Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

NTOSKRNL-HOOK Trojan: another case

Started by celesh , Jul 28 2009 04:25 PM

  • Please log in to reply

#1
celesh
Posted 28 July 2009 - 04:25 PM

celesh

    New Member

  • Member
  • Pip
  • 3 posts
Hello, i've been having problems with my computer lately, and found out that i have this NTOSKRNL-HOOK trojan in my computer and like many users, mcfee is not really doing anything.
i tried different sites and used MBAM and superantyspy with no help.
tried multiple times to run scans on safe mode, but same negative results.

looking online i ended up in this forum and my case seems to be pretty similar to this one described here http://www.geekstogo...an-t245498.html

for some reason i am not able to download the otl scanner, like the other user.
and even though i was able to download lopSD, its not working properly.
i am currently scanning MBAM so i will post the log [bleep] soon as that is done.

please be king enough to look at my case anybody!!! thanks for ur time!! :)

so here is my combo fix log:


ComboFix 09-07-28.01 - star 8/2009 Tue 17:04.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.949.82.1033.18.510.159 [GMT -4:00]
Running from: c:\documents and settings\star\Desktop\hola.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\star\Local Settings\Temporary Internet Files\SKBGM.cfg
c:\documents and settings\star\Local Settings\Temporary Internet Files\SKBGM0.che
c:\documents and settings\star\Local Settings\Temporary Internet Files\SKBGM1.che
c:\documents and settings\star\Local Settings\Temporary Internet Files\SKBGM2.che
c:\documents and settings\star\Local Settings\Temporary Internet Files\SKBGM3.che
c:\documents and settings\star\Local Settings\Temporary Internet Files\SKBGM4.che
c:\documents and settings\star\Local Settings\Temporary Internet Files\SKBGM5.che
c:\documents and settings\star\Local Settings\Temporary Internet Files\SKBGM6.che
c:\documents and settings\star\Local Settings\Temporary Internet Files\SKBGM7.che
c:\documents and settings\star\Local Settings\Temporary Internet Files\SKBGM8.che
c:\documents and settings\star\Local Settings\Temporary Internet Files\SKBGM9.che
c:\windows\system32\clubboxuninstall.exe
c:\windows\system32\drivers\vsfoceoriudokm.sys
c:\windows\system32\tmp.reg
c:\windows\system32\vsfoceetyqmlal.dat
c:\windows\system32\vsfoceivkyavhc.dat
c:\windows\system32\vsfocelilrqkwt.dll
c:\windows\system32\vsfoceyqolklwa.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_vsfocewxvvwqrx


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.

2009-07-28 16:25 . 2009-07-28 20:20 117760 ----a-w- c:\documents and settings\star\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-28 16:24 . 2009-07-28 16:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2009-07-28 16:24 . 2009-07-28 16:24 65024 ----a-r- c:\documents and settings\star\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-07-28 16:24 . 2009-07-28 16:24 18944 ----a-r- c:\documents and settings\star\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-07-28 16:24 . 2009-07-28 19:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-28 16:24 . 2009-07-28 16:24 -------- d-----w- c:\documents and settings\star\Application Data\SUPERAntiSpyware.com
2009-07-28 16:24 . 2009-07-28 16:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-28 10:15 . 2009-07-28 10:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2009-07-28 10:10 . 2009-07-28 10:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-28 10:09 . 2009-07-28 10:09 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-21 22:35 . 2009-07-21 22:35 -------- d-sh--w- c:\windows\ftpcache
2009-07-21 22:29 . 2009-07-21 22:30 -------- d-----w- c:\program files\ApproveIt
2009-07-21 22:29 . 2009-07-21 22:29 -------- d-----w- C:\LF30
2009-07-21 22:27 . 2009-07-21 22:27 -------- d-----w- C:\AGMLogs
2009-07-21 22:18 . 2009-07-21 22:18 -------- d-----w- c:\documents and settings\star\Application Data\PureEdge
2009-07-21 22:18 . 2009-07-21 22:18 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PureEdge
2009-07-21 22:17 . 2003-02-21 15:44 172032 ----a-w- c:\windows\system32\SSCE5332.dll
2009-07-21 22:17 . 2009-07-21 22:17 -------- d-----w- c:\program files\PureEdge
2009-07-21 21:56 . 2009-07-21 21:56 -------- d-----w- c:\program files\ActivIdentity
2009-07-20 01:43 . 2009-07-20 01:33 167936 ----a-w- c:\windows\system32\fscagent.exe
2009-07-06 01:47 . 2009-07-06 01:47 -------- d-----w- c:\documents and settings\star\Application Data\Malwarebytes
2009-07-06 01:46 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 01:46 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-06 01:46 . 2009-07-06 01:46 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-06 01:46 . 2009-07-26 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 19:28 . 2009-07-03 19:28 640240 ----a-w- c:\windows\system32\NowUpdate.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 20:44 . 2009-06-04 01:15 -------- d-----w- c:\documents and settings\star\Application Data\Skype
2009-07-28 20:18 . 2009-06-04 01:16 -------- d-----w- c:\documents and settings\star\Application Data\skypePM
2009-07-28 18:16 . 2008-07-18 21:56 3367 ----a-w- c:\windows\system32\fscflist.ini.tmp
2009-07-28 18:16 . 2008-07-18 21:54 80 ----a-w- c:\windows\system32\fscagent.ini.tmp
2009-07-21 22:17 . 2005-09-01 16:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 14:25 . 2008-07-18 21:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-14 00:55 . 2008-07-18 21:21 -------- d-----w- c:\program files\McAfee
2009-07-02 02:53 . 2009-06-08 08:56 1626112 ----a-w- c:\windows\system32\clubbox.exe
2009-06-16 14:36 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 04:37 . 2009-06-12 04:35 -------- d-----w- c:\program files\iTunes
2009-06-12 04:36 . 2009-06-12 04:36 -------- d-----w- c:\program files\iPod
2009-06-12 04:36 . 2008-07-18 22:50 -------- d-----w- c:\program files\Common Files\Apple
2009-06-12 04:29 . 2009-06-12 04:25 -------- d-----w- c:\program files\QuickTime
2009-06-10 01:01 . 2005-09-01 16:28 -------- d-----w- c:\program files\Java
2009-06-10 01:00 . 2009-06-10 01:00 152576 ----a-w- c:\documents and settings\star\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-04 01:25 . 2009-06-04 01:25 -------- d-----w- c:\program files\Common Files\Logitech
2009-06-04 01:16 . 2009-06-04 01:16 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-04 01:11 . 2009-06-04 01:10 -------- d-----r- c:\program files\Skype
2009-06-04 01:11 . 2009-06-04 01:10 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Skype
2009-06-04 01:11 . 2009-06-04 01:11 -------- d-----w- c:\program files\Common Files\Skype
2009-06-03 19:09 . 2004-08-10 17:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 02:21 . 2008-07-24 20:03 -------- d-----w- c:\documents and settings\star\Application Data\AdobeUM
2009-05-21 15:33 . 2009-02-10 23:18 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-21 12:30 . 2009-05-21 12:30 57984 ----a-w- c:\windows\system32\drivers\SCR3XX2K.sys
2009-05-13 05:15 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 17:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 14:36 . 2009-05-07 14:36 155648 ----a-r- c:\windows\system32\downengine.dll
2008-04-30 13:16 . 2008-07-18 20:59 7665 ----a-w- c:\program files\InstallRoot_Certificates_v2.22A.txt
2008-04-30 13:12 . 2008-07-18 20:59 360448 ----a-w- c:\program files\InstallRoot_v2.22A.exe
2008-04-30 13:12 . 2008-07-18 20:59 237568 ----a-w- c:\program files\InstallRoot_v2.22B.exe
2008-04-23 02:16 . 2008-07-18 20:59 1688 ----a-w- c:\program files\InstallRoot_Certificates_v2.22B.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 98304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="c:\windows\system32\dumprep 0 -k" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-01 26112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"ClubBox"="c:\windows\system32\clubbox.exe" [2009-07-02 1626112]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2006-11-10 275968]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"AprvRemoveLegacyWordKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe" [2008-01-18 73728]
"AprvRemoveLegacyExcelKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe" [2008-01-18 73728]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2006-11-10 77312]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ApproveIt StartUp.lnk - c:\windows\Installer\{29EB04A2-633C-40BE-9673-12DE7360C04E}\Icon9557F1BC1.ico [2009-7-21 9216]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-01-30 12:57 101888 ----a-w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-01-30 18:57 260096 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\clubbox.exe"=
"c:\\WINDOWS\\system32\\fscagent.exe"=
"c:\\WINDOWS\\system32\\skcbgm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 acachsrv;ActivClient Authentication Service;c:\program files\ActivIdentity\ActivClient\acachsrv.exe [11/10/2006 12:29 PM 74240]
R2 acautoup;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [11/10/2006 12:29 PM 26624]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [11/10/2006 12:29 PM 129536]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/11/2009 8:12 PM 206096]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [5/21/2009 8:30 AM 57984]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ApproveItForOfficeSetup - c:\program files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe
HKLM-Run-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {9F84D013-66B3-4AB7-946B-11A920A55F06} - hxxp://www.melon.com/cab/sktload.cab
DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} - hxxp://www.melon.com/cab/P3MelWebInstall.cab
DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} - hxxp://www.clubbox.co.kr/neo.fld/MultiUpload.cab
.

**************************************************************************

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 17:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\ackpbsc.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\aclog.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
.
Completion time: 2009-07-28 17:21
ComboFix-quarantined-files.txt 2009-07-28 21:21

Pre-Run: 18,377,936,896 bytes free
Post-Run: 18,533,625,856 bytes free

224 --- E O F --- 2009-07-28 01:04
  • 0

Advertisements

#2
celesh
Posted 28 July 2009 - 04:32 PM

celesh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
here is MBAM log:


Malwarebytes' Anti-Malware 1.39
Database version: 2523
Windows 5.1.2600 Service Pack 3

7/28/2009 6:31:00 PM
mbam-log-2009-07-28 (18-31-00).txt

Scan type: Quick Scan
Objects scanned: 94228
Time elapsed: 8 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#3
celesh
Posted 28 July 2009 - 04:50 PM

celesh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
ok i managed to fix the lopSD scanner, and here is my third log


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : star ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Activated)
Firewall : McAfee Personal Firewall (Activated)
C:\ (Local Disk) - NTFS - Total:70 Go (Free:17 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Tue 07/28/2009|18:36 )

--------------------\\ Listing folders in APPLIC~1

[09/01/2005|12:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Gtek
[08/10/2004|14:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[09/01/2005|12:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
[07/28/2009|06:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[08/10/2004|13:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[09/01/2005|12:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[09/01/2005|12:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[03/24/2009|00:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[04/21/2009|00:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[06/02/2009|22:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/18/2008|16:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[07/18/2008|18:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[07/18/2008|18:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[07/18/2008|17:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
[09/01/2005|12:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek
[09/01/2005|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[09/01/2005|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intuit
[07/05/2009|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[07/14/2009|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[07/21/2008|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[03/19/2009|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[07/21/2009|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PureEdge
[09/01/2005|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[08/10/2004|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[02/11/2009|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[06/03/2009|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[07/28/2009|12:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[07/18/2008|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[09/01/2005|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[07/18/2008|17:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[07/19/2008|15:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[09/01/2005|12:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Gtek
[08/10/2004|14:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[09/01/2005|12:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
[08/10/2004|13:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[09/01/2005|12:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[09/01/2005|12:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[08/10/2004|13:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[03/06/2009|23:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore

[07/18/2008|20:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[07/24/2008|16:02] C:\DOCUME~1\star\APPLIC~1\Adobe
[06/02/2009|22:21] C:\DOCUME~1\star\APPLIC~1\AdobeUM
[07/21/2008|15:36] C:\DOCUME~1\star\APPLIC~1\Ahead
[03/05/2009|16:34] C:\DOCUME~1\star\APPLIC~1\Apple Computer
[01/02/2009|00:01] C:\DOCUME~1\star\APPLIC~1\CyberLink
[07/21/2008|07:03] C:\DOCUME~1\star\APPLIC~1\ESTsoft
[12/27/2008|00:47] C:\DOCUME~1\star\APPLIC~1\FFSJ
[07/18/2008|17:58] C:\DOCUME~1\star\APPLIC~1\GRETECH
[09/01/2005|12:46] C:\DOCUME~1\star\APPLIC~1\Gtek
[01/01/2009|00:15] C:\DOCUME~1\star\APPLIC~1\Help
[08/10/2004|14:08] C:\DOCUME~1\star\APPLIC~1\Identities
[09/01/2005|12:33] C:\DOCUME~1\star\APPLIC~1\Jasc Software Inc
[07/18/2008|17:26] C:\DOCUME~1\star\APPLIC~1\Macromedia
[07/05/2009|21:47] C:\DOCUME~1\star\APPLIC~1\Malwarebytes
[07/28/2009|12:24] C:\DOCUME~1\star\APPLIC~1\Microsoft
[07/21/2009|18:18] C:\DOCUME~1\star\APPLIC~1\PureEdge
[07/28/2009|18:36] C:\DOCUME~1\star\APPLIC~1\Skype
[07/28/2009|17:54] C:\DOCUME~1\star\APPLIC~1\skypePM
[09/01/2005|12:28] C:\DOCUME~1\star\APPLIC~1\Sun
[07/28/2009|12:24] C:\DOCUME~1\star\APPLIC~1\SUPERAntiSpyware.com
[09/01/2005|12:42] C:\DOCUME~1\star\APPLIC~1\Symantec
[04/09/2009|16:19] C:\DOCUME~1\star\APPLIC~1\U3
[12/21/2008|23:32] C:\DOCUME~1\star\APPLIC~1\Viewpoint

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[06/29/2009 16:18][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[07/28/2009 17:56][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[07/15/2009 01:20][--a------] C:\WINDOWS\tasks\McDefragTask.job
[07/01/2009 01:00][--a------] C:\WINDOWS\tasks\McQcTask.job
[07/28/2009 17:52][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 06:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[09/01/2005|12:30] C:\Program Files\ABBYY FineReader 5.0 Sprint
[07/21/2009|17:56] C:\Program Files\ActivIdentity
[06/02/2009|22:16] C:\Program Files\Adobe
[09/01/2005|12:17] C:\Program Files\Analog Devices
[12/27/2008|13:46] C:\Program Files\Apple Software Update
[07/21/2009|18:30] C:\Program Files\ApproveIt
[12/25/2008|04:07] C:\Program Files\Bonjour
[07/28/2009|17:11] C:\Program Files\Common Files
[08/10/2004|14:02] C:\Program Files\ComPlus Applications
[09/01/2005|12:30] C:\Program Files\CyberLink
[07/18/2008|19:55] C:\Program Files\Cyworld Music Player
[09/24/2004|11:33] C:\Program Files\Dell
[01/01/2009|00:07] C:\Program Files\Dell Photo AIO Printer 922
[09/01/2005|12:46] C:\Program Files\Dell Support
[01/01/2009|00:24] C:\Program Files\Dl_cats
[05/01/2009|23:53] C:\Program Files\DtsFilter
[07/21/2008|07:03] C:\Program Files\ESTsoft
[07/18/2008|17:57] C:\Program Files\GRETECH
[07/21/2009|18:17] C:\Program Files\InstallShield Installation Information
[09/01/2005|12:29] C:\Program Files\Intel
[06/18/2009|16:42] C:\Program Files\Internet Explorer
[09/01/2005|12:37] C:\Program Files\Intuit
[06/12/2009|00:36] C:\Program Files\iPod
[06/12/2009|00:37] C:\Program Files\iTunes
[06/09/2009|21:01] C:\Program Files\Java
[07/28/2009|18:06] C:\Program Files\Malwarebytes' Anti-Malware
[07/13/2009|20:55] C:\Program Files\McAfee
[07/18/2008|17:21] C:\Program Files\McAfee.com
[08/22/2008|11:51] C:\Program Files\Messenger
[05/17/2009|18:12] C:\Program Files\Messenger Plus! Live
[03/19/2009|15:14] C:\Program Files\Microsoft
[08/22/2008|11:50] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[08/10/2004|14:04] C:\Program Files\microsoft frontpage
[09/01/2005|12:32] C:\Program Files\Microsoft Plus! Photo Story 2 LE
[07/19/2008|14:52] C:\Program Files\Microsoft SQL Server Compact Edition
[08/21/2008|10:23] C:\Program Files\Modem Helper
[09/01/2005|12:29] C:\Program Files\Modem On Hold
[07/18/2008|16:58] C:\Program Files\Movie Maker
[03/16/2009|15:45] C:\Program Files\MSBuild
[08/10/2004|14:01] C:\Program Files\MSN
[08/10/2004|14:01] C:\Program Files\MSN Gaming Zone
[07/18/2008|16:54] C:\Program Files\MUSICMATCH
[07/21/2008|15:30] C:\Program Files\Nero
[07/18/2008|16:54] C:\Program Files\NetMeeting
[08/10/2004|14:01] C:\Program Files\Online Services
[07/18/2008|16:54] C:\Program Files\Outlook Express
[07/21/2009|18:17] C:\Program Files\PureEdge
[06/12/2009|00:29] C:\Program Files\QuickTime
[09/01/2005|12:37] C:\Program Files\Real
[03/16/2009|15:45] C:\Program Files\Reference Assemblies
[12/25/2008|03:48] C:\Program Files\Safari
[06/03/2009|21:11] C:\Program Files\Skype
[07/28/2009|17:58] C:\Program Files\SUPERAntiSpyware
[08/10/2004|14:08] C:\Program Files\Uninstall Information
[03/04/2009|21:41] C:\Program Files\Veoh Networks
[09/01/2005|12:37] C:\Program Files\Viewpoint
[09/01/2005|12:46] C:\Program Files\WebCyberCoach
[07/18/2008|18:15] C:\Program Files\Windows Defender
[03/19/2009|15:13] C:\Program Files\Windows Live
[03/19/2009|15:14] C:\Program Files\Windows Live SkyDrive
[07/18/2008|16:54] C:\Program Files\Windows Media Player
[07/18/2008|16:54] C:\Program Files\Windows NT
[08/10/2004|14:02] C:\Program Files\WindowsUpdate
[08/10/2004|14:04] C:\Program Files\xerox
[09/01/2005|12:34] C:\Program Files\Your Company Name

--------------------\\ Listing Folders in C:\Program Files\Common Files

[07/24/2008|16:02] C:\Program Files\Common Files\Adobe
[07/21/2008|15:35] C:\Program Files\Common Files\Ahead
[07/18/2008|16:48] C:\Program Files\Common Files\AOL
[06/12/2009|00:36] C:\Program Files\Common Files\Apple
[09/01/2005|12:46] C:\Program Files\Common Files\InstallShield
[07/18/2008|16:57] C:\Program Files\Common Files\Intuit
[09/01/2005|12:28] C:\Program Files\Common Files\Java
[06/03/2009|21:25] C:\Program Files\Common Files\Logitech
[07/18/2008|17:22] C:\Program Files\Common Files\McAfee
[03/05/2009|17:32] C:\Program Files\Common Files\Microsoft Shared
[08/10/2004|14:02] C:\Program Files\Common Files\MSSoap
[09/01/2005|12:37] C:\Program Files\Common Files\Nullsoft
[08/10/2004|13:57] C:\Program Files\Common Files\ODBC
[09/01/2005|12:37] C:\Program Files\Common Files\Real
[08/10/2004|14:02] C:\Program Files\Common Files\Services
[06/03/2009|21:11] C:\Program Files\Common Files\Skype
[07/18/2008|17:00] C:\Program Files\Common Files\Sonic Shared
[08/10/2004|13:57] C:\Program Files\Common Files\SpeechEngines
[07/18/2008|16:54] C:\Program Files\Common Files\System
[03/19/2009|15:09] C:\Program Files\Common Files\Windows Live
[07/18/2008|17:16] C:\Program Files\Common Files\WindowsLiveInstaller
[07/28/2009|12:24] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 62 Processes )

IEXPLORE.EXE ~ [PID:3432]
IEXPLORE.EXE ~ [PID:2932]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 18:41:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\star\My Documents\Keygen.exe


[F:337][D:5]-> C:\DOCUME~1\star\LOCALS~1\Temp
[F:1503][D:0]-> C:\DOCUME~1\star\Cookies
[F:435][D:4]-> C:\DOCUME~1\star\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 07/28/2009|18:43 - Option : [1]

--------------------\\ Scan completed at 18:43:49
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP