• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Janusthe1337

Trojan attack, popup ads, please help.

3 posts in this topic

Somewhere along the way yesterday i picked up a virus, and it seems to be taking over my system. I get popups on IE, and get redirected to popup sites on Firefox at seemingly random intervals. Also userinit.exe seems to encounter errors and is forced to close. My computer is running MUCH slower than normal, as i use a high end computer, and everything takes at least 10 seconds to load.

 

Ill post my Hijackthis! log, please help me get rid of whatever this is.

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 3:21:56 PM, on 5/22/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\retadpu1000272.exe

C:\Program Files\AIM\aim.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\ADMINI~1\APPLIC~1\DOBE~1\winspool.exe

C:\WINDOWS\system32\?asks\??erinit.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1AE9E612-4068-4AC4-840A-9CBDF226A28F} - C:\WINDOWS\system32\awtqq.dll

O2 - BHO: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\system32\winload.dll

O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\3.bin\MORPHBAR.DLL

O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\xlbtaxli.dll (file missing)

O2 - BHO: BandBHO Class - {6CA1C00B-90FC-4F3E-911F-95306ABA49AA} - C:\Program Files\AdSponsorOI\AdSponsorOI.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {A1F5BF91-2BAE-400E-B5CC-C96427AB099E} - C:\WINDOWS\system32\nnnllih.dll

O2 - BHO: (no name) - {C55F1633-DE8B-8976-DD7B-83ADDFBC729C} - C:\WINDOWS\system32\bjar.dll

O2 - BHO: (no name) - {EE2E3F18-5466-486F-97EC-4DE58C72ED92} - C:\WINDOWS\system32\apsxwasa.dll (file missing)

O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\3.bin\MORPHBAR.DLL

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\vbhlcfxf.dll",realset

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

O4 - HKLM\..\Run: [sManager] smanager.7.exe

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvaz.dll,startup

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [srow] "C:\DOCUME~1\ADMINI~1\APPLIC~1\DOBE~1\winspool.exe" -vt yazb

O4 - HKCU\..\Run: [Luhpvkbi] C:\WINDOWS\system32\?asks\??erinit.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab

O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll

O20 - Winlogon Notify: nnnllih - C:\WINDOWS\SYSTEM32\nnnllih.dll

O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\system32\winload.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Neth - Unknown owner - C:\WINDOWS\system32\netid.exe (file missing)

 

--

End of file - 7678 bytes

 

Edited because i realized i force quitted a few things that are iffy, which are in bold. Thanks again for the help :x.

Edited by Janusthe1337

Share this post


Link to post
Share on other sites

Nevermind, after following the instructions on some other topics from earlier that were similar, it seems to have fixed the problem. Thanks for the great advice :)

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0