Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help In Removing Sillydi Djm Trojan...


  • Please log in to reply
1 reply to this topic

#1 bccoin27

bccoin27

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 24 January 2008 - 12:49 AM

I have the sillyDI DJM trojan on my computer. Can anyone guide me through the next step...I am new at this. Here are my Hijackthis log and Combofix logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:34, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG07.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7226 bytes




------------------------------------------------------------------------------------------------------------





ComboFix 08-01-23.2 - Bob 2008-01-23 23:20:35.1 - NTFSx86
Running from: C:\Documents and Settings\Bob\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\avtap.dll
C:\WINDOWS\system32\drivers\fordphpd.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SEWDSOLP
-------\sewdsolp


((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
.

2008-01-23 23:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 23:14 . 2008-01-23 23:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 23:01 . 2008-01-23 23:01 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-01-23 18:52 . 2008-01-23 22:38 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-23 18:52 . 2008-01-23 22:38 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-23 18:52 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-23 18:52 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-23 18:51 . 2008-01-23 23:27 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-23 18:51 . 2008-01-23 18:51 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-01-23 18:51 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-22 22:25 . 2008-01-23 14:27 84,729 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-01-22 22:25 . 2008-01-22 22:25 77,379 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2008-01-22 22:24 . 2008-01-22 22:24 <DIR> d-------- C:\Program Files\Dcads Games Collection
2008-01-22 22:24 . 2008-01-22 22:25 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2008-01-22 21:14 . 2008-01-22 21:14 <DIR> d-------- C:\My Games
2008-01-22 21:14 . 2008-01-22 21:14 <DIR> d-------- C:\My Download Files
2008-01-22 21:13 . 2008-01-22 21:40 <DIR> d-------- C:\Program Files\Uniblue
2008-01-22 21:12 . 2008-01-22 21:11 774,144 --a------ C:\Program Files\RngInterstitial.dll
2008-01-19 10:26 . 2008-01-19 10:26 327,680 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll
2008-01-16 19:42 . 2008-01-16 19:42 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-01-16 19:42 . 2008-01-16 19:44 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-01-16 18:40 . 2008-01-16 18:42 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-16 18:40 . 2008-01-16 19:31 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-16 18:25 . 2007-10-10 17:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-16 18:25 . 2007-06-30 21:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-16 18:25 . 2007-06-30 21:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-16 18:25 . 2007-10-10 17:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-16 18:25 . 2007-10-10 17:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-16 18:25 . 2007-10-10 17:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-16 18:25 . 2007-10-10 17:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-16 18:25 . 2007-10-10 17:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-16 18:25 . 2007-10-10 04:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-16 18:23 . 2006-11-07 21:03 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-15 23:27 . 2008-01-15 23:27 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-15 23:17 . 2008-01-15 23:22 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-01-15 23:13 . 2003-10-17 00:00 3,423,744 --a------ C:\WINDOWS\system32\libfilefmt-1.1.0.dll
2008-01-15 23:13 . 2003-10-17 00:00 706,048 --a------ C:\WINDOWS\system32\libmcl-3.1.1.dll
2008-01-15 23:13 . 2003-10-17 00:00 20,480 --a------ C:\WINDOWS\system32\libavi-dd-1.2.0.dll
2008-01-15 23:08 . 2008-01-15 23:08 <DIR> d-------- C:\Program Files\Movie Player ActiveX
2008-01-15 23:08 . 2008-01-15 23:08 69,410 --a------ C:\WINDOWS\system32\uninst.exe
2008-01-15 19:58 . 2008-01-15 19:58 36 ---h----- C:\WINDOWS\system32\swk.ini
2008-01-10 11:43 . 2008-01-10 11:43 <DIR> d-------- C:\Program Files\Fortune fishing game
2008-01-10 11:09 . 2008-01-10 11:09 <DIR> d-------- C:\Program Files\DNA
2008-01-06 18:54 . 2007-07-12 02:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-06 18:53 . 2008-01-06 18:54 <DIR> d-------- C:\Program Files\Java
2008-01-06 18:52 . 2008-01-06 18:52 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-01 19:43 . 2006-11-16 16:05 11,816 --a------ C:\WINDOWS\BigFixClientOverride.dll
2008-01-01 11:03 . 2008-01-23 23:23 523 --a------ C:\hpfr3420.xml
2008-01-01 10:51 . 2004-10-07 19:16 35,840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-01-01 10:45 . 2008-01-01 10:45 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-01 10:37 . 2008-01-01 10:51 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-01 10:37 . 2008-01-01 10:52 20,454 --a------ C:\WINDOWS\hpoins01.dat
2008-01-01 10:37 . 2003-04-05 21:24 16,618 --------- C:\WINDOWS\hpomdl01.dat
2008-01-01 10:31 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-01 10:31 . 2004-08-04 00:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-01 10:31 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-01 10:31 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-31 17:01 . 2006-08-21 03:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-12-31 17:01 . 2006-08-21 03:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-12-31 17:01 . 2006-08-21 06:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-12-31 16:48 . 2007-07-09 07:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-30 22:52 . 2007-12-30 22:52 <DIR> d-------- C:\WINDOWS\provisioning
2007-12-30 22:52 . 2007-12-30 22:52 <DIR> d-------- C:\WINDOWS\peernet
2007-12-30 22:33 . 2007-12-30 22:33 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-12-30 22:27 . 2007-12-30 22:27 <DIR> d-------- C:\WINDOWS\EHome
2007-12-30 21:38 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2007-12-30 21:38 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-12-30 21:38 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2007-12-30 21:38 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-12-30 21:05 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-30 21:05 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-30 21:05 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-30 20:57 . 2008-01-09 15:55 376 --a------ C:\WINDOWS\ODBC.INI
2007-12-30 20:53 . 2007-12-30 20:53 <DIR> d-------- C:\WINDOWS\ShellNew
2007-12-30 20:50 . 2004-08-04 01:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-12-30 20:50 . 2004-08-04 01:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-12-30 20:50 . 2004-08-04 01:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2007-12-30 20:50 . 2004-03-29 19:48 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2007-12-30 20:44 . 2007-03-21 20:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL
2007-12-30 20:44 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2007-12-30 20:44 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
2007-12-30 20:32 . 2007-12-30 20:32 3,960 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2007-12-30 20:16 . 2004-08-04 01:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2007-12-30 20:16 . 2006-08-25 09:45 617,472 -----c--- C:\WINDOWS\system32\dllcache\comctl32.dll
2007-12-30 20:10 . 2005-10-20 16:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-12-30 20:08 . 2008-01-11 12:12 <DIR> d-------- C:\Program Files\Norton 360
2007-12-30 20:07 . 2007-12-30 20:41 <DIR> d-------- C:\Program Files\Symantec
2007-12-30 20:07 . 2008-01-23 23:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-30 20:07 . 2007-12-30 20:41 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-30 20:07 . 2007-12-30 20:41 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-30 20:07 . 2007-12-30 20:41 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-30 20:07 . 2007-12-30 20:41 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-30 19:47 . 2007-12-30 19:47 <DIR> d-------- C:\WINDOWS\system32\bits
2007-12-30 19:45 . 2008-01-17 15:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-12-30 19:45 . 2006-09-06 16:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-30 19:42 . 2004-08-04 01:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-12-30 19:42 . 2004-08-04 01:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-12-30 19:42 . 2004-08-04 01:56 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-12-30 19:42 . 2004-08-04 01:56 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-12-30 19:33 . 2007-12-30 19:33 <DIR> d-------- C:\Program Files\Dreamcatcher

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 03:11 --------- d-----w C:\Program Files\Real
2008-01-11 17:15 --------- d-----w C:\Program Files\Winamp
2008-01-03 04:20 --------- d-----w C:\Program Files\BigFix
2008-01-02 01:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-01 17:02 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-31 02:52 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-31 01:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 15:51 1885464]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 09:14 1260296]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-12-07 09:42 9479448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 15:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe]
"nForce Tray Options"="sstray.exe" [2003-09-02 19:25 73728 C:\WINDOWS\system32\sstray.exe]
"CHotkey"="zHotkey.exe" [2003-06-03 13:01 496640 C:\WINDOWS\zHotkey.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-11-19 21:32 139264]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 19:54 116072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 15:16 49152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-01 16:54:09 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1199206343.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2008-01-24 02:17:32 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-23 03:40:49 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-24 02:17:54 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-01-23 03:55:01 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 23:28:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 02 February 2008 - 09:29 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are extremely busy.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you have not followed the info in the link below prior to posting your log then please do so now:
Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users