Logfile of HijackThis v1.99.0 - Yubot

the lop.com keeps bothering me! 

Remember DO NOT run hijackthis.exe inside the zip file.  Unzip (extract) it to your desktop then double click on "HijackThis.exe" icon in this way a backup for the removed key will be created on your desktop (useful if you remove them wrongly).

Also you may want to consider removing Messenger Plus!2.  There is a remote desktop software conime?

Here is what you should do.

End the below suspicious process :

C: \ WINDOWS \ system32 \ conime.exe

Remove these additional browser plug-in keys (O2...O4):

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F: \ PROGRA~1 \ FlashGet \ jccatch.dll
O2 - BHO: (no name) - {BDDCF7AC-A67F-3987-FD9A-7BAA667C6733} - C: \ DOCUME~1 \ ALBERT~1 \ APPLIC~1 \ COALMU~1 \ Tick Delete.exe
O2 - BHO: (no name) - {E61F020A-3BA1-3DDF-ABA3-604CA2A9FFFF} - C: \ DOCUME~1 \ ALBERT~1 \ APPLIC~1 \ COALMU~1 \ Tick Delete.exe
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F: \ PROGRA~1 \ FlashGet \ fgiebar.dll

O4 - HKLM \ .. \ Run: [GlueHideTransOpen] C: \ Documents and Settings \ All Users \ Application Data \ bias deaf glue hide \ Mail Bait.exe
O4 - HKLM \ .. \ Run: [StoreOwnsBinData] C: \ Documents and Settings \ All Users \ Application Data \ MAIL GLUE STORE OWNS \ Part ace.exe

O4 - HKCU \ .. \ Run: [deadshow] C: \ DOCUME~1 \ ALBERT~1 \ APPLIC~1 \ TRUSTG~1 \ Idle htm.exe

Remove these extra items in IE menu (O8...O9):

O8 - Extra context menu item: &Download the file(s) in D.S.Code - F: \ Program Files \ DSLite2 \ dl_text.html
O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - F: \ Program Files \ DSLite2 \ dl_url.html
O8 - Extra context menu item: Download All by FlashGet - F: \ Program Files \ FlashGet \ jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F: \ Program Files \ FlashGet \ jc_link.htm
O8 - Extra context menu item: 下载编码内容(&D.S.Lite) - F: \ Program Files \ DSLite2 \ dl_text.html
O8 - Extra context menu item: 下载编码文件内容(&D.S.Lite) - F: \ Program Files \ DSLite2 \ dl_url.html
O8 - Extra context menu item: 添加到QQ自定义面板 - F: \ Program Files \ Tencent \ QQ \ AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F: \ Program Files \ Tencent \ QQ \ AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F: \ Program Files \ Tencent \ QQ \ SendMMS.htm

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - f: \ Program Files \ Tencent \ QQ \ QQ.EXE
O9 - Extra ´Tools´ menuitem: ìú??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - f: \ Program Files \ Tencent \ QQ \ QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F: \ PROGRA~1 \ FlashGet \ flashget.exe
O9 - Extra ´Tools´ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F: \ PROGRA~1 \ FlashGet \ flashget.exe
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - F: \ Program Files \ DSLite2 \ DSLite.exe
O9 - Extra ´Tools´ menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - F: \ Program Files \ DSLite2 \ DSLite.exe

O15 - Trusted Zone: website: sh.bbvod.net

Remove these ActiveX Objects (aka Downloaded Program Files) if you are not using them (O16):

O23 - Service: IBM PSA Access Driver Control - Unknown - C: \ WINDOWS \ system32 \ PsaSrv.exe (file missing)

Original log but with private information removed.

Scan saved at 10:14:01 PM, on 1 / 12 / 2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ ibmpmsvc.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
F: \ Program Files \ Apache Group \ Apache \ Apache.exe
C: \ Program Files \ IBM \ IBM Rapid Restore Ultra \ rrpcsb.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.EXE
f: \ MATLAB701 \ webserver \ bin \ win32 \ matlabserver.exe
C: \ WINDOWS \ system32 \ conime.exe
F: \ Program Files \ Apache Group \ Apache \ Apache.exe
C: \ PROGRA~1 \ McAfee.com \ PERSON~1 \ MPFSERVICE.exe
C: \ Program Files \ Analog Devices \ SoundMAX \ SMAgent.exe
c: \ progra~1 \ mcafee.com \ vso \ mcvsescn.exe
c: \ program files \ mcafee.com \ agent \ mcagent.exe
C: \ PROGRA~1 \ McAfee.com \ PERSON~1 \ MpfAgent.exe
C: \ Program Files \ Analog Devices \ SoundMAX \ SMax4PNP.exe
C: \ PROGRA~1 \ McAfee.com \ PERSON~1 \ MpfTray.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ IBMTOOLS \ UTILS \ ibmprc.exe
F: \ Program Files \ msn \ msnshell.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
c: \ progra~1 \ intern~1 \ iexplore.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Documents and Settings \ albert Tang \ Desktop \ HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F: \ PROGRA~1 \ FlashGet \ jccatch.dll
O2 - BHO: (no name) - {BDDCF7AC-A67F-3987-FD9A-7BAA667C6733} - C: \ DOCUME~1 \ ALBERT~1 \ APPLIC~1 \ COALMU~1 \ Tick Delete.exe
O2 - BHO: (no name) - {E61F020A-3BA1-3DDF-ABA3-604CA2A9FFFF} - C: \ DOCUME~1 \ ALBERT~1 \ APPLIC~1 \ COALMU~1 \ Tick Delete.exe
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F: \ PROGRA~1 \ FlashGet \ fgiebar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c: \ progra~1 \ mcafee.com \ vso \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKLM \ .. \ Run: [SoundMAXPnP] C: \ Program Files \ Analog Devices \ SoundMAX \ SMax4PNP.exe
O4 - HKLM \ .. \ Run: [SoundMAX] "C: \ Program Files \ Analog Devices \ SoundMAX \ Smax4.exe" / tray
O4 - HKLM \ .. \ Run: [MessengerPlus2] "C: \ Program Files \ Messenger Plus! 2 \ MsgPlus.exe"
O4 - HKLM \ .. \ Run: [GlueHideTransOpen] C: \ Documents and Settings \ All Users \ Application Data \ bias deaf glue hide \ Mail Bait.exe
O4 - HKLM \ .. \ Run: [MPFExe] C: \ PROGRA~1 \ McAfee.com \ PERSON~1 \ MpfTray.exe
O4 - HKLM \ .. \ Run: [MCAgentExe] c: \ PROGRA~1 \ mcafee.com \ agent \ mcagent.exe
O4 - HKLM \ .. \ Run: [MCUpdateExe] C: \ PROGRA~1 \ mcafee.com \ agent \ McUpdate.exe
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ PROGRA~1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [VirusScan Online] "c: \ PROGRA~1 \ mcafee.com \ vso \ mcvsshld.exe"
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [IBMPRC] C: \ IBMTOOLS \ UTILS \ ibmprc.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [MSNShell] F: \ Program Files \ msn \ msnshell.exe autorun
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" -osboot
O4 - HKLM \ .. \ Run: [StoreOwnsBinData] C: \ Documents and Settings \ All Users \ Application Data \ MAIL GLUE STORE OWNS \ Part ace.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [eMuleAutoStart] f: \ Program Files \ eMule \ eMule.exe -AutoStart
O4 - HKCU \ .. \ Run: [deadshow] C: \ DOCUME~1 \ ALBERT~1 \ APPLIC~1 \ TRUSTG~1 \ Idle htm.exe
O8 - Extra context menu item: &Download the file(s) in D.S.Code - F: \ Program Files \ DSLite2 \ dl_text.html
O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - F: \ Program Files \ DSLite2 \ dl_url.html
O8 - Extra context menu item: Download All by FlashGet - F: \ Program Files \ FlashGet \ jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F: \ Program Files \ FlashGet \ jc_link.htm
O8 - Extra context menu item: 下载编码内容(&D.S.Lite) - F: \ Program Files \ DSLite2 \ dl_text.html
O8 - Extra context menu item: 下载编码文件内容(&D.S.Lite) - F: \ Program Files \ DSLite2 \ dl_url.html
O8 - Extra context menu item: 添加到QQ自定义面板 - F: \ Program Files \ Tencent \ QQ \ AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F: \ Program Files \ Tencent \ QQ \ AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F: \ Program Files \ Tencent \ QQ \ SendMMS.htm
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - f: \ Program Files \ ICQLite \ ICQLite.exe
O9 - Extra ´Tools´ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - f: \ Program Files \ ICQLite \ ICQLite.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - f: \ Program Files \ Tencent \ QQ \ QQ.EXE
O9 - Extra ´Tools´ menuitem: ìú??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - f: \ Program Files \ Tencent \ QQ \ QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F: \ PROGRA~1 \ FlashGet \ flashget.exe
O9 - Extra ´Tools´ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F: \ PROGRA~1 \ FlashGet \ flashget.exe
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - F: \ Program Files \ DSLite2 \ DSLite.exe
O9 - Extra ´Tools´ menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - F: \ Program Files \ DSLite2 \ DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra ´Tools´ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C: \ Program Files \ Messenger \ msmsgs.exe
O15 - Trusted Zone: website: sh.bbvod.net
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - website: download.mcafee.com / molbin / shared / mcinsctl / en-us / 4,0,0,84 / mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - website: v5.windowsupdate.microsoft.com / v5consumer / V5Controls / en / x86 / client / wuweb_site.cab?1098500092328
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - website: download.mcafee.com / molbin / shared / mcgdmgr / en-us / 1,0,0,21 / mcgdmgr.cab
O23 - Service: Apache - Unknown - F: \ Program Files \ Apache Group \ Apache \ Apache.exe
O23 - Service: Ati HotKey Poller - Unknown - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown - C: \ Program Files \ IBM \ IBM Rapid Restore Ultra \ rrpcsb.exe
O23 - Service: IBM PM Service - Unknown - C: \ WINDOWS \ System32 \ ibmpmsvc.exe
O23 - Service: MATLAB Server - Unknown - f: \ MATLAB701 \ webserver \ bin \ win32 \ matlabserver.exe
O23 - Service: McAfee.com McShield - Unknown - c: \ PROGRA~1 \ mcafee.com \ vso \ mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C: \ PROGRA~1 \ McAfee.com \ Agent \ mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c: \ PROGRA~1 \ mcafee.com \ vso \ mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C: \ PROGRA~1 \ McAfee.com \ PERSON~1 \ MPFSERVICE.exe
O23 - Service: IBM PSA Access Driver Control - Unknown - C: \ WINDOWS \ system32 \ PsaSrv.exe (file missing)
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C: \ Program Files \ Analog Devices \ SoundMAX \ SMAgent.exe

conime.exe