popup website and virtumonde

Status
Not open for further replies.
F

fangmuzhou

New member
My daughter's computer has a lot popup website windows and spybot found a virtumonde (pmkhf.dll). I tried two days to remove it and it doesn't work. Any ideas on how to remove this?

The current HijackThis log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:54 PM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DellNSCST] "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\jxgxbgox.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 7049 bytes
 
The CombFix log is as follows:

ComboFix 07-08-14.4 - "Bin Zhou" 2007-08-18 16:56:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.257 [GMT -4:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\inymfcmt.dll


((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))


2007-08-18 15:35 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 13:55 17 --a------ C:\WINDOWS\system32\pmkhfbad.dll
2007-08-18 13:22 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-18 12:28 <DIR> d-------- C:\Program Files\Windows Defender
2007-08-18 11:50 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-08-18 00:17 298,080 --------- C:\WINDOWS\system32\pmkhf.dll
2007-08-18 00:10 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-08-17 23:45 215,144 --a------ C:\WINDOWS\pw32a.dll
2007-08-17 23:31 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-17 23:20 374,752 --a------ C:\WINDOWS\system32\WUSBGXP.sys
2007-08-17 23:20 339,488 --a------ C:\WINDOWS\system32\WUSB20XP.sys
2007-08-17 23:20 245,376 --a------ C:\WINDOWS\system32\rt2500usb.sys
2007-08-17 23:20 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-08-17 23:20 <DIR> d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2007-08-17 22:58 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2007-08-17 22:58 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2007-08-17 22:57 <DIR> d-------- C:\Linksys Driver
2007-08-17 21:26 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-08-17 21:19 <DIR> d-------- C:\Program Files\Norton SystemWorks Premier
2007-08-17 21:17 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-17 21:17 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-17 21:16 <DIR> d-------- C:\Program Files\Symantec
2007-08-17 18:54 929,792 --a------ C:\WINDOWS\system32\AegisE5.dll
2007-08-17 18:54 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2007-08-17 18:54 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-08-17 16:41 <DIR> d-------- C:\WINDOWS\pss
2007-08-14 12:20 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-08-04 09:29 <DIR> d-------- C:\Program Files\Common Files\Μ?crosoft.NET
2007-08-04 07:13 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-29 16:27 <DIR> d-------- C:\WINDOWS\system32\sуstem32
2007-07-28 12:09 <DIR> d-------- C:\WINDOWS\CSC
2007-07-18 12:04 <DIR> d-------- C:\Program Files\sуmbols


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-18 17:04 1598199 ---hs---- C:\WINDOWS\system32\fhkmp.bak1
2007-08-18 16:19 --------- d-------- C:\Program Files\Trend Micro
2007-08-18 13:35 --------- d-------- C:\DOCUME~1\BINZHO~1\APPLIC~1\U3
2007-08-18 13:08 --------- d-------- C:\Program Files\Dell
2007-08-17 23:47 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-17 23:46 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-08-17 23:46 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-17 23:32 --------- d-------- C:\DOCUME~1\BINZHO~1\APPLIC~1\Lavasoft
2007-08-17 23:20 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-17 18:34 --------- d-------- C:\Program Files\Fοnts
2007-08-17 16:37 --------- dr-h----- C:\DOCUME~1\BINZHO~1\APPLIC~1\yahoo!
2007-08-17 16:27 --------- d-------- C:\DOCUME~1\BINZHO~1\APPLIC~1\Symantec
2007-08-09 18:20 --------- d-------- C:\DOCUME~1\BINZHO~1\APPLIC~1\AdobeUM
2007-08-04 09:29 --------- d-------- C:\Program Files\sуmbols
2007-07-19 02:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-18 12:22 --------- d-------- C:\DOCUME~1\BINZHO~1\APPLIC~1\Google
2007-07-15 23:03 246 --a------ C:\Program Files\Common Files\quza
2007-07-13 10:11 --------- d-------- C:\Program Files\FlashGet
2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-08 10:20 --------- d-------- C:\Program Files\The Learning Company
2007-06-27 10:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 10:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 10:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 10:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 10:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 10:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 10:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 10:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 10:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 10:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 10:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 10:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 10:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 10:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 10:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 10:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 10:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 10:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 10:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 04:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 04:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 04:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 03:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\explorer.exe
2006-03-19 09:23 774144 --a------ C:\Program Files\RngInterstitial.dll
2007-04-15 21:01:40 56 --sh--r C:\WINDOWS\system32\BDB461D170.sys
2007-04-15 21:01:43 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E9FB129-16A2-4269-9A90-E9F0E5944BAC}]
2007-08-18 00:17 298080 --------- C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FDF8CE1-645B-1A89-2976-3AB67A49F0B2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{436B6A85-823C-FBEC-4915-8C8DC9258FBE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{463D3A83-D93A-FFB8-4B15-8C8DC92581B9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D33A66-2283-42F0-93F8-ADCC610521E8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 16:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 22:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 22:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 22:50]
"DellNSCST"="C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" [2004-11-12 16:00]
"NWEReboot"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-27 23:38]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 19:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SpyHunter"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhf]
C:\WINDOWS\system32\pmkhf.dll 2007-08-18 00:17 298080 C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cqc]
C:\WINDOWS\Оracle\?ervices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton AntiVirus\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestTrap]
C:\Program Files\PestTrap\PestTrap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\poolsv]
"C:\WINDOWS\poolsv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scoywx]
"C:\Program Files\sуmbols\wоwexec.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\mwxfbjih.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uaol]
"C:\PROGRA~1\Fοnts\notepad.exe" -vt yazb

R2 WUSB54Gv42SVC;WUSB54Gv42SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe"
R3 NPDriver;Norton UnErase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
S3 SDdriver;SDdriver;\??\C:\WINDOWS\system32\Drivers\sddriver.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08246e10-4b00-11db-ab03-00121776a0a9}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08246e14-4b00-11db-ab03-00121776a0a9}]
AutoRun\command- E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{760f330c-526b-11db-ab08-811dd405a3ca}]
AutoRun\command- E:\setupSNK.exe

*Newly Created Service* - GTNDIS5

Contents of the 'Scheduled Tasks' folder
2007-08-18 20:40:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-08-18 02:24:31 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Bin Zhou.job - C:\PROGRA~1\NORTON~2\Navw32.exe
2007-08-18 01:20:16 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 17:03:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.tmp

scan completed successfully
hidden files: 2

**************************************************************************

Completion time: 2007-08-18 17:05:40 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-18 17:05
C:\ComboFix2.txt ... 2007-08-18 15:49

--- E O F ---

Thank you.
 
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

I suggest you read the Pinned information at the top of the forum, then if you still have issues, start with a fresh HJT log and a description of them. I am also interested in any error messages you receive "word for word"

Please view this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\j2re1.4.2_03\ <<< BADLY out of date and likely the reason you are infected. Download the newest version and uninstall all old versions in Add Remove Programs before you post.

Thanks
 
No response in a week, topic is closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks
 
Status
Not open for further replies.
Back
Top