Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just Got The Computerback From The Shop...


  • Please log in to reply
4 replies to this topic

#1 ky0nkyon

ky0nkyon

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 01 November 2007 - 02:06 AM

Hi, I just got the computer back from the shop when it died. It is a laptop. When I got it back, there are rundll errors when I attempt to open things such as display, language bar or add/remove prog. Also, popups show up everytime I open ie, the same ones usually, such as hopelessromantic.com/pop something. I don't know if it is a virus, but almost all of the advertisements on websites says that I am infected and need to scan. The computer is slower than life; it took 30 minutes to get to this site. :thumbsup: I did the spybot and all that, but even if I repair, nothing is fixed, so I did this hijack, and here is the log. Thanks in advance for all your help, and please find a way to fix this mess!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:50, on 2007/11/01
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DigiOn\DiXiM Media Server\dmsf.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NTMETER.EXE
C:\Smdata\ReadSctService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\NTTE\Flets\app\TangoService.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~3.tmp.exe
C:\WINDOWS\System32\conime.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~10.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~35.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~43.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~44.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~42.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~45.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~46.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~C8.tmp.exe
C:\WINDOWS\System32\folkqhbddez.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~BA.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~124.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~125.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~134.tmp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~137.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~138.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~13D.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~13F.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~141.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~143.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~145.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~149.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~14B.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~14D.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~14F.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~151.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~153.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~155.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~157.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~159.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~15B.tmp.exe
C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~15D.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~15F.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~161.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~164.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~166.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~16A.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~16C.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~170.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~172.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~174.tmp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~176.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~178.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~17A.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~17C.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~17E.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~180.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~182.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~184.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~186.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~188.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~18A.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~18C.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~18E.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~190.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~192.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~194.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~196.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~198.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~19A.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~19C.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~19E.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1A0.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1A3.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1A6.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1A8.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1AA.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1AD.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1AF.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1B1.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1B3.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1B5.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1B7.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1B9.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1BA.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1BD.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1BF.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1C1.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1C3.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1C4.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1C9.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1CA.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1CE.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1D0.tmp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1D3.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1D5.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1D8.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1DB.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1DD.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1DF.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1E1.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1E3.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1E7.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1E9.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1ED.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1EF.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1F5.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1F7.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1F9.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1FB.tmp.exe
C:\Documents and Settings\PC-USER\Local Settings\Temporary Internet Files\Content.IE5\MRXROZTP\HiJackThis[1].exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\System32\bsiejqmq.dll
O2 - BHO: (no name) - {8CEFE835-8EBF-420F-AFA2-807008E32917} - C:\WINDOWS\System32\byxyxyv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} - C:\WINDOWS\System32\awtqnkh.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E18DE83E-E1A6-44B4-A3CC-E52A4860DA6C} - C:\WINDOWS\System32\cbxut.dll
O3 - Toolbar: ラジオ(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BIGLOBEツールバー(&:blink: - {F998C683-89D8-47FA-8C55-3E2CA27D7581} - C:\Program Files\BIGLOBE\Toolbar\biglobe.dll
O3 - Toolbar: &Liquid Surf - {B9F633F6-EA44-45F4-91EB-FABFC65A0634} - C:\Program Files\LiquidSurf\sybil.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LiquidView] C:\Program Files\LiquidView\lviewj.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [System Startup] C:\WINDOWS\System32\inetsrv\sys.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [xwbTrvgm^kgwnZonjgP] C:\WINDOWS\System32\folkqhbddez.exe
O4 - HKLM\..\Run: [PHINWXL]MM[K\P] C:\WINDOWS\System32\phycvcprwez.exe
O4 - HKLM\..\RunServices: [System Startup] C:\WINDOWS\System32\inetsrv\sys.exe
O4 - HKLM\..\RunServices: [xwbTrvgm^kgwnZonjgP] C:\WINDOWS\System32\folkqhbddez.exe
O4 - HKLM\..\RunServices: [PHINWXL]MM[K\P] C:\WINDOWS\System32\phycvcprwez.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\Run: [SearchM] C:\Program Files\SmartHobby\PlugIn\CopyFromDigitalCamera\SearchM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [121Poplink] "C:\Program Files\GTAgent\AUAgent.exe" /startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [System Startup] C:\WINDOWS\System32\inetsrv\sys.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: BIGLOBE:ニュース検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_news.htm
O8 - Extra context menu item: BIGLOBE:ページ検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_web.htm
O8 - Extra context menu item: BIGLOBE:画像検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_pict.htm
O8 - Extra context menu item: BIGLOBE:辞書検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_dic.htm
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 新しいバックグラウンドのタブで開く - res://C:\Program Files\Windows Live Toolbar\Components\ja-jp\msntabres.dll.mui/229?deace9915e2745b0b32a5b68a2d68434
O8 - Extra context menu item: 新規作成した最前面のタブ内で開く - res://C:\Program Files\Windows Live Toolbar\Components\ja-jp\msntabres.dll.mui/230?deace9915e2745b0b32a5b68a2d68434
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.biglobe.ne.jp/
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1A9F35A-355E-4A13-846E-105DA0413FE4}: NameServer = 61.207.11.153 221.113.139.137
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O20 - Winlogon Notify: awtqnkh - awtqnkh.dll (file missing)
O20 - Winlogon Notify: byxutqr - C:\WINDOWS\SYSTEM32\byxutqr.dll
O20 - Winlogon Notify: byxyxyv - C:\WINDOWS\SYSTEM32\byxyxyv.dll
O20 - Winlogon Notify: ddcaaax - C:\WINDOWS\SYSTEM32\ddcaaax.dll
O20 - Winlogon Notify: ddccaaw - C:\WINDOWS\SYSTEM32\ddccaaw.dll
O20 - Winlogon Notify: fccbabx - C:\WINDOWS\SYSTEM32\fccbabx.dll
O20 - Winlogon Notify: rqrrrol - C:\WINDOWS\SYSTEM32\rqrrrol.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe
O23 - Service: DiXiM Media Server - Unknown owner - C:\Program Files\DigiOn\DiXiM Media Server\dmsf.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NT Meter - Unknown owner - C:\WINDOWS\system32\NTMETER.EXE
O23 - Service: BroadPass Manager (Poling_Service) - 日本電気株式会社 - c:\Program Files\BIGLOBE\BroadPass\base\base.exe
O23 - Service: ReadSector (ReadSctService) - Unknown owner - C:\Smdata\ReadSctService.exe
O23 - Service: Remote Plugins Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Certificate Verification Service (wcvs) - Unknown owner - C:\WINDOWS\wcvs.exe (file missing)

--
End of file - 14559 bytes

BC AdBot (Login to Remove)

 


#2 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:12:52 PM

Posted 01 November 2007 - 02:20 AM

Hi ky0nkyon

I will be helping you with your problems.

Before we go any further you are running Hijackthis from your desktop. This is not advised as any backups that Hijackthis makes will not be safe.

So delete any existing copies of Hijackthis you have and go here and download a fresh copy to your desktop. Double click HJTinstall.exe and then click on install. This will automatically give you a shortcut on your desktop for future use.

With HJT running choose "Do a system scan and save a logfile" and post the resultant log in a reply to this thread.

Regards

Demon Cleaner

Edited by Demon Cleaner, 01 November 2007 - 02:21 AM.


#3 ky0nkyon

ky0nkyon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 01 November 2007 - 02:41 AM

Thank you so much demon cleaner. They really are demons indeed. I just installed it, and here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:07, on 2007/11/01
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DigiOn\DiXiM Media Server\dmsf.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NTMETER.EXE
C:\Smdata\ReadSctService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\NTTE\Flets\app\TangoService.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~3.tmp.exe
C:\WINDOWS\System32\conime.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~10.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~35.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~43.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~44.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~42.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~45.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~46.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~C8.tmp.exe
C:\WINDOWS\System32\folkqhbddez.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~BA.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~124.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~125.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~134.tmp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~137.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~138.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~13D.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~13F.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~141.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~143.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~145.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~149.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~14B.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~14D.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~14F.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~151.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~153.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~155.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~157.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~159.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~15B.tmp.exe
C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~15D.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~15F.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~161.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~164.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~166.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~16A.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~16C.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~170.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~172.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~174.tmp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~176.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~178.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~17A.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~17C.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~17E.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~180.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~182.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~184.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~186.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~188.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~18A.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~18C.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~18E.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~190.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~192.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~194.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~196.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~198.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~19A.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~19C.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~19E.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1A0.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1A3.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1A6.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1A8.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1AA.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1AD.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1AF.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1B1.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1B3.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1B5.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1B7.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1B9.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1BA.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1BD.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1BF.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1C1.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1C3.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1C4.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1C9.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1CA.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1CE.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1D0.tmp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1D3.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1D5.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1D8.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1DB.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1DD.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1DF.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1E1.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1E3.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1E7.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1E9.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1ED.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1EF.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1F5.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1F7.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1F9.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1FB.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1FD.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~1FF.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~201.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~203.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~205.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~207.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~209.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~20B.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~20D.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~20F.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~211.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~213.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~215.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~217.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~219.tmp.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~21D.tmp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\DOCUME~1\PC-USER\LOCALS~1\Temp\~21F.tmp.exe

O3 - Toolbar: ラジオ(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BIGLOBEツールバー(&:thumbsup: - {F998C683-89D8-47FA-8C55-3E2CA27D7581} - C:\Program Files\BIGLOBE\Toolbar\biglobe.dll
O3 - Toolbar: &Liquid Surf - {B9F633F6-EA44-45F4-91EB-FABFC65A0634} - C:\Program Files\LiquidSurf\sybil.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LiquidView] C:\Program Files\LiquidView\lviewj.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [System Startup] C:\WINDOWS\System32\inetsrv\sys.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [xwbTrvgm^kgwnZonjgP] C:\WINDOWS\System32\folkqhbddez.exe
O4 - HKLM\..\Run: [PHINWXL]MM[K\P] C:\WINDOWS\System32\phycvcprwez.exe
O4 - HKLM\..\RunServices: [System Startup] C:\WINDOWS\System32\inetsrv\sys.exe
O4 - HKLM\..\RunServices: [xwbTrvgm^kgwnZonjgP] C:\WINDOWS\System32\folkqhbddez.exe
O4 - HKLM\..\RunServices: [PHINWXL]MM[K\P] C:\WINDOWS\System32\phycvcprwez.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\Run: [SearchM] C:\Program Files\SmartHobby\PlugIn\CopyFromDigitalCamera\SearchM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [121Poplink] "C:\Program Files\GTAgent\AUAgent.exe" /startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [System Startup] C:\WINDOWS\System32\inetsrv\sys.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: BIGLOBE:ニュース検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_news.htm
O8 - Extra context menu item: BIGLOBE:ページ検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_web.htm
O8 - Extra context menu item: BIGLOBE:画像検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_pict.htm
O8 - Extra context menu item: BIGLOBE:辞書検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_dic.htm
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 新しいバックグラウンドのタブで開く - res://C:\Program Files\Windows Live Toolbar\Components\ja-jp\msntabres.dll.mui/229?deace9915e2745b0b32a5b68a2d68434
O8 - Extra context menu item: 新規作成した最前面のタブ内で開く - res://C:\Program Files\Windows Live Toolbar\Components\ja-jp\msntabres.dll.mui/230?deace9915e2745b0b32a5b68a2d68434
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.biglobe.ne.jp/
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1A9F35A-355E-4A13-846E-105DA0413FE4}: NameServer = 61.207.11.153 221.113.139.137
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe
O23 - Service: DiXiM Media Server - Unknown owner - C:\Program Files\DigiOn\DiXiM Media Server\dmsf.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NT Meter - Unknown owner - C:\WINDOWS\system32\NTMETER.EXE
O23 - Service: BroadPass Manager (Poling_Service) - 日本電気株式会社 - c:\Program Files\BIGLOBE\BroadPass\base\base.exe
O23 - Service: ReadSector (ReadSctService) - Unknown owner - C:\Smdata\ReadSctService.exe
O23 - Service: Remote Plugins Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Certificate Verification Service (wcvs) - Unknown owner - C:\WINDOWS\wcvs.exe (file missing)

--
End of file - 13841 bytes

#4 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:12:52 PM

Posted 01 November 2007 - 02:47 AM

Hi ky0nkyon

Give me some time to look over your log and i will get back to you asap.

Regards

DC

#5 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:12:52 PM

Posted 01 November 2007 - 03:33 PM

Hello Ky0nkyon

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojans have been identified and can be killed, because of their backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the Operating System.

Visit the following sites for more information on internet theft and when to reformat!

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

If you have any questions before to you come to a final decision, please feel free to ask.

If you do decide to be cleaned please post another Hijackthis log in your reply.

Let me know your decision, until then don't do anything other than instructed above!

DC




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users