PDA

View Full Version : Help! Trojan.Win32.C2Lop detected on my computer!



Quattad
2009-02-17, 16:13
Windows Defender on my computer recently detected a virus called Trojan.Win32.C2Lop, and has marked it as severe. Apparently, i've read on the internet that it steals passwords. anyone, please help me with some advice, any help will be greatly appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:08 PM, on 17/2/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Users\PataPon\AppData\Local\Temp\Imation\USB_ImationFlashDetect.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Arucer] rundll32 C:\Windows\system32\Arucer.dll,Arucer
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\Windows\System32\Adobe\Shockwave 11\symcheckupstub.exe" /reboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Stopview] "C:\ProgramData\bluearmyarmy.fg7zw"
O4 - HKCU\..\Run: [CHIN PING PHONE PILE] "C:\ProgramData\owns team ford.fi4en7"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Imation_Flash_Detect.lnk = C:\Users\PataPon\AppData\Local\Temp\Imation\USB_ImationFlashDetect.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11795 bytes

thanks!

Blade81
2009-02-20, 22:18
Hi,

Download Lop S&D (http://eric.71.mespages.googlepages.com/LopSD.exe) by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
You will need to disable following programs:
(list here)

Double-click Lop S&D.exe
Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 1, to choose Option 1 (Search) then press Enter
Wait until the end of the scan
A report will be generated, post the contents of it in your next reply.

(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

Quattad
2009-02-21, 17:35
Alright! Thanks blade81, once again, for your sincere help! i truly appreciate it! :bigthumb:

by the way, you have helped me once before, regarding some internet popups ( here's the link : www.lavasoftsupport.com/index.php?showtopic=21571&pid=88365&mode=threaded&show=&st=0 ). i have discovered that the exact same folder the internet popup virus was found in, C:\ProgramData\Byte way data, the folder has still remained, and it contains 2 very suspicious files, Pop Great Bird Bags.exe and uqwjwsyi.exe, which i had no idea of ever installing them. are they by any chance related to the c2lop virus?




--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU 3.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : PataPon ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
C:\ (Local Disk) - NTFS - Total:224 Go (Free:101 Go)
D:\ (Local Disk) - NTFS - Total:8 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (CD or DVD)
I:\ (USB)
J:\ (USB)
K:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sat 21/02/2009|23:38 )

[ UAC => 1 ]

--------------------\\ Listing folders in Local

[28/07/2008|09:26] C:\Users\PataPon\AppData\Local\<DIR> {3248F0A6-6813-11D6-A77B-00B0D0150060}
[06/04/2008|03:32] C:\Users\PataPon\AppData\Local\<JUNCTION> Application Data
[16/11/2008|05:31] C:\Users\PataPon\AppData\Local\<DIR> ATI
[20/10/2008|10:40] C:\Users\PataPon\AppData\Local\<DIR> BuildAGadget Content
[20/10/2008|05:51] C:\Users\PataPon\AppData\Local\<DIR> CAPCOM
[14/10/2008|10:48] C:\Users\PataPon\AppData\Local\<DIR> Cooliris
[16/11/2008|10:40] C:\Users\PataPon\AppData\Local\552 d3d8caps.dat
[16/11/2008|10:40] C:\Users\PataPon\AppData\Local\7,944 d3d9caps.dat
[09/12/2008|09:04] C:\Users\PataPon\AppData\Local\34,304 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[24/01/2009|01:43] C:\Users\PataPon\AppData\Local\<DIR> Downloaded Installations
[10/09/2008|04:47] C:\Users\PataPon\AppData\Local\114,456 GDIPFONTCACHEV1.DAT
[26/05/2008|12:21] C:\Users\PataPon\AppData\Local\<DIR> Google
[06/04/2008|03:32] C:\Users\PataPon\AppData\Local\<JUNCTION> History
[20/02/2009|08:06] C:\Users\PataPon\AppData\Local\5,544,216 IconCache.db
[27/10/2008|07:18] C:\Users\PataPon\AppData\Local\<DIR> IsoBuster
[13/10/2008|11:59] C:\Users\PataPon\AppData\Local\<DIR> Microsoft
[09/06/2008|08:34] C:\Users\PataPon\AppData\Local\<DIR> Mozilla
[12/10/2008|05:00] C:\Users\PataPon\AppData\Local\<DIR> PunkBuster
[12/10/2008|03:47] C:\Users\PataPon\AppData\Local\<DIR> Real
[23/07/2007|11:40] C:\Users\PataPon\AppData\Local\51 setup.txt
[21/02/2009|11:37] C:\Users\PataPon\AppData\Local\<DIR> Temp
[06/04/2008|03:32] C:\Users\PataPon\AppData\Local\<JUNCTION> Temporary Internet Files
[08/04/2008|07:32] C:\Users\PataPon\AppData\Local\<DIR> VirtualStore
[25/05/2008|06:03] C:\Users\PataPon\AppData\Local\<DIR> Windows Live Writer

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[21/02/2009 11:05 PM][--ah-----] C:\Windows\tasks\SA.DAT
[20/02/2009 08:06 PM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[04/11/2008|11:47] C:\ProgramData\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[10/11/2008|08:45] C:\ProgramData\<DIR> Adobe
[25/10/2008|01:11] C:\ProgramData\<DIR> Apple
[04/11/2008|11:46] C:\ProgramData\<DIR> Apple Computer
[02/11/2006|09:02] C:\ProgramData\<JUNCTION> Application Data
[16/11/2008|05:31] C:\ProgramData\<DIR> ATI
[17/11/2008|02:25] C:\ProgramData\<DIR> avg7
[08/02/2009|02:39] C:\ProgramData\335,888 bluearmyarmy.b323ii
[08/02/2009|02:39] C:\ProgramData\217,104 bluearmyarmy.fg7zw
[17/02/2009|08:37] C:\ProgramData\<DIR> Byte way data
[02/11/2006|09:02] C:\ProgramData\<JUNCTION> Desktop
[02/11/2006|09:02] C:\ProgramData\<JUNCTION> Documents
[24/01/2009|01:44] C:\ProgramData\<DIR> Electronic Arts
[02/11/2006|09:02] C:\ProgramData\<JUNCTION> Favorites
[26/05/2008|11:04] C:\ProgramData\<DIR> Google
[06/04/2008|05:04] C:\ProgramData\<DIR> Grisoft
[08/09/2007|05:46] C:\ProgramData\<DIR> Hewlett-Packard
[08/09/2007|05:07] C:\ProgramData\<DIR> HP
[08/09/2007|05:08] C:\ProgramData\343 hpzinstall.log
[15/07/2008|06:41] C:\ProgramData\<DIR> Logishrd
[15/07/2008|06:35] C:\ProgramData\<DIR> Logitech
[13/10/2008|07:33] C:\ProgramData\<DIR> Malwarebytes
[13/05/2008|07:22] C:\ProgramData\<DIR> Messenger Plus!
[21/02/2009|11:17] C:\ProgramData\<DIR> Microsoft
[08/09/2007|05:17] C:\ProgramData\<DIR> muvee Technologies
[31/10/2009|11:03] C:\ProgramData\258 ntuser.pol
[10/05/2008|11:19] C:\ProgramData\<DIR> NVIDIA
[08/02/2009|02:39] C:\ProgramData\368,656 owns team ford.fi4en7
[08/09/2007|05:23] C:\ProgramData\<DIR> PC-Doctor
[17/02/2009|09:00] C:\ProgramData\<DIR> Proxy Long Chin Ping
[12/10/2008|03:47] C:\ProgramData\<DIR> Real
[08/09/2007|05:14] C:\ProgramData\<DIR> Roxio
[13/08/2008|10:22] C:\ProgramData\<DIR> Sandlot Games
[08/09/2007|05:08] C:\ProgramData\<DIR> Sonic
[13/10/2008|07:32] C:\ProgramData\<DIR> Spybot - Search & Destroy
[02/11/2006|09:02] C:\ProgramData\<JUNCTION> Start Menu
[14/10/2008|08:54] C:\ProgramData\<DIR> SUPERAntiSpyware.com
[06/04/2008|05:13] C:\ProgramData\<DIR> Symantec
[18/02/2009|07:21] C:\ProgramData\<DIR> TEMP
[02/11/2006|09:02] C:\ProgramData\<JUNCTION> Templates
[24/10/2008|09:12] C:\ProgramData\<DIR> Ubisoft
[13/04/2008|03:42] C:\ProgramData\<DIR> UDL
[13/08/2008|11:47] C:\ProgramData\<DIR> WildTangent
[06/04/2008|09:53] C:\ProgramData\<DIR> WLInstaller
[08/09/2007|05:26] C:\ProgramData\<DIR> yahoo!
[06/04/2008|08:55] C:\ProgramData\<DIR> Yahoo! Companion

--------------------\\ Listing Folders in C:\Program Files

[12/10/2008|12:04] C:\Program Files\<DIR> 7-Zip
[13/04/2008|02:33] C:\Program Files\<DIR> ABBYY FineReader 6.0 Sprint
[12/10/2008|01:53] C:\Program Files\<DIR> Activision
[10/11/2008|08:39] C:\Program Files\<DIR> Adobe
[15/10/2008|12:31] C:\Program Files\<DIR> Allok RM RMVB to AVI MPEG DVD Converter
[14/10/2008|03:07] C:\Program Files\<DIR> Alwil Software
[12/10/2008|12:07] C:\Program Files\<DIR> Apex
[04/11/2008|11:43] C:\Program Files\<DIR> Apple Software Update
[16/11/2008|05:17] C:\Program Files\<DIR> ATI
[16/11/2008|05:18] C:\Program Files\<DIR> ATI Technologies
[15/10/2008|12:31] C:\Program Files\<DIR> Audacity
[07/04/2008|09:45] C:\Program Files\<DIR> AviSynth 2.5
[03/07/2008|09:43] C:\Program Files\<DIR> BitLord
[04/11/2008|11:46] C:\Program Files\<DIR> Bonjour
[20/10/2008|05:27] C:\Program Files\<DIR> CAPCOM
[06/04/2008|05:11] C:\Program Files\<DIR> CCleaner
[08/02/2009|02:38] C:\Program Files\<DIR> Circle Developement
[06/04/2008|04:35] C:\Program Files\<DIR> Combined Community Codec Pack
[08/02/2009|10:51] C:\Program Files\<DIR> Common Files
[27/10/2008|06:29] C:\Program Files\<DIR> Conduit
[08/09/2007|04:39] C:\Program Files\<DIR> CONEXANT
[17/11/2008|04:26] C:\Program Files\<DIR> Creative
[12/10/2008|12:11] C:\Program Files\<DIR> DAEMON Tools Lite
[08/09/2007|05:25] C:\Program Files\<DIR> earthlink totalaccess
[24/01/2009|01:44] C:\Program Files\<DIR> Electronic Arts
[10/05/2008|01:35] C:\Program Files\<DIR> Energizer UsbCharger
[13/04/2008|04:59] C:\Program Files\<DIR> epson
[07/04/2008|09:20] C:\Program Files\<DIR> eRightSoft
[30/05/2008|08:52] C:\Program Files\<DIR> File And MP3 Tag Renamer
[15/10/2008|12:31] C:\Program Files\<DIR> Finale 2006
[13/02/2009|06:07] C:\Program Files\<DIR> Garena
[26/05/2008|11:04] C:\Program Files\<DIR> Google
[06/04/2008|05:04] C:\Program Files\<DIR> Grisoft
[08/09/2007|05:24] C:\Program Files\<DIR> Hewlett-Packard
[30/05/2008|09:34] C:\Program Files\<DIR> Hide The IP
[08/09/2007|05:19] C:\Program Files\<DIR> HP
[08/09/2007|05:07] C:\Program Files\<DIR> HP Games
[13/05/2008|12:20] C:\Program Files\<DIR> illusion
[24/01/2009|02:08] C:\Program Files\<DIR> InstallShield Installation Information
[06/04/2008|09:48] C:\Program Files\<DIR> Intel
[05/11/2008|04:38] C:\Program Files\<DIR> Internet Download Manager
[13/02/2009|03:44] C:\Program Files\<DIR> Internet Explorer
[04/11/2008|11:46] C:\Program Files\<DIR> iPod
[27/10/2008|06:29] C:\Program Files\<DIR> IsoBuster
[04/11/2008|11:47] C:\Program Files\<DIR> iTunes
[23/09/2008|05:14] C:\Program Files\<DIR> iXchange
[17/01/2009|11:12] C:\Program Files\<DIR> Java
[06/04/2008|05:10] C:\Program Files\<DIR> Lavasoft
[15/07/2008|06:35] C:\Program Files\<DIR> Logitech
[16/01/2009|02:01] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/02/2009|02:38] C:\Program Files\<DIR> Messenger Plus! Live
[08/02/2009|11:02] C:\Program Files\<DIR> Microsoft
[06/04/2008|05:24] C:\Program Files\<DIR> Microsoft ActiveSync
[02/11/2006|08:37] C:\Program Files\<DIR> Microsoft Games
[06/04/2008|05:23] C:\Program Files\<DIR> Microsoft Office
[08/02/2009|11:04] C:\Program Files\<DIR> Microsoft Sync Framework
[12/09/2008|07:07] C:\Program Files\<DIR> Microsoft Works
[06/04/2008|05:22] C:\Program Files\<DIR> Microsoft.NET
[02/11/2006|08:42] C:\Program Files\<DIR> Movie Maker
[10/02/2009|07:37] C:\Program Files\<DIR> Mozilla Firefox
[15/10/2008|12:31] C:\Program Files\<DIR> Mp3 To All Converter
[02/11/2006|08:37] C:\Program Files\<DIR> MSBuild
[10/11/2008|08:12] C:\Program Files\<DIR> MSECACHE
[13/11/2008|05:49] C:\Program Files\<DIR> MSN
[06/04/2008|05:50] C:\Program Files\<DIR> MSXML 4.0
[08/09/2007|05:17] C:\Program Files\<DIR> muvee Technologies
[16/11/2008|05:28] C:\Program Files\<DIR> My Company Name
[08/09/2007|05:27] C:\Program Files\<DIR> Online Services
[06/04/2008|03:59] C:\Program Files\<DIR> OpenAL
[08/09/2007|05:41] C:\Program Files\<DIR> PC-Doctor 5 for Windows
[17/06/2008|08:23] C:\Program Files\<DIR> PowerISO
[04/11/2008|11:45] C:\Program Files\<DIR> QuickTime
[16/11/2008|10:01] C:\Program Files\<DIR> Razer
[15/10/2008|02:23] C:\Program Files\<DIR> Real
[12/10/2008|03:47] C:\Program Files\<DIR> Real Alternative
[08/09/2007|05:00] C:\Program Files\<DIR> Realtek
[13/05/2008|01:16] C:\Program Files\<DIR> Realtek AC97
[02/11/2006|08:37] C:\Program Files\<DIR> Reference Assemblies
[06/04/2008|03:37] C:\Program Files\<DIR> Rhapsody
[08/09/2007|05:15] C:\Program Files\<DIR> Roxio
[25/10/2008|01:14] C:\Program Files\<DIR> Safari
[27/10/2008|06:29] C:\Program Files\<DIR> Smart Projects
[08/09/2007|05:18] C:\Program Files\<DIR> Snapfish Picture Mover
[29/09/2008|08:55] C:\Program Files\<DIR> Software Informer
[13/10/2008|06:24] C:\Program Files\<DIR> Spybot - Search & Destroy
[14/10/2008|06:57] C:\Program Files\<DIR> Spyware Doctor
[18/02/2009|07:21] C:\Program Files\<DIR> SpywareBlaster
[18/01/2009|06:58] C:\Program Files\<DIR> SUPERAntiSpyware
[09/11/2008|12:05] C:\Program Files\<DIR> Trend Micro
[24/01/2009|02:08] C:\Program Files\<DIR> Ubisoft
[02/11/2006|09:01] C:\Program Files\<DIR> Uninstall Information
[13/02/2009|07:05] C:\Program Files\<DIR> Warcraft III
[06/04/2008|06:20] C:\Program Files\<DIR> Windows Calendar
[02/11/2006|08:42] C:\Program Files\<DIR> Windows Collaboration
[08/09/2007|05:30] C:\Program Files\<DIR> Windows Defender
[10/11/2008|08:12] C:\Program Files\<DIR> Windows Installer Clean Up
[02/11/2006|08:42] C:\Program Files\<DIR> Windows Journal
[21/02/2009|11:17] C:\Program Files\<DIR> Windows Live
[06/04/2008|09:59] C:\Program Files\<DIR> Windows Live Favorites
[29/10/2008|10:47] C:\Program Files\<DIR> Windows Live Safety Center
[08/02/2009|11:02] C:\Program Files\<DIR> Windows Live SkyDrive
[08/02/2009|11:04] C:\Program Files\<DIR> Windows Live Toolbar
[13/02/2009|03:44] C:\Program Files\<DIR> Windows Mail
[06/04/2008|06:20] C:\Program Files\<DIR> Windows Media Player
[02/11/2006|08:37] C:\Program Files\<DIR> Windows NT
[13/11/2008|05:46] C:\Program Files\<DIR> Windows Photo Gallery
[17/06/2008|09:59] C:\Program Files\<DIR> Windows Resource Kits
[13/11/2008|05:46] C:\Program Files\<DIR> Windows Sidebar
[07/04/2008|09:22] C:\Program Files\<DIR> WinRAR
[08/09/2007|05:26] C:\Program Files\<DIR> Yahoo!
[28/06/2008|11:34] C:\Program Files\<DIR> ZincPlay

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/11/2008|08:41] C:\Program Files\Common Files\<DIR> Adobe
[10/11/2008|08:11] C:\Program Files\Common Files\<DIR> Adobe AIR
[10/04/2008|04:47] C:\Program Files\Common Files\<DIR> Adobe(45)
[04/11/2008|11:44] C:\Program Files\Common Files\<DIR> Apple
[16/11/2008|10:51] C:\Program Files\Common Files\<DIR> ATI Technologies
[06/04/2008|05:23] C:\Program Files\Common Files\<DIR> DESIGNER
[22/12/2008|06:03] C:\Program Files\Common Files\<DIR> DVDVideoSoft
[12/11/2008|03:00] C:\Program Files\Common Files\<DIR> Futuremark Shared
[08/09/2007|05:07] C:\Program Files\Common Files\<DIR> HP
[04/07/2008|01:50] C:\Program Files\Common Files\<DIR> INCA Shared
[17/11/2008|04:26] C:\Program Files\Common Files\<DIR> InstallShield
[10/11/2008|08:32] C:\Program Files\Common Files\<DIR> Java
[08/09/2007|05:16] C:\Program Files\Common Files\<DIR> LightScribe
[15/07/2008|06:36] C:\Program Files\Common Files\<DIR> LogiShrd
[08/09/2007|05:15] C:\Program Files\Common Files\<DIR> LS Getting Started
[21/02/2009|11:16] C:\Program Files\Common Files\<DIR> microsoft shared
[08/09/2007|05:17] C:\Program Files\Common Files\<DIR> muvee Technologies
[08/09/2007|05:15] C:\Program Files\Common Files\<DIR> PX Storage Engine
[15/10/2008|02:23] C:\Program Files\Common Files\<DIR> Real
[08/09/2007|05:14] C:\Program Files\Common Files\<DIR> Roxio Shared
[13/08/2008|10:22] C:\Program Files\Common Files\<DIR> Sandlot Shared
[02/11/2006|07:18] C:\Program Files\Common Files\<DIR> Services
[08/09/2007|05:14] C:\Program Files\Common Files\<DIR> Sonic Shared
[02/11/2006|07:18] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/09/2007|05:09] C:\Program Files\Common Files\<DIR> SureThing Shared
[06/04/2008|05:13] C:\Program Files\Common Files\<DIR> Symantec Shared
[13/11/2008|05:46] C:\Program Files\Common Files\<DIR> System
[08/02/2009|10:51] C:\Program Files\Common Files\<DIR> Windows Live
[06/04/2008|09:56] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[14/10/2008|08:52] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[15/10/2008|02:23] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 76 Processes )

... OK !

--------------------\\ Searching with S_Lop

C:\ProgramData\bluearmyarmy.fg7zw
C:\ProgramData\bluearmyarmy.b323ii
C:\ProgramData\owns team ford.fi4en7

--------------------\\ Searching for Lop Files - Folders

C:\ProgramData\Proxy Long Chin Ping
C:\ProgramData\Proxy Long Chin Ping\Info Remote.dat
C:\ProgramData\Byte way data
C:\ProgramData\Byte way data\Pop Great Bird Bags.exe
C:\ProgramData\Byte way data\uqwjwsyi.exe
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stopview"="\"C:\\ProgramData\\bluearmyarmy.fg7zw\""
"CHIN PING PHONE PILE"="\"C:\\ProgramData\\owns team ford.fi4en7\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 23:38:48
Windows 6.0.6000 NTFS
scanning hidden processes ...
LVPrcSrv.exe [9688]
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden files: 191

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\Users\PataPon\AppData\Roaming\Microsoft\Windows\Recent\Crack+Patch.lnk


[F:103][D:31]-> C:\Users\PataPon\AppData\Local\Temp
[F:14][D:1]-> C:\Users\PataPon\AppData\Roaming\MICROS~1\Windows\Cookies
[F:128][D:51]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Sat 21/02/2009|23:40 - Option : [1]

--------------------\\ Scan completed at 23:40:47
[ UAC => 1 ]

Blade81
2009-02-21, 18:47
No wonder the username looked familiar :D:

You have probably Messenger Plus! Live installed with sponsors. LOP parasite usually gets installed if that option is used. Please uninstall Messenger Plus! Live for now. You may reinstall it later if needed but don't select sponsors that time!


Show hidden files (Vista)
-----------------
1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2. Click the View tab.
3. Under Advanced settings, click Show hidden files and folders, and then click OK.


Delete C:\Users\PataPon\AppData\Roaming\Microsoft\Windows\Recent\Crack+Patch.lnk file.

Double click LopSD.exe to start the program.


Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 3 to choose Option 3 (Fix - Hosts), then press Enter
Don't close the window during suppression!
Wait until the end of the scan
A report will be generated, post the contents of it & a fresh hjt log in your next reply.

(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

Quattad
2009-02-22, 07:55
yo blade, just checking with you.

the file C:\Users\PataPon\AppData\Roaming\Microsoft\Windows\Recent\Crack+Patch.Ink seems to have disappeared for some reason. do i still run the LopS&D as you have instructed?

Quattad
2009-02-22, 09:15
sorry blade, i just recalled something that may have to do with the disappearance of the above file.

usually, everytime after i power up the computer and before i shut it down, i use ATF-Cleaner and CCleaner to clear any temporary files. perhaps this may have cleared the Recent folder?:oops:

Blade81
2009-02-22, 15:40
Yes, that's probably the case :)

Please run LOP S&D and post the requested logs.

Quattad
2009-02-23, 08:55
haha. sorry about that. :laugh:
alright blade, did exactly as you instructed. Although this time, when i booted up the PC, i did not run CCleaner and ATF Cleaner.

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU 3.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : PataPon ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
C:\ (Local Disk) - NTFS - Total:224 Go (Free:110 Go)
D:\ (Local Disk) - NTFS - Total:8 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (CD or DVD)
I:\ (USB)
J:\ (USB)
K:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [3] ( Mon 23/02/2009|14:47 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\ProgramData\Proxy Long Chin Ping\Info Remote.dat
Deleted! - C:\ProgramData\Byte way data\Pop Great Bird Bags.exe
Deleted! - C:\ProgramData\Byte way data\uqwjwsyi.exe
Deleted! - C:\Program Files\Circle Developement\Uninstall.exe
Deleted! - C:\ProgramData\bluearmyarmy.fg7zw
Deleted! - C:\ProgramData\bluearmyarmy.b323ii
Deleted! - C:\ProgramData\owns team ford.fi4en7
Deleted! - C:\ProgramData\Proxy Long Chin Ping
Deleted! - C:\ProgramData\Byte way data
Deleted! - C:\Program Files\Circle Developement

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in Local

[28/07/2008|09:26] C:\Users\PataPon\AppData\Local\<DIR> {3248F0A6-6813-11D6-A77B-00B0D0150060}
[06/04/2008|03:32] C:\Users\PataPon\AppData\Local\<JUNCTION> Application Data
[16/11/2008|05:31] C:\Users\PataPon\AppData\Local\<DIR> ATI
[20/10/2008|10:40] C:\Users\PataPon\AppData\Local\<DIR> BuildAGadget Content
[20/10/2008|05:51] C:\Users\PataPon\AppData\Local\<DIR> CAPCOM
[14/10/2008|10:48] C:\Users\PataPon\AppData\Local\<DIR> Cooliris
[16/11/2008|10:40] C:\Users\PataPon\AppData\Local\552 d3d8caps.dat
[16/11/2008|10:40] C:\Users\PataPon\AppData\Local\7,944 d3d9caps.dat
[09/12/2008|09:04] C:\Users\PataPon\AppData\Local\34,304 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[24/01/2009|01:43] C:\Users\PataPon\AppData\Local\<DIR> Downloaded Installations
[10/09/2008|04:47] C:\Users\PataPon\AppData\Local\114,456 GDIPFONTCACHEV1.DAT
[26/05/2008|12:21] C:\Users\PataPon\AppData\Local\<DIR> Google
[06/04/2008|03:32] C:\Users\PataPon\AppData\Local\<JUNCTION> History
[22/02/2009|02:12] C:\Users\PataPon\AppData\Local\5,485,056 IconCache.db
[27/10/2008|07:18] C:\Users\PataPon\AppData\Local\<DIR> IsoBuster
[13/10/2008|11:59] C:\Users\PataPon\AppData\Local\<DIR> Microsoft
[09/06/2008|08:34] C:\Users\PataPon\AppData\Local\<DIR> Mozilla
[12/10/2008|05:00] C:\Users\PataPon\AppData\Local\<DIR> PunkBuster
[12/10/2008|03:47] C:\Users\PataPon\AppData\Local\<DIR> Real
[23/07/2007|11:40] C:\Users\PataPon\AppData\Local\51 setup.txt
[23/02/2009|02:47] C:\Users\PataPon\AppData\Local\<DIR> Temp
[06/04/2008|03:32] C:\Users\PataPon\AppData\Local\<JUNCTION> Temporary Internet Files
[08/04/2008|07:32] C:\Users\PataPon\AppData\Local\<DIR> VirtualStore
[25/05/2008|06:03] C:\Users\PataPon\AppData\Local\<DIR> Windows Live Writer

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[23/02/2009 02:44 PM][--ah-----] C:\Windows\tasks\SA.DAT
[22/02/2009 04:58 PM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[04/11/2008|11:47] C:\ProgramData\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[10/11/2008|08:45] C:\ProgramData\<DIR> Adobe
[25/10/2008|01:11] C:\ProgramData\<DIR> Apple
[04/11/2008|11:46] C:\ProgramData\<DIR> Apple Computer
[02/11/2006|09:02] C:\ProgramData\<JUNCTION> Application Data
[16/11/2008|05:31] C:\ProgramData\<DIR> ATI
[17/11/2008|02:25] C:\ProgramData\<DIR> avg7
[02/11/2006|09:02] C:\ProgramData\<JUNCTION> Desktop
[02/11/2006|09:02] C:\ProgramData\<JUNCTION> Documents
[24/01/2009|01:44] C:\ProgramData\<DIR> Electronic Arts
[02/11/2006|09:02] C:\ProgramData\<JUNCTION> Favorites
[26/05/2008|11:04] C:\ProgramData\<DIR> Google
[06/04/2008|05:04] C:\ProgramData\<DIR> Grisoft
[08/09/2007|05:46] C:\ProgramData\<DIR> Hewlett-Packard
[08/09/2007|05:07] C:\ProgramData\<DIR> HP
[08/09/2007|05:08] C:\ProgramData\343 hpzinstall.log
[15/07/2008|06:41] C:\ProgramData\<DIR> Logishrd
[15/07/2008|06:35] C:\ProgramData\<DIR> Logitech
[13/10/2008|07:33] C:\ProgramData\<DIR> Malwarebytes
[13/05/2008|07:22] C:\ProgramData\<DIR> Messenger Plus!
[21/02/2009|11:17] C:\ProgramData\<DIR> Microsoft
[08/09/2007|05:17] C:\ProgramData\<DIR> muvee Technologies
[31/10/2009|11:03] C:\ProgramData\258 ntuser.pol
[10/05/2008|11:19] C:\ProgramData\<DIR> NVIDIA
[08/09/2007|05:23] C:\ProgramData\<DIR> PC-Doctor
[12/10/2008|03:47] C:\ProgramData\<DIR> Real
[08/09/2007|05:14] C:\ProgramData\<DIR> Roxio
[13/08/2008|10:22] C:\ProgramData\<DIR> Sandlot Games
[08/09/2007|05:08] C:\ProgramData\<DIR> Sonic
[13/10/2008|07:32] C:\ProgramData\<DIR> Spybot - Search & Destroy
[02/11/2006|09:02] C:\ProgramData\<JUNCTION> Start Menu
[14/10/2008|08:54] C:\ProgramData\<DIR> SUPERAntiSpyware.com
[06/04/2008|05:13] C:\ProgramData\<DIR> Symantec
[18/02/2009|07:21] C:\ProgramData\<DIR> TEMP
[02/11/2006|09:02] C:\ProgramData\<JUNCTION> Templates
[24/10/2008|09:12] C:\ProgramData\<DIR> Ubisoft
[13/04/2008|03:42] C:\ProgramData\<DIR> UDL
[13/08/2008|11:47] C:\ProgramData\<DIR> WildTangent
[06/04/2008|09:53] C:\ProgramData\<DIR> WLInstaller
[08/09/2007|05:26] C:\ProgramData\<DIR> yahoo!
[06/04/2008|08:55] C:\ProgramData\<DIR> Yahoo! Companion

--------------------\\ Listing Folders in C:\Program Files

[12/10/2008|12:04] C:\Program Files\<DIR> 7-Zip
[13/04/2008|02:33] C:\Program Files\<DIR> ABBYY FineReader 6.0 Sprint
[12/10/2008|01:53] C:\Program Files\<DIR> Activision
[10/11/2008|08:39] C:\Program Files\<DIR> Adobe
[15/10/2008|12:31] C:\Program Files\<DIR> Allok RM RMVB to AVI MPEG DVD Converter
[14/10/2008|03:07] C:\Program Files\<DIR> Alwil Software
[12/10/2008|12:07] C:\Program Files\<DIR> Apex
[04/11/2008|11:43] C:\Program Files\<DIR> Apple Software Update
[16/11/2008|05:17] C:\Program Files\<DIR> ATI
[16/11/2008|05:18] C:\Program Files\<DIR> ATI Technologies
[15/10/2008|12:31] C:\Program Files\<DIR> Audacity
[07/04/2008|09:45] C:\Program Files\<DIR> AviSynth 2.5
[03/07/2008|09:43] C:\Program Files\<DIR> BitLord
[04/11/2008|11:46] C:\Program Files\<DIR> Bonjour
[20/10/2008|05:27] C:\Program Files\<DIR> CAPCOM
[06/04/2008|05:11] C:\Program Files\<DIR> CCleaner
[06/04/2008|04:35] C:\Program Files\<DIR> Combined Community Codec Pack
[08/02/2009|10:51] C:\Program Files\<DIR> Common Files
[27/10/2008|06:29] C:\Program Files\<DIR> Conduit
[08/09/2007|04:39] C:\Program Files\<DIR> CONEXANT
[17/11/2008|04:26] C:\Program Files\<DIR> Creative
[12/10/2008|12:11] C:\Program Files\<DIR> DAEMON Tools Lite
[08/09/2007|05:25] C:\Program Files\<DIR> earthlink totalaccess
[24/01/2009|01:44] C:\Program Files\<DIR> Electronic Arts
[10/05/2008|01:35] C:\Program Files\<DIR> Energizer UsbCharger
[13/04/2008|04:59] C:\Program Files\<DIR> epson
[07/04/2008|09:20] C:\Program Files\<DIR> eRightSoft
[30/05/2008|08:52] C:\Program Files\<DIR> File And MP3 Tag Renamer
[15/10/2008|12:31] C:\Program Files\<DIR> Finale 2006
[13/02/2009|06:07] C:\Program Files\<DIR> Garena
[26/05/2008|11:04] C:\Program Files\<DIR> Google
[06/04/2008|05:04] C:\Program Files\<DIR> Grisoft
[08/09/2007|05:24] C:\Program Files\<DIR> Hewlett-Packard
[30/05/2008|09:34] C:\Program Files\<DIR> Hide The IP
[08/09/2007|05:19] C:\Program Files\<DIR> HP
[08/09/2007|05:07] C:\Program Files\<DIR> HP Games
[13/05/2008|12:20] C:\Program Files\<DIR> illusion
[24/01/2009|02:08] C:\Program Files\<DIR> InstallShield Installation Information
[06/04/2008|09:48] C:\Program Files\<DIR> Intel
[05/11/2008|04:38] C:\Program Files\<DIR> Internet Download Manager
[13/02/2009|03:44] C:\Program Files\<DIR> Internet Explorer
[04/11/2008|11:46] C:\Program Files\<DIR> iPod
[27/10/2008|06:29] C:\Program Files\<DIR> IsoBuster
[04/11/2008|11:47] C:\Program Files\<DIR> iTunes
[23/09/2008|05:14] C:\Program Files\<DIR> iXchange
[17/01/2009|11:12] C:\Program Files\<DIR> Java
[06/04/2008|05:10] C:\Program Files\<DIR> Lavasoft
[15/07/2008|06:35] C:\Program Files\<DIR> Logitech
[16/01/2009|02:01] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/02/2009|02:38] C:\Program Files\<DIR> Messenger Plus! Live
[08/02/2009|11:02] C:\Program Files\<DIR> Microsoft
[06/04/2008|05:24] C:\Program Files\<DIR> Microsoft ActiveSync
[02/11/2006|08:37] C:\Program Files\<DIR> Microsoft Games
[06/04/2008|05:23] C:\Program Files\<DIR> Microsoft Office
[08/02/2009|11:04] C:\Program Files\<DIR> Microsoft Sync Framework
[12/09/2008|07:07] C:\Program Files\<DIR> Microsoft Works
[06/04/2008|05:22] C:\Program Files\<DIR> Microsoft.NET
[02/11/2006|08:42] C:\Program Files\<DIR> Movie Maker
[10/02/2009|07:37] C:\Program Files\<DIR> Mozilla Firefox
[15/10/2008|12:31] C:\Program Files\<DIR> Mp3 To All Converter
[02/11/2006|08:37] C:\Program Files\<DIR> MSBuild
[10/11/2008|08:12] C:\Program Files\<DIR> MSECACHE
[13/11/2008|05:49] C:\Program Files\<DIR> MSN
[06/04/2008|05:50] C:\Program Files\<DIR> MSXML 4.0
[08/09/2007|05:17] C:\Program Files\<DIR> muvee Technologies
[16/11/2008|05:28] C:\Program Files\<DIR> My Company Name
[08/09/2007|05:27] C:\Program Files\<DIR> Online Services
[06/04/2008|03:59] C:\Program Files\<DIR> OpenAL
[08/09/2007|05:41] C:\Program Files\<DIR> PC-Doctor 5 for Windows
[17/06/2008|08:23] C:\Program Files\<DIR> PowerISO
[04/11/2008|11:45] C:\Program Files\<DIR> QuickTime
[16/11/2008|10:01] C:\Program Files\<DIR> Razer
[15/10/2008|02:23] C:\Program Files\<DIR> Real
[12/10/2008|03:47] C:\Program Files\<DIR> Real Alternative
[08/09/2007|05:00] C:\Program Files\<DIR> Realtek
[13/05/2008|01:16] C:\Program Files\<DIR> Realtek AC97
[02/11/2006|08:37] C:\Program Files\<DIR> Reference Assemblies
[06/04/2008|03:37] C:\Program Files\<DIR> Rhapsody
[08/09/2007|05:15] C:\Program Files\<DIR> Roxio
[25/10/2008|01:14] C:\Program Files\<DIR> Safari
[27/10/2008|06:29] C:\Program Files\<DIR> Smart Projects
[08/09/2007|05:18] C:\Program Files\<DIR> Snapfish Picture Mover
[29/09/2008|08:55] C:\Program Files\<DIR> Software Informer
[13/10/2008|06:24] C:\Program Files\<DIR> Spybot - Search & Destroy
[14/10/2008|06:57] C:\Program Files\<DIR> Spyware Doctor
[18/02/2009|07:21] C:\Program Files\<DIR> SpywareBlaster
[18/01/2009|06:58] C:\Program Files\<DIR> SUPERAntiSpyware
[09/11/2008|12:05] C:\Program Files\<DIR> Trend Micro
[24/01/2009|02:08] C:\Program Files\<DIR> Ubisoft
[02/11/2006|09:01] C:\Program Files\<DIR> Uninstall Information
[13/02/2009|07:05] C:\Program Files\<DIR> Warcraft III
[06/04/2008|06:20] C:\Program Files\<DIR> Windows Calendar
[02/11/2006|08:42] C:\Program Files\<DIR> Windows Collaboration
[08/09/2007|05:30] C:\Program Files\<DIR> Windows Defender
[10/11/2008|08:12] C:\Program Files\<DIR> Windows Installer Clean Up
[02/11/2006|08:42] C:\Program Files\<DIR> Windows Journal
[21/02/2009|11:17] C:\Program Files\<DIR> Windows Live
[06/04/2008|09:59] C:\Program Files\<DIR> Windows Live Favorites
[29/10/2008|10:47] C:\Program Files\<DIR> Windows Live Safety Center
[08/02/2009|11:02] C:\Program Files\<DIR> Windows Live SkyDrive
[08/02/2009|11:04] C:\Program Files\<DIR> Windows Live Toolbar
[13/02/2009|03:44] C:\Program Files\<DIR> Windows Mail
[06/04/2008|06:20] C:\Program Files\<DIR> Windows Media Player
[02/11/2006|08:37] C:\Program Files\<DIR> Windows NT
[13/11/2008|05:46] C:\Program Files\<DIR> Windows Photo Gallery
[17/06/2008|09:59] C:\Program Files\<DIR> Windows Resource Kits
[13/11/2008|05:46] C:\Program Files\<DIR> Windows Sidebar
[07/04/2008|09:22] C:\Program Files\<DIR> WinRAR
[08/09/2007|05:26] C:\Program Files\<DIR> Yahoo!
[28/06/2008|11:34] C:\Program Files\<DIR> ZincPlay

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/11/2008|08:41] C:\Program Files\Common Files\<DIR> Adobe
[10/11/2008|08:11] C:\Program Files\Common Files\<DIR> Adobe AIR
[10/04/2008|04:47] C:\Program Files\Common Files\<DIR> Adobe(45)
[04/11/2008|11:44] C:\Program Files\Common Files\<DIR> Apple
[16/11/2008|10:51] C:\Program Files\Common Files\<DIR> ATI Technologies
[06/04/2008|05:23] C:\Program Files\Common Files\<DIR> DESIGNER
[22/12/2008|06:03] C:\Program Files\Common Files\<DIR> DVDVideoSoft
[12/11/2008|03:00] C:\Program Files\Common Files\<DIR> Futuremark Shared
[08/09/2007|05:07] C:\Program Files\Common Files\<DIR> HP
[04/07/2008|01:50] C:\Program Files\Common Files\<DIR> INCA Shared
[17/11/2008|04:26] C:\Program Files\Common Files\<DIR> InstallShield
[10/11/2008|08:32] C:\Program Files\Common Files\<DIR> Java
[08/09/2007|05:16] C:\Program Files\Common Files\<DIR> LightScribe
[15/07/2008|06:36] C:\Program Files\Common Files\<DIR> LogiShrd
[08/09/2007|05:15] C:\Program Files\Common Files\<DIR> LS Getting Started
[21/02/2009|11:16] C:\Program Files\Common Files\<DIR> microsoft shared
[08/09/2007|05:17] C:\Program Files\Common Files\<DIR> muvee Technologies
[08/09/2007|05:15] C:\Program Files\Common Files\<DIR> PX Storage Engine
[15/10/2008|02:23] C:\Program Files\Common Files\<DIR> Real
[08/09/2007|05:14] C:\Program Files\Common Files\<DIR> Roxio Shared
[13/08/2008|10:22] C:\Program Files\Common Files\<DIR> Sandlot Shared
[02/11/2006|07:18] C:\Program Files\Common Files\<DIR> Services
[08/09/2007|05:14] C:\Program Files\Common Files\<DIR> Sonic Shared
[02/11/2006|07:18] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/09/2007|05:09] C:\Program Files\Common Files\<DIR> SureThing Shared
[06/04/2008|05:13] C:\Program Files\Common Files\<DIR> Symantec Shared
[13/11/2008|05:46] C:\Program Files\Common Files\<DIR> System
[08/02/2009|10:51] C:\Program Files\Common Files\<DIR> Windows Live
[06/04/2008|09:56] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[14/10/2008|08:52] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[15/10/2008|02:23] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 80 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !



a clean HiJackThis Log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:50 PM, on 23/2/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\PataPon\AppData\Local\Temp\Imation\USB_ImationFlashDetect.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Arucer] rundll32 C:\Windows\system32\Arucer.dll,Arucer
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Imation_Flash_Detect.lnk = C:\Users\PataPon\AppData\Local\Temp\Imation\USB_ImationFlashDetect.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11409 bytes

Blade81
2009-02-23, 10:13
Hi again,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitLord


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

C:\Program Files\BitLord

Empty Recycle Bin.

After that:


Start hjt (right click hijackthis.exe and select 'run as administrator'), do a system scan, check:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)

Close browsers and fix checked.

Reboot.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/us/languages/english/check.html?n=1225554235248)

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.



Read the requirements and privacy statement then click on the Accept button.



The program will launch and start to download the latest definition files.



You will be prompted to install an application from Kaspersky. Click Run



Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives



Click on My Computer under Scan.



Once the scan is complete, it will display the results. Click on View Scan Report.



Click on Save Report As....



Change the Files of type to Text file (.txt) before clicking on the Save button.



Save this report to a convenient place.



Copy and paste that information & a fresh hjt log into your topic.



The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

Quattad
2009-02-23, 16:14
okay blade, took abit long, but its finally done! :bigthumb:

it looks like this virus is making copies of itself? :spider:

adding on, when the Kaspersky Online Scanner required me to run Firefox with Run as Administrator. however, from then on, whenever i wanted to use firefox, i always had to Right-click, and then click Run as Administrator to even open up my Firefox. any idea on how to rectify this? :cool:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, February 23, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, February 23, 2009 11:04:31
Records in database: 1833936
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 179105
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:16:04


File name / Threat name / Threats count
C:\$Recycle.Bin\S-1-5-21-654409879-352520606-3294087454-1000\$RSSRN5X\Backup-Lop\ProgramData\Proxy Long Chin Ping\Bat Media.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\ProgramData\Byte way data\uqwjwsyi.exe Infected: Trojan.Win32.Obfuscated.aain 1
C:\Users\PataPon\Documents\PSP Items\3rd party software\Remotejoy SDLGUI\RemotejoySDLGUI\PC\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1
C:\Users\PataPon\Documents\PSP Items\3rd party software\Remotejoy SDLGUI\RemotejoySDLGUI.zip Infected: not-a-virus:RiskTool.Win32.HideWindows 1

The selected area was scanned.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:53 PM, on 23/2/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Users\PataPon\AppData\Local\Temp\Imation\USB_ImationFlashDetect.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Arucer] rundll32 C:\Windows\system32\Arucer.dll,Arucer
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Imation_Flash_Detect.lnk = C:\Users\PataPon\AppData\Local\Temp\Imation\USB_ImationFlashDetect.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11182 bytes

Blade81
2009-02-23, 20:01
Hi

Empty Windows recycle bin.

The second finding is in quarantined items.

These are ok if you are aware of their presence:
C:\Users\PataPon\Documents\PSP Items\3rd party software\Remotejoy SDLGUI\RemotejoySDLGUI\PC\cmdow.exe
C:\Users\PataPon\Documents\PSP Items\3rd party software\Remotejoy SDLGUI\RemotejoySDLGUI.zip

If you're not aware of them, delete.



adding on, when the Kaspersky Online Scanner required me to run Firefox with Run as Administrator. however, from then on, whenever i wanted to use firefox, i always had to Right-click, and then click Run as Administrator to even open up my Firefox. any idea on how to rectify this?
Either uninstall Kaspersky online scanner or disable it thru Firefox add-ons.

Quattad
2009-02-24, 13:59
hey blade,

theres nothing in the recycle bin after scanning and shutting down the computer.

and what should i do with the quarantined items?

and thanks for all the help you have offered me so far. really appreciate it! :laugh:

Blade81
2009-02-24, 19:08
Hi

Those will be cleaned in final phase :) Please post a fresh hjt log and let me know how's the system running.

Quattad
2009-02-25, 09:45
hey blade,

i just realised something. i hadnt uninstalled Windows Live Messenger Plus! yet. only just did i notice that i did not uninstall it from the programs list, but just deleted the folder. will this affect anything we have done so far? really sorry. :oops:

a HijackThis log after deleting Windows Live Messenger Plus!...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:58 PM, on 25/2/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\PataPon\AppData\Local\Temp\Imation\USB_ImationFlashDetect.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Arucer] rundll32 C:\Windows\system32\Arucer.dll,Arucer
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\Users\PataPon\AppData\Local\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Imation_Flash_Detect.lnk = C:\Users\PataPon\AppData\Local\Temp\Imation\USB_ImationFlashDetect.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11151 bytes


other than that, PC's working fine! no more popups or notifications of that virus! :bigthumb:

Blade81
2009-02-25, 10:07
Hi

I don't think that caused any drawback :)

Just remember to not install plus addon again with sponsors. This was now the second time you were in trouble cos of it ;)


Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.

Delete C:\Lop SD folder.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

Download SpywareBlaster
Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
kill bits
in the registry, so that certain activex controls can't install.
If you don't know what activex controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
You can download SpywareBlaster here here (http://majorgeeks.com/downloadget.php?id=2859&file=11&evp=61b0e8ad41924a03c37615f4682b4cef)
SpywareBlaster tutorial (http://www.bleepingcomputer.com/forums/tutorial49.html)

hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

Quattad
2009-02-26, 08:31
yo blade,

things are going fine! no popups from IE anymore or any notification from Windows Defender of the C2Lop program!

also, i have checked the different folders the viruses were found in previously eg Circle Developement, bytewaydata etc, they were all gone! thanks a big much once again!:bigthumb:

in addition, i would like to be one of the Volunteers like you who fight against malware and help people regain stability in their computers. how do i become one? or where do i learn? :D:

Blade81
2009-02-26, 08:48
You're welcome :)

These places do teaching (list in alphabetical order):
Geeks to Go (http://www.geekstogo.com/forum/Would-you-like-to-learn-to-fight-malware-t4817.html)
Malware Removal (http://www.malwareremoval.com)
Spyware Info (http://www.spywareinfoforum.com/index.php?showtopic=34)
What the Tech (http://forums.whatthetech.com/What_Tech_Classroom_t80368.html)

Quattad
2009-02-26, 12:49
okay then. im going to enrol and make great security experts like you proud!:laugh:

so i guess this topic can be closed?

Blade81
2009-02-26, 12:53
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.