Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 2 [3]  All   Go Down

Author Topic: Downloaded something bad from Isohunt...  (Read 21157 times)

0 Members and 1 Guest are viewing this topic.

Broni


    Mastermind
  • Kraków my love :)
    • Thanked: 614
    • Computer Help Forum
  • Computer: Specs
  • Experience: Experienced
  • OS: Windows 8
Re: Downloaded something bad from Isohunt...
« Reply #30 on: June 27, 2008, 09:49:35 PM »
Good, but we're not done here, yet.
At least, you're able to work in Normal Mode, now.
However, some infections won't show in Safe Mode, so we have to re-run couple of programs.
Re-run Malwarebytes. Post its log.
When done, re-run HijackThis, and post its log.
Logged

ChevyDieselPride

    Topic Starter


    Rookie

    Re: Downloaded something bad from Isohunt...
    « Reply #31 on: June 28, 2008, 03:59:35 PM »
    First log:

    Malwarebytes' Anti-Malware 1.18
    Database version: 895

    2:57:25 PM 6/28/2008
    mbam-log-6-28-2008 (14-57-21).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 95198
    Time elapsed: 35 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\owner\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP99\A0028502.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP99\A0028503.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP99\A0028504.dll (Trojan.Vundo) -> No action taken.
    Logged

    ChevyDieselPride

      Topic Starter


      Rookie

      Re: Downloaded something bad from Isohunt...
      « Reply #32 on: June 28, 2008, 04:02:53 PM »
      hjtlog:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 3:01:41 PM, on 6/28/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\Program Files\Common Files\Virtual Token\vtserver.exe
      C:\WINDOWS\system32\ibmpmsvc.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\IPSSVC.EXE
      C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\TPHDEXLG.EXE
      C:\WINDOWS\system32\TpKmpSVC.exe
      C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
      C:\WINDOWS\system32\TpShocks.exe
      C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
      C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
      C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
      C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
      C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
      C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
      C:\Program Files\ThinkVantage\AMSG\Amsg.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
      C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
      C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
      C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
      C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Unlocker\UnlockerAssistant.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
      C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
      C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
      C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.asu.edu/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 - BHO: (no name) - {A40C8CFE-B3A1-4431-B096-B8845A9BC573} - C:\WINDOWS\system32\yayyvuUn.dll (file missing)
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
      O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
      O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup
      O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
      O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
      O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
      O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
      O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
      O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
      O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
      O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
      O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
      O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
      O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
      O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
      O4 - HKCU\..\Run: [amsg] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Global Startup: Bluetooth.lnk = ?
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
      O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
      O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
      O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
      O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [JAVA_IBM] Java (IBM)
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
      O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206561896640
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
      O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
      O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
      O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
      O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
      O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
      O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
      O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
      O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
      O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
      O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
      O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
      O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

      --
      End of file - 14176 bytes
      Logged

      ChevyDieselPride

        Topic Starter


        Rookie

        Re: Downloaded something bad from Isohunt...
        « Reply #33 on: June 28, 2008, 07:51:17 PM »
        Bump
        Logged

        Broni


          Mastermind
        • Kraków my love :)
          • Thanked: 614
          • Computer Help Forum
        • Computer: Specs
        • Experience: Experienced
        • OS: Windows 8
        Re: Downloaded something bad from Isohunt...
        « Reply #34 on: June 28, 2008, 09:01:51 PM »
        Your Malwarebytes log shows "No action taken" after each line. You either posted the log from before the scan, or you did something wrong.
        Please, repost.

        No reason for "bump". We're all volunteers here. We have to work, eat, sleep, take care of kids, and kiss girlfriend/wife, once in a while.
        Logged

        ChevyDieselPride

          Topic Starter


          Rookie

          Re: Downloaded something bad from Isohunt...
          « Reply #35 on: June 28, 2008, 09:17:16 PM »
          Quote from: Broni on June 28, 2008, 09:01:51 PM
          Your Malwarebytes log shows "No action taken" after each line. You either posted the log from before the scan, or you did something wrong.
          Please, repost.

          No reason for "bump". We're all volunteers here. We have to work, eat, sleep, take care of kids, and kiss girlfriend/wife, once in a while.

          I fixed the problems after i copied the log, ill re-run it and post it
          Logged

          Broni


            Mastermind
          • Kraków my love :)
            • Thanked: 614
            • Computer Help Forum
          • Computer: Specs
          • Experience: Experienced
          • OS: Windows 8
          Re: Downloaded something bad from Isohunt...
          « Reply #36 on: June 28, 2008, 09:27:50 PM »
          Sounds good.
          ...and after you post new Malwarebytes log, I'll need fresh HJT log.
          Logged

          ChevyDieselPride

            Topic Starter


            Rookie

            Re: Downloaded something bad from Isohunt...
            « Reply #37 on: June 28, 2008, 09:58:05 PM »
            Malware log:
            Said no malicious files found

            Malwarebytes' Anti-Malware 1.18
            Database version: 895

            8:57:05 PM 6/28/2008
            mbam-log-6-28-2008 (20-57-05).txt

            Scan type: Full Scan (C:\|)
            Objects scanned: 95408
            Time elapsed: 30 minute(s), 10 second(s)

            Memory Processes Infected: 0
            Memory Modules Infected: 0
            Registry Keys Infected: 0
            Registry Values Infected: 0
            Registry Data Items Infected: 0
            Folders Infected: 0
            Files Infected: 0

            Memory Processes Infected:
            (No malicious items detected)

            Memory Modules Infected:
            (No malicious items detected)

            Registry Keys Infected:
            (No malicious items detected)

            Registry Values Infected:
            (No malicious items detected)

            Registry Data Items Infected:
            (No malicious items detected)

            Folders Infected:
            (No malicious items detected)

            Files Infected:
            (No malicious items detected)
            Logged

            ChevyDieselPride

              Topic Starter


              Rookie

              Re: Downloaded something bad from Isohunt...
              « Reply #38 on: June 28, 2008, 09:59:03 PM »
              HJT LOG:

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 8:58:22 PM, on 6/28/2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16674)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\Program Files\Common Files\Virtual Token\vtserver.exe
              C:\WINDOWS\system32\ibmpmsvc.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
              C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\system32\IPSSVC.EXE
              C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
              C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\System32\svchost.exe
              C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
              C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
              C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\TPHDEXLG.EXE
              C:\WINDOWS\system32\TpKmpSVC.exe
              C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
              C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
              C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
              C:\WINDOWS\system32\TpShocks.exe
              C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
              C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
              C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
              C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
              C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
              C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
              C:\Program Files\ThinkVantage\AMSG\Amsg.exe
              C:\WINDOWS\system32\dla\tfswctrl.exe
              C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
              C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
              C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
              C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
              C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
              C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
              C:\Program Files\Unlocker\UnlockerAssistant.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Windows Media Player\WMPNSCFG.exe
              C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
              C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
              C:\Program Files\Digital Line Detect\DLG.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
              C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
              C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
              C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
              C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
              C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
              C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe
              C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.asu.edu/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
              O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
              O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
              O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
              O2 - BHO: (no name) - {A40C8CFE-B3A1-4431-B096-B8845A9BC573} - C:\WINDOWS\system32\yayyvuUn.dll (file missing)
              O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
              O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
              O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
              O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup
              O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
              O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
              O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
              O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
              O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
              O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
              O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
              O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
              O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
              O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
              O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
              O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
              O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
              O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
              O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
              O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
              O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
              O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
              O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
              O4 - HKCU\..\Run: [amsg] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
              O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
              O4 - Global Startup: Bluetooth.lnk = ?
              O4 - Global Startup: Digital Line Detect.lnk = ?
              O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
              O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
              O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
              O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
              O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
              O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O11 - Options group: [JAVA_IBM] Java (IBM)
              O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
              O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206561896640
              O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
              O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
              O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
              O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
              O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
              O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
              O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
              O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
              O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
              O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
              O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
              O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
              O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
              O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
              O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
              O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
              O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
              O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
              O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
              O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
              O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
              O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
              O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

              --
              End of file - 14408 bytes
              Logged

              Broni


                Mastermind
              • Kraków my love :)
                • Thanked: 614
                • Computer Help Forum
              • Computer: Specs
              • Experience: Experienced
              • OS: Windows 8
              Re: Downloaded something bad from Isohunt...
              « Reply #39 on: June 28, 2008, 10:06:09 PM »
              Is your Norton subscription current, and is it up to date? It seems like it's only partially running.
              Logged

              ChevyDieselPride

                Topic Starter


                Rookie

                Re: Downloaded something bad from Isohunt...
                « Reply #40 on: June 29, 2008, 03:42:12 PM »
                Yes its up to date and i dont know about the partially running. But ive been reading on here that yall suggest to use another anti virus like AVT8 or something along those lines. did the logs look ok? Is the computer still infected?
                Logged

                Broni


                  Mastermind
                • Kraków my love :)
                  • Thanked: 614
                  • Computer Help Forum
                • Computer: Specs
                • Experience: Experienced
                • OS: Windows 8
                Re: Downloaded something bad from Isohunt...
                « Reply #41 on: June 29, 2008, 08:50:58 PM »
                *** You need to update Java:
                http://java.sun.com/javase/downloads/index.jsp
                Java Runtime Environment (JRE) 6 Update 6
                Uninstall all previous versions of Java through Add\Remove.

                1. Print this post out, since you won't have an access to it, at some point.

                2. Close all windows, except for HijackThis.

                3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):

                - O2 - BHO: (no name) - {A40C8CFE-B3A1-4431-B096-B8845A9BC573} - C:\WINDOWS\system32\yayyvuUn.dll (file missing)
                - *O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                - *O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                - *O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                - *O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                - *O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                - *O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                - *O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                - *O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                - O4 - Global Startup: Bluetooth.lnk = ?
                - O4 - Global Startup: Digital Line Detect.lnk = ?
                - *O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                - O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present (checkmark this entry if you did not activate the 'Lock homepage from changes' option in some kind of anti-spyware tool)
                - *O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

                4. Click on Fix checked button.

                5. Restart computer.

                6. Post new HijackThis log.
                Logged

                ChevyDieselPride

                  Topic Starter


                  Rookie

                  Re: Downloaded something bad from Isohunt...
                  « Reply #42 on: June 30, 2008, 07:16:38 PM »
                  Got the new java and here the HJT:

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 6:14:25 PM, on 6/30/2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16674)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\Program Files\Common Files\Virtual Token\vtserver.exe
                  C:\WINDOWS\system32\ibmpmsvc.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
                  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\system32\IPSSVC.EXE
                  C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
                  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                  C:\Program Files\Bonjour\mDNSResponder.exe
                  C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
                  C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Java\jre6\bin\jqs.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
                  C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\TPHDEXLG.EXE
                  C:\WINDOWS\system32\TpKmpSVC.exe
                  C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
                  C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
                  C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
                  C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
                  C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
                  C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                  C:\WINDOWS\system32\TpShocks.exe
                  C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
                  C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
                  C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
                  C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
                  C:\Program Files\ThinkVantage\AMSG\Amsg.exe
                  C:\WINDOWS\system32\dla\tfswctrl.exe
                  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                  C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
                  C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
                  C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
                  C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
                  C:\WINDOWS\system32\rundll32.exe
                  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                  C:\Program Files\Unlocker\UnlockerAssistant.exe
                  C:\Program Files\Java\jre6\bin\jusched.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.asu.edu/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                  O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
                  O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
                  O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
                  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
                  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
                  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                  O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
                  O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
                  O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup
                  O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
                  O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
                  O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                  O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
                  O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
                  O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
                  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
                  O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                  O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                  O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
                  O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
                  O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
                  O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
                  O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
                  O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
                  O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
                  O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
                  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                  O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
                  O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
                  O4 - HKCU\..\Run: [amsg] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                  O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
                  O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
                  O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
                  O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
                  O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
                  O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206561896640
                  O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
                  O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
                  O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                  O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                  O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
                  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
                  O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
                  O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                  O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                  O23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
                  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
                  O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
                  O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
                  O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
                  O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
                  O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
                  O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
                  O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
                  O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
                  O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
                  O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
                  O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
                  O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
                  O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
                  O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

                  --
                  End of file - 13209 bytes
                  Logged

                  Broni


                    Mastermind
                  • Kraków my love :)
                    • Thanked: 614
                    • Computer Help Forum
                  • Computer: Specs
                  • Experience: Experienced
                  • OS: Windows 8
                  Re: Downloaded something bad from Isohunt...
                  « Reply #43 on: June 30, 2008, 10:39:17 PM »
                  Your computer is clean

                  1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
                  Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html.
                  Run CCleaner.

                  2. Turn off System Restore:

                  - Windows XP:
                     1. Click Start.
                     2. Right-click the My Computer icon, and then click Properties.
                     3. Click the System Restore tab.
                     4. Check "Turn off System Restore".
                     5. Click Apply.   
                     6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
                     7. Click OK.
                  - Windows Vista:
                     1. Click Start.
                     2. Right-click the Computer icon, and then click Properties.
                     3. Click on System Protection under the Tasks column on the left side
                     4. Click on Continue on the "User Account Control" window that pops up
                     5. Under the System Protection tab, find Available Disks
                     6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
                     7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
                     8. Click OK

                  3. Restart computer.

                  4. Turn System Restore on.

                  5. (optional) Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against malwares. It won't interfere with your antivirus program

                  6. Read "So how did I get infected in the first place?": http://www.castlecops.com/postlite7736-.html

                  7. Let me know, how your computer is doing.
                  Logged
                  Pages: 1 2 [3]  All   Go Up
                  « previous next »