Jump to content


Photo

Trojans? Gone?


  • This topic is locked This topic is locked
4 replies to this topic

#1 Serilazareth

Serilazareth

    Member

  • Full Member
  • Pip
  • 1 posts

Posted 26 May 2007 - 09:07 AM

I, being the idiot that I am, downloaded an illegal crack for a game and lo-and-behold it happened to be full of Trojans. IE would redirect to strange websites every second and something kept trying to download more Trojans, all of which kept being blocked by my firewall. After two sleepless nights of trying to fix this problem, I feel it might be under control.

But then again, I felt like it was under control yesterday and when I woke up everything was exactly as it was when my computer was infected.

So here's the deal: Norton doesn't detect any virus, Spybot was detecting the Smitfraud.C.Toolbar888 half the time and VundoFix was detectingvundos half the time.

And then suddenly it all stopped. I'm not picking up anything at all, in Spybot, VundoFix, ComboFix, Ad-aware, anything! I've checked my hijackthis log and others but I'm still not sure if my problem is gone. Can someone help?

My current hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:23:47 PM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\scanner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7816 bytes

My current VBG log:


[05/24/2007, 22:39:56] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrator\Desktop\VirtumundoBeGone.exe" )
[05/24/2007, 22:40:02] - Detected System Information:
[05/24/2007, 22:40:02] - Windows Version: 5.1.2600, Service Pack 2
[05/24/2007, 22:40:02] - Current Username: HP_Administrator (Admin)
[05/24/2007, 22:40:02] - Windows is in NORMAL mode.
[05/24/2007, 22:40:02] - Searching for Browser Helper Objects:
[05/24/2007, 22:40:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/24/2007, 22:40:02] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/24/2007, 22:40:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/24/2007, 22:40:02] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/24/2007, 22:40:02] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/24/2007, 22:40:02] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/24/2007, 22:40:02] - BHO 4: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (hpWebHelper Class)
[05/24/2007, 22:40:02] - Finished Searching Browser Helper Objects
[05/24/2007, 22:40:02] - Finishing up...
[05/24/2007, 22:40:02] - Nothing found! Exiting...

[05/24/2007, 23:48:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrator\Desktop\VirtumundoBeGone.exe" )
[05/24/2007, 23:48:13] - User choose NOT to continue. Exiting...

[05/24/2007, 23:57:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrator\Desktop\VirtumundoBeGone.exe" )
[05/24/2007, 23:57:50] - Detected System Information:
[05/24/2007, 23:57:50] - Windows Version: 5.1.2600, Service Pack 2
[05/24/2007, 23:57:50] - Current Username: HP_Administrator (Admin)
[05/24/2007, 23:57:50] - Windows is in SAFE mode with Networking.
[05/24/2007, 23:57:50] - Searching for Browser Helper Objects:
[05/24/2007, 23:57:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/24/2007, 23:57:50] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/24/2007, 23:57:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/24/2007, 23:57:50] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/24/2007, 23:57:50] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/24/2007, 23:57:50] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/24/2007, 23:57:50] - BHO 4: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (hpWebHelper Class)
[05/24/2007, 23:57:50] - Finished Searching Browser Helper Objects
[05/24/2007, 23:57:50] - Finishing up...
[05/24/2007, 23:57:50] - Nothing found! Exiting...

[05/25/2007, 16:40:52] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrator\Desktop\VirtumundoBeGone.exe" )
[05/25/2007, 16:40:57] - Detected System Information:
[05/25/2007, 16:40:57] - Windows Version: 5.1.2600, Service Pack 2
[05/25/2007, 16:40:57] - Current Username: HP_Administrator (Admin)
[05/25/2007, 16:40:57] - Windows is in NORMAL mode.
[05/25/2007, 16:40:57] - Searching for Browser Helper Objects:
[05/25/2007, 16:40:57] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/25/2007, 16:40:57] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/25/2007, 16:40:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/25/2007, 16:40:57] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/25/2007, 16:40:57] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/25/2007, 16:40:57] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/25/2007, 16:40:57] - BHO 4: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (hpWebHelper Class)
[05/25/2007, 16:40:57] - Finished Searching Browser Helper Objects
[05/25/2007, 16:40:57] - Finishing up...
[05/25/2007, 16:40:57] - Nothing found! Exiting...

My ComboFix log:

"HP_Administrator" - 2007-05-26 7:10:55 Service Pack 2
ComboFix 07-05.25.3V - Running from: "C:\Documents and Settings\HP_Administrator\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-26 ))))))))))))))))))))))))))))))))))


2007-05-25 07:00 <DIR> d-------- C:\Program Files\Uniblue
2007-05-25 00:04 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-25 00:04 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-25 00:04 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-24 23:26 3,024 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-24 22:42 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-24 22:02 <DIR> d-------- C:\HJT
2007-05-24 21:15 <DIR> d-------- C:\VundoFix Backups
2007-05-24 20:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-24 20:38 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Lavasoft
2007-05-24 20:37 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-24 20:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-24 19:13 <DIR> d-------- C:\WINDOWS\pss
2007-05-22 20:01 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2007-05-22 20:01 1,053,184 --a------ C:\WINDOWS\system32\SierraNW.dll
2007-05-22 20:01 <DIR> d-------- C:\WINDOWS\solcache
2007-05-22 19:19 <DIR> d-------- C:\Program Files\HHD Software
2007-05-21 15:36 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-05-12 17:12 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\InstallShield
2007-04-27 18:29 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-04-27 18:29 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-04-27 18:29 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-04-27 17:49 <DIR> d-------- C:\Impressions Games
2007-04-27 06:32 6,712 --a------ C:\WINDOWS\system32\d3d9caps.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-26 14:01:43 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-26 04:45:02 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\OpenOffice.org2
2007-05-25 06:09:34 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint
2007-05-25 03:03:43 -------- d-----w C:\Program Files\AIM Music Link
2007-05-24 00:29:56 5,674 ----a-w C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat
2007-05-23 03:01:49 -------- d-----w C:\Program Files\Sierra On-Line
2007-05-13 00:12:44 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-08 02:41:44 -------- d-----w C:\Program Files\AIM6
2007-05-08 02:41:27 -------- d-----w C:\Program Files\Viewpoint
2007-05-06 21:25:56 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\HP
2007-05-05 22:41:37 -------- d-----w C:\Program Files\SEGA
2007-05-03 03:31:50 -------- d-----w C:\Program Files\MEDIC
2007-04-24 02:32:21 -------- d-----w C:\Program Files\Buddy Icon Maker
2007-04-24 02:15:27 -------- d-----w C:\Program Files\Colorizer
2007-04-22 01:39:19 -------- d-----w C:\Program Files\Cossacks - The Art Of War
2007-04-21 19:45:47 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\bang
2007-04-19 02:06:03 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 01:35:50 -------- d-----w C:\Program Files\Total War
2007-04-07 17:48:09 -------- d-----w C:\Program Files\Realtek
2007-04-07 17:48:05 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-04-01 09:02:24 -------- d-----w C:\Program Files\Netscape
2007-04-01 08:17:24 2,153 ----a-w C:\WINDOWS\mozver.dat
2007-03-27 02:21:06 4,395,008 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-03-24 02:19:10 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
2007-03-21 21:49:20 16,126,464 ----a-w C:\WINDOWS\RTHDCPL.exe
2007-03-20 04:52:43 -------- d-----w C:\Program Files\Common Files\Stardock
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 22:06:54 1,822,720 ----a-w C:\WINDOWS\SkyTel.exe
2007-03-13 01:17:59 -------- d-----w C:\Program Files\Apple Software Update
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ------w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-05 02:36:06 118,643 ----a-w C:\WINDOWS\hpoins09.dat
2007-03-05 01:29:28 -------- d-----w C:\Program Files\HP
2007-03-05 01:26:51 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-02-21 21:09:34 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-02-17 22:47:01 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-02-16 01:37:45 503 ----a-w C:\WINDOWS\eReg.dat
2007-02-11 10:26:15 249,856 ------w C:\WINDOWS\Setup1.exe
2007-02-11 10:26:14 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-02-11 10:21:39 53,248 ----a-w C:\WINDOWS\system32\zlib.dll
2007-02-11 10:21:38 89,360 ----a-w C:\WINDOWS\system32\VB5DB.DLL
2007-02-11 10:21:38 561,180 ----a-w C:\WINDOWS\system32\dao360.dll
2007-02-05 20:17:02 185,344 ------w C:\WINDOWS\system32\upnphost.dll
2007-02-05 02:16:36 335 ----a-w C:\WINDOWS\nsreg.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 03:12]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 20:22]
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}=C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2006-09-09 10:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 21:01]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 C:\WINDOWS\system32\ftutil2.dll]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 14:15]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-20 17:06]
"nwiz"="nwiz.exe" [2006-06-20 17:06 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 02:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"MEDIC"="C:\Program Files\MEDIC\bin\sprtcmd.exe" [2006-07-06 09:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 20:03]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 18:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"RTHDCPL"="RTHDCPL.EXE" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-27 00:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Uniblue SpyEraser"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A00ED310-6EE3-4764-883D-F0B833AEC645}"="C:\WINDOWS\system32\pmnnnml.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzlo32]
winzlo32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


Contents of the 'Scheduled Tasks' folder
2007-05-21 22:41:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-19 04:20:05 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-26 07:12:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-26 7:13:16
C:\ComboFix-quarantined-files.txt ... 2007-05-26 07:13
C:\ComboFix2.txt ... 2007-05-24 23:59
C:\ComboFix3.txt ... 2007-05-24 22:42

--- E O F ---


So, does it look bad to anyone or am I free to go on with my life (free of illegal downloads, of course; i've definitely learned my lesson.)

Edited by Serilazareth, 26 May 2007 - 09:28 AM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 29 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 30 May 2007 - 05:04 AM

Hi,

There's a couple of items still to go.

Please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A00ED310-6EE3-4764-883D-F0B833AEC645}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzlo32]



Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

And to pick up any other leftovers:
Please do the following:
Run a BitDefender Online scan Here and post the results, along with a fresh HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#4 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 12 June 2007 - 10:28 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#5 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 12 June 2007 - 10:36 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button