Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJackthis log ... spyware/malware problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HiJackthis log ... spyware/malware problems

Unread postby karatekid7412589 » May 15th, 2009, 6:45 pm

pop-up problems .. prob a little bit of registry errors ... and when i search anything on google or any search engine .. when i click on the title of the topic/site that i want to visit .. it takes me to an add instead of what i searched for .. so it will keep opening a new tab everytime i click on a search result .. i guess its spyware im not sure

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:21 PM, on 5/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\windows\ld08.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\windows\pp07.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\SYS32DLL.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: 218538 helper - {5E5EFA8F-9F53-418E-B78E-44866667A404} - C:\WINDOWS\system32\218538\218538.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {bf58d851-a4f3-4a66-84db-838abb840439} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\WINDOWS\system32\796525\796525.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" A4 Tech USB PC Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld08.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp07.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] ?
O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O20 - Winlogon Notify: byxuvsq - byxuvsq.dll (file missing)
O20 - Winlogon Notify: eltxptvm - eltxptvm.dll (file missing)
O20 - Winlogon Notify: kkxexnth - kkxexnth.dll (file missing)
O20 - Winlogon Notify: mlJYqNGW - mlJYqNGW.dll (file missing)
O20 - Winlogon Notify: wvuutss - wvuutss.dll (file missing)
O20 - Winlogon Notify: __c00e27a1 - C:\WINDOWS\
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: (no name) - http://a671.ac-images.myspacecdn.com/00 ... 1670_l.jpg
O24 - Desktop Component 1: (no name) - http://img.youtube.com/vi/0x284Bvfbgw/default.jpg

--
End of file - 8511 bytes
Last edited by NonSuch on May 15th, 2009, 11:55 pm, edited 2 times in total.
Reason: Edited to change font size. Please do not use a small size font again.
karatekid7412589
Active Member
 
Posts: 13
Joined: May 15th, 2009, 6:37 pm
Advertisement
Register to Remove

Re: HiJackthis log ... spyware/malware problems

Unread postby Bv202 » May 17th, 2009, 1:40 pm

Welcome to Malware Removal!
My name is Bjorn, known as Bv202 on this forum and I'll be happy to assist you with all your malware problems you have on your computer.

Before we start fixing your computer, there are a few points you need to know:
  • Please don't start a new topic, but reply on this one.
  • If you don't understand something, please ask!
  • If you find any new problems and/or details, please post them!
  • Please always try to reply within 5 days. If you know you won't be able to reply for any reason, please tell me so we don't close your thread.
  • As I'm still in training here at Malware Removal, all my posts needs to be checked by an expert first.

Remember: absence of symptoms does not mean your computer is clean!!
Please reply to this topic until I say your computer is clean.

I'm now researching your log. Once it's done, I'll be back to you.

In the meantime, please do this:
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: HiJackthis log ... spyware/malware problems

Unread postby karatekid7412589 » May 17th, 2009, 8:56 pm

most of the programs on my comp .. like all the dell things .. i dont use ... so if one of them is infected or something .. u can delete it .....here it is

A4 Tech USB PC Camera
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Advanced WindowsCare Personal
AIM 6
AML Free Registry Cleaner 4.14
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
Best Buy Digital Music Store
CinepPlayer 30 Update
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support 3.1
Digital Content Portal
Digital Line Detect
DivX Web Player
Documentation & Support Launcher
DVD-CLONER V4.02 Build 907
EducateU
ELIcon
Free YouTube to iPod Converter version 3.1
Games, Music, & Photos Launcher
Get High Speed Internet!
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Product Assistant
HP Update
ImageMixer VCD/DVD2 for OLYMPUS
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes' RogueRemover
McAfee SecurityCenter
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Musicmatch for Windows Media Player
NetWaiting
OLYMPUS Master
PunkBuster Services
QuickTime
RABCO
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sonic Activation Module
Sonic Update Manager
Uninstall 1.0.0.1
Unity Web Player
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
Viewpoint Toolbar
WebCyberCoach 3.2 Dell
WildTangent Web Driver
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 12
karatekid7412589
Active Member
 
Posts: 13
Joined: May 15th, 2009, 6:37 pm

Re: HiJackthis log ... spyware/malware problems

Unread postby Bv202 » May 18th, 2009, 11:18 am

Hi karatekid7412589

Download and run Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.
You need to disable: Mcafee

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: HiJackthis log ... spyware/malware problems

Unread postby karatekid7412589 » May 18th, 2009, 6:25 pm

combo log

ComboFix 09-05-18.02 - chris zurlo 05/18/2009 18:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.649 [GMT -4:00]
Running from: c:\documents and settings\chris zurlo\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\All Users\Application Data\Microsoft\Protect\track.sys
c:\program files\RABCO
c:\program files\RABCO\RABCO.dll.intermediate.manifest
c:\program files\RABCO\RABCOse.info
c:\program files\RABCO\RABCOse.original
c:\program files\RABCO\Setup.log
c:\program files\RABCO\un_RABCOSetup_16230.exe
c:\program files\RABCO\un_RABCOSetup_16230.txt
c:\program files\RABCO\X_RABCOse.log
c:\recycler\S-1-5-18\Dc16.gif
c:\recycler\S-1-5-18\Dc17.gif
c:\recycler\S-1-5-18\Dc18.dll
c:\recycler\S-1-5-18\Dc19.gif
c:\recycler\S-1-5-18\Dc20.html
c:\recycler\S-1-5-18\Dc21.gif
c:\recycler\S-1-5-18\Dc24.gif
c:\recycler\S-1-5-18\Dc25.gif
c:\recycler\S-1-5-18\Dc26.dll
c:\recycler\S-1-5-18\Dc27.gif
c:\recycler\S-1-5-18\Dc28.html
c:\recycler\S-1-5-18\Dc29.gif
c:\recycler\S-1-5-18\Dc3.gif
c:\recycler\S-1-5-18\Dc32.gif
c:\recycler\S-1-5-18\Dc33.gif
c:\recycler\S-1-5-18\Dc34.dll
c:\recycler\S-1-5-18\Dc4.html
c:\recycler\S-1-5-18\Dc5.gif
c:\recycler\S-1-5-18\Dc8.gif
c:\recycler\S-1-5-18\Dc9.gif
c:\recycler\S-1-5-18\INFO2
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\sanR24
c:\temp\sanR24\lDii.log
c:\windows\BM8bf7585f.txt
c:\windows\cookies.ini
c:\windows\Fonts\'
c:\windows\Fonts\-
c:\windows\ifacunojagiqetet.dll
c:\windows\pskt.ini
c:\windows\st_1241818221.exe
c:\windows\st_1241822503.exe
c:\windows\st_1241836649.exe
c:\windows\st_1241840934.exe
c:\windows\st_1242343751.exe
c:\windows\st_1242345549.exe
c:\windows\st_1242377640.exe
c:\windows\st_1242381996.exe
c:\windows\st_1242454376.exe
c:\windows\st_1242455994.exe
c:\windows\system32\ak
c:\windows\system32\axeyhcgs.ini
c:\windows\system32\axeyhcgs.ini2
c:\windows\system32\bhdmqudp.ini
c:\windows\system32\btpdqxyr.ini
c:\windows\system32\cfrmuvcg.ini
c:\windows\system32\Degiknmp.ini
c:\windows\system32\Degiknmp.ini2
c:\windows\system32\fsoufqhx.ini
c:\windows\system32\hevesopa.dll
c:\windows\system32\hlrqnxwi.ini2
c:\windows\system32\jtpffrqy.ini
c:\windows\system32\juposeno.dll
c:\windows\system32\jwnmnjmb.ini
c:\windows\system32\kakijigu.dll
c:\windows\system32\kkxexnth.dllbox
c:\windows\system32\kutqyojk.ini
c:\windows\system32\lowsec
c:\windows\system32\mulqlscm.ini
c:\windows\system32\nrqkbqck.ini
c:\windows\system32\osbxbrsk.ini
c:\windows\system32\pac.txt
c:\windows\system32\psdbrone.ini
c:\windows\system32\qwlnumbk.ini
c:\windows\system32\rbfvtrvx.ini
c:\windows\system32\sadeyoli.dll
c:\windows\system32\sqbfvtlt.ini
c:\windows\system32\sufetida.dll
c:\windows\system32\SuvxaGgh.ini
c:\windows\system32\SuvxaGgh.ini2
c:\windows\system32\ttstv.ini
c:\windows\system32\ttstv.ini2
c:\windows\system32\tuviloko.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACnqhdxpptxjtybxu.dll
c:\windows\system32\UACobxtfyxokhxnsti.dll
c:\windows\system32\UACrngvxbkreetnkwp.dat
c:\windows\system32\UACwqbwexvicfsrmbp.log
c:\windows\system32\uEgfhRqr.ini
c:\windows\system32\uEgfhRqr.ini2
c:\windows\system32\vyGilUtv.ini
c:\windows\system32\vyGilUtv.ini2
c:\windows\system32\wbem\grpconv.exe
c:\windows\system32\WGNoqtwa.ini
c:\windows\system32\WGNoqtwa.ini2
c:\windows\system32\wgskqsis.ini
c:\windows\system32\wkludxhx.ini
c:\windows\system32\wkpnmrqk.ini
c:\windows\system32\wserdgwr.ini
c:\windows\system32\wxkwnlfd.ini
c:\windows\system32\ycqsuofm.ini
c:\windows\system32\yntgdtaw.ini
c:\windows\t55ft2692f44.dat
c:\windows\t55ft3189f44.dat
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_TDSSSERV.SYS
-------\Service_Boonty Games
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-18 21:56 . 2009-05-18 22:00 -------- d-----w C:\32788R22FWJFW
2009-05-13 20:59 . 2009-05-16 12:22 0 ----a-w c:\windows\system32\drivers\UACvkbmnyllrmawrur.sys
2009-05-12 19:01 . 2009-05-16 13:12 -------- d-----w c:\windows\system32\218538
2009-05-10 11:24 . 2009-05-13 00:57 -------- d-----w c:\windows\system32\199638
2009-05-08 22:19 . 2006-03-03 12:07 143360 ----a-w c:\windows\system32\dunzip32.dll
2009-05-08 22:15 . 2007-11-22 10:44 33832 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-05-08 22:15 . 2007-12-02 16:51 40488 -c--a-w c:\windows\system32\drivers\mfesmfk.sys
2009-05-08 22:15 . 2007-11-22 10:44 35240 -c--a-w c:\windows\system32\drivers\mfebopk.sys
2009-05-08 22:15 . 2007-11-22 10:44 79304 -c--a-w c:\windows\system32\drivers\mfeavfk.sys
2009-05-08 22:15 . 2007-11-22 10:44 201320 -c--a-w c:\windows\system32\drivers\mfehidk.sys
2009-05-08 22:15 . 2007-07-13 10:20 113952 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-05-08 22:14 . 2009-05-08 22:14 -------- d-----w c:\program files\McAfee.com
2009-05-08 22:14 . 2009-05-08 22:15 -------- d-----w c:\program files\Common Files\McAfee
2009-05-08 12:04 . 2009-05-16 13:12 -------- d-----w c:\windows\system32\796525
2009-05-01 19:20 . 2009-05-01 19:20 6407 ----a-w c:\windows\system32\krncode.dat
2009-05-01 19:20 . 2009-05-01 19:20 1575 ----a-w c:\windows\system32\pwrcode.dat
2009-05-01 19:20 . 2009-05-01 19:20 19434 ----a-w c:\windows\system32\wincode.dat
2009-05-01 19:20 . 2008-04-14 00:12 17408 ----a-w c:\windows\system32\osysp.dat
2009-05-01 19:20 . 2009-03-21 14:06 989696 ----a-w c:\windows\system32\osysk.dat
2009-05-01 19:20 . 2009-03-03 00:18 826368 ----a-w c:\windows\system32\osysw.dat
2009-04-26 10:40 . 2009-04-26 10:40 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-25 18:49 . 2009-04-25 18:49 8074 ----a-w c:\windows\extend.dat
2009-04-23 23:16 . 2009-04-23 23:16 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 18:14 . 2006-12-25 18:27 79231 -c--a-w c:\windows\hpfins05.dat
2009-05-09 16:17 . 2006-08-03 04:54 -------- d-----w c:\program files\McAfee
2009-04-26 10:40 . 2006-08-03 04:37 -------- d-----w c:\program files\Java
2009-04-23 23:17 . 2006-12-25 18:29 -------- d-----w c:\program files\HP
2009-04-13 12:33 . 2008-02-29 23:52 -------- d-----w c:\program files\RogueRemover FREE
2009-04-13 12:22 . 2009-04-12 13:01 -------- d-----w c:\program files\LimeWire
2009-04-12 13:04 . 2006-08-03 04:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 20:37 . 2009-04-11 20:37 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-11 20:37 . 2009-04-11 20:37 -------- d-----w c:\program files\DVDVideoSoft
2009-03-06 14:22 . 2004-08-10 16:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 16:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-10 16:51 78336 -c--a-w c:\windows\system32\ieencode.dll
2007-05-06 13:12 . 2007-05-06 13:12 774144 -c--a-w c:\program files\RngInterstitial.dll
2006-12-28 09:53 . 2006-12-27 19:54 108 -c--a-w c:\program files\piconfig.lx
2008-11-30 23:10 . 2006-12-27 17:07 88 -csh--r c:\windows\system32\4CEA199DBA.sys
2009-01-21 23:26 . 2007-06-04 10:39 56 -csh--r c:\windows\system32\BA9D19EA4C.sys
2008-09-08 14:36 . 2008-09-08 14:36 33792 -csha-w c:\windows\system32\bebutepo.dll
2009-01-21 23:26 . 2006-12-27 17:07 4184 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-12-25 20:21 . 2008-12-25 20:21 2713 -csh--w c:\windows\system32\raganapo.dll
2008-09-16 20:01 . 2008-09-16 20:01 64512 -csha-w c:\windows\system32\wuholove.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="?" [?]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-02-24 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-02 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-26 148888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-3 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe"=
"c:\\WINDOWS\\VM_STI.EXE"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

S1 763878bb;763878bb;c:\windows\system32\drivers\763878bb.sys --> c:\windows\system32\drivers\763878bb.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-08 17:32]

2009-05-08 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-08 17:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{bf58d851-a4f3-4a66-84db-838abb840439} - (no file)
Notify-byxuvsq - byxuvsq.dll
Notify-eltxptvm - eltxptvm.dll
Notify-kkxexnth - kkxexnth.dll
Notify-mlJYqNGW - mlJYqNGW.dll
Notify-wvuutss - wvuutss.dll
Notify-__c00e27a1 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\chris zurlo\Application Data\Mozilla\Firefox\Profiles\bo0rki3d.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 18:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3789023437-3729520145-2788972281-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:83,40,f0,36,03,a4,6b,5b,e7,cd,21,92,df,0c,57,7c,3b,2d,20,95,24,75,72,
c1,5a,3d,fc,80,26,a2,52,88,b4,93,ec,7a,b5,6e,d7,16,c4,9e,78,f7,33,80,8e,a5,\
"??"=hex:cb,07,f7,70,9c,01,00,a9,2e,cf,52,c6,e1,de,f0,cb

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5674ec4f-fb4d-4edb-b8aa-2452c0ad4b2e}\inprocserver32]
@DACL=(02 0000)
@="c:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Internet Explorer\\DLLs\\ieModule.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C897D}\InProcServer32]
@Class="REG_SZ"
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\jkse73hedfdgf.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32]
@Class="REG_SZ"
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\tyshb36rfjdf.dll"
"ThreadingModel"="Apartment"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2024)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\dllhost.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-05-18 18:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-18 22:11

Pre-Run: 125,698,953,216 bytes free
Post-Run: 125,741,953,024 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

339 --- E O F --- 2009-05-13 00:58

hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:47 PM, on 5/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" A4 Tech USB PC Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: (no name) - http://a671.ac-images.myspacecdn.com/00 ... 1670_l.jpg
O24 - Desktop Component 1: (no name) - http://img.youtube.com/vi/0x284Bvfbgw/default.jpg

--
End of file - 7406 bytes
karatekid7412589
Active Member
 
Posts: 13
Joined: May 15th, 2009, 6:37 pm

Re: HiJackthis log ... spyware/malware problems

Unread postby Bv202 » May 20th, 2009, 12:22 pm

Hi karatekid7412589

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but please keep the above in mind.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: HiJackthis log ... spyware/malware problems

Unread postby karatekid7412589 » May 20th, 2009, 4:02 pm

No i do not want to re-install the OS .. it is not a computer that has anything important on it .. except music and pictures ... i would like to disinfect it as much as possible ... if i changed all of my passwords would it prevent some of the viruses ... like change my email password and my user account password ? ... how much do you recomend that because alot of my online things i use all have the same three passwords but i dont want to change them if its not neccesary
karatekid7412589
Active Member
 
Posts: 13
Joined: May 15th, 2009, 6:37 pm

Re: HiJackthis log ... spyware/malware problems

Unread postby Bv202 » May 21st, 2009, 11:55 am

Hi karatekid7412589


if i changed all of my passwords would it prevent some of the viruses ... like change my email password and my user account password ? ... how much do you recomend that because alot of my online things i use all have the same three passwords but i dont want to change them if its not neccesary

That's a hard question to answer. Right now, someone can access and log everything on your system. Because of this, I recommend you to go to a clean computer and change all passwords on the important places for you (email accounts etc.). If we delete these files from your system, the hacker won't be able to log anything or gain remote access in theory. However, because it is a backdoor, the hacker could have changed anything we don't know that makes your computer more insecure.

Ofcourse it doesn't means this happened or will happen - but it is possible. As long as you don't use the system for online banking, creditcard transactions or any other important data, you can still use it. Most malware writers are not interested in your passwords of an msn account for example if that's what you mean with "my online things", though it's still a risk.

If you want to start the cleaning, please continue with these steps :)


P2P Software
From your logs, I can see you have P2P software on your system:
2009-04-13 12:22 . 2009-04-12 13:01 -------- d-----w c:\program files\LimeWire

Please read this regarding P2P software:
Click

It looks like it's just a leftover (you deleted it already), so the following step will also remove this software. If you don't want to remove it for any reason (please remember we can't assist you anymore in that case), please do not run the script.


COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    c:\windows\system32\drivers\UACvkbmnyllrmawrur.sys
    c:\windows\system32\krncode.dat
    c:\windows\system32\pwrcode.dat
    c:\windows\system32\wincode.dat
    c:\windows\system32\osysp.dat
    c:\windows\system32\osysk.dat
    c:\windows\system32\osysw.dat
    c:\windows\system32\bebutepo.dll
    c:\windows\system32\raganapo.dll
    c:\windows\system32\wuholove.dll
    c:\windows\system32\drivers\763878bb.sys
    c:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
    c:\WINDOWS\system32\jkse73hedfdgf.dll
    c:\WINDOWS\system32\tyshb36rfjdf.dll
    C:\windows\pp07.exe
    C:\windows\ld08.exe
    
    Folder::
    c:\windows\system32\218538
    c:\windows\system32\199638
    c:\windows\system32\796525
    c:\program files\LimeWire
    
    Driver::
    763878bb
    
    RegLockDel:: 
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5674ec4f-fb4d-4edb-b8aa-2452c0ad4b2e}\inprocserver32]
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C897D}\InProcServer32]
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32]
    
    dds::
    uInternet Settings,ProxyOverride = *.local;<local>
    uInternet Settings,ProxyServer = http=localhost:7171
    
    Firefox::
    FF - ProfilePath - c:\documents and settings\chris zurlo\Application Data\Mozilla\Firefox\Profiles\bo0rki3d.default\
    FF - prefs.js: network.proxy.http - localhost
    FF - prefs.js: network.proxy.http_port - 7171
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Upload a File to Jotti
Please visit http://virusscan.jotti.org/

Copy/paste this file and path into the white box at the top:
c:\windows\system32\4CEA199DBA.sys

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Repeat for:
c:\windows\system32\BA9D19EA4C.sys


In your next reply, please post:
1) The ComboFix log
2) The Jotti results
3) A new HijackThis log
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: HiJackthis log ... spyware/malware problems

Unread postby karatekid7412589 » May 21st, 2009, 3:27 pm

What is the jotti results .... and yes i did delete it (limewire) .. but by the leftover stuff from it, do you mean the music? .. i still want to songs i got from limewire ... will they be deleted ? .. if not then i should just run the combo link i just got and then im done .. or is there alot more to do
karatekid7412589
Active Member
 
Posts: 13
Joined: May 15th, 2009, 6:37 pm

Re: HiJackthis log ... spyware/malware problems

Unread postby Bv202 » May 22nd, 2009, 2:21 pm

Hi karatekid7412589

What is the jotti results

These are the results of the files uploaded to http://virusscan.jotti.org/. Please see my post above for instructions for that :)

but by the leftover stuff from it, do you mean the music? .. i still want to songs i got from limewire ... will they be deleted ?

Please read this.

if not then i should just run the combo link i just got and then im done .. or is there alot more to do

Sorry, but we can't be sure of that. Your computer has multiple infections, so it will very likely take some more steps.

I hope this helps :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: HiJackthis log ... spyware/malware problems

Unread postby karatekid7412589 » May 22nd, 2009, 6:43 pm

JOTTI RESULTS
all the scanners say found nothing

4CEA199DBA.sys
Status:
Scan finished. 0 out of 20 scanners reported malware.


BA9D19EA4C.sys
Status:
Scan finished. 0 out of 20 scanners reported malware.

HIjack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:01 PM, on 5/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" A4 Tech USB PC Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: (no name) - http://a671.ac-images.myspacecdn.com/00 ... 1670_l.jpg
O24 - Desktop Component 1: (no name) - http://img.youtube.com/vi/0x284Bvfbgw/default.jpg

--
End of file - 7072 bytes

COMBO

ComboFix 09-05-22.05 - chris zurlo 05/22/2009 17:58.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.550 [GMT -4:00]
Running from: c:\documents and settings\chris zurlo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\chris zurlo\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
c:\windows\ld08.exe
c:\windows\pp07.exe
c:\windows\system32\bebutepo.dll
c:\windows\system32\drivers\763878bb.sys
c:\windows\system32\drivers\UACvkbmnyllrmawrur.sys
c:\windows\system32\jkse73hedfdgf.dll
c:\windows\system32\krncode.dat
c:\windows\system32\osysk.dat
c:\windows\system32\osysp.dat
c:\windows\system32\osysw.dat
c:\windows\system32\pwrcode.dat
c:\windows\system32\raganapo.dll
c:\windows\system32\tyshb36rfjdf.dll
c:\windows\system32\wincode.dat
c:\windows\system32\wuholove.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-2000393364
c:\documents and settings\chris zurlo\Application Data\wiaserva.log
c:\program files\LimeWire
c:\program files\LimeWire\Incomplete\downloads.dat
c:\windows\system32\199638
c:\windows\system32\218538
c:\windows\system32\796525
c:\windows\system32\bebutepo.dll
c:\windows\system32\drivers\UACvkbmnyllrmawrur.sys
c:\windows\system32\krncode.dat
c:\windows\system32\osysk.dat
c:\windows\system32\osysp.dat
c:\windows\system32\osysw.dat
c:\windows\system32\pwrcode.dat
c:\windows\system32\raganapo.dll
c:\windows\system32\wincode.dat
c:\windows\system32\wuholove.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_763878bb


((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-16 11:07 . 2009-05-16 11:07 -------- d-----w c:\documents and settings\chris zurlo\Local Settings\Application Data\McAfee
2009-05-15 02:00 . 2009-05-15 02:00 6041600 ----a-w c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\CIP\Release_01_3062.exe
2009-05-15 02:00 . 2009-05-15 02:00 56320 ----a-w c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\RunGdp.exe
2009-05-15 02:00 . 2009-05-15 02:00 36864 ----a-w c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\DellSommelierFix.exe
2009-05-15 02:00 . 2009-05-15 02:00 123138 ----a-w c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\MakeDesktopShortcut.EXE
2009-05-15 01:59 . 2009-05-15 01:59 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2009-05-08 22:19 . 2006-03-03 12:07 143360 ----a-w c:\windows\system32\dunzip32.dll
2009-05-08 22:15 . 2007-11-22 10:44 33832 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-05-08 22:15 . 2007-12-02 16:51 40488 -c--a-w c:\windows\system32\drivers\mfesmfk.sys
2009-05-08 22:15 . 2007-11-22 10:44 35240 -c--a-w c:\windows\system32\drivers\mfebopk.sys
2009-05-08 22:15 . 2007-11-22 10:44 79304 -c--a-w c:\windows\system32\drivers\mfeavfk.sys
2009-05-08 22:15 . 2007-11-22 10:44 201320 -c--a-w c:\windows\system32\drivers\mfehidk.sys
2009-05-08 22:15 . 2007-07-13 10:20 113952 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-05-08 22:14 . 2009-05-08 22:14 -------- d-----w c:\program files\McAfee.com
2009-05-08 22:14 . 2009-05-08 22:15 -------- d-----w c:\program files\Common Files\McAfee
2009-04-26 10:41 . 2009-04-26 10:41 57344 ----a-w c:\documents and settings\chris zurlo\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-697d617e-n\Decora-SSE.dll
2009-04-26 10:41 . 2009-04-26 10:41 24064 ----a-w c:\documents and settings\chris zurlo\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-24506689-n\Decora-D3D.dll
2009-04-26 10:41 . 2009-04-26 10:41 114688 ----a-w c:\documents and settings\chris zurlo\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5887cbae-n\jogl_cg.dll
2009-04-26 10:41 . 2009-04-26 10:41 315392 ----a-w c:\documents and settings\chris zurlo\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5887cbae-n\jogl.dll
2009-04-26 10:41 . 2009-04-26 10:41 20480 ----a-w c:\documents and settings\chris zurlo\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5887cbae-n\jogl_awt.dll
2009-04-26 10:41 . 2009-04-26 10:41 20480 ----a-w c:\documents and settings\chris zurlo\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-38669cd3-n\gluegen-rt.dll
2009-04-26 10:41 . 2009-04-26 10:41 499712 ----a-w c:\documents and settings\chris zurlo\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-58c942ee-n\msvcp71.dll
2009-04-26 10:41 . 2009-04-26 10:41 499712 ----a-w c:\documents and settings\chris zurlo\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-58c942ee-n\jmc.dll
2009-04-26 10:41 . 2009-04-26 10:41 348160 ----a-w c:\documents and settings\chris zurlo\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-58c942ee-n\msvcr71.dll
2009-04-26 10:40 . 2009-04-26 10:40 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-26 10:39 . 2009-04-26 10:39 152576 ----a-w c:\documents and settings\chris zurlo\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-25 18:49 . 2009-04-25 18:49 8074 ----a-w c:\windows\extend.dat
2009-04-23 23:16 . 2009-04-23 23:16 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 20:45 . 2008-06-11 18:34 -------- d-----w c:\documents and settings\chris zurlo\Application Data\Extra Win Jump
2009-05-22 20:43 . 2008-06-11 18:35 -------- d-----w c:\documents and settings\All Users\Application Data\Long slow road itch
2009-05-16 18:14 . 2006-12-25 18:27 79231 -c--a-w c:\windows\hpfins05.dat
2009-05-16 11:17 . 2007-03-13 01:24 -------- d-----w c:\documents and settings\chris zurlo\Application Data\U3
2009-05-15 01:58 . 2009-05-15 01:58 55416 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-15 01:58 . 2009-05-15 01:58 128 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2009-05-15 01:58 . 2009-05-15 01:58 -------- d-----w c:\documents and settings\Guest\Application Data\McAfee
2009-05-09 16:17 . 2006-08-03 04:54 -------- d-----w c:\program files\McAfee
2009-05-08 22:42 . 2009-04-04 23:28 -------- d-----w c:\documents and settings\chris zurlo\Application Data\McAfee
2009-05-08 22:42 . 2006-08-03 04:54 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-26 10:40 . 2006-08-03 04:37 -------- d-----w c:\program files\Java
2009-04-23 23:17 . 2006-12-25 18:29 -------- d-----w c:\program files\HP
2009-04-13 12:33 . 2008-02-29 23:52 -------- d-----w c:\program files\RogueRemover FREE
2009-04-12 13:04 . 2006-08-03 04:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 20:37 . 2009-04-11 20:37 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-11 20:37 . 2009-04-11 20:37 -------- d-----w c:\program files\DVDVideoSoft
2009-04-11 20:01 . 2008-09-17 23:23 -------- d-----w c:\documents and settings\chris zurlo\Application Data\LimeWire
2009-04-05 00:08 . 2009-04-05 00:08 -------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-04-04 23:29 . 2009-04-04 23:29 266400 ----a-w c:\documents and settings\chris zurlo\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-03-06 14:22 . 2004-08-10 16:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 16:51 826368 ----a-w c:\windows\system32\wininet.dll
2007-05-06 13:12 . 2007-05-06 13:12 774144 -c--a-w c:\program files\RngInterstitial.dll
2006-12-28 09:53 . 2006-12-27 19:54 108 -c--a-w c:\program files\piconfig.lx
2008-11-30 23:10 . 2006-12-27 17:07 88 -csh--r c:\windows\system32\4CEA199DBA.sys
2009-01-21 23:26 . 2007-06-04 10:39 56 -csh--r c:\windows\system32\BA9D19EA4C.sys
2009-01-21 23:26 . 2006-12-27 17:07 4184 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-18_22.08.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-22 22:02 . 2009-05-22 22:02 16384 c:\windows\Temp\Perflib_Perfdata_660.dat
+ 2007-08-05 03:39 . 2009-05-22 02:07 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2006-12-25 18:16 . 2009-05-18 21:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-12-25 18:16 . 2009-05-22 20:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-25 18:16 . 2009-05-18 21:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-12-25 18:16 . 2009-05-22 20:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-12-25 18:16 . 2009-05-22 20:40 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-12-25 18:16 . 2009-05-18 21:39 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="?" [?]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-02-24 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-02 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-26 148888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-3 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe"=
"c:\\WINDOWS\\VM_STI.EXE"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=

.
Contents of the 'Scheduled Tasks' folder

2009-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-08 17:32]

2009-05-08 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-08 17:32]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\chris zurlo\Application Data\Mozilla\Firefox\Profiles\bo0rki3d.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 18:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3789023437-3729520145-2788972281-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:83,40,f0,36,03,a4,6b,5b,e7,cd,21,92,df,0c,57,7c,3b,2d,20,95,24,75,72,
c1,5a,3d,fc,80,26,a2,52,88,b4,93,ec,7a,b5,6e,d7,16,c4,9e,78,f7,33,80,8e,a5,\
"??"=hex:cb,07,f7,70,9c,01,00,a9,2e,cf,52,c6,e1,de,f0,cb
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\dllhost.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-05-22 18:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-22 22:28
ComboFix2.txt 2009-05-18 22:11

Pre-Run: 125,747,081,216 bytes free
Post-Run: 125,757,456,384 bytes free

261 --- E O F --- 2009-05-13 00:58
karatekid7412589
Active Member
 
Posts: 13
Joined: May 15th, 2009, 6:37 pm

Re: HiJackthis log ... spyware/malware problems

Unread postby Bv202 » May 23rd, 2009, 11:11 am

Hi karatekid7412589

Lop S&D-Option 1
Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
You will need to disable following programs:
(list here)
  • Double-click Lop S&D.exe
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)


Safe Mode
Are you able to boot into safe mode?
You can go in Safe Mode by restarting your computer, then continually tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Please try it. If you're able to boot into it, please shutdown the computer and restart it in normal mode again. If you're not able to, please tell me what exactly isn't working. Let me know if you're able to boot into it in your next reply :)


In your next reply, please post:
1) The LOP S&D report
2) A new HijackThis log
3) Are you able to boot into safe mode (see instructions above)?
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: HiJackthis log ... spyware/malware problems

Unread postby karatekid7412589 » May 23rd, 2009, 3:51 pm

yes i could get into safe mode .. but (im not sure ive never been in safe mode ) i saw a blk screen and big white text of filenames .. e.x .. c:.....windows/system32 ...... tht filled the screen while it was loading safe mode i guess .. idk if thts normal ... but it worked anyway

i also have to administrators on my comuter .. on i use .. and one i saw on safe mode ... that doesnt show up on my account in the control panel in reg. mode

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A04
USER : chris zurlo ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Not Activated)
Firewall : McAfee Personal Firewall (Not Activated)
C:\ (Local Disk) - NTFS - Total:145 Go (Free:117 Go)
D:\ (CD or DVD)
E:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sat 05/23/2009|15:04 )

--------------------\\ Listing folders in APPLIC~1


[11/28/2008|08:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[04/17/2008|06:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3 YPack Trial
[04/01/2008|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[02/29/2008|09:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[12/25/2006|02:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/13/2007|04:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[12/27/2006|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[03/05/2008|04:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Armagetron
[04/04/2009|08:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avg8
[04/07/2008|05:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BOONTY
[12/29/2007|02:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Citrix
[02/28/2008|03:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[07/09/2008|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/28/2008|07:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Graboid Inc
[08/03/2006|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[12/25/2006|02:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[04/23/2009|07:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP Product Assistant
[08/03/2006|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[05/22/2009|04:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Long slow road itch
[05/08/2009|06:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[03/04/2007|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[12/23/2008|02:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[06/01/2007|04:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Mozilla
[08/03/2006|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[08/10/2004|01:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[06/29/2008|01:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[09/27/2007|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[12/25/2006|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[07/03/2008|05:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[08/03/2006|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[01/09/2009|06:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[11/28/2008|08:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[12/29/2006|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[12/25/2006|02:40] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> acccore
[05/03/2008|10:32] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Adobe
[11/28/2008|08:02] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> AdobeUM
[12/27/2006|11:12] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Apple Computer
[12/26/2007|05:57] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> ArcSoft
[03/05/2008|06:13] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Armagetron
[01/21/2009|07:23] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Corel
[12/30/2006|09:11] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Corel Photo Album
[05/22/2009|04:45] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Extra Win Jump
[02/03/2007|11:44] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Google
[08/03/2006|12:46] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Gtek
[03/16/2009|06:51] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> HP
[08/10/2004|01:08] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Identities
[06/11/2008|03:42] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> InstallShield
[12/28/2006|09:45] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Leadertech
[04/11/2009|04:01] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> LimeWire
[01/12/2008|11:11] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Macromedia
[05/08/2009|06:42] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> McAfee
[04/04/2009|08:05] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Microsoft
[06/30/2008|08:38] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Mozilla
[11/28/2008|07:35] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> MozillaControl
[12/28/2006|06:05] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> OLYMPUS
[11/28/2007|07:48] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> QQ Games
[11/27/2007|10:52] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> QQ Games Plugin
[12/26/2007|11:42] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Real
[12/30/2008|01:21] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> RegClean
[12/30/2008|12:45] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> RegSweep
[04/07/2008|05:51] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> SecuROM
[12/28/2006|09:47] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Sonic
[12/30/2008|01:40] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> SpotFreePC
[08/03/2006|12:37] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Sun
[01/09/2009|06:52] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[08/03/2006|12:47] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Symantec
[06/01/2007|04:11] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Talkback
[05/16/2009|07:17] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> U3
[02/14/2009|12:41] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Unity

[08/03/2006|12:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Gtek
[08/10/2004|01:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/03/2006|12:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[08/03/2006|12:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun
[08/03/2006|12:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec


[04/08/2007|05:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[07/31/2007|07:18] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Identities
[03/04/2007|08:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[04/24/2009|06:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[04/04/2009|08:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft


--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[05/15/2009 01:00 AM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[05/08/2009 06:15 PM][--a------] C:\WINDOWS\tasks\McQcTask.job
[05/16/2009 03:41 PM][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[05/23/2009 01:16 PM][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 05:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/28/2008|07:58] C:\Program Files\<DIR> Adobe
[04/01/2008|09:51] C:\Program Files\<DIR> AIM6
[08/03/2006|12:45] C:\Program Files\<DIR> America Online 9.0
[02/11/2009|11:01] C:\Program Files\<DIR> AML Products
[02/11/2009|11:26] C:\Program Files\<DIR> AMUST
[08/03/2006|12:45] C:\Program Files\<DIR> AOL Companion
[03/19/2009|04:53] C:\Program Files\<DIR> Apple Software Update
[06/29/2008|09:29] C:\Program Files\<DIR> AVG
[11/05/2008|01:44] C:\Program Files\<DIR> BabasChess
[08/03/2006|12:56] C:\Program Files\<DIR> BAE
[02/28/2009|08:42] C:\Program Files\<DIR> Best Buy Rhapsody
[06/11/2008|02:44] C:\Program Files\<DIR> BitDownload
[04/07/2008|05:50] C:\Program Files\<DIR> Boonty
[04/07/2008|05:51] C:\Program Files\<DIR> BoontyGames
[12/29/2007|02:01] C:\Program Files\<DIR> Citrix
[05/22/2009|05:59] C:\Program Files\<DIR> Common Files
[05/23/2008|09:33] C:\Program Files\<DIR> ComPlus Applications
[08/03/2006|12:28] C:\Program Files\<DIR> CONEXANT
[08/03/2006|12:52] C:\Program Files\<DIR> Corel Corporation
[08/03/2006|12:59] C:\Program Files\<DIR> Dell
[08/03/2006|12:46] C:\Program Files\<DIR> Dell Support
[08/03/2006|12:42] C:\Program Files\<DIR> Digital Line Detect
[06/01/2007|04:09] C:\Program Files\<DIR> DivX
[06/30/2008|10:00] C:\Program Files\<DIR> Dvd-cloner
[04/11/2009|04:37] C:\Program Files\<DIR> DVDVideoSoft
[08/03/2006|12:45] C:\Program Files\<DIR> EarthLink Setup
[02/01/2009|05:37] C:\Program Files\<DIR> Extra Win Jump
[07/10/2008|08:54] C:\Program Files\<DIR> Google
[11/28/2008|08:18] C:\Program Files\<DIR> Graboid
[04/23/2009|07:17] C:\Program Files\<DIR> HP
[04/12/2009|09:04] C:\Program Files\<DIR> InstallShield Installation Information
[08/03/2006|12:39] C:\Program Files\<DIR> Intel
[08/03/2006|12:42] C:\Program Files\<DIR> InterActual
[04/15/2009|08:46] C:\Program Files\<DIR> Internet Explorer
[07/01/2008|05:12] C:\Program Files\<DIR> IObit
[11/11/2007|11:14] C:\Program Files\<DIR> iPod
[11/11/2007|11:15] C:\Program Files\<DIR> iTunes
[04/26/2009|06:40] C:\Program Files\<DIR> Java
[05/09/2009|12:17] C:\Program Files\<DIR> McAfee
[05/08/2009|06:14] C:\Program Files\<DIR> McAfee.com
[08/27/2008|10:23] C:\Program Files\<DIR> Messenger
[08/10/2004|01:04] C:\Program Files\<DIR> microsoft frontpage
[02/11/2009|11:07] C:\Program Files\<DIR> Microsoft Office
[08/03/2006|12:44] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[08/03/2006|12:44] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[08/03/2006|12:42] C:\Program Files\<DIR> Modem Helper
[08/27/2008|10:18] C:\Program Files\<DIR> Movie Maker
[05/23/2009|02:11] C:\Program Files\<DIR> Mozilla Firefox
[02/11/2009|11:41] C:\Program Files\<DIR> MSECACHE
[08/10/2004|01:01] C:\Program Files\<DIR> MSN
[08/10/2004|01:01] C:\Program Files\<DIR> MSN Gaming Zone
[12/26/2006|04:54] C:\Program Files\<DIR> MSXML 4.0
[12/21/2007|07:30] C:\Program Files\<DIR> MUSICMATCH
[08/27/2008|10:13] C:\Program Files\<DIR> NetMeeting
[08/03/2006|12:42] C:\Program Files\<DIR> NetWaiting
[08/03/2006|12:43] C:\Program Files\<DIR> NetZeroInstallers
[12/28/2006|06:02] C:\Program Files\<DIR> OLYMPUS
[08/10/2004|01:01] C:\Program Files\<DIR> Online Services
[08/27/2008|10:13] C:\Program Files\<DIR> Outlook Express
[01/09/2009|06:50] C:\Program Files\<DIR> PC Health Optimizer Free Edition
[12/28/2006|05:55] C:\Program Files\<DIR> Peer Impact
[12/28/2006|06:02] C:\Program Files\<DIR> PIXELA
[06/29/2008|12:20] C:\Program Files\<DIR> Pocket Tanks Deluxe
[11/11/2007|11:12] C:\Program Files\<DIR> QuickTime
[12/15/2008|09:10] C:\Program Files\<DIR> Real
[04/13/2009|08:33] C:\Program Files\<DIR> RogueRemover FREE
[08/03/2006|12:55] C:\Program Files\<DIR> Roxio
[08/03/2006|12:56] C:\Program Files\<DIR> SearchAssist
[08/03/2006|12:40] C:\Program Files\<DIR> Sigmatel
[08/03/2006|12:56] C:\Program Files\<DIR> Sonic
[01/09/2009|06:51] C:\Program Files\<DIR> SUPERAntiSpyware
[11/27/2007|10:35] C:\Program Files\<DIR> Tencent
[07/05/2008|07:24] C:\Program Files\<DIR> Trend Micro
[08/10/2004|01:08] C:\Program Files\<DIR> Uninstall Information
[02/14/2009|12:24] C:\Program Files\<DIR> Unity
[06/26/2008|10:27] C:\Program Files\<DIR> Veoh Networks
[11/28/2008|08:20] C:\Program Files\<DIR> VideoLAN
[11/28/2008|08:21] C:\Program Files\<DIR> Viewpoint
[12/25/2006|02:54] C:\Program Files\<DIR> Vimicro
[08/03/2006|12:46] C:\Program Files\<DIR> WebCyberCoach
[08/03/2006|12:49] C:\Program Files\<DIR> WildTangent
[02/11/2009|11:41] C:\Program Files\<DIR> Windows Installer Clean Up
[04/19/2007|06:06] C:\Program Files\<DIR> Windows Media Connect 2
[08/27/2008|10:13] C:\Program Files\<DIR> Windows Media Player
[01/02/2007|03:57] C:\Program Files\<DIR> Windows Messaging
[08/27/2008|10:13] C:\Program Files\<DIR> Windows NT
[08/10/2004|01:02] C:\Program Files\<DIR> WindowsUpdate
[08/03/2006|12:46] C:\Program Files\<DIR> WordPerfect Office 12
[08/10/2004|01:04] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[04/07/2008|07:02] C:\Program Files\Common Files\<DIR> Adobe
[04/01/2008|09:50] C:\Program Files\Common Files\<DIR> AOL
[08/03/2006|12:45] C:\Program Files\Common Files\<DIR> aolshare
[07/13/2007|04:52] C:\Program Files\Common Files\<DIR> Apple
[06/29/2008|12:24] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[04/07/2008|05:57] C:\Program Files\Common Files\<DIR> BOONTY Shared
[08/03/2006|12:45] C:\Program Files\Common Files\<DIR> Borland Shared
[12/15/2008|07:57] C:\Program Files\Common Files\<DIR> Corel
[04/11/2009|04:37] C:\Program Files\Common Files\<DIR> DVDVideoSoft
[12/25/2006|02:34] C:\Program Files\Common Files\<DIR> HP
[08/03/2006|12:46] C:\Program Files\Common Files\<DIR> InstallShield
[08/03/2006|12:37] C:\Program Files\Common Files\<DIR> Java
[05/08/2009|06:15] C:\Program Files\Common Files\<DIR> McAfee
[11/28/2008|07:20] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/10/2004|01:02] C:\Program Files\Common Files\<DIR> MSSoap
[08/03/2006|12:45] C:\Program Files\Common Files\<DIR> Nullsoft
[08/10/2004|12:57] C:\Program Files\Common Files\<DIR> ODBC
[06/30/2008|08:37] C:\Program Files\Common Files\<DIR> PC Tools
[12/15/2008|09:10] C:\Program Files\Common Files\<DIR> Real
[08/03/2006|12:42] C:\Program Files\Common Files\<DIR> Roxio Shared
[08/10/2004|01:02] C:\Program Files\Common Files\<DIR> Services
[12/29/2007|02:48] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/10/2004|12:57] C:\Program Files\Common Files\<DIR> SpeechEngines
[06/29/2008|12:19] C:\Program Files\Common Files\<DIR> Symantec Shared
[08/27/2008|10:13] C:\Program Files\Common Files\<DIR> System
[08/03/2006|12:55] C:\Program Files\Common Files\<DIR> TiVo Shared
[04/08/2007|05:37] C:\Program Files\Common Files\<DIR> Viewpoint

--------------------\\ Process

( 48 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\Readme Bore.dat
C:\Program Files\BitDownload

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flap1Cast]
"DisplayName"="CiD Help"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-23 15:05:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:17][D:1]-> C:\DOCUME~1\CHRISZ~1\LOCALS~1\Temp
[F:4][D:0]-> C:\DOCUME~1\CHRISZ~1\Cookies
[F:28][D:4]-> C:\DOCUME~1\CHRISZ~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 05/23/2009|15:06 - Option : [1]

--------------------\\ Scan completed at 15:06:38

hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:09 PM, on 5/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" A4 Tech USB PC Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: (no name) - http://a671.ac-images.myspacecdn.com/00 ... 1670_l.jpg
O24 - Desktop Component 1: (no name) - http://img.youtube.com/vi/0x284Bvfbgw/default.jpg

--
End of file - 7085 bytes
karatekid7412589
Active Member
 
Posts: 13
Joined: May 15th, 2009, 6:37 pm

Re: HiJackthis log ... spyware/malware problems

Unread postby Bv202 » May 24th, 2009, 2:43 pm

Hi karatekid7412589

Lop S&D-Option 4
Select the entire area below, then right-click and choose Copy
C:\documents and settings\All Users\Application Data\Long slow road itch
C:\Program Files\BitDownload
c:\documents and settings\chris zurlo\Application Data\Extra Win Jump
C:\Program Files\Extra Win Jump

Double click LopSD.exe to start the program.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 4 to choose Option 4 (LopScript), then press Enter
  • A blank page will be opened, right-click it and choose Paste
  • Close the page, you'll be asked to save it, click Save
  • Don't close the window during suppression!
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)


Backup Your Registry with ERUNT
  • Please use the following link to download ERUNT
  • Use the setup program to install ERUNT on your computer
Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERDNT.exe

Open Notepad!
Copy and Paste everything from the Quote box into Notepad:

REGEDIT4

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flap1Cast]



Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Go to File > Save As
Save File name as Fix.reg
Change Save as Type to All Files and save the file to your desktop.

Close Notepad, and double-click Fix.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK. Reboot the computer.


Run Kaspersky Online AV Scanner
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply

In your next reply, please post:
1) The LOP S&D report
2) The Kaspersky report
3) A new HijackThis log
4) How is your computer running now? :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: HiJackthis log ... spyware/malware problems

Unread postby karatekid7412589 » May 24th, 2009, 9:44 pm

i think computer is running fine .. except .. add or remove programs says i have internet explorer 7 downlaoded and i cant access it nor can i delete it .... also you didnt answre my last coment

yes i could get into safe mode .. but (im not sure ive never been in safe mode ) i saw a blk screen and big white text of filenames .. e.x .. c:.....windows/system32 ...... tht filled the screen while it was loading safe mode i guess .. idk if thts normal ... but it worked anyway

i also have to administrators on my comuter .. on i use .. and one i saw on safe mode ... that doesnt show up on my account in the control panel in reg. mode


shouldnt i just have one administrator account ... and y cant i log on that other user account

also my McAfee (it might just be their fault im not sure ) it acts like its not fully loaded ... like a picture on the internet .. it has 3 shapes in a box (red yellow and green) next to every button






KASPERSKY

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, May 24, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, May 25, 2009 00:40:57
Records in database: 2237029
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 75095
Threat name: 7
Infected objects: 14
Suspicious objects: 0
Duration of the scan: 01:35:56


File name / Threat name / Threats count
C:\Documents and Settings\chris zurlo\My Documents\LimeWire\Saved\theresa witness.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\juposeno.dll.vir Infected: Packed.Win32.Mondera.b 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\sufetida.dll.vir Infected: Trojan-Downloader.Win32.Agent.bgrc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuviloko.dll.vir Infected: Packed.Win32.Mondera.b 1
C:\Qoobox\Quarantine\[4]-Submit_2009-05-22_17.58.18.zip Infected: Packed.Win32.Mondera.b 1
C:\Qoobox\Quarantine\[4]-Submit_2009-05-22_17.58.18.zip Infected: Packed.Win32.Mondera.c 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP751\A0130047.dll Infected: Trojan.Win32.Patched.gk 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP751\A0130048.dll Infected: Trojan.Win32.Patched.gk 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP751\A0130051.ini Infected: Trojan.Win32.Patched.gl 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP751\A0130052.ini Infected: Trojan.Win32.Patched.gk 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP751\A0130056.exe Infected: Net-Worm.Win32.Koobface.io 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP763\A0131273.dll Infected: Packed.Win32.Mondera.b 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP763\A0131283.dll Infected: Trojan-Downloader.Win32.Agent.bgrc 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP763\A0131286.dll Infected: Packed.Win32.Mondera.b 1

The selected area was scanned.

HiJACK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:20 PM, on 5/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" A4 Tech USB PC Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
O4 - HKLM\..\RunOnce: [Installing-ie8] C:\DOCUME~1\CHRISZ~1\LOCALS~1\Temp\IE8-WindowsXP-x86-ENU.exe /passive
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] ?
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: (no name) - http://a671.ac-images.myspacecdn.com/00 ... 1670_l.jpg
O24 - Desktop Component 1: (no name) - http://img.youtube.com/vi/0x284Bvfbgw/default.jpg

--
End of file - 7449 bytes

LOPR


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A04
USER : chris zurlo ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Activated)
Firewall : McAfee Personal Firewall (Activated)
C:\ (Local Disk) - NTFS - Total:145 Go (Free:117 Go)
D:\ (CD or DVD)
E:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [4] ( Sun 05/24/2009|15:13 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script

C:\documents and settings\All Users\Application Data\Long slow road itch
C:\Program Files\BitDownload
c:\documents and settings\chris zurlo\Application Data\Extra Win Jump
C:\Program Files\Extra Win Jump


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\documents and settings\All Users\Application Data\Long slow road itch
Deleted! - C:\Program Files\BitDownload
Deleted! - c:\documents and settings\chris zurlo\Application Data\Extra Win Jump
Deleted! - C:\Program Files\Extra Win Jump

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Deleted! - C:\Program Files\Viewpoint
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1


[11/28/2008|08:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[04/17/2008|06:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3 YPack Trial
[04/01/2008|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[02/29/2008|09:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[12/25/2006|02:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/13/2007|04:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[12/27/2006|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[03/05/2008|04:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Armagetron
[04/04/2009|08:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avg8
[04/07/2008|05:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BOONTY
[12/29/2007|02:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Citrix
[02/28/2008|03:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[07/09/2008|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/28/2008|07:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Graboid Inc
[08/03/2006|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[12/25/2006|02:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[04/23/2009|07:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP Product Assistant
[08/03/2006|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[05/08/2009|06:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[03/04/2007|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[12/23/2008|02:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[06/01/2007|04:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Mozilla
[08/03/2006|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[08/10/2004|01:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[06/29/2008|01:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[09/27/2007|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[12/25/2006|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[07/03/2008|05:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[08/03/2006|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[01/09/2009|06:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[12/29/2006|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[12/25/2006|02:40] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> acccore
[05/03/2008|10:32] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Adobe
[11/28/2008|08:02] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> AdobeUM
[12/27/2006|11:12] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Apple Computer
[12/26/2007|05:57] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> ArcSoft
[03/05/2008|06:13] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Armagetron
[01/21/2009|07:23] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Corel
[12/30/2006|09:11] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Corel Photo Album
[02/03/2007|11:44] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Google
[08/03/2006|12:46] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Gtek
[03/16/2009|06:51] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> HP
[08/10/2004|01:08] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Identities
[06/11/2008|03:42] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> InstallShield
[12/28/2006|09:45] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Leadertech
[04/11/2009|04:01] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> LimeWire
[01/12/2008|11:11] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Macromedia
[05/08/2009|06:42] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> McAfee
[04/04/2009|08:05] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Microsoft
[06/30/2008|08:38] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Mozilla
[11/28/2008|07:35] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> MozillaControl
[12/28/2006|06:05] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> OLYMPUS
[11/28/2007|07:48] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> QQ Games
[11/27/2007|10:52] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> QQ Games Plugin
[12/26/2007|11:42] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Real
[12/30/2008|01:21] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> RegClean
[12/30/2008|12:45] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> RegSweep
[04/07/2008|05:51] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> SecuROM
[12/28/2006|09:47] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Sonic
[12/30/2008|01:40] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> SpotFreePC
[08/03/2006|12:37] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Sun
[01/09/2009|06:52] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[08/03/2006|12:47] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Symantec
[06/01/2007|04:11] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Talkback
[05/16/2009|07:17] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> U3
[02/14/2009|12:41] C:\DOCUME~1\CHRISZ~1\APPLIC~1\<DIR> Unity

[08/03/2006|12:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Gtek
[08/10/2004|01:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/03/2006|12:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[08/03/2006|12:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun
[08/03/2006|12:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec


[04/08/2007|05:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[07/31/2007|07:18] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Identities
[03/04/2007|08:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[04/24/2009|06:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[04/04/2009|08:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft


--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[05/15/2009 01:00 AM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[05/08/2009 06:15 PM][--a------] C:\WINDOWS\tasks\McQcTask.job
[05/23/2009 03:41 PM][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[05/24/2009 12:22 PM][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 05:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/28/2008|07:58] C:\Program Files\<DIR> Adobe
[04/01/2008|09:51] C:\Program Files\<DIR> AIM6
[08/03/2006|12:45] C:\Program Files\<DIR> America Online 9.0
[02/11/2009|11:01] C:\Program Files\<DIR> AML Products
[02/11/2009|11:26] C:\Program Files\<DIR> AMUST
[08/03/2006|12:45] C:\Program Files\<DIR> AOL Companion
[03/19/2009|04:53] C:\Program Files\<DIR> Apple Software Update
[06/29/2008|09:29] C:\Program Files\<DIR> AVG
[11/05/2008|01:44] C:\Program Files\<DIR> BabasChess
[08/03/2006|12:56] C:\Program Files\<DIR> BAE
[02/28/2009|08:42] C:\Program Files\<DIR> Best Buy Rhapsody
[04/07/2008|05:50] C:\Program Files\<DIR> Boonty
[04/07/2008|05:51] C:\Program Files\<DIR> BoontyGames
[12/29/2007|02:01] C:\Program Files\<DIR> Citrix
[05/22/2009|05:59] C:\Program Files\<DIR> Common Files
[05/23/2008|09:33] C:\Program Files\<DIR> ComPlus Applications
[08/03/2006|12:28] C:\Program Files\<DIR> CONEXANT
[08/03/2006|12:52] C:\Program Files\<DIR> Corel Corporation
[08/03/2006|12:59] C:\Program Files\<DIR> Dell
[08/03/2006|12:46] C:\Program Files\<DIR> Dell Support
[08/03/2006|12:42] C:\Program Files\<DIR> Digital Line Detect
[06/01/2007|04:09] C:\Program Files\<DIR> DivX
[06/30/2008|10:00] C:\Program Files\<DIR> Dvd-cloner
[04/11/2009|04:37] C:\Program Files\<DIR> DVDVideoSoft
[08/03/2006|12:45] C:\Program Files\<DIR> EarthLink Setup
[07/10/2008|08:54] C:\Program Files\<DIR> Google
[11/28/2008|08:18] C:\Program Files\<DIR> Graboid
[04/23/2009|07:17] C:\Program Files\<DIR> HP
[04/12/2009|09:04] C:\Program Files\<DIR> InstallShield Installation Information
[08/03/2006|12:39] C:\Program Files\<DIR> Intel
[08/03/2006|12:42] C:\Program Files\<DIR> InterActual
[04/15/2009|08:46] C:\Program Files\<DIR> Internet Explorer
[07/01/2008|05:12] C:\Program Files\<DIR> IObit
[11/11/2007|11:14] C:\Program Files\<DIR> iPod
[11/11/2007|11:15] C:\Program Files\<DIR> iTunes
[04/26/2009|06:40] C:\Program Files\<DIR> Java
[05/09/2009|12:17] C:\Program Files\<DIR> McAfee
[05/08/2009|06:14] C:\Program Files\<DIR> McAfee.com
[08/27/2008|10:23] C:\Program Files\<DIR> Messenger
[08/10/2004|01:04] C:\Program Files\<DIR> microsoft frontpage
[02/11/2009|11:07] C:\Program Files\<DIR> Microsoft Office
[08/03/2006|12:44] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[08/03/2006|12:44] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[08/03/2006|12:42] C:\Program Files\<DIR> Modem Helper
[08/27/2008|10:18] C:\Program Files\<DIR> Movie Maker
[05/24/2009|03:09] C:\Program Files\<DIR> Mozilla Firefox
[02/11/2009|11:41] C:\Program Files\<DIR> MSECACHE
[08/10/2004|01:01] C:\Program Files\<DIR> MSN
[08/10/2004|01:01] C:\Program Files\<DIR> MSN Gaming Zone
[12/26/2006|04:54] C:\Program Files\<DIR> MSXML 4.0
[12/21/2007|07:30] C:\Program Files\<DIR> MUSICMATCH
[08/27/2008|10:13] C:\Program Files\<DIR> NetMeeting
[08/03/2006|12:42] C:\Program Files\<DIR> NetWaiting
[08/03/2006|12:43] C:\Program Files\<DIR> NetZeroInstallers
[12/28/2006|06:02] C:\Program Files\<DIR> OLYMPUS
[08/10/2004|01:01] C:\Program Files\<DIR> Online Services
[08/27/2008|10:13] C:\Program Files\<DIR> Outlook Express
[01/09/2009|06:50] C:\Program Files\<DIR> PC Health Optimizer Free Edition
[12/28/2006|05:55] C:\Program Files\<DIR> Peer Impact
[12/28/2006|06:02] C:\Program Files\<DIR> PIXELA
[06/29/2008|12:20] C:\Program Files\<DIR> Pocket Tanks Deluxe
[11/11/2007|11:12] C:\Program Files\<DIR> QuickTime
[12/15/2008|09:10] C:\Program Files\<DIR> Real
[04/13/2009|08:33] C:\Program Files\<DIR> RogueRemover FREE
[08/03/2006|12:55] C:\Program Files\<DIR> Roxio
[08/03/2006|12:56] C:\Program Files\<DIR> SearchAssist
[08/03/2006|12:40] C:\Program Files\<DIR> Sigmatel
[08/03/2006|12:56] C:\Program Files\<DIR> Sonic
[01/09/2009|06:51] C:\Program Files\<DIR> SUPERAntiSpyware
[11/27/2007|10:35] C:\Program Files\<DIR> Tencent
[07/05/2008|07:24] C:\Program Files\<DIR> Trend Micro
[08/10/2004|01:08] C:\Program Files\<DIR> Uninstall Information
[02/14/2009|12:24] C:\Program Files\<DIR> Unity
[06/26/2008|10:27] C:\Program Files\<DIR> Veoh Networks
[11/28/2008|08:20] C:\Program Files\<DIR> VideoLAN
[12/25/2006|02:54] C:\Program Files\<DIR> Vimicro
[08/03/2006|12:46] C:\Program Files\<DIR> WebCyberCoach
[08/03/2006|12:49] C:\Program Files\<DIR> WildTangent
[02/11/2009|11:41] C:\Program Files\<DIR> Windows Installer Clean Up
[04/19/2007|06:06] C:\Program Files\<DIR> Windows Media Connect 2
[08/27/2008|10:13] C:\Program Files\<DIR> Windows Media Player
[01/02/2007|03:57] C:\Program Files\<DIR> Windows Messaging
[08/27/2008|10:13] C:\Program Files\<DIR> Windows NT
[08/10/2004|01:02] C:\Program Files\<DIR> WindowsUpdate
[08/03/2006|12:46] C:\Program Files\<DIR> WordPerfect Office 12
[08/10/2004|01:04] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[04/07/2008|07:02] C:\Program Files\Common Files\<DIR> Adobe
[04/01/2008|09:50] C:\Program Files\Common Files\<DIR> AOL
[08/03/2006|12:45] C:\Program Files\Common Files\<DIR> aolshare
[07/13/2007|04:52] C:\Program Files\Common Files\<DIR> Apple
[06/29/2008|12:24] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[04/07/2008|05:57] C:\Program Files\Common Files\<DIR> BOONTY Shared
[08/03/2006|12:45] C:\Program Files\Common Files\<DIR> Borland Shared
[12/15/2008|07:57] C:\Program Files\Common Files\<DIR> Corel
[04/11/2009|04:37] C:\Program Files\Common Files\<DIR> DVDVideoSoft
[12/25/2006|02:34] C:\Program Files\Common Files\<DIR> HP
[08/03/2006|12:46] C:\Program Files\Common Files\<DIR> InstallShield
[08/03/2006|12:37] C:\Program Files\Common Files\<DIR> Java
[05/08/2009|06:15] C:\Program Files\Common Files\<DIR> McAfee
[11/28/2008|07:20] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/10/2004|01:02] C:\Program Files\Common Files\<DIR> MSSoap
[08/03/2006|12:45] C:\Program Files\Common Files\<DIR> Nullsoft
[08/10/2004|12:57] C:\Program Files\Common Files\<DIR> ODBC
[06/30/2008|08:37] C:\Program Files\Common Files\<DIR> PC Tools
[12/15/2008|09:10] C:\Program Files\Common Files\<DIR> Real
[08/03/2006|12:42] C:\Program Files\Common Files\<DIR> Roxio Shared
[08/10/2004|01:02] C:\Program Files\Common Files\<DIR> Services
[12/29/2007|02:48] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/10/2004|12:57] C:\Program Files\Common Files\<DIR> SpeechEngines
[06/29/2008|12:19] C:\Program Files\Common Files\<DIR> Symantec Shared
[08/27/2008|10:13] C:\Program Files\Common Files\<DIR> System
[08/03/2006|12:55] C:\Program Files\Common Files\<DIR> TiVo Shared
[04/08/2007|05:37] C:\Program Files\Common Files\<DIR> Viewpoint

--------------------\\ Process

( 50 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 15:16:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:27][D:1]-> C:\DOCUME~1\CHRISZ~1\LOCALS~1\Temp
[F:4][D:0]-> C:\DOCUME~1\CHRISZ~1\Cookies
[F:29][D:4]-> C:\DOCUME~1\CHRISZ~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 05/23/2009|15:06 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Sun 05/24/2009|15:17 - Option : [4]

--------------------\\ Scan completed at 15:17:37



thanks
karatekid7412589
Active Member
 
Posts: 13
Joined: May 15th, 2009, 6:37 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 39 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware