• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
PenguinWars

Need help removing adware/malware/spyware

3 posts in this topic

Hi, I tried SDfix and I still can't get rid of these popups and trojan attempts. I think it's those BHO's with the weird titles but Hijackthis just cant get rid of them.

 

Here's the log:

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Michael\Desktop\Firefox Downloads\HiJackThis_v2.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Outlook Express\msimn.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\bwmegbgm.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\mljhigf.dll

O2 - BHO: (no name) - {432A09A3-8134-4B6C-9EB9-04C4A12ED7EB} - C:\WINDOWS\system32\gebyy.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [symLnch] C:\DOCUME~1\Gene\LOCALS~1\Temp\LnchStub.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab

O20 - Winlogon Notify: gebyy - C:\WINDOWS\system32\gebyy.dll

O20 - Winlogon Notify: mljhigf - C:\WINDOWS\SYSTEM32\mljhigf.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 11555 bytes

 

 

 

Thanks a ton for helping!

Share this post


Link to post
Share on other sites

Well, I think I got it with ComboFix. Great program.

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program Files\Common Files\Yazzle1281OinAdmin.exe

C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe

C:\WINDOWS\system32\bszip.dll

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-03-21 to 2007-04-21 ))))))))))))))))))))))))))))))))))

 

 

2007-04-20 23:28 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2007-04-20 16:45 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2007-04-20 16:41 <DIR> d-------- C:\temp\HP_WebRelease

2007-04-20 15:58 <DIR> d-------- C:\Program Files\Windows Defender

2007-04-20 15:30 <DIR> d-------- C:\Program Files\Security Task Manager

2007-04-20 15:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan

2007-04-19 22:10 43,602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe

2007-04-19 20:13 <DIR> d-------- C:\Program Files\xloadnet

2007-04-18 14:25 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\Symantec

2007-04-10 15:40 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys

2007-04-10 14:17 <DIR> d-------- C:\Program Files\DellSupport

2007-04-01 17:25 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2007-04-01 17:25 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-04-01 17:25 <DIR> d-------- C:\Program Files\Norton 360

2007-04-01 17:23 <DIR> d-------- C:\Program Files\Symantec

2007-03-28 21:29 <DIR> d-------- C:\Program Files\Bodog Poker

2007-03-25 11:52 <DIR> d--h----- C:\DOCUME~1\Jenn\APPLIC~1\Move Networks

2007-03-23 14:07 <DIR> d-------- C:\Program Files\iTunes

2007-03-23 14:07 <DIR> d-------- C:\Program Files\iPod

2007-03-23 14:06 <DIR> d-------- C:\Program Files\Apple Software Update

2007-03-21 17:49 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-04-20 23:29 -------- d-------- C:\Program Files\Common Files\symantec shared

2007-04-19 22:10 837 --a------ C:\DOCUME~1\Michael\APPLIC~1\autogk.ini

2007-04-19 22:10 -------- d-------- C:\Program Files\gabest

2007-04-19 22:10 -------- d-------- C:\Program Files\avisynth 2.5

2007-04-19 22:10 -------- d-------- C:\Program Files\autogk

2007-04-15 14:33 -------- d-------- C:\Program Files\turbotax

2007-04-11 06:42 -------- d--h----- C:\DOCUME~1\Michael\APPLIC~1\gtek

2007-03-30 16:44 186520 --a------ C:\WINDOWS\system32\symnppwa.dll

2007-03-21 21:03 1969 --a------ C:\DOCUME~1\Michael\APPLIC~1\hpcom_48bitscanupdate.log

2007-03-18 16:40 -------- d-------- C:\Program Files\ecco

2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll

2007-03-14 15:15 -------- d-------- C:\Program Files\bittorrent

2007-03-11 23:40 -------- d-------- C:\Program Files\audioconverter studio

2007-03-11 17:29 -------- d-------- C:\Program Files\quicktime

2007-03-10 15:42 -------- d-------- C:\Program Files\eraser

2007-03-10 15:42 -------- d-------- C:\DOCUME~1\Michael\APPLIC~1\real

2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll

2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll

2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll

2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys

2007-03-03 13:26 -------- d--h----- C:\Program Files\installshield installation information

2007-03-03 13:26 -------- d-------- C:\Program Files\itsdeductible2006

2007-03-01 00:03 -------- d-------- C:\DOCUME~1\Michael\APPLIC~1\viewpoint

2007-02-25 12:10 5376 --a-s---- C:\WINDOWS\system32\drivers\dsunidrv.sys

2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll

2007-02-01 00:56 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2007-02-01 00:56 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2007-02-01 00:56 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2007-02-01 00:56 639066 --a------ C:\WINDOWS\system32\divx.dll

2007-01-31 17:27 524288 --a------ C:\WINDOWS\system32\divxsm.exe

2007-01-30 19:15 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe

2007-01-30 01:03 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-01-30 01:03 200704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-01-30 01:03 129784 --------- C:\WINDOWS\system32\pxafs.dll

2007-01-30 01:03 118520 --------- C:\WINDOWS\system32\pxinsi64.exe

2007-01-30 01:03 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe

2007-01-30 01:03 1044480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-01-30 00:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-01-30 00:56 593920 --a------ C:\WINDOWS\system32\dpugui11.dll

2007-01-30 00:56 57344 --a------ C:\WINDOWS\system32\dpv11.dll

2007-01-30 00:56 53248 --a------ C:\WINDOWS\system32\dpugui10.dll

2007-01-30 00:56 344064 --a------ C:\WINDOWS\system32\dpus11.dll

2007-01-30 00:56 294912 --a------ C:\WINDOWS\system32\dpu11.dll

2007-01-30 00:56 294912 --a------ C:\WINDOWS\system32\dpu10.dll

2007-01-30 00:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

{1E8A6170-7264-4D0F-BEAE-D42A53123C75} C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\System32\DLA\DLASHX_W.DLL

{AE7CD045-E861-484f-8273-0445EE161910} C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

{CA6319C0-31B7-401E-A518-A07C3DB8F777} c:\Program Files\BAE\BAE.dll [x]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"

"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"

"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"

"SigmatelSysTrayApp"="stsystra.exe"

"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"

"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"

"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""

"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""

"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""

"nwiz"="nwiz.exe /install"

"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"

"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"SymLnch"="C:\\DOCUME~1\\Gene\\LOCALS~1\\Temp\\LnchStub.exe"

"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""

"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"

"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Acrobat\\AdobeUpdateManager.exe\" AcPro7_0_8 -reboot 1"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

 

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c103306-35e9-11db-af6b-001372c7d369}]

Shell\AutoRun\command F:\setupSNK.exe

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

 

********************************************************************

 

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

********************************************************************

 

Completion time: 07-04-21 0:15:32 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 07-04-21 00:15

 

 

 

 

 

 

 

Heres the new Hijackthis log:

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Program Files\Symantec\LiveUpdate\luall.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0