1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help! infected by bo:heap/troja HiJackthis.log findlop.log and directory.ext post

Discussion in 'Virus & Other Malware Removal' started by bostonma, Feb 16, 2007.

Thread Status:
Not open for further replies.
  1. bostonma

    bostonma Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    3
    Mcfee alert a bo:heap. even before this, My PC is extremely slow.
    I got hiJackthis.log findlop.txt and directory.txt according to
    http://forums.techguy.org/security/543641-solved-please-help-computer-infected-2.html

    CookieGal or other guru, Please help me!

    Hijackthis.log
    Logfile of HijackThis v1.99.1
    Scan saved at 3:45:57 PM, on 2/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe
    C:\Program Files\Java\j2re1.4.2_12\bin\jucheck.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147197727193
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2) - https://columbus.admin.wpi.edu/forms/jinitiator/j2re-1_4_2_12-windows-i586-p.exe
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = admin.wpi.edu
    O17 - HKLM\Software\..\Telephony: DomainName = admin.wpi.edu
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = admin.wpi.edu
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: OracleOraDevClientCache - Unknown owner - C:\OraDev\BIN\ONRSD.EXE

    findlop.txt
    [TRACE] Enumerating jobs and queues
    [TRACE] Activating job 'Uniblue SpyEraser.job'
    [TRACE] Printing all job properties

    ApplicationName: 'c:\program files\uniblue\spyeraser\SpyEraser.exe'
    Parameters: '-s'
    WorkingDirectory: 'c:\program files\uniblue\spyeraser\'
    Comment: 'Uniblue SpyEraser Scheduler'
    Creator: 'mqiu'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 00/00/0000 0:00:00
    NextRun: 00/00/0000 0:00:00
    StartError: SCHED_S_TASK_HAS_NOT_RUN
    ExitCode: 0
    Status: SCHED_S_TASK_NOT_SCHEDULED
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 0
    TaskFlags: 0

    No triggers

    Directory.txt
    Volume in drive C has no label.
    Volume Serial Number is 1460-470E

    Directory of C:\Documents and Settings\mqiu\Application Data

    01/23/2007 02:05 PM <DIR> .
    01/23/2007 02:05 PM <DIR> ..
    01/10/2007 11:20 AM <DIR> Adobe
    01/10/2007 11:37 AM <DIR> AdobeUM
    11/15/2006 01:44 PM <DIR> Ahead
    10/27/2006 01:48 PM <DIR> Google
    10/30/2006 01:00 PM <DIR> Help
    05/09/2006 02:42 PM <DIR> IDENTI~1 Identities
    10/27/2006 01:50 PM <DIR> MACROM~1 Macromedia
    10/30/2006 01:13 PM <DIR> PLSQLD~1 PLSQL Developer
    08/14/2006 10:44 AM <DIR> Real
    10/31/2006 01:48 PM <DIR> Sun
    01/11/2007 01:50 PM <DIR> Uniblue
    0 File(s) 0 bytes
    13 Dir(s) 27,213,541,376 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 1460-470E

    Directory of C:\Documents and Settings\All Users\Application Data

    Volume in drive C has no label.
    Volume Serial Number is 1460-470E

    Directory of C:\Program Files

    02/16/2007 03:45 PM <DIR> .
    02/16/2007 03:45 PM <DIR> ..
    07/10/2006 01:07 PM <DIR> Adobe
    08/09/2006 02:53 PM <DIR> ANALOG~1 Analog Devices
    11/15/2006 01:33 PM <DIR> COMMON~1 Common Files
    05/09/2006 10:13 AM <DIR> COMPLU~1 ComPlus Applications
    07/10/2006 01:59 PM <DIR> CYBERL~1 CyberLink
    11/06/2006 12:55 PM <DIR> FILEZI~1 FileZilla
    02/14/2007 01:03 PM <DIR> Google
    02/16/2007 03:45 PM <DIR> HIJACK~1 Hijackthis
    02/16/2007 03:30 PM <DIR> INNOVA~1 Innovative Solutions
    07/19/2006 12:36 PM <DIR> Intel
    12/13/2006 03:06 AM <DIR> INTERN~1 Internet Explorer
    08/10/2006 03:30 PM <DIR> INTERW~1 Interwise
    10/31/2006 01:48 PM <DIR> Java
    12/11/2006 09:41 AM <DIR> McAfee
    05/09/2006 10:38 AM <DIR> MESSEN~1 Messenger
    10/27/2006 10:18 AM <DIR> MI3AA1~1 Microsoft ActiveSync
    05/09/2006 10:17 AM <DIR> MICROS~1 microsoft frontpage
    10/27/2006 10:17 AM <DIR> MICROS~2 Microsoft Office
    10/27/2006 10:16 AM <DIR> MICROS~3 Microsoft Visual Studio
    10/27/2006 10:44 AM <DIR> MICROS~4 Microsoft Works
    10/27/2006 10:15 AM <DIR> MICROS~1.NET Microsoft.NET
    05/09/2006 10:14 AM <DIR> MOVIEM~1 Movie Maker
    05/09/2006 10:12 AM <DIR> MSN
    05/09/2006 10:13 AM <DIR> MSNGAM~1 MSN Gaming Zone
    10/27/2006 10:49 AM <DIR> MSXML4~1.0 MSXML 4.0
    11/15/2006 01:33 PM <DIR> Nero
    05/09/2006 10:15 AM <DIR> NETMEE~1 NetMeeting
    12/13/2006 03:13 AM <DIR> NETWOR~1 Network Associates
    05/09/2006 10:26 AM <DIR> ONLINE~1 Online Services
    10/30/2006 12:59 PM <DIR> Oracle
    12/13/2006 03:03 AM <DIR> OUTLOO~1 Outlook Express
    02/02/2007 11:23 AM <DIR> PLSQLD~1 PLSQL Developer
    07/10/2006 01:22 PM <DIR> PuTTY
    07/10/2006 01:20 PM <DIR> QUICKT~1 QuickTime
    07/10/2006 01:11 PM <DIR> Real
    08/11/2006 09:08 AM <DIR> SigmaTel
    07/10/2006 02:33 PM <DIR> Teraterm
    01/11/2007 01:50 PM <DIR> Uniblue
    11/14/2006 01:52 PM <DIR> UPHClean
    05/09/2006 01:09 PM <DIR> WINDOW~2 Windows Media Player
    05/09/2006 10:13 AM <DIR> WINDOW~1 Windows NT
    11/14/2006 01:52 PM <DIR> WinZip
    05/09/2006 10:17 AM <DIR> xerox
    01/02/2007 11:15 AM <DIR> Yahoo!
    0 File(s) 0 bytes
    46 Dir(s) 27,213,537,280 bytes free
     
  2. bostonma

    bostonma Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    3
    The following is from open uninstallar manager
    Adobe Flash Player 9 ActiveX
    Adobe Reader 7.0.8
    Adobe Reader Chinese Simplified Fonts
    Adobe Shockwave Player
    Advanced Uninstaller PRO 2006 - version 7
    Agere Systems AC'97 Modem
    ATI Display Driver
    FileZilla (remove only)
    Google Toolbar for Internet Explorer
    High Definition Audio Driver Package - KB835221
    High Definition Audio Driver Package - KB888111
    Hijackthis 1.99.1
    HijackThis 1.99.1
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB928388)
    Hotfix for Windows XP (KB929120)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Interwise Participant
    Java 2 Runtime Environment, SE v1.4.2_12
    Macromedia Flash Player 8
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Office 2003 Proofing Tools
    Microsoft Text-to-Speech Engine 4.0 (English)
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    Nero 7
    PL/SQL Developer
    PowerDVD 5.1
    PuTTY version 0.58
    QuickTime
    RealPlayer
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update for Microsoft .NET Framework 2.0 (KB922770)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB929969)
    SigmaTel Audio
    Teraterm
    Uniblue SpyEraser
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920342)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    User Profile Hive Cleanup Service
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 10
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinZip
    Yahoo! Photos Easy Upload Tool
    Yahoo! Photos Print-at-Home Tool
     
  3. bostonma

    bostonma Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    3
    Ran Uniblue SpyEraser trial version
    Find SearchCentrix spyware and 11 tracking cookies


    Please help.
    Tons of thanks
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/544643

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice