It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

Big problem with Lowzones Trojan!!

Posted 12/7/2005 1:26 PM
#24685
User avatar

darfar Member

Date Joined Nov 2016
Total Posts: 4
I just can't get rid of that Lowzones Trojan!! <br/> <br/>Below is my log file according to Hijackthis, could you recommend me something? <br/> <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 1:12:01 p.m., on 06/12/2005 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\WINDOWS\system32\LEXBCES.EXE <br/>C:\WINDOWS\system32\LEXPPS.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\PROGRA~1\WIRELE~1\GNETMOUS.EXE <br/>C:\WINDOWS\System32\ezSP_Px.exe <br/>C:\WINDOWS\System32\WScript.exe <br/>C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\PROGRA~1\NORTON~2\navapw32.exe <br/>C:\Program Files\MediaGateway\MediaGateway.exe <br/>C:\Program Files\iTunes\iTunesHelper.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\WINDOWS\AGRSMMSG.exe <br/>C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\TBONBin\tbon.exe <br/>C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Sony\Keyboard Closure Setup\KSWServ.exe <br/>C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KVG.exe <br/>C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe <br/>C:\Program Files\Sony\VAIO Action Setup\VAServ.exe <br/>C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe <br/>C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe <br/>C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe <br/>C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe <br/>C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\WINDOWS\system32\wscntfy.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>c:\progra~1\Support.com\client\bin\tgcmd.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Documents and Settings\Nissim Farchi\Local Settings\Temporary Internet Files\Content.IE5\EL38X0VY\HijackThis[1].exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople <br/>R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) <br/>O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing) <br/>O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll <br/>O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) <br/>O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) <br/>O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll <br/>O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install" <br/>O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\WIRELE~1\GNETMOUS.EXE <br/>O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe <br/>O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs <br/>O4 - HKLM\..\Run: [tradeManager] C:\PROGRA~1\Alibaba\TRADEM~1\TradeManager -hideframe <br/>O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe <br/>O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe <br/>O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe <br/>O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [PPDfCFFa] C:\WINDOWS\kguyeue.exe <br/>O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe <br/>O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe <br/>O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe <br/>O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r <br/>O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1023.dll,InstantAccess <br/>O4 - HKCU\..\Run: [holdem companion] C:\Program Files\Party Poker Companion\Hold'em Companion.exe /s <br/>O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe <br/>O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe <br/>O4 - Global Startup: Keyboard Closure Setup.lnk = ? <br/>O4 - Global Startup: KVG.exe <br/>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE <br/>O4 - Global Startup: VAIO Action Setup (Server).lnk = ? <br/>O8 - Extra context menu item: &Búsqueda en Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html <br/>O8 - Extra context menu item: &Traducir palabra inglesa - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html <br/>O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: Instantánea de caché de la página - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html <br/>O8 - Extra context menu item: Páginas similares - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html <br/>O8 - Extra context menu item: Páginas vinculadas - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll <br/>O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL <br/>O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL <br/>O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL <br/>O9 - Extra button: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll (file missing) <br/>O9 - Extra 'Tools' menuitem: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll (file missing) <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) <br/>O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople <br/>O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/games/clients/y/bt1_x.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab <br/>O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab <br/>O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE <br/>O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe <br/>O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe <br/>O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe <br/>O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing) <br/>O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing) <br/>O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe <br/>O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe <br/>O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing) <br/>O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe <br/> <br/> <br/> <br/> <br/>Regards <br/> <br/>Darfar
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 3, 2016, 6:46 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 3 new threads and 4 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.