.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514296937

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514221593

O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab

O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,0

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: ljjgdbb - C:\WINDOWS\SYSTEM32\ljjgdbb.dll

O20 - Winlogon Notify: pmnmmlk - pmnmmlk.dll (file missing)

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe

O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe

O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--

End of file - 13021 bytes

COMBOFIX LOG:

ComboFix 07-11-08.1 - anonymous 2007-11-12 2:47:01.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.345 [GMT -6:00]

Running from: C:\Documents and Settings\anonymous\Desktop\spyware tools\ComboFix.exe

.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe

C:\Documents and Settings\All Users\Application Data.\salesmonitor

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip

C:\Documents and Settings\anonymous\err.log

C:\Program Files\Common Files\ystem3~1

C:\Program Files\Common Files\ystem3~1\?ystem32\

C:\Program Files\Insider

C:\WINDOWS\aconti.exe

C:\WINDOWS\adbar.dll

C:\WINDOWS\cookies.ini

C:\WINDOWS\daxtime.dll

C:\WINDOWS\dp0.dll

C:\WINDOWS\eventlowg.dll

C:\WINDOWS\fhfmm-Uninstaller.exe

C:\WINDOWS\fnts~1

C:\WINDOWS\hotporn.exe

C:\WINDOWS\ie_32.exe

C:\WINDOWS\jd2002.dll

C:\WINDOWS\kkcomp$.exe

C:\WINDOWS\liqad$.exe

C:\WINDOWS\liqui-Uninstaller.exe

C:\WINDOWS\mbols~1

C:\WINDOWS\ngd.dll

C:\WINDOWS\shell.exe

C:\WINDOWS\spredirect.dll

C:\WINDOWS\system32\A1

C:\WINDOWS\system32\Cache

C:\WINDOWS\system32\drivers\box_1.gif

C:\WINDOWS\system32\drivers\cell_bg.gif

C:\WINDOWS\system32\drivers\cell_footer.gif

C:\WINDOWS\system32\drivers\cell_header_block.gif

C:\WINDOWS\system32\drivers\cell_header_remove.gif

C:\WINDOWS\system32\drivers\cell_header_scan.gif

C:\WINDOWS\system32\drivers\download_btn.jpg

C:\WINDOWS\system32\drivers\download_now_btn.gif

C:\WINDOWS\system32\drivers\header_2.gif

C:\WINDOWS\system32\drivers\header_red_bg.gif

C:\WINDOWS\system32\drivers\header_red_free_scan.gif

C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif

C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif

C:\WINDOWS\system32\drivers\product_3_header.gif

C:\WINDOWS\system32\drivers\rating.gif

C:\WINDOWS\system32\drivers\screenshot.jpg

C:\WINDOWS\system32\drivers\sfsync02.sys

C:\WINDOWS\system32\drivers\shadow_bg.gif

C:\WINDOWS\system32\drivers\spacer.gif

C:\WINDOWS\system32\drivers\star_small.gif

C:\WINDOWS\system32\drivers\style.css

C:\WINDOWS\system32\f02WtR

C:\WINDOWS\system32\f02WtR\f02WtR1065.exe

C:\WINDOWS\system32\hjkmp.bak1

C:\WINDOWS\system32\hjkmp.ini

C:\WINDOWS\system32\ldinfo.ldr

C:\WINDOWS\system32\lnnmp.bak1

C:\WINDOWS\system32\lnnmp.ini

C:\WINDOWS\system32\mnnmp.bak1

C:\WINDOWS\system32\mnnmp.ini

C:\WINDOWS\system32\npjbjdts.dll

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\pmnnm.dll

C:\WINDOWS\system32\printer.exe

C:\WINDOWS\system32\prutv.bak1

C:\WINDOWS\system32\prutv.ini

C:\WINDOWS\system32\Q2

C:\WINDOWS\system32\qqtss.bak1

C:\WINDOWS\system32\qqtss.ini

C:\WINDOWS\system32\rstwa.bak1

C:\WINDOWS\system32\rstwa.bak2

C:\WINDOWS\system32\rstwa.ini2

C:\WINDOWS\system32\rstwa.tmp

C:\WINDOWS\system32\spoolvs.exe

C:\WINDOWS\system32\stdjbjpn.ini

C:\WINDOWS\system32\wvvwa.ini2

C:\WINDOWS\system32\wvvwa.tmp

C:\WINDOWS\system32\xyadd.bak1

C:\WINDOWS\system32\xyadd.ini

C:\WINDOWS\vxddsk.exe

C:\WINDOWS\xadbrk_.exe

C:\WINDOWS\xxxvideo.exe

C:\WINDOWS\ystem3~1

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_DOMAINSERVICE

-------\LEGACY_IPRIP

-------\LEGACY_NWSAPAGENT

-------\LEGACY_SFSYNC02

-------\Iprip

-------\sfsync02

((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))

.

2007-11-12 02:44 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-11 14:25 <DIR> d-------- C:\WINDOWS\pss

2007-11-11 02:36 <DIR> d----c--- C:\Documents and Settings\anonymous\Application Data\Sunbelt Software

2007-11-11 02:35 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sunbelt Software

2007-11-11 02:01 <DIR> d----c--- C:\Program Files\Sunbelt Software

2007-11-11 01:41 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-11-11 01:26 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP

2007-11-11 01:25 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-11-09 23:16 85,056 --a--c--- C:\WINDOWS\system32\tyagksuy.dll

2007-11-09 23:08 450,021 ---hs---- C:\WINDOWS\system32\jlnmp.bak2

2007-11-09 23:08 71,232 --a--c--- C:\WINDOWS\system32\qnlhihha.exe

2007-11-09 19:17 9,728 -----c--- C:\Program Files\xloader10181.exe

2007-11-09 18:09 4 --a------ C:\WINDOWS\system32\stfv.bin

2007-11-09 17:39 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin

2007-11-09 17:35 <DIR> d-------- C:\WINDOWS\system32\rMa02yy

2007-11-09 17:35 36,352 --a------ C:\WINDOWS\system32\ljjgdbb.dll

2007-11-08 23:47 <DIR> d----c--- C:\Program Files\MySpace

2007-11-08 23:47 <DIR> d----c--- C:\Documents and Settings\anonymous\Application Data\MySpace

2007-11-05 22:45 85,568 --a--c--- C:\WINDOWS\system32\oygtkgwo.dll

2007-10-27 10:40 299,008 --a------ C:\WINDOWS\uninst.exe

2007-10-26 11:39 <DIR> d----c--- C:\Program Files\Setup NetZero

2007-10-15 08:32 32 --ahs---- C:\WINDOWS\system32\{E527B22E-6A70-4953-BF82-67859186D084}.dat

2007-10-15 08:32 32 --ahs---- C:\WINDOWS\{09683072-492A-4D5F-AF17-CA895A517513}.dat

2007-10-15 08:31 32 --ahs---- C:\WINDOWS\system32\{6F4D6C12-867C-42AD-9977-4EDE998CAA28}.dat

2007-10-15 08:31 32 --ahs---- C:\WINDOWS\{14D56299-1537-4F20-8F35-D19FD0C7015A}.dat

2007-10-15 08:30 <DIR> d----c--- C:\Program Files\Norton Internet Security

2007-10-15 08:30 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2007-10-15 08:30 73,432 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-10-15 08:29 14 --a------ C:\WINDOWS\system32\SR2.dat

2007-10-15 08:28 <DIR> d----c--- C:\Program Files\Norton AntiVirus

2007-10-15 08:01 118,520 --a------ C:\WINDOWS\system32\PxInsI64.exe

2007-10-15 08:01 115,960 --a------ C:\WINDOWS\system32\PxCpyI64.exe

2007-10-15 08:01 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-10-15 08:01 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-12 09:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-11-12 04:05 --------- dc----w C:\Program Files\SUPERAntiSpyware

2007-11-10 04:54 0 -c--a-w C:\Documents and Settings\anonymous\was0008.exe

2007-10-15 14:39 --------- d-----w C:\Program Files\Microsoft Works

2007-10-15 14:39 --------- d-----w C:\Program Files\Encarta Online

2007-10-15 14:32 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec

2007-10-15 14:32 --------- d-----w C:\Program Files\Symantec

2007-10-15 14:06 --------- dc----w C:\Documents and Settings\anonymous\Application Data\Sony Corporation

2007-10-15 14:01 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-10-15 13:59 --------- d-----w C:\Program Files\Sony

2007-09-28 05:23 --------- dc----w C:\Documents and Settings\anonymous\Application Data\Metacafe

2007-09-21 02:35 1,979,671 --sh--w C:\WINDOWS\system32\pstwa.ini2

2007-09-17 06:52 1,944,151 --sh--w C:\WINDOWS\system32\ihhkj.ini2

2007-09-17 05:50 --------- dc----w C:\Documents and Settings\anonymous\Application Data\SUPERAntiSpyware.com

2007-09-17 05:50 --------- dc----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2007-09-17 05:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-09-16 16:06 1,938,282 --sh--w C:\WINDOWS\system32\ihhkj.bak2

2007-09-15 14:21 1,946,020 --sh--w C:\WINDOWS\system32\ihhkj.bak1

2007-09-14 13:23 --------- d-----w C:\Program Files\Common Files\wifw

2007-09-12 14:09 --------- d-----w C:\Program Files\Common Files\Sony Shared

2007-08-27 17:26 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe

2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}]

2007-11-09 17:35 36352 --a------ C:\WINDOWS\system32\ljjgdbb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 03:00]

"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 11:29]

"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08]

"USBDetector"="C:\USBStorage\USBDetector.exe" [2003-04-01 13:33]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00]

"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 17:45]

"sHotKey"="C:\Program Files\SONY\sHotKey\sHotKey.exe" [2003-08-22 10:22]

"SetDefPrt"="C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-10 13:56]

"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09]

"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" []

"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 10:33]

"nwiz"="nwiz.exe" [2003-08-18 20:56 C:\WINDOWS\system32\nwiz.exe]

"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" []

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 17:41]

"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 11:07]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 09:46]

"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 11:55]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 10:38]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-04 01:56]

"CTHelper"="CTHELPER.EXE" [2003-07-02 18:51 C:\WINDOWS\system32\cthelper.exe]

"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-03-03 12:04]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-03-03 12:04]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 14:01]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 11:43 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\anonymous\Start Menu\Programs\Startup\

Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-15 07:59:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

@=0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

"{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}"= C:\WINDOWS\system32\ljjgdbb.dll [2007-11-09 17:35 36352]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjgdbb]

ljjgdbb.dll 2007-11-09 17:35 36352 C:\WINDOWS\system32\ljjgdbb.dll

R0 SonyLSM;LED State Service;C:\WINDOWS\system32\Drivers\SonyLSM.sys

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe

S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys

S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys

S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys

S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys

S3 MemStPCI;Sony Memory Stick controller (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS

S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe -k p2psvc

S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe -k p2psvc

S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe -k p2psvc

S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe -k p2psvc

S3 SaiH0109;SaiH0109;C:\WINDOWS\system32\DRIVERS\SaiH0109.sys

S3 SaiU0109;SaiU0109;C:\WINDOWS\system32\DRIVERS\SaiU0109.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

"2007-11-10 17:37:26 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"

- C:\PROGRA~1\NORTON~1\NAVW32.exe

"2007-11-10 17:37:27 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-12 02:58:43

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???|???\'????A~??A~|???????\???\???????????U?A~??A~\???\???????Hna??????C@?\???\??????s|???\??????s\???@'??A??s@'???C@?x???`|?w\?????@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-12 3:02:12 - machine was rebooted

.

--- E O F ---

AVG LOG:

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 10:16:48 AM 11/12/2007

+ Scan result:

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored.

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored.

HKU\S-1-5-21-1568042589-2687638305-2322239853-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored.

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored.

HKU\S-1-5-21-1568042589-2687638305-2322239853-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Ignored.

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Ignored.

HKU\S-1-5-21-1568042589-2687638305-2322239853-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Ignored.

C:\System Volume Information\_restore{1227E41C-9B8D-4405-99CE-E3332DE7EA59}\RP2\A0000072.exe -> Downloader.VB.bgd : Ignored.

C:\qoobox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir -> Downloader.VB.bgd : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@adengage[1].txt -> TrackingCookie.Adengage : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@ivwbox[1].txt -> TrackingCookie.Ivwbox : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@search.msn[1].txt -> TrackingCookie.Msn : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Ignored.

C:\WINDOWS\system32\drivers\etc\hosts.20071111-015639.backup -> Trojan.Qhost.nl : Ignored.

::Report end

Link to post
Share on other sites
BobbyJpost

BobbyJpost

Posted
  • Author
Posted

More viruses! I thought it was over... sorry Steven. Here is a new hijackthis log and avg log... sorry and thanks.

NEW HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:19:22 AM, on 11/14/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\Program Files\Norton Internet Security\ccPxySvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\ehome\ehSched.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\System32\msdtc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\anonymous\Desktop\spyware tools\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANONYMOUS\Application Data\Mozilla\Profiles\default\0b8b5w3s.slt\prefs.js)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4CB8F4B4-5F66-4D9E-BC3B-184596A58824} - C:\WINDOWS\system32\ljjgdbb.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [uSBDetector] C:\USBStorage\USBDetector.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe

O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/313b41d46da531...ip/RdxIE601.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514296937

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514221593

O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab

O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,0

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: ljjgdbb - C:\WINDOWS\SYSTEM32\ljjgdbb.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe

O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe

O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--

End of file - 11076 bytes

NEW AVG LOG:

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 3:23:34 PM 11/13/2007

+ Scan result:

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored.

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored.

HKU\S-1-5-21-1568042589-2687638305-2322239853-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored.

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored.

HKU\S-1-5-21-1568042589-2687638305-2322239853-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Ignored.

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Ignored.

HKU\S-1-5-21-1568042589-2687638305-2322239853-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Ignored.

C:\System Volume Information\_restore{1227E41C-9B8D-4405-99CE-E3332DE7EA59}\RP2\A0000072.exe -> Downloader.VB.bgd : Ignored.

C:\qoobox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir -> Downloader.VB.bgd : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@2o7[2].txt -> TrackingCookie.2o7 : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@classifiedventures1.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@adengage[1].txt -> TrackingCookie.Adengage : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@advertising[2].txt -> TrackingCookie.Advertising : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@ivwbox[1].txt -> TrackingCookie.Ivwbox : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@search.msn[1].txt -> TrackingCookie.Msn : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.

C:\Documents and Settings\anonymous\Cookies\anonymous@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignored.

C:\WINDOWS\system32\drivers\etc\hosts.20071111-015639.backup -> Trojan.Qhost.nl : Ignored.

::Report end

Link to post
Share on other sites
MysteryFCM

MysteryFCM

Posted
Posted
More viruses! I thought it was over... sorry Steven. Here is a new hijackthis log and avg log... sorry and thanks.

No problem. There's still one or two lurking that need removed.

Please first, download VundoFix;

http://www.atribune.org/ccount/click.php?id=4

  • Double-click VundoFix.exe to run it.

  • Click the Scan for Vundo button.

  • Once it's done scanning, click the Remove Vundo button.

  • You will receive a prompt asking if you want to remove the files, click YES

  • Once you click yes, your desktop will go blank as it starts removing Vundo.

  • When completed, it will prompt that it will reboot your computer, click OK.

O2 - BHO: (no name) - {4CB8F4B4-5F66-4D9E-BC3B-184596A58824} - C:\WINDOWS\system32\ljjgdbb.dll

O20 - Winlogon Notify: ljjgdbb - C:\WINDOWS\SYSTEM32\ljjgdbb.dll

Next, load AVG AntiSpyware and prior to asking it to remove everything it finds, change the items status from Ignore, to Delete.

Finally please post the AVG, c:\vundofix.txt and a fresh HiJack This log.

Link to post
Share on other sites
BobbyJpost

BobbyJpost

Posted
  • Author
Posted

Alright! Crossing my fingers... here is a new AVG log, C:/vundofix.txt, and hijack this log... tell me my computer is healthy doctor...

AVG LOG:

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 8:07:31 PM 11/14/2007

+ Scan result:

C:\Documents and Settings\anonymous\Cookies\anonymous@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\anonymous\Cookies\anonymous@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\anonymous\Cookies\anonymous@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\anonymous\Cookies\anonymous@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.

C:\Documents and Settings\anonymous\Cookies\anonymous@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.

C:\Documents and Settings\anonymous\Cookies\anonymous@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.

::Report end

C:/VUNDOFIX.TXT LOG:

VundoFix V6.6.1

Checking Java version...

Scan started at 5:15:52 PM 11/14/2007

Listing files found while scanning....

C:\WINDOWS\system32\ljjgdbb.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ljjgdbb.dll

C:\WINDOWS\system32\ljjgdbb.dll Could not be deleted.

Performing Repairs to the registry.

Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ljjgdbb.dll

C:\WINDOWS\system32\ljjgdbb.dll Has been deleted!

Performing Repairs to the registry.

Done!

HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:09:10 PM, on 11/14/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\Program Files\Norton Internet Security\ccPxySvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\ehome\ehSched.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\System32\msdtc.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\USBStorage\USBDetector.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\SONY\sHotKey\sHotKey.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\anonymous\Desktop\spyware tools\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANONYMOUS\Application Data\Mozilla\Profiles\default\0b8b5w3s.slt\prefs.js)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [uSBDetector] C:\USBStorage\USBDetector.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe

O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [887d6fc2] rundll32.exe "C:\WINDOWS\system32\vkydmgsi.dll",b

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/313b41d46da531...ip/RdxIE601.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514296937

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514221593

O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab

O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,0

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\cfsvacxp.exe (file missing)

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe

O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe

O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--

End of file - 11337 bytes

Link to post
Share on other sites
  • 2 weeks later...
JeanInMontana

JeanInMontana

Posted
Posted

Steven thank you for your help it is much appreciated. Since this issue is resolved I will close the topic to prevent others from posting in it.

If you experience symptoms similar to those described here, do not follow this advice, it can result in ruination. Open your own topic and someone will be happy to help you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.