Another Trojan that has affeceted Desktop

My computer has been affected with another type of trojan that has taken over the desktop. It displays a yellow screen, that changes its shade every 10 seconds. I have runned all the steps recommended, and have subsequently deleted all the spyware and trojans found. I cannot run any norton antivirus or any other spyware remover programs in normal mode, and can only do so in safe mode. Would appreciate any help~! m(_ _)m

ogfile of HijackThis v1.99.1
Scan saved at 11:51:10, on 2005/04/17
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DigiOn\DiXiM Media Server\dmsf.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nmftskss.exe
C:\WINDOWS\system32\NTMETER.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Smdata\ReadSctService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\SmartHobby\PlugIn\MovieWriter\PlugPlayDetect.exe
C:\Program Files\NEC\SmartVision\SVUPnPMn.exe
C:\Program Files\NEC\SmartVision\SvSche.exe
C:\Program Files\LiquidView\lviewj.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Progra~1\Necmfk\necmfk.exe
C:\Program Files\nectvrc\tvrc.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ja\msnappau.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\windows\epugdsl.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GohWee Meng\デスクトップ\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A3DFDA85-1D92-4E28-8C0C-522574ACDC8A} - C:\WINDOWS\System32\msacrohlp.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ja\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O2 - BHO: wmvdmpd - {C253BE8A-793C-B3A0-84BF-374B82464F48} - C:\WINDOWS\System32\wmvdmpd.dll (file missing)
O3 - Toolbar: BIGLOBEツールバー(&B) - {F998C683-89D8-47FA-8C55-3E2CA27D7581} - C:\Program Files\BIGLOBE\Toolbar\biglobe.dll
O3 - Toolbar: &Liquid Surf - {B9F633F6-EA44-45F4-91EB-FABFC65A0634} - C:\Program Files\LiquidSurf\sybil.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ja\msntb.dll
O3 - Toolbar: ラジオ(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SHRunOnce] C:\Program Files\SmartHobby\SHRunOnce.exe
O4 - HKLM\..\Run: [SVUPnPManager] C:\Program Files\NEC\SmartVision\SVUPnPMn.exe
O4 - HKLM\..\Run: [SmartVisionScheduler] C:\Program Files\NEC\SmartVision\SvSche.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LiquidView] C:\Program Files\LiquidView\lviewj.exe
O4 - HKLM\..\Run: [NMFTASK] NMFTASK.EXE /RESET
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NECMFK] C:\Progra~1\Necmfk\necmfk.exe
O4 - HKLM\..\Run: [NECTVRC] C:\Program Files\nectvrc\tvrc.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ャンネルの表示チ] C:\WINDOWS\System32\ャンネルの表
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ja\msnappau.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\GiPo@FileUtilities\mount.exe /z
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [pahlkug] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [gcivoie] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [lrcbkmi] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [sprwohc] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [qoukjlx] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [edbuuwy] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [nidgfwp] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [nuquiaw] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [xwkpfdg] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [pintqcs] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [lugkyyb] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [ypadgik] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [mtotfay] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [bohaulw] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [mskmvtg] c:\windows\epugdsl.exe
O4 - HKCU\..\Run: [fhhrqsu] c:\windows\rksoikh.exe
O4 - HKCU\..\Run: [idoecec] c:\windows\rksoikh.exe
O4 - HKCU\..\Run: [funsfvy] c:\windows\rksoikh.exe
O4 - HKCU\..\Run: [pnxigme] c:\windows\cgyqkqu.exe
O4 - HKCU\..\Run: [bxvwiag] c:\windows\cgyqkqu.exe
O4 - HKCU\..\Run: [pedopbb] c:\windows\cgyqkqu.exe
O4 - HKCU\..\Run: [tutmiry] c:\windows\cgyqkqu.exe
O4 - HKCU\..\Run: [wqhilqm] c:\windows\cgyqkqu.exe
O4 - HKCU\..\Run: [xlcousj] c:\windows\cgyqkqu.exe
O4 - HKCU\..\Run: [ljmniak] c:\windows\cgyqkqu.exe
O4 - HKCU\..\Run: [qecfyyw] c:\windows\cgyqkqu.exe
O4 - HKCU\..\Run: [atlfxqv] c:\windows\cgyqkqu.exe
O4 - HKCU\..\Run: [cjqaarr] c:\windows\cgyqkqu.exe
O4 - HKCU\..\Run: [jpdmhky] c:\windows\cgyqkqu.exe
O4 - HKCU\..\Run: [haqbvmg] c:\windows\piyayes.exe
O4 - HKCU\..\Run: [aalkhug] c:\windows\scrkpbj.exe
O4 - HKCU\..\Run: [mbqdshk] c:\windows\scrkpbj.exe
O4 - HKCU\..\Run: [jmqrryh] c:\windows\scrkpbj.exe
O4 - HKCU\..\Run: [pvxensa] c:\windows\scrkpbj.exe
O4 - HKCU\..\Run: [wsmmfou] c:\windows\scrkpbj.exe
O4 - HKCU\..\Run: [bbkaamx] c:\windows\scrkpbj.exe
O4 - HKCU\..\Run: [uelmdvh] c:\windows\scrkpbj.exe
O4 - HKCU\..\Run: [qupctos] c:\windows\scrkpbj.exe
O4 - HKCU\..\Run: [ggthhfe] c:\windows\scrkpbj.exe
O4 - HKCU\..\Run: [hxfxmnh] c:\windows\tmpvxwo.exe
O4 - HKCU\..\Run: [elgcmol] c:\windows\tmpvxwo.exe
O4 - HKCU\..\Run: [rofmjxn] c:\windows\tmpvxwo.exe
O4 - HKCU\..\Run: [mbcwkev] c:\windows\tmpvxwo.exe
O4 - HKCU\..\Run: [qpqqoyd] c:\windows\tmpvxwo.exe
O4 - HKCU\..\Run: [ncyjojh] c:\windows\tmpvxwo.exe
O4 - HKCU\..\Run: [jmxkwir] c:\windows\tmpvxwo.exe
O4 - HKCU\..\Run: [admapck] c:\windows\tmpvxwo.exe
O4 - HKCU\..\Run: [qssdrti] c:\windows\tmpvxwo.exe
O4 - HKCU\..\Run: [wdsokjc] c:\windows\tmpvxwo.exe
O4 - HKCU\..\Run: [tqwtlqp] c:\windows\tmpvxwo.exe
O4 - HKCU\..\Run: [dcwjxva] c:\windows\tmpvxwo.exe
O4 - HKCU\..\Run: [lnadfgk] c:\windows\tmpvxwo.exe
O4 - HKCU\..\Run: [kqcmiyu] c:\windows\tmpvxwo.exe
O4 - HKCU\..\Run: [ayesyxf] c:\windows\kfyrqbj.exe
O4 - HKCU\..\Run: [htylynj] c:\windows\kfyrqbj.exe
O8 - Extra context menu item: BIGLOBE：ニュース検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_news.htm
O8 - Extra context menu item: BIGLOBE：ページ検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_web.htm
O8 - Extra context menu item: BIGLOBE：画像検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_pict.htm
O8 - Extra context menu item: BIGLOBE：辞書検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_dic.htm
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {268391D7-37F3-45AD-BC43-9F32D3673FC1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {268391D7-37F3-45AD-BC43-9F32D3673FC1} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.biglobe.ne.jp/
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2922D0EB-9775-4550-8AC1-872FEBC79D5C} (NgcPreInstall Class) - file://C:\Program Files\NgcPreInstall\html\dll\NgcPInstall.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {6AC7B2E6-C7E8-4AB2-3D9F-36FD0F2973DC} - http://69.50.182.94/1/gdnJP1882.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ｳｲﾙｽﾊﾞｽﾀｰ On-Line Scan) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,21/mcgdmgr.cab
O16 - DPF: {ED757487-992A-4DFF-908F-793DF708D49B} (QDiagNAUUpdateObj Class) - http://121ware.com/s...ml/qdiagnau.cab
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O23 - Service: Trace network connections (ACCRA) - Unknown owner - C:\WINDOWS\System32\mocih.exe (file missing)
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: DiXiM Media Server - Unknown owner - C:\Program Files\DigiOn\DiXiM Media Server\dmsf.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe (file missing)
O23 - Service: Register Task Helper (Nmftskss) - NEC Corporation - C:\WINDOWS\system32\nmftskss.exe
O23 - Service: NT Meter - Unknown owner - C:\WINDOWS\system32\NTMETER.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: BroadPass Manager (Poling_Service) - 日本電気株式会社 - c:\Program Files\BIGLOBE\BroadPass\base\base.exe
O23 - Service: ReadSector (ReadSctService) - Unknown owner - C:\Smdata\ReadSctService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

Thank you for your attention

#1
gwmjapan

Posted 16 April 2005 - 09:08 PM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us