Jump to content

BobbyJpost

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for your help! AVG log: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 12:59:30 AM 11/29/2007 + Scan result: Nothing found. ::Report end About panda active, are they legit? I don't feel comfortable letting them scan my cpu remotely...
  2. I can't believe my cpu is infected again! I just got through cleaning it... I'm really sorry to ask again, but could someone filter through this Hijack this log?... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:20:56 AM, on 11/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\ehome\ehSched.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\System32\msdtc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\ezSP_Px.exe C:\USBStorage\USBDetector.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\SONY\sHotKey\sHotKey.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\anonymous\Desktop\spyware tools\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANONYMOUS\Application Data\Mozilla\Profiles\default\0b8b5w3s.slt\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - C:\WINDOWS\system32\cbxursr.dll O2 - BHO: (no name) - {365619c2-73e9-4930-8a39-f4ce59e72998} - C:\WINDOWS\system32\ckccagk.dll (file missing) O2 - BHO: (no name) - {5083A0AF-BE16-4F7A-A92B-1AA5FA3313D6} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: {77782471-37f2-5d0b-4134-872be5f11695} - {59611f5e-b278-4314-b0d5-2f7317428777} - C:\WINDOWS\system32\umehemxm.dll (file missing) O2 - BHO: 0 - {941538FB-5A27-46B2-0397-90F9692B69F3} - C:\Program Files\MSN Gaming Zone\lawug985.dll (file missing) O2 - BHO: (no name) - {C6AFA63D-43D8-1F0C-D82F-4AE676865F9F} - C:\WINDOWS\system32\hozt.dll O2 - BHO: (no name) - {F95A4A5F-0A74-494A-BBA5-6C2F9F444BDB} - C:\Program Files\Windows Media Player\holemunyv4444.dll (file missing) O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [uSBDetector] C:\USBStorage\USBDetector.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe" O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Vyg] C:\WINDOWS\system32\??pPatch\w?auboot.exe O4 - HKUS\S-1-5-19\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/313b41d46da531...ip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514296937 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514221593 O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,0 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: cbxursr - C:\WINDOWS\SYSTEM32\cbxursr.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- End of file - 11048 bytes
  3. Yes, all traces of those viruses are gone. I ran AVG and SUPERanti spyware removers several times since then, none of those viruses remain... whew! What a sigh of relief! You saved me from a super huge headache! How did you get so familiar with solving these cpu problems?
  4. Hey! Thanks so SO much again! So far my cpu is back to normal! Sad thing is, I'll probably be back in a few weeks with another virus... hopefully not. Thank you sincerely, Bobby
  5. Alright! Crossing my fingers... here is a new AVG log, C:/vundofix.txt, and hijack this log... tell me my computer is healthy doctor... AVG LOG: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 8:07:31 PM 11/14/2007 + Scan result: C:\Documents and Settings\anonymous\Cookies\anonymous@2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\anonymous\Cookies\anonymous@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\anonymous\Cookies\anonymous@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\anonymous\Cookies\anonymous@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\anonymous\Cookies\anonymous@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\anonymous\Cookies\anonymous@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned. ::Report end C:/VUNDOFIX.TXT LOG: VundoFix V6.6.1 Checking Java version... Scan started at 5:15:52 PM 11/14/2007 Listing files found while scanning.... C:\WINDOWS\system32\ljjgdbb.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\ljjgdbb.dll C:\WINDOWS\system32\ljjgdbb.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\ljjgdbb.dll C:\WINDOWS\system32\ljjgdbb.dll Has been deleted! Performing Repairs to the registry. Done! HIJACK THIS LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:09:10 PM, on 11/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\ehome\ehSched.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\System32\msdtc.exe C:\WINDOWS\System32\ezSP_Px.exe C:\USBStorage\USBDetector.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\SONY\sHotKey\sHotKey.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\anonymous\Desktop\spyware tools\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANONYMOUS\Application Data\Mozilla\Profiles\default\0b8b5w3s.slt\prefs.js) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [uSBDetector] C:\USBStorage\USBDetector.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe" O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [887d6fc2] rundll32.exe "C:\WINDOWS\system32\vkydmgsi.dll",b O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/313b41d46da531...ip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514296937 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514221593 O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,0 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\cfsvacxp.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- End of file - 11337 bytes
  6. More viruses! I thought it was over... sorry Steven. Here is a new hijackthis log and avg log... sorry and thanks. NEW HIJACK THIS LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:19:22 AM, on 11/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\ehome\ehSched.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\System32\msdtc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\anonymous\Desktop\spyware tools\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANONYMOUS\Application Data\Mozilla\Profiles\default\0b8b5w3s.slt\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4CB8F4B4-5F66-4D9E-BC3B-184596A58824} - C:\WINDOWS\system32\ljjgdbb.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [uSBDetector] C:\USBStorage\USBDetector.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe" O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/313b41d46da531...ip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514296937 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514221593 O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,0 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ljjgdbb - C:\WINDOWS\SYSTEM32\ljjgdbb.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- End of file - 11076 bytes NEW AVG LOG: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 3:23:34 PM 11/13/2007 + Scan result: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored. HKU\S-1-5-21-1568042589-2687638305-2322239853-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored. HKU\S-1-5-21-1568042589-2687638305-2322239853-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Ignored. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Ignored. HKU\S-1-5-21-1568042589-2687638305-2322239853-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Ignored. C:\System Volume Information\_restore{1227E41C-9B8D-4405-99CE-E3332DE7EA59}\RP2\A0000072.exe -> Downloader.VB.bgd : Ignored. C:\qoobox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir -> Downloader.VB.bgd : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@2o7[2].txt -> TrackingCookie.2o7 : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@classifiedventures1.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@adengage[1].txt -> TrackingCookie.Adengage : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@advertising[2].txt -> TrackingCookie.Advertising : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@ivwbox[1].txt -> TrackingCookie.Ivwbox : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@search.msn[1].txt -> TrackingCookie.Msn : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignored. C:\WINDOWS\system32\drivers\etc\hosts.20071111-015639.backup -> Trojan.Qhost.nl : Ignored. ::Report end
  7. Steven Burn! Thank you SO very much!! All my cpu functions have returned to normal!!! I really can't thank you enough for your help. There was one thing I couldn't delete after running hijack this... it was the ljjgdbb.dll file. My computer said that ljjgdbb.dll was in use and couldn't be deleted. But everything has returned to normal, I can finally access control panel and task manager. Thank you sincerely for taking the time to help! Here are the logs from Hijack this, Combofix, and AVG: HIJACK THIS LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:41:50 AM, on 11/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\shell.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\anonymous\Desktop\spyware tools\HiJackThis.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANONYMOUS\Application Data\Mozilla\Profiles\default\0b8b5w3s.slt\prefs.js) O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2FE8C64D-BA48-41B0-BDA6-7E5E5229AE6B} - C:\WINDOWS\system32\pmnnm.dll O2 - BHO: (no name) - {4CB8F4B4-5F66-4D9E-BC3B-184596A58824} - C:\WINDOWS\system32\ljjgdbb.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file) O2 - BHO: (no name) - {92F8A433-418C-1C0D-DA2F-4AE676860995} - C:\WINDOWS\system32\tbhtuk.dll O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file) O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file) O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file) O2 - BHO: {da7bdc96-ede8-75e9-2664-ceca4996799f} - {f9976994-acec-4662-9e57-8ede69cdb7ad} - C:\WINDOWS\system32\tmbxistv.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe" O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [uSBDetector] C:\USBStorage\USBDetector.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe" O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [hosycal] C:\Program Files\MSN\hosycal22011.exe O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinsldq.exe CHD001 O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - HKCU\..\Run: [wifw] C:\PROGRA~1\COMMON~1\wifw\wifwm.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [sjxqkbx] C:\WINDOWS\??mbols\m?config.exe O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spoolsv] C:\WINDOWS\system32\spoolvs.exe O4 - HKUS\S-1-5-20\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user') O4 - Startup: 2WireSetup.lnk = D:\Program Files\2Wire\WebWorks.exe O4 - Startup: findfast.exe O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: autorun.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/313b41d46da531...ip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514296937 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514221593 O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,0 O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ljjgdbb - C:\WINDOWS\SYSTEM32\ljjgdbb.dll O20 - Winlogon Notify: pmnmmlk - pmnmmlk.dll (file missing) O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- End of file - 13021 bytes COMBOFIX LOG: ComboFix 07-11-08.1 - anonymous 2007-11-12 2:47:01.1 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.345 [GMT -6:00] Running from: C:\Documents and Settings\anonymous\Desktop\spyware tools\ComboFix.exe . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip C:\Documents and Settings\anonymous\err.log C:\Program Files\Common Files\ystem3~1 C:\Program Files\Common Files\ystem3~1\?ystem32\ C:\Program Files\Insider C:\WINDOWS\aconti.exe C:\WINDOWS\adbar.dll C:\WINDOWS\cookies.ini C:\WINDOWS\daxtime.dll C:\WINDOWS\dp0.dll C:\WINDOWS\eventlowg.dll C:\WINDOWS\fhfmm-Uninstaller.exe C:\WINDOWS\fnts~1 C:\WINDOWS\hotporn.exe C:\WINDOWS\ie_32.exe C:\WINDOWS\jd2002.dll C:\WINDOWS\kkcomp$.exe C:\WINDOWS\liqad$.exe C:\WINDOWS\liqui-Uninstaller.exe C:\WINDOWS\mbols~1 C:\WINDOWS\ngd.dll C:\WINDOWS\shell.exe C:\WINDOWS\spredirect.dll C:\WINDOWS\system32\A1 C:\WINDOWS\system32\Cache C:\WINDOWS\system32\drivers\box_1.gif C:\WINDOWS\system32\drivers\cell_bg.gif C:\WINDOWS\system32\drivers\cell_footer.gif C:\WINDOWS\system32\drivers\cell_header_block.gif C:\WINDOWS\system32\drivers\cell_header_remove.gif C:\WINDOWS\system32\drivers\cell_header_scan.gif C:\WINDOWS\system32\drivers\download_btn.jpg C:\WINDOWS\system32\drivers\download_now_btn.gif C:\WINDOWS\system32\drivers\header_2.gif C:\WINDOWS\system32\drivers\header_red_bg.gif C:\WINDOWS\system32\drivers\header_red_free_scan.gif C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif C:\WINDOWS\system32\drivers\product_3_header.gif C:\WINDOWS\system32\drivers\rating.gif C:\WINDOWS\system32\drivers\screenshot.jpg C:\WINDOWS\system32\drivers\sfsync02.sys C:\WINDOWS\system32\drivers\shadow_bg.gif C:\WINDOWS\system32\drivers\spacer.gif C:\WINDOWS\system32\drivers\star_small.gif C:\WINDOWS\system32\drivers\style.css C:\WINDOWS\system32\f02WtR C:\WINDOWS\system32\f02WtR\f02WtR1065.exe C:\WINDOWS\system32\hjkmp.bak1 C:\WINDOWS\system32\hjkmp.ini C:\WINDOWS\system32\ldinfo.ldr C:\WINDOWS\system32\lnnmp.bak1 C:\WINDOWS\system32\lnnmp.ini C:\WINDOWS\system32\mnnmp.bak1 C:\WINDOWS\system32\mnnmp.ini C:\WINDOWS\system32\npjbjdts.dll C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pmnnm.dll C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\prutv.bak1 C:\WINDOWS\system32\prutv.ini C:\WINDOWS\system32\Q2 C:\WINDOWS\system32\qqtss.bak1 C:\WINDOWS\system32\qqtss.ini C:\WINDOWS\system32\rstwa.bak1 C:\WINDOWS\system32\rstwa.bak2 C:\WINDOWS\system32\rstwa.ini2 C:\WINDOWS\system32\rstwa.tmp C:\WINDOWS\system32\spoolvs.exe C:\WINDOWS\system32\stdjbjpn.ini C:\WINDOWS\system32\wvvwa.ini2 C:\WINDOWS\system32\wvvwa.tmp C:\WINDOWS\system32\xyadd.bak1 C:\WINDOWS\system32\xyadd.ini C:\WINDOWS\vxddsk.exe C:\WINDOWS\xadbrk_.exe C:\WINDOWS\xxxvideo.exe C:\WINDOWS\ystem3~1 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\LEGACY_IPRIP -------\LEGACY_NWSAPAGENT -------\LEGACY_SFSYNC02 -------\Iprip -------\sfsync02 ((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))) . 2007-11-12 02:44 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-11 14:25 <DIR> d-------- C:\WINDOWS\pss 2007-11-11 02:36 <DIR> d----c--- C:\Documents and Settings\anonymous\Application Data\Sunbelt Software 2007-11-11 02:35 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sunbelt Software 2007-11-11 02:01 <DIR> d----c--- C:\Program Files\Sunbelt Software 2007-11-11 01:41 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-11 01:26 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-11 01:25 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-09 23:16 85,056 --a--c--- C:\WINDOWS\system32\tyagksuy.dll 2007-11-09 23:08 450,021 ---hs---- C:\WINDOWS\system32\jlnmp.bak2 2007-11-09 23:08 71,232 --a--c--- C:\WINDOWS\system32\qnlhihha.exe 2007-11-09 19:17 9,728 -----c--- C:\Program Files\xloader10181.exe 2007-11-09 18:09 4 --a------ C:\WINDOWS\system32\stfv.bin 2007-11-09 17:39 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin 2007-11-09 17:35 <DIR> d-------- C:\WINDOWS\system32\rMa02yy 2007-11-09 17:35 36,352 --a------ C:\WINDOWS\system32\ljjgdbb.dll 2007-11-08 23:47 <DIR> d----c--- C:\Program Files\MySpace 2007-11-08 23:47 <DIR> d----c--- C:\Documents and Settings\anonymous\Application Data\MySpace 2007-11-05 22:45 85,568 --a--c--- C:\WINDOWS\system32\oygtkgwo.dll 2007-10-27 10:40 299,008 --a------ C:\WINDOWS\uninst.exe 2007-10-26 11:39 <DIR> d----c--- C:\Program Files\Setup NetZero 2007-10-15 08:32 32 --ahs---- C:\WINDOWS\system32\{E527B22E-6A70-4953-BF82-67859186D084}.dat 2007-10-15 08:32 32 --ahs---- C:\WINDOWS\{09683072-492A-4D5F-AF17-CA895A517513}.dat 2007-10-15 08:31 32 --ahs---- C:\WINDOWS\system32\{6F4D6C12-867C-42AD-9977-4EDE998CAA28}.dat 2007-10-15 08:31 32 --ahs---- C:\WINDOWS\{14D56299-1537-4F20-8F35-D19FD0C7015A}.dat 2007-10-15 08:30 <DIR> d----c--- C:\Program Files\Norton Internet Security 2007-10-15 08:30 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-15 08:30 73,432 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-15 08:29 14 --a------ C:\WINDOWS\system32\SR2.dat 2007-10-15 08:28 <DIR> d----c--- C:\Program Files\Norton AntiVirus 2007-10-15 08:01 118,520 --a------ C:\WINDOWS\system32\PxInsI64.exe 2007-10-15 08:01 115,960 --a------ C:\WINDOWS\system32\PxCpyI64.exe 2007-10-15 08:01 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-10-15 08:01 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-12 09:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-12 04:05 --------- dc----w C:\Program Files\SUPERAntiSpyware 2007-11-10 04:54 0 -c--a-w C:\Documents and Settings\anonymous\was0008.exe 2007-10-15 14:39 --------- d-----w C:\Program Files\Microsoft Works 2007-10-15 14:39 --------- d-----w C:\Program Files\Encarta Online 2007-10-15 14:32 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-15 14:32 --------- d-----w C:\Program Files\Symantec 2007-10-15 14:06 --------- dc----w C:\Documents and Settings\anonymous\Application Data\Sony Corporation 2007-10-15 14:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-15 13:59 --------- d-----w C:\Program Files\Sony 2007-09-28 05:23 --------- dc----w C:\Documents and Settings\anonymous\Application Data\Metacafe 2007-09-21 02:35 1,979,671 --sh--w C:\WINDOWS\system32\pstwa.ini2 2007-09-17 06:52 1,944,151 --sh--w C:\WINDOWS\system32\ihhkj.ini2 2007-09-17 05:50 --------- dc----w C:\Documents and Settings\anonymous\Application Data\SUPERAntiSpyware.com 2007-09-17 05:50 --------- dc----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-09-17 05:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-09-16 16:06 1,938,282 --sh--w C:\WINDOWS\system32\ihhkj.bak2 2007-09-15 14:21 1,946,020 --sh--w C:\WINDOWS\system32\ihhkj.bak1 2007-09-14 13:23 --------- d-----w C:\Program Files\Common Files\wifw 2007-09-12 14:09 --------- d-----w C:\Program Files\Common Files\Sony Shared 2007-08-27 17:26 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}] 2007-11-09 17:35 36352 --a------ C:\WINDOWS\system32\ljjgdbb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 03:00] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 11:29] "VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08] "USBDetector"="C:\USBStorage\USBDetector.exe" [2003-04-01 13:33] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 17:45] "sHotKey"="C:\Program Files\SONY\sHotKey\sHotKey.exe" [2003-08-22 10:22] "SetDefPrt"="C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-10 13:56] "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09] "PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [] "PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 10:33] "nwiz"="nwiz.exe" [2003-08-18 20:56 C:\WINDOWS\system32\nwiz.exe] "Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 17:41] "IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 11:07] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 09:46] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 11:55] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 10:38] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-04 01:56] "CTHelper"="CTHELPER.EXE" [2003-07-02 18:51 C:\WINDOWS\system32\cthelper.exe] "ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-03-03 12:04] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-03-03 12:04] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 14:01] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe] "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 11:43 C:\WINDOWS\AGRSMMSG.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "tscuninstall"=%systemroot%\system32\tscupgrd.exe C:\Documents and Settings\anonymous\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-15 07:59:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] @=0 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] "{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}"= C:\WINDOWS\system32\ljjgdbb.dll [2007-11-09 17:35 36352] [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjgdbb] ljjgdbb.dll 2007-11-09 17:35 36352 C:\WINDOWS\system32\ljjgdbb.dll R0 SonyLSM;LED State Service;C:\WINDOWS\system32\Drivers\SonyLSM.sys R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys S3 MemStPCI;Sony Memory Stick controller (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe -k p2psvc S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe -k p2psvc S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe -k p2psvc S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe -k p2psvc S3 SaiH0109;SaiH0109;C:\WINDOWS\system32\DRIVERS\SaiH0109.sys S3 SaiU0109;SaiU0109;C:\WINDOWS\system32\DRIVERS\SaiU0109.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc . Contents of the 'Scheduled Tasks' folder "2007-11-10 17:37:26 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" - C:\PROGRA~1\NORTON~1\NAVW32.exe "2007-11-10 17:37:27 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-12 02:58:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???|???\'????A~??A~|???????\???\???????????U?A~??A~\???\???????Hna??????C@?\???\??????s|???\??????s\???@'??A??s@'???C@?x???`|?w\?????@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-12 3:02:12 - machine was rebooted . --- E O F --- AVG LOG: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 10:16:48 AM 11/12/2007 + Scan result: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored. HKU\S-1-5-21-1568042589-2687638305-2322239853-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored. HKU\S-1-5-21-1568042589-2687638305-2322239853-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Ignored. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Ignored. HKU\S-1-5-21-1568042589-2687638305-2322239853-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Ignored. C:\System Volume Information\_restore{1227E41C-9B8D-4405-99CE-E3332DE7EA59}\RP2\A0000072.exe -> Downloader.VB.bgd : Ignored. C:\qoobox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir -> Downloader.VB.bgd : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@adengage[1].txt -> TrackingCookie.Adengage : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@ivwbox[1].txt -> TrackingCookie.Ivwbox : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@search.msn[1].txt -> TrackingCookie.Msn : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Ignored. C:\Documents and Settings\anonymous\Cookies\anonymous@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Ignored. C:\WINDOWS\system32\drivers\etc\hosts.20071111-015639.backup -> Trojan.Qhost.nl : Ignored. ::Report end
  8. I am frustrated up to -HERE- with this! I've tried using SUPERAntiSpyware, Spybot, and Counterspy, but the viruses still plague my cpu... most of the viruses were destroyed by the spyware programs but a few persist. Can you look through my hijackthis log and tell me the problems? Thank you very very very very much! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:37:40 PM, on 11/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\ehome\ehSched.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\System32\msdtc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\SONY\sHotKey\sHotKey.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\USBStorage\USBDetector.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\anonymous\Desktop\spyware tools\FixZotob.exe C:\Documents and Settings\anonymous\Desktop\spyware tools\BullGuard_80_x64.exe C:\Documents and Settings\anonymous\Desktop\spyware tools\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANONYMOUS\Application Data\Mozilla\Profiles\default\0b8b5w3s.slt\prefs.js) O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4CB8F4B4-5F66-4D9E-BC3B-184596A58824} - C:\WINDOWS\system32\ljjgdbb.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file) O2 - BHO: (no name) - {92F8A433-418C-1C0D-DA2F-4AE676860995} - C:\WINDOWS\system32\tbhtuk.dll O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file) O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file) O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file) O2 - BHO: {da7bdc96-ede8-75e9-2664-ceca4996799f} - {f9976994-acec-4662-9e57-8ede69cdb7ad} - C:\WINDOWS\system32\tmbxistv.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe" O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [uSBDetector] C:\USBStorage\USBDetector.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [hosycal] C:\Program Files\MSN\hosycal22011.exe O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinsldq.exe CHD001 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe" O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [wifw] C:\PROGRA~1\COMMON~1\wifw\wifwm.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [sjxqkbx] C:\WINDOWS\??mbols\m?config.exe O4 - HKUS\S-1-5-19\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user') O4 - Startup: 2WireSetup.lnk = D:\Program Files\2Wire\WebWorks.exe O4 - Startup: findfast.exe O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: autorun.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/313b41d46da531...ip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514296937 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188514221593 O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,0 O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ljjgdbb - C:\WINDOWS\SYSTEM32\ljjgdbb.dll O20 - Winlogon Notify: pmnmmlk - pmnmmlk.dll (file missing) O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- End of file - 14778 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.