First i really appreciate you taking your time out to help people and give them advice. I'm one of many that has been captured by the Antivirus Gold. I've ran spybot and ad-aware but nothing changes.
Here's my thread :
Logfile of HijackThis v1.99.1
Scan saved at 11:30:19 PM, on 6/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
c:\windows\system32\gxuxuib.exe
C:\WINDOWS\inetdata\services.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\WINDOWS\system32\gglib.exe
C:\WINDOWS\winsocks5.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\hookdump.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\3.exe
C:\Documents and Settings\Jennifer Muya\Local Settings\Temporary Internet Files\Content.IE5\MLQ72D8D\HijackThis[1].exe
C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\6.tmp\thnall1a.exe
C:\WINDOWS\Nail.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10039/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sony.com/vaiopeople
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jennifer Muya\Application Data\Mozilla\Profiles\default\7u9iu4cs.slt\prefs.js)
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - (no file)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gysxdqa] c:\windows\system32\gysxdqa.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [mT1q21l] C:\WINDOWS\embbaq.exe
O4 - HKLM\..\Run: [lst] C:\WINDOWS\lst.exe
O4 - HKLM\..\Run: [atulih] C:\WINDOWS\atulih.exe
O4 - HKLM\..\Run: [ahqhyl] C:\WINDOWS\ahqhyl.exe
O4 - HKLM\..\Run: [izgj] C:\WINDOWS\izgj.exe
O4 - HKLM\..\Run: [nezafgj] C:\WINDOWS\nezafgj.exe
O4 - HKLM\..\Run: [rmrcj] C:\WINDOWS\rmrcj.exe
O4 - HKLM\..\Run: [mtgpql] C:\WINDOWS\mtgpql.exe
O4 - HKLM\..\Run: [fif] C:\WINDOWS\fif.exe
O4 - HKLM\..\Run: [bcjul] C:\WINDOWS\bcjul.exe
O4 - HKLM\..\Run: [qlsbodeh] C:\WINDOWS\qlsbodeh.exe
O4 - HKLM\..\Run: [yrohankn] C:\WINDOWS\yrohankn.exe
O4 - HKLM\..\Run: [bbxsom] c:\windows\system32\vkouxgj.exe
O4 - HKLM\..\Run: [bebedkv] C:\WINDOWS\bebedkv.exe
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\winsocks5.exe
O4 - HKLM\..\Run: [zhvspp] c:\windows\system32\gxuxuib.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\CalibAdobe Gamma Loader.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {54BA6321-553C-41DF-BAA3-9E5DC2452F7C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {54BA6321-553C-41DF-BAA3-9E5DC2452F7C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8D344452-C968-4FBD-9D16-68FEA30C6933} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8D344452-C968-4FBD-9D16-68FEA30C6933} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CB320B73-2B31-4409-B9E6-6C103BCFF65D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CB320B73-2B31-4409-B9E6-6C103BCFF65D} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02974988-E5D4-32C0-B461-36CF7E12F540} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony...ct/VaioInfo.CAB
O16 - DPF: {06F12E16-5B63-04D7-01D4-302F52EF00B0} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {0722E8E9-78BE-3724-192F-664D3743F062} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {0C694ADA-2234-1787-DEEE-324E26A4D0CD} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {12D91D3B-880B-5035-CE90-6B7A08BECF94} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1373B17C-BE7C-3F5D-7299-49F812661904} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c7.cab
O16 - DPF: {19EA9C82-F488-18D1-9542-6BCE1E659361} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1A67C422-DEA8-4CFF-ACD7-29BA6F781B28} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {1AB9A5F7-ACC6-7A2B-AC6E-50BC2A789F4D} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1D6AF921-03AF-5C86-8F4C-1BD832426930} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1EF65F6D-D4D4-11EA-AFC4-311B12CEF76B} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {1FA8E848-C3D5-2FD4-B45A-2C5A16B74810} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {2674620D-6983-3B03-2B35-3B634437E859} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {29B23C77-0F5A-3EB6-4E10-37573843F925} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {2CFAB3AB-9163-654C-48CC-55CB444253F0} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {2DA678EF-E302-1C0B-B73D-6E303F870AC6} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {2F41D58A-BED6-0A9C-FCD3-425076B4E5F6} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {3144763D-14FE-40C0-D63E-78C12237B026} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {326FEF3B-06B5-63A2-09A3-61D62ECF0364} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {3986ADBF-C56E-3E5C-0A83-385F78772500} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {3C77189C-2CB2-113E-9A2E-6FC73822C9EA} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {3DC0C7BF-F6D2-3C3D-734E-1AD863F5ABBD} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {3E63B2C6-6A02-7BA7-CC2B-140A0AAA6FA1} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {420B01E2-7809-3168-0C6A-16755DCCDB4C} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {43083AA7-F44D-2548-A75F-38721C476366} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {455FDC66-1DC9-4420-FE77-6CD6668EC950} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {48A1F459-3EC0-0FEC-B06A-350F24CBCDEE} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {48C2F02F-FF5D-2B86-EE6D-350A62E7CCE6} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {499B0BC6-485A-2EAB-13B0-6F4D2B79BF4F} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {4A431F9B-3828-030F-0F2A-033A1E278A73} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {4A7A21BB-DFBE-5C48-F5CE-610550A0696C} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {4B923693-AAA3-799C-797C-5E296BF94C04} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {4FDAC5FC-A507-0D3A-7696-200055CAEA01} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {5418CB0D-DA43-5949-0485-072F5E2A0D71} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {54543515-952B-02F5-99F7-34AB76731259} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {58D8B3FE-A51B-6E25-DCF1-64F50042F694} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {5958B62A-1385-09B3-002D-266913171B09} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {627A3F86-7C5C-4340-6971-29F6703FA89B} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {664D0AD8-4362-4666-A171-0A425020F83D} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {6A19202D-48B2-449E-6123-24E43AD828DC} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {7089B444-D67B-3839-A145-7E0F1C5DAAEC} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {73BE50A4-7398-5724-E38E-31D977772409} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {7A5200FE-C92E-5F5F-EAAE-1A465D207CE8} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {7BF86C97-DAE6-61A0-5928-556C746C7737} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {7D4A7186-6EC4-2ED0-7B2E-7F1D5D0FFF51} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/d...ionale_ver4.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O20 - AppInit_DLLs: w8c6s4xcm66.dll
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
Thank You...