You are here:
- Home
- Computing/Technology
- Internet/Network Security
- Computer Security & Viruses
- Buffer Overflow Blocked
Computer Security & Viruses/Buffer Overflow Blocked
Advertisement
Question
hi brian it me again..i was tring to meke a followup to our matter, but it say i'v made to many. and it say try a new cuestion ,... to you to know waht we have been doing..this is wasthe first cuestion i made to you............(QUESTION: I was reading a last year post (3/29/2008) .about Buffer Overflow Blocked" warning with an .avi file well this it’s happening to me now …I did what you said on this post “ disable de overflow” just in report mode , and also a did put the name of the issue on the exclusions. So now when I try to open any .avi file the message appear …it don’t block the process ..but the system immediately crash and stop…until I just end to the task the folder containing the file…my question …what that matter whit it…what do I do now.?? This only happen whit McAfee 2008? If I just change the antivirus software , this will help or it’s to risky..thanks for your help ..)...........and i have been doing wath you have been tellingme ....well the last thing i was supost to do it was to cleanup my pc and sent to you the new logs...ok ...this is the one after i cleanup my pc and i instal the software you said to me "malwarebytes' antimalware"..and its log ...
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3
18/05/2009 03:42:23 p.m.
mbam-log-2009-05-18 (15-42-23).txt
Scan type: Full Scan (C:\|)
Objects scanned: 248779
Time elapsed: 34 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
and the new log whit the oter software you said before "hijackthis"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:51:08 p.m., on 18/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\John\LOCALS~1\Temp\Rar$EX00.250\Refog.KGB.Spy.v3.84.Cracked-WDYL\crack\winlogon.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\MPK\MPK.exe
O1 - Hosts: 195.122.131.3 dl1l32.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1cg.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1cg2.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1tl.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1tl2.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2l32.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2cg.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2cg2.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2tl.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2tl2.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3l32.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3cg.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3cg2.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3tl.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3tl2.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4l32.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4cg.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4cg2.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4tl.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4tl2.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5l32.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5cg.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5cg2.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5tl.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5tl2.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6l32.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6cg.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6cg2.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6tl.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6tl2.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7l32.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7cg.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7cg2.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7tl.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7tl2.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8l32.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8cg.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8cg2.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8tl.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8tl2.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9l32.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9cg.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9cg2.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9tl.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9tl2.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10l32.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10cg.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10cg2.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10tl.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10tl2.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11l32.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11cg.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11cg2.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11tl.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11tl2.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12l32.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12cg.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12cg2.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12tl.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12tl2.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13l32.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13cg.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13cg2.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13tl.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13tl2.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14l32.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14cg.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14cg2.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14tl.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14tl2.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15l32.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15cg.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15cg2.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15tl.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15tl2.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16l32.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16cg.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16cg2.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16tl.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16tl2.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17l32.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17cg.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17cg2.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17tl.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17tl2.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18l32.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18cg.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18cg2.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18tl.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18tl2.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19l32.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19cg.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19cg2.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19tl.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19tl2.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20l32.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20cg.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20cg2.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20tl.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20tl2.rapidshare.com
O1 - Hosts: 195.122.131.43 dl21l32.rapidshare.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3AA8347C-4AA5-4DC2-8350-2F556BABF0AA} - C:\PROGRA~1\SMARTM~1\IEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winlogon.exe] C:\DOCUME~1\John\LOCALS~1\Temp\Rar$EX00.250\Refog.KGB.Spy.v3.84.Cracked-WDYL\crack\winlogon.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [L08EXLRD_1669921] "C:\Program Files\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barra de búsqueda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_si
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 18312 bytes.
how ever thanks for your help agein
ANSWER: Hi John
Next step is to download ComboFix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Note: Remember it is important that the file is saved directly to your desktop.
Close any open browsers.
Double click on combofix.exe and follow the prompts.
If asked to install Recovery Console, please allow it.
Note: Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
When it's finished it will produce a log.
Copy that log file to me and also include a new HJT log.
Brian
---------- FOLLOW-UP ----------
QUESTION: Hi Brian
here it's the 2 logs first. the one got whit combofix and then the newone whit hjt
ComboFix 09-05-19.03 - John 20/05/2009 11:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1465 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\John\Application Data\inst.exe
c:\windows\system32\eventmgr.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.
2009-05-19 03:15 . 2009-05-19 03:15 -------- d-----w c:\documents and settings\John\undefined
2009-05-18 18:46 . 2009-05-18 18:46 -------- d-----w c:\documents and settings\John\Application Data\Malwarebytes
2009-05-18 18:46 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-18 18:46 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-18 18:46 . 2009-05-18 18:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-18 18:46 . 2009-05-18 18:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-17 18:22 . 2009-05-17 18:22 -------- d-----w c:\program files\Trend Micro
2009-05-12 22:56 . 2009-05-12 22:56 -------- d-----w c:\documents and settings\John\Application Data\DivX
2009-05-12 22:18 . 2009-05-12 22:18 -------- d-----w c:\windows\system32\custom matrices
2009-05-12 22:17 . 2009-05-12 22:18 -------- d-----w c:\windows\system32\C2MP
2009-05-11 04:00 . 2009-03-25 16:06 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-05-11 04:00 . 2009-03-25 16:06 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-05-11 04:00 . 2009-03-25 16:06 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-05-11 04:00 . 2009-03-25 16:06 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-05-11 03:39 . 2009-05-11 03:39 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-05-11 03:24 . 2009-05-11 03:24 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-11 03:23 . 2009-05-11 03:23 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-11 03:22 . 2009-05-11 04:08 -------- d-----w c:\program files\SiteAdvisor
2009-05-11 03:19 . 2008-10-23 18:08 120136 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-05-11 03:17 . 2009-05-11 03:18 -------- d-----w c:\program files\McAfee.com
2009-05-11 03:15 . 2009-03-25 16:05 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-05-10 20:36 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-10 20:36 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-10 20:36 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-10 20:32 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-09 16:35 . 2009-05-09 16:35 -------- d-----w c:\documents and settings\John\Local Settings\Application Data\CyberLink
2009-05-08 03:31 . 2001-08-18 03:36 5632 ----a-w c:\windows\system32\ptpusb.dll
2009-05-08 03:31 . 2008-04-14 10:42 159232 ----a-w c:\windows\system32\ptpusd.dll
2009-05-08 03:31 . 2008-04-14 05:15 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-05-06 16:10 . 2009-05-06 16:10 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-06 15:34 . 2009-05-06 15:34 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-05-06 15:34 . 2008-04-07 10:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-05-06 15:34 . 2008-04-07 10:38 45392 ----a-r c:\windows\system32\AdobePDF.dll
2009-05-05 22:30 . 2009-05-05 22:30 -------- d-----w c:\program files\Common Files\ABBYY
2009-05-05 22:18 . 2009-05-05 22:34 -------- d-----w c:\program files\ABBYY FineReader 9.0
2009-05-04 23:24 . 2009-05-04 23:30 -------- d-----w c:\documents and settings\John\Local Settings\Application Data\Picmeta
2009-05-04 23:24 . 2007-04-28 18:55 70 ----a-w c:\windows\Rviswn.dll
2009-05-04 23:20 . 2009-05-04 23:20 -------- d-----w c:\program files\Element-IT Software
2009-05-04 22:54 . 2009-05-04 22:54 -------- d-----w c:\documents and settings\John\Local Settings\Application Data\kiwi.software.NET
2009-05-04 22:39 . 2000-08-02 04:00 397312 ----a-w c:\windows\system32\msrdo20.DLL
2009-05-04 22:39 . 1998-07-13 04:00 59904 ----a-w c:\windows\system32\MSCC2FR.dll
2009-05-04 22:18 . 2009-05-04 22:25 -------- d-----w c:\documents and settings\All Users\Application Data\PhotoME
2009-05-02 22:27 . 2009-05-02 22:30 -------- dc-h--w c:\windows\ie8
2009-05-02 20:55 . 2009-05-10 04:07 214520 ---ha-w c:\windows\system32\mlfcache.dat
2009-05-02 20:52 . 2009-05-02 20:53 -------- d-----w c:\program files\Safari
2009-05-02 20:51 . 2009-05-02 20:51 -------- d-----w c:\program files\Bonjour
2009-04-29 15:20 . 2009-04-29 15:20 127 ----a-w c:\documents and settings\John\Local Settings\Application Data\fusioncache.dat
2009-04-28 15:55 . 2009-04-28 15:55 -------- d-----w c:\program files\Auralog
2009-04-28 03:25 . 2009-04-28 03:40 -------- d-----w c:\program files\Language Reader
2009-04-28 03:15 . 2009-04-28 03:15 290816 ------w c:\windows\Setup1.exe
2009-04-28 03:15 . 2009-04-28 03:15 74240 ----a-w c:\windows\ST6UNST.EXE
2009-04-28 02:28 . 2009-05-05 23:11 -------- d-----w c:\windows\lhsp
2009-04-28 02:28 . 2009-04-28 02:28 -------- d-----w c:\windows\speech
2009-04-28 02:06 . 2009-05-20 05:19 -------- d-----w c:\program files\TextAloud
2009-04-21 22:41 . 2009-04-21 22:42 -------- d-----w c:\documents and settings\John\Local Settings\Application Data\OLYMPUS
2009-04-21 22:34 . 2005-09-22 22:07 95744 ----a-r c:\windows\system32\atl80.dll
2009-04-21 22:34 . 2005-09-22 22:05 626688 ----a-r c:\windows\system32\msvcr80.dll
2009-04-21 22:34 . 2005-09-22 22:05 548864 ----a-r c:\windows\system32\msvcp80.dll
2009-04-21 22:34 . 2005-09-23 00:16 1079808 ----a-r c:\windows\system32\mfc80u.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 19:46 . 2008-12-16 15:41 -------- d-----w c:\program files\Registry Easy
2009-05-15 15:36 . 2008-12-26 18:06 -------- d-----w c:\program files\McAfee
2009-05-11 21:13 . 2008-12-16 05:08 2516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-05-11 03:32 . 2008-12-26 18:06 -------- d-----w c:\program files\Common Files\McAfee
2009-05-10 04:01 . 2008-12-16 15:39 -------- d-----w c:\program files\Java
2009-05-06 16:11 . 2008-12-15 20:43 296840 ----a-w c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-06 15:34 . 2008-12-15 21:53 -------- d-----w c:\program files\Common Files\Adobe
2009-05-05 04:15 . 2009-02-11 00:54 413512 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-28 15:10 . 2009-01-19 16:05 -------- d-----w c:\program files\Boris FX, Inc
2009-04-28 03:07 . 2008-12-15 20:59 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 16:30 . 2008-12-16 16:36 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-08 22:00 . 2008-12-16 01:46 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-01 01:55 . 2009-04-01 01:55 -------- d-----w c:\program files\Microsoft
2009-04-01 01:54 . 2009-04-01 01:54 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-01 01:53 . 2008-12-16 01:32 -------- d-----w c:\program files\Windows Live
2009-04-01 01:48 . 2009-04-01 01:48 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-27 17:59 . 2009-03-06 20:59 25 -c-h--w c:\windows\koo.dat
2009-03-09 10:19 . 2009-02-03 22:08 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 09:34 . 2008-04-14 05:42 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2008-04-14 05:41 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2008-04-14 05:41 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2008-04-14 05:42 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2008-04-14 05:41 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2008-04-14 05:41 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2008-04-14 05:41 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2008-04-13 21:56 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2008-04-14 05:42 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2001-08-23 14:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2008-04-14 05:42 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-22 17:57 . 2009-02-22 17:57 4421889 ----a-w c:\windows\system32\libavcodec.dll
.
------- Sigcheck -------
[-] 2008-07-19 13:37 1614848 649B4101C35E996E1866037C28A5FD42 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AA8347C-4AA5-4DC2-8350-2F556BABF0AA}]
2005-08-08 01:03 444928 ----a-w c:\progra~1\SMARTM~1\IEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"L08EXLRD_1669921"="c:\program files\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICT.EXE" [2007-05-23 351000]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2006-02-24 188416]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-11-09 688128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-16 185872]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-12 16264192]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\MPK\\Mpk.exe"=
"c:\\WINDOWS\\system32\\MPK\\MpkView.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R0 mcctl;mcctl;c:\windows\system32\drivers\mcctl.sys [15/12/2008 05:25 p.m. 4864]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [01/02/2008 05:24 p.m. 41456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/05/2009 10:21 p.m. 210216]
R3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [15/12/2008 05:25 p.m. 15872]
R3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\pfc027.sys [08/04/2005 10:46 a.m. 162176]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [12/02/2009 12:40 p.m. 480128]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [12/02/2009 12:40 p.m. 1472000]
S3 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [06/12/2007 04:03 p.m. 660768]
S3 ca506aaf;Sunplus USB Audio Filter Driver (WDM);c:\windows\system32\drivers\ca506aaf.sys --> c:\windows\system32\drivers\ca506aaf.sys [?]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [15/12/2008 04:05 p.m. 11520]
S3 SPCA506AV;S912 USB Video Capture;c:\windows\system32\DRIVERS\CA506AV.SYS --> c:\windows\system32\DRIVERS\CA506AV.SYS [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-05-11 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-11 15:53]
2009-05-11 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-11 15:53]
2009-03-02 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2008-12-16 23:42]
2009-05-04 c:\windows\Tasks\User_Feed_Synchronization-{27FE9C8C-9EB6-4AFD-B67D-738C791530F3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-NWEReboot - (no file)
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\md0mq57y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com
FF - component: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\md0mq57y.default\extensions\\components\coolirisstub.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 11:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1637723038-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7324F9BB-8C35-EB0A-3262-A326CBA2BF93}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,4c,8e,71,f2,99,
be,c0,67,e2,63,26,f1,3f,c8,ff,68,d7,e8,90,17,da,e1,39,33,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,35,5e,14,7f,ff,
b0,05,45,6a,9c,d6,61,af,45,84,18,d3,ae,96,f6,9b,56,5f,28,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,ac,57,fe,ed,2c,
12,d3,70,ff,7c,85,e0,43,d4,0e,fe,b9,b1,81,19,61,28,ef,e3,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7324F9BB-8C35-EB0A-3262-A326CBA2BF93}\InProcServer32*]
"kaflkgnpfghfmdlanpcpob"=hex:62,61,66,6b,00,00
"jaflbhncjchjblcemnea"=hex:63,61,63,6c,63,70,00,00
"iafldkfmaeelcfbpeo"=hex:69,61,6c,6b,6d,6a,69,6e,68,6e,64,6f,67,6d,64,66,68,6b,
00,00
"kaflggeaojamkbgcoceone"=hex:63,61,62,6c,6b,6f,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,05,bf,99,76,1f,
71,4c,4d,86,8c,21,01,be,91,eb,e7,23,d7,a9,27,de,8e,f4,06,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,2a,ae,66,1b,a7,
08,47,aa,f5,1d,4d,73,a8,13,5c,05,ca,f6,30,c7,c7,ba,84,fc,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,13,0f,86,08,5f,
29,32,39,df,20,58,62,78,6b,cf,c8,aa,06,84,39,38,dd,dc,1e,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,1b,2c,01,31,7d,
08,73,ba,fb,a7,78,e6,12,2f,9a,ea,2a,4c,d7,48,90,1e,07,4c,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,b7,00,c6,6a,f1,
51,f9,0f,01,3a,48,fc,e8,04,4a,f1,8d,84,0a,30,d7,1d,d4,ca,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,cf,2c,cb,57,a6,
9d,fb,19,f6,0f,4e,58,98,5b,89,c9,f2,da,d6,e3,0c,d1,ae,74,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,46,d7,04,27,ff,
46,6b,48,3d,ce,ea,26,2d,45,aa,78,9a,f7,ab,08,9a,a3,f2,7b,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,48,49,8c,70,f4,
ea,4e,8e,2a,b7,cc,b5,b9,7f,41,e7,9a,39,4f,64,b9,a4,f8,15,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,46,cf,bb,c4,0d,
b9,f5,66,6c,43,2d,1e,aa,22,2f,9c,a9,26,7d,fb,4c,7d,3f,09,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-05-20 11:27
ComboFix-quarantined-files.txt 2009-05-20 16:27
Pre-Run: 16.911.126.528 bytes free
Post-Run: 17.042.558.976 bytes free
309 --- E O F --- 2009-05-12 22:24
+++++++++++++++++++++++++++++++++++++++++++++
hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:29 a.m., on 20/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 195.122.131.3 dl1l32.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1cg.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1cg2.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1tl.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1tl2.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2l32.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2cg.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2cg2.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2tl.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2tl2.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3l32.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3cg.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3cg2.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3tl.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3tl2.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4l32.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4cg.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4cg2.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4tl.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4tl2.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5l32.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5cg.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5cg2.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5tl.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5tl2.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6l32.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6cg.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6cg2.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6tl.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6tl2.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7l32.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7cg.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7cg2.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7tl.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7tl2.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8l32.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8cg.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8cg2.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8tl.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8tl2.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9l32.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9cg.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9cg2.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9tl.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9tl2.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10l32.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10cg.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10cg2.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10tl.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10tl2.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11l32.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11cg.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11cg2.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11tl.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11tl2.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12l32.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12cg.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12cg2.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12tl.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12tl2.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13l32.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13cg.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13cg2.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13tl.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13tl2.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14l32.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14cg.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14cg2.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14tl.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14tl2.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15l32.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15cg.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15cg2.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15tl.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15tl2.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16l32.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16cg.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16cg2.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16tl.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16tl2.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17l32.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17cg.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17cg2.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17tl.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17tl2.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18l32.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18cg.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18cg2.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18tl.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18tl2.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19l32.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19cg.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19cg2.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19tl.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19tl2.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20l32.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20cg.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20cg2.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20tl.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20tl2.rapidshare.com
O1 - Hosts: 195.122.131.43 dl21l32.rapidshare.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3AA8347C-4AA5-4DC2-8350-2F556BABF0AA} - C:\PROGRA~1\SMARTM~1\IEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [L08EXLRD_1669921] "C:\Program Files\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barra de búsqueda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_si
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30A04ECA-8922-4912-A45B-C97C0D5FD077}: NameServer = 200.24.96.29 200.24.96.24
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 18286 bytes
thanks
Hi John
Please open HJT and click to do a Scan Only. Place a check mark in the box next to the following items, close all open browser windows, then click the Fix Checked button:
O1 - Hosts: 195.122.131.3 dl1l32.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1cg.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1cg2.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1tl.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1tl2.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2l32.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2cg.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2cg2.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2tl.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2tl2.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3l32.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3cg.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3cg2.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3tl.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3tl2.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4l32.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4cg.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4cg2.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4tl.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4tl2.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5l32.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5cg.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5cg2.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5tl.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5tl2.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6l32.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6cg.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6cg2.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6tl.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6tl2.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7l32.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7cg.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7cg2.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7tl.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7tl2.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8l32.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8cg.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8cg2.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8tl.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8tl2.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9l32.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9cg.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9cg2.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9tl.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9tl2.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10l32.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10cg.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10cg2.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10tl.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10tl2.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11l32.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11cg.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11cg2.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11tl.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11tl2.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12l32.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12cg.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12cg2.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12tl.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12tl2.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13l32.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13cg.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13cg2.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13tl.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13tl2.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14l32.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14cg.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14cg2.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14tl.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14tl2.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15l32.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15cg.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15cg2.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15tl.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15tl2.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16l32.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16cg.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16cg2.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16tl.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16tl2.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17l32.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17cg.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17cg2.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17tl.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17tl2.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18l32.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18cg.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18cg2.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18tl.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18tl2.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19l32.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19cg.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19cg2.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19tl.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19tl2.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20l32.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20cg.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20cg2.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20tl.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20tl2.rapidshare.com
O1 - Hosts: 195.122.131.43 dl21l32.rapidshare.com
O2 - BHO: (no name) - {3AA8347C-4AA5-4DC2-8350-2F556BABF0AA} - C:\PROGRA~1\SMARTM~1\IEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
After fixing, close HJT, reboot, then post me a fresh HJT log, along with an update from you on how the computer is running.
Brian
Related Articles
Computer Security & Viruses
Answers by Expert:
Brian Benosky
Expertise
I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.
Experience
I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here:
http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm
I am also a Top Contributor of General Computing answers in Yahoo! Questions.
Education/Credentials
College Educated
Self-taught Computer Skills
©2012 About.com, a part of The New York Times Company. All rights reserved.