[ringwind]

as seen from above, any expert out there who knows how to solve this problems, kindly help me pls ...thanks above problem is found as a dialer.trojanAnyone could direct me from the result i had scan ? Logfile of HijackThis v1.99.1Scan saved at 11:45:24 AM, on 21/09/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:WINDOWSSystem320THotkey.exeC:WINDOWSsystem32TFNF5.exeC:Program FilesSynapticsSynTPSynTPLpr.exeC:Program FilesSynapticsSynTPSynTPEnh.exeC:Program FilesTOSHIBATouchEDTouchED.ExeC:WINDOWSsystem32TPSMain.exeC:Program FilesTOSHIBATOSHIBA ControlsTFncKy.exeC:WINDOWSSystem32ezSPPx.exeC:Program FilesSigmaTelSigmaTel AC97 Audio Driversstacmon.exeC:WINDOWSLTSMMSG.exeC:Program FilesJavajre1.5.006binjusched.exeC:PROGRA~1SYMANT~1SYMANT~1vptray.exeC:Program FilesCommon FilesRealUpdateOBrealsched.exeC:WINDOWSsystem32TPSBattM.exeC:Program FilesZone LabsZoneAlarmzlclient.exeC:WINDOWSsystem32spooldriversw32x863hpztsb07.exeC:Program FilesTOSHIBATOSCDSPDtoscdspd.exeC:WINDOWSsystem32ctfmon.exeC:WINDOWSsystem32RAMASST.exeC:Program FilesTOSHIBAConfigFreeCFSvcs.exeC:PROGRA~1SYMANT~1SYMANT~1DefWatch.exeC:WINDOWSSystem32DVDRAMSV.exeC:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exeC:PROGRA~1SYMANT~1SYMANT~1Rtvscan.exeC:WINDOWSSystem32nvsvc32.exeC:WINDOWSsystem32ZoneLabsvsmon.exeC:Program FilesMozilla Firefoxfirefox.exeC:Program FilesMSN Messengermsnmsgr.exeC:WINDOWSsystem32svchost.exeC:Documents and SettingsAdministratorDesktophijackthisHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.006binssv.dllO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installquietO4 - HKLM..Run: [00THotkey] C:WINDOWSSystem320THotkey.exeO4 - HKLM..Run: [000StTHK] 000StTHK.exeO4 - HKLM..Run: [TFNF5] TFNF5.exeO4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exeO4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exeO4 - HKLM..Run: [TouchED] C:Program FilesTOSHIBATouchEDTouchED.ExeO4 - HKLM..Run: [TPSMain] TPSMain.exeO4 - HKLM..Run: [TFncKy] TFncKy.exeO4 - HKLM..Run: [ezShieldProtector for Px] C:WINDOWSSystem32ezSPPx.exeO4 - HKLM..Run: [SigmaTel StacMon] C:Program FilesSigmaTelSigmaTel AC97 Audio Driversstacmon.exeO4 - HKLM..Run: [LTSMMSG] LTSMMSG.exeO4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.006binjusched.exeO4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~1vptray.exeO4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdateOBrealsched.exe" -osbootO4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp81IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM..Run: [IMEKRMIG6.1] C:WINDOWSimeimkr61IMEKRMIG.EXEO4 - HKLM..Run: [MSPY2002] C:WINDOWSSystem32IMEPINTLGNTImScInst.exe /SYNCO4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSSystem32IMETINTLGNTTINTSETP.EXE /SYNCO4 - HKLM..Run: [PHIME2002A] C:WINDOWSSystem32IMETINTLGNTTINTSETP.EXE /IMENameO4 - HKLM..Run: [Zone Labs Client] C:Program FilesZone LabsZoneAlarmzlclient.exeO4 - HKLM..Run: [QuickTime Task] "C:Program FilesK-Lite Codec PackQuickTimeqttask.exe" -atboottimeO4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb07.exeO4 - HKCU..Run: [TOSCDSPD] C:Program FilesTOSHIBATOSCDSPDtoscdspd.exeO4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exeO4 - Global Startup: RAMASST.lnk = C:WINDOWSsystem32RAMASST.exeO6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel presentO8 - Extra context menu item: &Clean Traces - C:Program FilesDAPPrivacy Packagedapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:Program FilesDAPdapextie.htmO8 - Extra context menu item: Download &all with DAP - C:Program FilesDAPdapextie2.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.006binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.006binssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dllO16 - DPF: {2A7EFEAA-8059-4C69-8FE2-4BA999C3B102} (TrickCtrl Class) - https://ssl2.gcrest....Launcher.cabO16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....esPlugin.cabO16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.trickster...rActiveX.cabO16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.trickster...omponent.cabO17 - HKLMSystemCCSServicesTcpipParameters: Domain = npstd.npnet.np.edu.sgO17 - HKLMSoftware..Telephony: DomainName = npstd.npnet.np.edu.sgO17 - HKLMSystemCS1ServicesTcpipParameters: Domain = npstd.npnet.np.edu.sgO17 - HKLMSystemCS2ServicesTcpipParameters: Domain = npstd.npnet.np.edu.sgO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLLO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLLO20 - Winlogon Notify: NavLogon - C:WINDOWSSystem32NavLogon.dllO20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dllO20 - Winlogon Notify: winkzs32 - C:WINDOWSSYSTEM32winkzs32.dllO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:Program FilesTOSHIBAConfigFreeCFSvcs.exeO23 - Service: DefWatch - Symantec Corporation - C:PROGRA~1SYMANT~1SYMANT~1DefWatch.exeO23 - Service: DVD-RAMService - Matsushita Electric Industrial Co., Ltd. - C:WINDOWSSystem32DVDRAMSV.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:Program FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exeO23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:PROGRA~1SYMANT~1SYMANT~1Rtvscan.exeO23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:WINDOWSsystem32npkcsvc.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe

[SpiritWind]

{size:18px}[/size]:D Hi : Other than Spybot, you do not appear to have any other antiSPYWARE and/or antiTROJAN program on your computer. For your Dialer problem, I recommend you install the good & FREE "Ewido" from www.ewido.net/en; this program comes with a full-featured "trial" & after the "trial" ends, it reverts to the "Free" version. In addition, you may want to install the "FREE" ver of SUPERantispyware from www.superantispyware.com !? I did notice from your log that your Sun Java is 2 Updates behind, and this is a serious security risk; should uninstall it, then go to : www.majorgeeks.com/download4648.html to get the latest . If neither of the 2 programs above do NOT solve your problem(s), I recommend you seek help from the volunteer Experts on the Spybot forums at : http://forums.spybot.info .

[ringwind]

thanks ...but the problem still persist .... i think i could not find the parent trojan ...becuase it was creating new file with a name srvXXXX.exe in my temp content.ie5 folder ...from there...many win.tmp file was create along i tried deleting both the win.tmp file and the srvXXX.exe... the problem still persist...after awhile the trojan still generate another file with "srv" at the front and blah blah.exei tried deleting everything in safe mode..did norton anti-virus scan, spybot scan, ewido anti-spyware scan....they did detect trojan..and i quarantine them...but every now and then...trojan notice window keep popping out from my anti-virus programAnyone who can really help me solve this annoying problem...i really appreciate much =(

[ringwind]

sry...and i found another problem ....a trojan.nebular is infected to the winkzs32.dll ....which is my winlogon utility....i used my lavasoft adware to scan thru the memory area of my system ....the winlogon error came out....and it show fatal error that my system cannot response...thn it shutdown down itself with the blue screen appear after that....this is becoming worse ? any chance to help me pls ?

[SpiritWind]

{size:18px}[/size]:D Hi ( again ) : On another forum, someone reported "trojan.nebular" and they followed my recommendation to use the TRIAL version of "Counterspy" . There are NO HijackThis program Expert(s) on this forum ; is there some reason you do NOT wish to ask the volunteer Experts on the Spybot forums that I recommended previously !?