sft_ver1.1454.0.exe

[joe9000]

my mcafee has recently picked this sft_ver1.1454.0.exe up as trying to connec tto internt but found out its some sort of spyware,but when trying to delete it it just appears again a couple of days later,have used malwarebytes anti malware but the same when detected and deleted it just comes back,was wondering how to remove this as i dont know what it is or what it does but i wan tto get rid of it.

Thanks in advance.

heres hijackthis log file report!!

Logfile of HijackThis v1.99.1

Scan saved at 18:16:15, on 22/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SiteAdvisor\6145\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\system32\wscntfy.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\Program Files\SiteAdvisor\6145\SiteAdv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Documents and Settings\joe\Application Data\Adobe\Player.exe

C:\DOCUME~1\joe\LOCALS~1\Temp\sft_ver1.1454.0.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6145\SiteAdv.exe

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [Player] C:\Documents and Settings\joe\Application Data\Adobe\Player.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6145\SAService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

and heres malwarebytes log file

Malwarebytes' Anti-Malware 1.29

Database version: 1306

Windows 5.1.2600 Service Pack 3

22/10/2008 17:53:58

mbam-log-2008-10-22 (17-53-52).txt

Scan type: Full Scan (C:\|)

Objects scanned: 64677

Time elapsed: 17 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 12

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurbc.exe (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurc1.exe (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurc2.exe (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurc3.exe (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.

Files Infected:

C:\Documents and Settings\joe\Local Settings\Temp\IXP000.TMP\ZUJDGAC.sys (Trojan.Agent) -> No action taken.

C:\Documents and Settings\joe\Local Settings\Temp\IXP001.TMP\ZUJDGAC.sys (Trojan.Agent) -> No action taken.

C:\Documents and Settings\joe\My Documents\Newsbin Download\genuine\Windows_Genuine_Advantage_Validation_v1_8_31_uploaded_by_nathan\Setup.exe (Backdoor.Bot) -> No action taken.

C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.

C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.

C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> No action taken.

C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.

C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> No action taken.

C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.

C:\Program Files\PCHealthCenter\foo.txt (Trojan.Fakealert) -> No action taken.

C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.

C:\Documents and Settings\joe\Local Settings\Temp\sft_ver1.1454.0.exe (Trojan.FakeAlert) -> No action taken.

[JeanInMontana]

Hello Joe9000 and welcome to Malwarebytes. You are not taking action when you scan with MBAM. Please update MBAM run another quick scan and post that log and then get the correct version of HJT and follow the rest of these instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936

[JeanInMontana]

Since you have started another thread and it shows illegal activity I will close this thread. Do Not open another topic.