Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28524
  • Total Topics: 8240
  • Online Today: 922
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: help with trojan and searchclick (PWS.Papras.AC, remove, fix, clean, delete)  (Read 4913 times)

0 Members and 1 Guest are viewing this topic.

rkprd

  • SCF Member
  • **
  • Posts: 11
  • KARMA: 3
hello all, yesterday my computer started running way slower than usual it took forever for windows to start up and to open programs. so I did a scan with bitdefender online scanner and found I have this trojan called Trojan.PWS.Papras.AC so I wanted to know what program would you recommend to remove it?
I also have another problem on google and yahoo when I do a search and click on search result it redirects me to another page called searchclick so I ran hijack this and on the log file I think I found what my problem is where it says O1 - Hosts: 89.149.210.60 www.google.com and O1 - Hosts: 89.149.210.60 us.search.yahoo.com I just want confirmation if it is ok to remove them? and any other things I should remove? here are the log files  the first one is from bitdefender online scanner and the second one is from hijackthis hope someone can help me out i would appreciate it very much thanks

BitDefender QuickScan Beta 32-bit v0.9.9.9

------------------------------------------

Scan date:  Thu Mar 18 12:22:31 2010
Machine ID: 6C876C15



Found 1 infected file!
------------------------
C:\WINDOWS\system32\debugman.dll - Trojan.PWS.Papras.AC



Processes
---------
<verified>  Apple Mobile Device Service              1692    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified>  ArcSoft Connect                          1656    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
<verified>  ATI External Event Utility for WindowsN  1216    C:\WINDOWS\system32\Ati2evxx.exe
<verified>  Bonjour                                  1772    C:\Program Files\Bonjour\mDNSResponder.exe
<verified>  C-Major Audio                            2284    C:\WINDOWS\stsystra.exe
<verified>  Dell Support                             2732    C:\Program Files\Dell Support\DSAgnt.exe
<verified>  Drive Letter Access Component            2368    C:\WINDOWS\system32\dla\tfswctrl.exe
<verified>  Firefox                                  3568    C:\Program Files\Mozilla Firefox\firefox.exe
<verified>  InstallShield Update Service             2312    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<verified>  Intel Modem Event Monitor Application    2300    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
<verified>  LibUsb-Win32                             1736    C:\WINDOWS\system32\libusbd-nt.exe
<verified>  MarkVision for Windows (32 bit)           340    C:\WINDOWS\system32\LEXBCES.EXE
<verified>  MarkVision for Windows (32 bit)           464    C:\WINDOWS\system32\LEXPPS.EXE
<verified>  McAfee Anti-Spam                         3680    C:\Program Files\McAfee\MSK\MskSrver.exe
<verified>  McAfee Integrated Security Platform      2080    C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
<verified>  McAfee Personal Firewall                 3168    C:\Program Files\McAfee\MPF\MPFSrv.exe
<verified>  McAfee Proxy                             2404    C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
<verified>  McAfee SecurityCenter                    2608    C:\Program Files\McAfee.com\Agent\mcagent.exe
<verified>  McAfee SecurityCenter                    1316    C:\Program Files\McAfee\MSC\mcmscsvc.exe
<verified>  McAfee SecurityCenter                    1424    C:\Program Files\McAfee\MSC\mcuimgr.exe
<verified>  McAfee VirusScan API                     4576    C:\Program Files\McAfee\VirusScan\mcsysmon.exe
<verified>  Microsoft Search Enhancement Pack        3968    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
<verified>  Microsoft® Windows® Operating System      248    C:\WINDOWS\eHome\ehmsas.exe
<verified>  Microsoft® Windows® Operating System      424    C:\WINDOWS\eHome\ehRecvr.exe
<verified>  Microsoft® Windows® Operating System      608    C:\WINDOWS\eHome\ehSched.exe
<verified>  Microsoft® Windows® Operating System     2212    C:\WINDOWS\ehome\ehtray.exe
<verified>  Microsoft® Windows® Operating System     1456    C:\WINDOWS\Explorer.EXE
<verified>  Microsoft® Windows® Operating System     4584    C:\WINDOWS\System32\alg.exe
<verified>  Microsoft® Windows® Operating System      840    C:\WINDOWS\system32\csrss.exe
<verified>  Microsoft® Windows® Operating System     2860    C:\WINDOWS\system32\ctfmon.exe
<verified>  Microsoft® Windows® Operating System     4644    C:\WINDOWS\system32\dllhost.exe
<verified>  Microsoft® Windows® Operating System      988    C:\WINDOWS\system32\lsass.exe
<verified>  Microsoft® Windows® Operating System      976    C:\WINDOWS\system32\services.exe
<verified>  Microsoft® Windows® Operating System      784    C:\WINDOWS\System32\smss.exe
<verified>  Microsoft® Windows® Operating System      468    C:\WINDOWS\system32\spoolsv.exe
<verified>  Microsoft® Windows® Operating System     1624    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     1668    C:\WINDOWS\System32\svchost.exe
<verified>  Microsoft® Windows® Operating System     1752    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     1408    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     3300    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     1956    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     2140    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     1300    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     2568    C:\WINDOWS\system32\wbem\wmiapsrv.exe
<verified>  Microsoft® Windows® Operating System      868    C:\WINDOWS\system32\winlogon.exe
<verified>  Microsoft® Windows® Operating System     1272    C:\WINDOWS\system32\wuauclt.exe
<verified>  Nero Home                                2656    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
<verified>  PnkBstrA.exe                             3824    C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
<verified>  Printer Communication System             1812    C:\WINDOWS\system32\dldtcoms.exe
<verified>  Printer Device Monitor                   2512    C:\Program Files\Dell V305\dldtmon.exe
<verified>  RAID Event Monitor                       2264    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
<verified>  RAID Monitor                             1156    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
<verified>  RealPlayer (32-bit)                      2428    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified>  VSCORE.14.0.0.349.x86                    2628    C:\Program Files\McAfee\VirusScan\Mcshield.exe
<verified>  WebCamDV Tray Application                2460    C:\WINDOWS\system\wcdvtray.exe
<verified>  Windows Installer - Unicode              4216    C:\WINDOWS\system32\msiexec.exe


Network activity
----------------
Process firefox.exe (3568) connected on port 80 (HTTP) - 72.247.92.20
Process firefox.exe (3568) connected on port 80 (HTTP) - 77.67.127.33
Process firefox.exe (3568) connected on port 80 (HTTP) - 64.4.30.89
Process firefox.exe (3568) connected on port 80 (HTTP) - 77.67.127.25
Process firefox.exe (3568) connected on port 80 (HTTP) - 66.102.7.101
Process firefox.exe (3568) connected on port 80 (HTTP) - 74.125.164.100
Process firefox.exe (3568) connected on port 80 (HTTP) - 66.102.7.101
Process firefox.exe (3568) connected on port 80 (HTTP) - 66.102.7.100
Process firefox.exe (3568) connected on port 80 (HTTP) - 209.85.129.132
Process firefox.exe (3568) connected on port 80 (HTTP) - 66.235.142.24
Process firefox.exe (3568) connected on port 80 (HTTP) - 77.67.127.24
Process firefox.exe (3568) connected on port 80 (HTTP) - 77.67.127.16
Process firefox.exe (3568) connected on port 80 (HTTP) - 77.67.127.58
Process firefox.exe (3568) connected on port 80 (HTTP) - 216.205.80.54
Process firefox.exe (3568) connected on port 80 (HTTP) - 77.67.127.58
Process firefox.exe (3568) connected on port 80 (HTTP) - 66.102.7.104
Process firefox.exe (3568) connected on port 80 (HTTP) - 77.67.127.58
Process firefox.exe (3568) connected on port 80 (HTTP) - 77.67.127.58
Process firefox.exe (3568) connected on port 80 (HTTP) - 77.67.127.58
Process firefox.exe (3568) connected on port 80 (HTTP) - 72.247.77.115

Process LEXPPS.EXE (464) listens on ports: 1025 (RPC)
Process services.exe (976) listens on ports: 2479, 3246, 65533
Process svchost.exe (1300) listens on ports: 3389 (Terminal Server)
Process svchost.exe (1408) listens on ports: 135 (RPC)
Process dldtcoms.exe (1812) listens on ports: 10088
Process McNASvc.exe (2080) listens on ports: 6646


Autoruns and critical files
---------------------------
<verified>  Apple Software Update                    C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified>  C-Major Audio                            C:\WINDOWS\stsystra.exe
<verified>  Dell Support                             C:\Program Files\Dell Support\DSAgnt.exe
<verified>  dldtamon.exe                             C:\Program Files\Dell V305\dldtamon.exe
<verified>  Drive Letter Access Component            C:\WINDOWS\system32\dla\tfswctrl.exe
<verified>  Google Update                            C:\Documents and Settings\Hiram\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
<verified>  Google Update                            C:\Program Files\Google\Update\GoogleUpdate.exe
<verified>  Google Updater                           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
<verified>  InstallShield Update Service             C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<verified>  InstallShield Update Service             C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
<verified>  Intel Modem Event Monitor Application    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
<verified>  McAfee QuickClean                        c:\Program Files\McAfee\MQC\QcConsol.exe
<verified>  McAfee SecurityCenter                    C:\Program Files\McAfee.com\Agent\mcagent.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\ehome\ehtray.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\browseui.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\crypt32.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\cryptnet.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\cscdll.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\ctfmon.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\logonui.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\sclgntfy.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\shell32.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\stobject.dll
<verified>  Microsoft® Windows® Operating System     c:\windows\system32\userinit.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\wlnotify.dll
<verified>  Nero Home                                C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
<verified>  Printer Device Monitor                   C:\Program Files\Dell V305\dldtmon.exe
<verified>  RAID Event Monitor                       C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
<verified>  RealPlayer (32-bit)                      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified>  WebCamDV Tray Application                C:\WINDOWS\system\wcdvtray.exe
<verified>  Windows Genuine Advantage                C:\WINDOWS\system32\WgaLogon.dll
<verified>  Windows® Internet Explorer               C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned>  Google Earth Plugin                      C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned>  IE Toolbar                               c:\program files\celebrity toolbar\tbcore3.dll
<unsigned>  NPSWF32.dll                              C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned>  RealJukebox NS Plugin                    C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned>  RealJukebox NS Plugin                    C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned>  RealPlayer Version Plugin                C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned>  RealPlayer Version Plugin                C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

<verified>  AcroIEHelper Library                     c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
<verified>  Adobe Acrobat                            C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified>  BitDefender QuickScan                    C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles/c8wx0gtz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified>  BitDefender QuickScan                    C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles/c8wx0gtz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified>  BitTorrent                               C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
<verified>  Bonjour                                  C:\Program Files\Bonjour\mdnsNSP.dll
<verified>  DivX® Content Upload Plugin              C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
<verified>  DivX® Web Player                         C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<verified>  DivX® Web Player                         C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
<verified>  Google Update                            C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
<verified>  Google Updater                           C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
<verified>  GoogleToolbarNotifier                    c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
<verified>  InstallShield Update Service             C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<verified>  InstallShield Update Service             C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<verified>  InstallShield Update Service             C:\WINDOWS\Downloaded Program Files\isusweb.dll
<verified>  Java(TM) Platform SE 6 U1                c:\program files\java\jre1.6.0_01\bin\ssv.dll
<verified>  mcapbho.dll                              c:\program files\mcafee\msk\mcapbho.dll
<verified>  Messenger                                C:\Program Files\Messenger\msmsgs.exe
<verified>  Microsoft Office Live Plug-in for Firef  C:\Program Files\Microsoft\Office Live\npOLW.dll
<verified>  Microsoft Search Enhancement Pack        c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
<verified>  Microsoft® Windows Live Login Helper     c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified>  Microsoft® Windows Media Player Firefox  C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\mswsock.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\rsvpsp.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\winrnr.dll
<verified>  Mozilla Default Plug-in                  C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npnul32.dll
<verified>  Mozilla Default Plug-in                  C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified>  msdxm.ocx                                c:\idf commander\msdxm.ocx
<verified>  MSN Photo Upload Control                 C:\WINDOWS\Downloaded Program Files\CONFLICT.1\PURen-us.dll
<verified>  MSN Photo Upload Control                 C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
<verified>  MSN Photo Upload Control                 C:\WINDOWS\Downloaded Program Files\PURen-us.dll
<verified>  MsnMessengerSetupDownloader              C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
<verified>  MSN® Games by Zone.com                   C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MessengerStatsPAClient.dll
<verified>  MSN® Games by Zone.com                   C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
<verified>  MSN® Games by Zone.com                   C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
<verified>  MSN® Games by Zone.com                   C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
<verified>  MSN® Games by Zone.com                   C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
<verified>  MSN® Games by Zone.com                   C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll
<verified>  MSN® Games by Zone.com                   C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
<verified>  npitunes.dll                             C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified>  RealNetworks Rhapsody Player Engine      C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
<verified>  RealPlayer(tm) G2 LiveConnect-Enabled P  C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verified>  RealPlayer(tm) G2 LiveConnect-Enabled P  C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<verified>  Shockwave for Director                   C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
<verified>  Silverlight Plug-In                      c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified>  VSCORE.14.0.0.366.x86                    c:\program files\mcafee\virusscan\scriptsn.dll
<verified>  Windows Genuine Advantage                C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
<verified>  Windows Live Photo Upload Control        C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll
<verified>  Windows Live Toolbar                     c:\program files\windows live\toolbar\wltcore.dll
<verified>  Windows Live® Photo Gallery              C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
<verified>  Windows Presentation Foundation          c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified>  Windows® Internet Explorer               C:\WINDOWS\system32\ieframe.dll


Missing files
-------------
File not found: %Windows%\svchost.exe
 referenced in: HKLM\System\CurrentControlSet\Services\netfirewall\"ImagePath"

File not found: C:\Program Files\Virtual Earth 3D\
 referenced in: HLKM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5\"Path"
 referenced in: HLKM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0\"Path"
 referenced in: HLKM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0\"Path"

File not found: C:\WINDOWS\System32\Drivers\vaxscsi.sys
 referenced in: HKLM\System\CurrentControlSet\Services\vaxscsi\"ImagePath"

File not found: C:\WINDOWS\System32\hidserv.dll
 referenced in: HKLM\System\CurrentControlSet\Services\HidServ\Parameters\"ServiceDll"

File not found: C:\WINDOWS\boot.win Home Edition
 referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"WindowsVersion"

File not found: C:\WINDOWS\command.win MsDos
 referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Cmd"

File not found: System32\Drivers\sptd.sys
 referenced in: HKLM\System\CurrentControlSet\Services\sptd\"ImagePath"

File not found: system32\DRIVERS\wanatw4.sys
 referenced in: HKLM\System\CurrentControlSet\Services\wanatw\"ImagePath"

File not found: system32\drivers\InCDFs.sys
 referenced in: HKLM\System\CurrentControlSet\Services\InCDFs\"ImagePath"

File not found: system32\drivers\InCDPass.sys
 referenced in: HKLM\System\CurrentControlSet\Services\InCDPass\"ImagePath"

File not found: system32\drivers\InCDRm.sys
 referenced in: HKLM\System\CurrentControlSet\Services\InCDRm\"ImagePath"


Scan
----
<unsigned>  MD5: f1a319e89fe7062dd2ace95475f755df  c:\program files\celebrity toolbar\tbcore3.dll
<unsigned>  MD5: ebbc14d79fac8e637dee73c8892a198f  C:\Program Files\Dell Support\actmgr.dll
<unsigned>  MD5: 7f0a04c6ca207c3926b9b1c421105ec2  C:\Program Files\Dell Support\cfgdata.dll
<unsigned>  MD5: c48b53f34704ef6ff4a14c9b33118e6b  C:\Program Files\Dell Support\gtagnt.dll
<unsigned>  MD5: fb30c571f722ff6338de94d6619bb9eb  C:\Program Files\Dell Support\trgmgr.dll
<unsigned>  MD5: 26198ed2d8cad86d6d8db97f51ad99f5  C:\Program Files\Dell V305\dldtdrs.dll
<unsigned>  MD5: 7bdae8270e7b465cb9002d3248ff2696  C:\Program Files\Dell V305\dldtmonr.dll
<unsigned>  MD5: dbf13458809bbd5d0db44f2512504550  C:\Program Files\Dell V305\dldtscw.dll
<unsigned>  MD5: 2dc61f643534045b332d20cccd7a2b9d  C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned>  MD5: 1aab00ae4ffb5c72a0a06a254f80510e  C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned>  MD5: 39dfd2c92728fca093d5bdefe5f6e801  C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned>  MD5: 53e2386cf2263be3551089a2371dbbf8  C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned>  MD5: 6ee7e41eefe79719b289557fcca7804f  C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned>  MD5: 89e6d66ec90b4e8e41b55248eb7c84cb  C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned>  MD5: 7b93c623333f121dc9e689ccb1b7a733  C:\Program Files\Nero\Nero 7\Nero BackItUp\mfc71u.dll
<unsigned>  MD5: b2a0af227c3e0a27856082a05d8658e3  C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
<unsigned>  MD5: 53e2386cf2263be3551089a2371dbbf8  C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned>  MD5: 6ee7e41eefe79719b289557fcca7804f  C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<unsigned>  MD5: 6bd60f146517279193a91ad37812954c  C:\Program Files\WinRAR\RarExt.dll
<unsigned>  MD5: b5f4bec85451703fa2bea6b7f6ba7055  C:\PROGRA~1\DELLSU~1\gdql_d.dll
<unsigned>  MD5: 3e4a1172fb27f77f93fadf76bc6de7a8  C:\PROGRA~1\DELLSU~1\GTAction\handlers\grouph.dll
<unsigned>  MD5: 3d516a4d183458005de56dc188bc817e  C:\PROGRA~1\DELLSU~1\GTAction\handlers\qdiagh.dll
<unsigned>  MD5: ca4afacf60fd1c3e48e0c50001a40e9b  C:\PROGRA~1\DELLSU~1\GTAction\handlers\trgloadh.dll
<unsigned>  MD5: 52736026bf97a67726e566eefe1b9206  C:\PROGRA~1\DELLSU~1\GTAction\handlers\trgregh.dll
<unsigned>  MD5: 841ccd0dbea2054251bfb22949c38829  C:\PROGRA~1\DELLSU~1\GTAction\triggers\DSproct.dll
<unsigned>  MD5: 183dad2d7060ff4252e9142dcf0e1e7a  C:\PROGRA~1\DELLSU~1\GTAction\triggers\DSWnHnt.dll
<unsigned>  MD5: 6e67638e0fe37e80acda1eb10e227c66  C:\PROGRA~1\DELLSU~1\GTAction\triggers\timert.dll
<unsigned>  MD5: adfee5e7f51f3aa252e744c3f3c680bb  C:\WINDOWS\iprot\bf3466d4-217f-4819-9794-7c54decd2ffd\PhysMem.sys
<unsigned>  MD5: f431c940dec26b05a63d1d84ae64ab46  C:\WINDOWS\system32\debugman.dll
<unsigned>  MD5: 03231c268ec438378e7d425dd41d1089  C:\WINDOWS\system32\DRIVERS\0140_ION.sys
<unsigned>  MD5: 081b95ae082613328fb7cd4451b67d93  C:\WINDOWS\system32\DRIVERS\dualshock3.sys
<unsigned>  MD5: f5cf06754ae54d9d3353fc9c59bc4e04  C:\WINDOWS\System32\DRIVERS\papycpu2.sys
<unsigned>  MD5: b09a71e8e1e127455f3a2fe83d38851f  C:\WINDOWS\System32\DRIVERS\papyjoy.sys
<unsigned>  MD5: b27f70092a84b2a381d1fcdbbb82f876  C:\WINDOWS\System32\drivers\sfsync03.sys
<unsigned>  MD5: 21017e14e92b65f157ae30be7badaf5e  C:\WINDOWS\system32\DRIVERS\ss.sys
<unsigned>  MD5: f8efdcfc440a420d6c1ecd245ab20207  C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<unsigned>  MD5: fd8fc025bafcec30dd7701005d2010ff  C:\WINDOWS\system32\termsrv32.dll

No file uploaded.

Scan finished - communication took 6 sec
Total traffic - 0.01 MB sent, 0.35 KB recvd
Scanned 849 files and modules - 165 seconds



------------------------------------------------------------------------------------------------

HIJACK THIS LOG


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:30:21 PM, on 3/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O1 - Hosts: 89.149.210.60 www.google.com
O1 - Hosts: 89.149.210.60 www.google.de
O1 - Hosts: 89.149.210.60 www.google.fr
O1 - Hosts: 89.149.210.60 www.google.co.uk
O1 - Hosts: 89.149.210.60 www.google.com.br
O1 - Hosts: 89.149.210.60 www.google.co.jp
O1 - Hosts: 89.149.210.60 www.google.com.mx
O1 - Hosts: 89.149.210.60 www.google.gr
O1 - Hosts: 89.149.210.60 www.google.se
O1 - Hosts: 89.149.210.60 www.google.it
O1 - Hosts: 89.149.210.60 www.google.dk
O1 - Hosts: 89.149.210.60 www.google.ie
O1 - Hosts: 89.149.210.60 www.google.fi
O1 - Hosts: 89.149.210.60 www.google.ca
O1 - Hosts: 89.149.210.60 www.google.com.au
O1 - Hosts: 89.149.210.60 www.google.co.za
O1 - Hosts: 89.149.210.60 www.google.be
O1 - Hosts: 89.149.210.60 www.google.at
O1 - Hosts: 89.149.210.60 www.google.no
O1 - Hosts: 89.149.210.60 www.google.ch
O1 - Hosts: 89.149.210.60 www.google.pt
O1 - Hosts: 89.149.210.60 search.yahoo.com
O1 - Hosts: 89.149.210.60 us.search.yahoo.com
O1 - Hosts: 89.149.210.60 uk.search.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\IDF Commander\msdxm.ocx
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [Cmd] C:\WINDOWS\command.win MsDos
O4 - HKLM\..\Run: [WindowsVersion] C:\WINDOWS\boot.win Home Edition
O4 - HKLM\..\Run: [dldtmon.exe] "C:\Program Files\Dell V305\dldtmon.exe"
O4 - HKLM\..\Run: [dldtamon] "C:\Program Files\Dell V305\dldtamon.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196731505781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CBB52A6-9432-4537-87E9-67067C44E1C2}: NameServer = 93.188.164.205,93.188.161.79
O17 - HKLM\System\CCS\Services\Tcpip\..\{E016B844-B896-4A2A-9DA8-4A6529A8A31B}: NameServer = 93.188.164.205,93.188.161.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.205,93.188.161.79
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldt_device -   - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WMP54GRSVC - GEMTEKS - C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WLService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 14430 bytes


Samker's Computer Forum - SCforum.info





Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum

Trojan-PWS.Papras drop a rookit file and has keylogger characteristic in order to perform malicious action without user's knowledge.

We will first clean infection and after that look "closer" HJT log:

Now please follow next steps:

1. Turn of System Restore

Quote
Steps to turn off System Restore

1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.

Do you want to turn off System Restore?
After a few moments, the System Properties dialog box closes.


2. Update your McAfee AV

3. Download, Install and Update SUPERAntiSpyware: http://scforum.info/index.php/topic,116.0.html and Malwarebyte's: http://scforum.info/index.php/topic,2201.0.html

4. Restart your PC and run in Safe Mode.


Quote
To start the computer in safe mode
1.
You should print these instructions before continuing. They will not be available after you shut your computer down in step 2.

2.
Click Start and then click Shut Down.

3.
In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK.

4.
As your computer restarts but before Windows launches, press F8.
On a computer that is configured for booting to multiple operating systems, you can press F8 when the boot menu appears.

5.
Use the arrow keys to highlight the appropriate safe mode option, and then press ENTER.

6.
If you have a dual-boot or multiple-boot system, choose the installation that you need to access using the arrow keys, and then press ENTER.


Note•
If Windows launches before you can choose a safe mode, restart your computer and try again.

In safe mode, you have access to only basic files and drivers (mouse, monitor, keyboard, mass storage, base video, default system services, and no network connections). You can choose the Safe Mode with Networking option, which loads all of the above files and drivers and the essential services and drivers to start networking, or you can choose the Safe Mode with Command Prompt option, which is exactly the same as safe mode except that a command prompt is started instead of the graphical user interface. You can also choose Last Known Good Configuration, which starts your computer using the registry information that was saved at the last shutdown.

Safe mode helps you diagnose problems. If a symptom does not reappear when you start in safe mode, you can eliminate the default settings and minimum device drivers as possible causes. If a newly added device or a changed driver is causing problems, you can use safe mode to remove the device or reverse the change.

There are circumstances where safe mode will not be able to help you, such as when Windows system files that are required to start the system are corrupted or damaged. In this case, the Recovery Console may help you.

NUM LOCK must be off before the arrow keys on the numeric keypad will function.



5. Run Full Scans and Delete all suspected files, first with SUPERAntiSpyware and then with Malwartebytes

5. Run Full Scan with your McAfee AntiVirus

6. After that BitDefender Online Scan: http://scforum.info/index.php/topic,734.0.html

7. After that HijackThis (it's important to before running HJT turn of all possible programs)

8. Finally provide us new logs from both (BitDefender and HJT)


I'll be waiting your next reply.


Regards,

S.

rkprd

  • SCF Member
  • **
  • Posts: 11
  • KARMA: 3
if I could only boot into safe mode :( I havent been able to start in safe mode or any of the other versions even before I had this problem it always gets stuck at mup.sys when the drivers are loading. Ive done a search on why this happens and theres way too many fixes to start troubleshooting with my computer the state it is right now. yesterday I was able to download and do a full scan with superantispyware and it did remove some trojans and other infections without my computer freezing up. I ran hijack this and save the logged and pasted it on here and just as I was about to click on the post reply button my computer froze up again >:( right now I am on another computer which is why I am able to take the time and write all this right now without having to worry about my computer crashing on me so I come to you again for your advice, do I have any other options without having to reformat my pc? can I put the hard drive in another computer with safe mode working and scan it from there?

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
if I could only boot into safe mode :( I havent been able to start in safe mode or any of the other versions even before I had this problem it always gets stuck at mup.sys when the drivers are loading. Ive done a search on why this happens and theres way too many fixes to start troubleshooting with my computer the state it is right now. yesterday I was able to download and do a full scan with superantispyware and it did remove some trojans and other infections without my computer freezing up. I ran hijack this and save the logged and pasted it on here and just as I was about to click on the post reply button my computer froze up again >:( right now I am on another computer which is why I am able to take the time and write all this right now without having to worry about my computer crashing on me so I come to you again for your advice, do I have any other options without having to reformat my pc? can I put the hard drive in another computer with safe mode working and scan it from there?


No pal, try to make a scans in "Normal" Mode (SUPRAntiSpyware -> Malwarebytes -> McAfee) and give us new logs.
Hope you don't have problem to disable System Restore?

I'll wait news from you?


rkprd

  • SCF Member
  • **
  • Posts: 11
  • KARMA: 3
Re: help with trojan (Trojan.PWS.Papras.AC, debugman.dll)
« Reply #4 on: 19. March 2010., 23:42:36 »
ok I had already done a full scan with mcafee and antimalwarebytes before I posted the first hijackthis log so the only difference on this one should be with superantispyware. I did erase the google host files that I mentioned in the first post they were the problem with searchclick I was having so that issue is resolved but the virus may still be there. I also just did a scan with bitdefender online scanner and it doesnt detect an infection anymore so it appears that superantispyware did remove it.
here is the new hijack this log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 3:34:55 PM, on 3/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\ehome\ehtray.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\IDF Commander\msdxm.ocx
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [Cmd] C:\WINDOWS\command.win MsDos
O4 - HKLM\..\Run: [WindowsVersion] C:\WINDOWS\boot.win Home Edition
O4 - HKLM\..\Run: [dldtmon.exe] "C:\Program Files\Dell V305\dldtmon.exe"
O4 - HKLM\..\Run: [dldtamon] "C:\Program Files\Dell V305\dldtamon.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196731505781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.205,93.188.161.79
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.164.205,93.188.161.79
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: dldt_device -   - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WMP54GRSVC - GEMTEKS - C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WLService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 13451 bytes




and new bitdefender online scanner log



BitDefender QuickScan Beta 32-bit v0.9.9.9
------------------------------------------

Scan date:  Fri Mar 19 15:44:49 2010
Machine ID: 6C876C15



No infection found.
---------------------


Processes
---------
<verified>  Apple Mobile Device Service              1788    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified>  ArcSoft Connect                          1680    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
<verified>  ATI External Event Utility for WindowsN  1240    C:\WINDOWS\system32\Ati2evxx.exe
<verified>  Bonjour                                  1812    C:\Program Files\Bonjour\mDNSResponder.exe
<verified>  C-Major Audio                            2352    C:\WINDOWS\stsystra.exe
<verified>  Drive Letter Access Component            2428    C:\WINDOWS\system32\dla\tfswctrl.exe
<verified>  Firefox                                  4912    C:\Program Files\Mozilla Firefox\firefox.exe
<verified>  InstallShield Update Service             2400    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<verified>  Intel Modem Event Monitor Application    2384    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
<verified>  LibUsb-Win32                              956    C:\WINDOWS\system32\libusbd-nt.exe
<verified>  MarkVision for Windows (32 bit)           456    C:\WINDOWS\system32\LEXBCES.EXE
<verified>  MarkVision for Windows (32 bit)           504    C:\WINDOWS\system32\LEXPPS.EXE
<verified>  McAfee Anti-Spam                         3296    C:\Program Files\McAfee\MSK\MskSrver.exe
<verified>  McAfee Integrated Security Platform      2224    C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
<verified>  McAfee Personal Firewall                 3036    C:\Program Files\McAfee\MPF\MPFSrv.exe
<verified>  McAfee Proxy                             2448    C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
<verified>  McAfee SecurityCenter                    2568    C:\Program Files\McAfee.com\Agent\mcagent.exe
<verified>  McAfee SecurityCenter                    1756    C:\Program Files\McAfee\MSC\mcmscsvc.exe
<verified>  McAfee SecurityCenter                    5740    C:\Program Files\McAfee\MSC\mcuimgr.exe
<verified>  McAfee VirusScan API                     2596    C:\Program Files\McAfee\VirusScan\mcsysmon.exe
<verified>  Microsoft Search Enhancement Pack         548    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
<verified>  Microsoft® Windows® Operating System     3328    C:\WINDOWS\eHome\ehmsas.exe
<verified>  Microsoft® Windows® Operating System      660    C:\WINDOWS\eHome\ehRecvr.exe
<verified>  Microsoft® Windows® Operating System      692    C:\WINDOWS\eHome\ehSched.exe
<verified>  Microsoft® Windows® Operating System     2184    C:\WINDOWS\ehome\ehtray.exe
<verified>  Microsoft® Windows® Operating System     1500    C:\WINDOWS\Explorer.EXE
<verified>  Microsoft® Windows® Operating System     3176    C:\WINDOWS\System32\alg.exe
<verified>  Microsoft® Windows® Operating System      856    C:\WINDOWS\system32\csrss.exe
<verified>  Microsoft® Windows® Operating System     2908    C:\WINDOWS\system32\ctfmon.exe
<verified>  Microsoft® Windows® Operating System     1020    C:\WINDOWS\system32\lsass.exe
<verified>  Microsoft® Windows® Operating System     5256    C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
<verified>  Microsoft® Windows® Operating System     1008    C:\WINDOWS\system32\services.exe
<verified>  Microsoft® Windows® Operating System      796    C:\WINDOWS\System32\smss.exe
<verified>  Microsoft® Windows® Operating System      512    C:\WINDOWS\system32\spoolsv.exe
<verified>  Microsoft® Windows® Operating System     2004    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     1836    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     1688    C:\WINDOWS\System32\svchost.exe
<verified>  Microsoft® Windows® Operating System     1644    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     1440    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     2840    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     1284    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     3596    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     3060    C:\WINDOWS\system32\wbem\wmiapsrv.exe
<verified>  Microsoft® Windows® Operating System      888    C:\WINDOWS\system32\winlogon.exe
<verified>  Microsoft® Windows® Operating System     5464    C:\WINDOWS\system32\wuauclt.exe
<verified>  Nero Home                                2700    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
<verified>  PnkBstrA.exe                             3404    C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
<verified>  Printer Communication System              636    C:\WINDOWS\system32\dldtcoms.exe
<verified>  RAID Event Monitor                       2336    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
<verified>  RAID Monitor                             1304    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
<verified>  RealPlayer (32-bit)                      2464    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified>  Threat Expert Ltd. Browser Defender      1848    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
<verified>  VSCORE.14.0.0.349.x86                    5092    C:\Program Files\McAfee\VirusScan\Mcshield.exe
<verified>  WebCamDV Tray Application                2492    C:\WINDOWS\system\wcdvtray.exe


Network activity
----------------
Process firefox.exe (4912) connected on port 80 (HTTP) - 184.50.12.20
Process firefox.exe (4912) connected on port 80 (HTTP) - 63.215.202.49
Process firefox.exe (4912) connected on port 80 (HTTP) - 184.50.5.115
Process firefox.exe (4912) connected on port 80 (HTTP) - 66.102.7.100
Process firefox.exe (4912) connected on port 80 (HTTP) - 63.217.8.35
Process firefox.exe (4912) connected on port 80 (HTTP) - 66.102.7.101
Process firefox.exe (4912) connected on port 80 (HTTP) - 66.102.7.99
Process firefox.exe (4912) connected on port 80 (HTTP) - 168.75.65.85
Process firefox.exe (4912) connected on port 80 (HTTP) - 8.19.18.8
Process firefox.exe (4912) connected on port 80 (HTTP) - 66.102.7.155
Process firefox.exe (4912) connected on port 80 (HTTP) - 66.102.7.101
Process firefox.exe (4912) connected on port 80 (HTTP) - 66.102.7.155
Process firefox.exe (4912) connected on port 80 (HTTP) - 66.235.142.20
Process firefox.exe (4912) connected on port 80 (HTTP) - 63.215.202.48
Process firefox.exe (4912) connected on port 80 (HTTP) - 66.102.7.155
Process firefox.exe (4912) connected on port 80 (HTTP) - 168.75.65.85
Process firefox.exe (4912) connected on port 80 (HTTP) - 63.217.8.131

Process LEXPPS.EXE (504) listens on ports: 1025 (RPC)
Process dldtcoms.exe (636) listens on ports: 10088
Process services.exe (1008) listens on ports: 2479, 3246, 65533
Process svchost.exe (1284) listens on ports: 3389 (Terminal Server)
Process svchost.exe (1440) listens on ports: 135 (RPC)
Process McNASvc.exe (2224) listens on ports: 6646


Autoruns and critical files
---------------------------
<unsigned>  SuperAntiSpyware                         c:\program files\superantispyware\sasseh.dll
<unsigned>  SUPERAntiSpyware WinLogon Processor      C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

<verified>  Apple Software Update                    C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified>  C-Major Audio                            C:\WINDOWS\stsystra.exe
<verified>  dldtamon.exe                             C:\Program Files\Dell V305\dldtamon.exe
<verified>  Drive Letter Access Component            C:\WINDOWS\system32\dla\tfswctrl.exe
<verified>  Google Update                            C:\Documents and Settings\Hiram\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
<verified>  Google Update                            C:\Program Files\Google\Update\GoogleUpdate.exe
<verified>  Google Updater                           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
<verified>  InstallShield Update Service             C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<verified>  Intel Modem Event Monitor Application    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
<verified>  McAfee QuickClean                        c:\Program Files\McAfee\MQC\QcConsol.exe
<verified>  McAfee SecurityCenter                    C:\Program Files\McAfee.com\Agent\mcagent.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\ehome\ehtray.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\browseui.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\crypt32.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\cryptnet.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\cscdll.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\ctfmon.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\logonui.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\sclgntfy.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\shell32.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\stobject.dll
<verified>  Microsoft® Windows® Operating System     c:\windows\system32\userinit.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\wlnotify.dll
<verified>  Nero Home                                C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
<verified>  Printer Device Monitor                   C:\Program Files\Dell V305\dldtmon.exe
<verified>  RAID Event Monitor                       C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
<verified>  WebCamDV Tray Application                C:\WINDOWS\system\wcdvtray.exe
<verified>  Windows Genuine Advantage                C:\WINDOWS\system32\WgaLogon.dll
<verified>  Windows® Internet Explorer               C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned>  Google Earth Plugin                      C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned>  NPSWF32.dll                              C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned>  QuickTime Plug-in 7.3.1                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned>  RealJukebox NS Plugin                    C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned>  RealJukebox NS Plugin                    C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned>  RealPlayer Version Plugin                C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned>  RealPlayer Version Plugin                C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

<verified>  AcroIEHelper Library                     c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
<verified>  Adobe Acrobat                            C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified>  BitDefender QuickScan                    C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles/c8wx0gtz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified>  BitDefender QuickScan                    C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles/c8wx0gtz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified>  BitTorrent                               C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
<verified>  Bonjour                                  C:\Program Files\Bonjour\mdnsNSP.dll
<verified>  DivX® Content Upload Plugin              C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
<verified>  DivX® Web Player                         C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<verified>  DivX® Web Player                         C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
<verified>  Google Update                            C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
<verified>  Google Updater                           C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
<verified>  GoogleToolbarNotifier                    c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
<verified>  InstallShield Update Service             C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<verified>  InstallShield Update Service             C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<verified>  InstallShield Update Service             C:\WINDOWS\Downloaded Program Files\isusweb.dll
<verified>  Java(TM) Platform SE 6 U1                c:\program files\java\jre1.6.0_01\bin\ssv.dll
<verified>  mcapbho.dll                              c:\program files\mcafee\msk\mcapbho.dll
<verified>  Messenger                                C:\Program Files\Messenger\msmsgs.exe
<verified>  Microsoft Office Live Plug-in for Firef  C:\Program Files\Microsoft\Office Live\npOLW.dll
<verified>  Microsoft Search Enhancement Pack        c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
<verified>  Microsoft® Windows Live Login Helper     c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified>  Microsoft® Windows Media Player Firefox  C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\mswsock.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\rsvpsp.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\winrnr.dll
<verified>  Mozilla Default Plug-in                  C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npnul32.dll
<verified>  Mozilla Default Plug-in                  C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified>  msdxm.ocx                                c:\idf commander\msdxm.ocx
<verified>  MSN Photo Upload Control                 C:\WINDOWS\Downloaded Program Files\CONFLICT.1\PURen-us.dll
<verified>  MSN Photo Upload Control                 C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
<verified>  MSN Photo Upload Control                 C:\WINDOWS\Downloaded Program Files\PURen-us.dll
<verified>  MsnMessengerSetupDownloader              C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
<verified>  MSN® Games by Zone.com                   C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MessengerStatsPAClient.dll
<verified>  MSN® Games by Zone.com                   C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
<verified>  MSN® Games by Zone.com                   C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
<verified>  MSN® Games by Zone.com                   C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
<verified>  MSN® Games by Zone.com                   C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
<verified>  MSN® Games by Zone.com                   C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll
<verified>  MSN® Games by Zone.com                   C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
<verified>  npitunes.dll                             C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified>  PC Tools Content Filter                  C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
<verified>  RealNetworks Rhapsody Player Engine      C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
<verified>  RealPlayer(tm) G2 LiveConnect-Enabled P  C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verified>  RealPlayer(tm) G2 LiveConnect-Enabled P  C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<verified>  Shockwave for Director                   C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
<verified>  Silverlight Plug-In                      c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified>  Threat Expert Ltd. Browser Defender      c:\program files\spyware doctor\bdt\pctbrowserdefender.dll
<verified>  VSCORE.14.0.0.366.x86                    c:\program files\mcafee\virusscan\scriptsn.dll
<verified>  Windows Genuine Advantage                C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
<verified>  Windows Live Photo Upload Control        C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll
<verified>  Windows Live Toolbar                     c:\program files\windows live\toolbar\wltcore.dll
<verified>  Windows Live® Photo Gallery              C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
<verified>  Windows Presentation Foundation          c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified>  Windows® Internet Explorer               C:\WINDOWS\system32\ieframe.dll


Missing files
-------------
File not found: C:\Program Files\Virtual Earth 3D\
 referenced in: HLKM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5\"Path"
 referenced in: HLKM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0\"Path"
 referenced in: HLKM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0\"Path"

File not found: C:\WINDOWS\boot.win Home Edition
 referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"WindowsVersion"

File not found: C:\WINDOWS\command.win MsDos
 referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Cmd"


Scan
----
<unsigned>  MD5: 2dc61f643534045b332d20cccd7a2b9d  C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned>  MD5: 1aab00ae4ffb5c72a0a06a254f80510e  C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned>  MD5: 39dfd2c92728fca093d5bdefe5f6e801  C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned>  MD5: 7362dd144de73c7ee80408c1ad9ebe91  C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned>  MD5: 53e2386cf2263be3551089a2371dbbf8  C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned>  MD5: 6ee7e41eefe79719b289557fcca7804f  C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned>  MD5: 89e6d66ec90b4e8e41b55248eb7c84cb  C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned>  MD5: 53e2386cf2263be3551089a2371dbbf8  C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned>  MD5: 6ee7e41eefe79719b289557fcca7804f  C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<unsigned>  MD5: ecd5517a6633826057d4f050927ddf56  c:\program files\superantispyware\sasseh.dll
<unsigned>  MD5: 482e8f6fd557d5a0df7363f72df145fe  C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
<unsigned>  MD5: adfee5e7f51f3aa252e744c3f3c680bb  C:\WINDOWS\iprot\bf3466d4-217f-4819-9794-7c54decd2ffd\PhysMem.sys
<unsigned>  MD5: 8edd7b9e4a4b4c16e2dab9188caa861b  C:\WINDOWS\system32\DDMI2.sys
<unsigned>  MD5: 03231c268ec438378e7d425dd41d1089  C:\WINDOWS\system32\DRIVERS\0140_ION.sys
<unsigned>  MD5: 081b95ae082613328fb7cd4451b67d93  C:\WINDOWS\system32\DRIVERS\dualshock3.sys
<unsigned>  MD5: f5cf06754ae54d9d3353fc9c59bc4e04  C:\WINDOWS\System32\DRIVERS\papycpu2.sys
<unsigned>  MD5: b09a71e8e1e127455f3a2fe83d38851f  C:\WINDOWS\System32\DRIVERS\papyjoy.sys
<unsigned>  MD5: b27f70092a84b2a381d1fcdbbb82f876  C:\WINDOWS\System32\drivers\sfsync03.sys
<unsigned>  MD5: 21017e14e92b65f157ae30be7badaf5e  C:\WINDOWS\system32\DRIVERS\ss.sys
<unsigned>  MD5: f8efdcfc440a420d6c1ecd245ab20207  C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<unsigned>  MD5: fd8fc025bafcec30dd7701005d2010ff  C:\WINDOWS\system32\termsrv32.dll
<unsigned>  MD5: f2df54478a15b313b2567d4daa3b5e2f  Explorer.exe

The following file(s) must be uploaded for server-side scanning:
  Explorer.exe

Upload started - 1 file(s)
  Explorer.exe (363008)
Upload speed - 18 KB/s
Upload finished - 1 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 20 sec
Total traffic - 0.36 MB sent, 0.29 KB recvd
Scanned 806 files and modules - 173 seconds

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Ok R. BitDefender say that We kick-ass to this Trojan ;) , do you still experience problem with your PC??

Now please first remove this items with HJT:

Quote
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

After that Download and Run CCleaner (under cleaning settings Windows & Applications, turn on all things except Desktop Shortcuts): http://scforum.info/index.php/topic,1133.0.html 

Finally I would like to make double check is your PC really "clean" with Symantec Online Scan: http://scforum.info/index.php/topic,734.0.html


cya later,

S.

rkprd

  • SCF Member
  • **
  • Posts: 11
  • KARMA: 3
hello samker it doesnt feel like it has problems anymore looks like you win at kicking trojans ass hehe my pc is back to normal speed now I can actually use it without pulling my hairs out :) I tried to to do the symantec online scan but I am using mozilla firefox and it said I need to  use internet explorer which wont work on my pc I think its a problem with my connection, I did download and ran the cleaner I think its  faster now than it was before 8) you are the man samker you did it again hehe thanks a lot for taking the time and guiding me through this I dont know what would have happened to my pc had it not been for you probably would have ended in the trash hehe cant thank you enough I appreciate it very much :thumbsup:

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Excellent.  :thumbsup:

Feel free to visit SCF every time when you have any kind of problem with PC.

Also, please recommend SCF "PC Help Center" to your Friends...  ;)  


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising