We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Virus, Trojan, spyware, or malware...please help

Tokenfreak
Tokenfreak Posts: 8 Forumite
in Techie Stuff
Hello
I really need some help. Here are my problems.

* Popups redirecting to "antispyware" sites
* Fake "virus detected" popups and system tray notice, redirecting to same sites
* Changed desktop background, using files in C:\Windows\privacy_danger\
* Attempts to change IE home page to softwarereferral.com or similar
*Trojan.w32.looksky keeps poping up


Here is what I have done to try to clean it. Nothing has completely worked so far.

* Ran Norton Antivirus full scan
* Ran xoftspyse
* Ran AdAware full scan
* Ran Spybot Search and Destroy full scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:00 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.homepressway.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.homepressway.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: IE7pro - !!00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7Pro.dll
O2 - BHO: IDM Helper - !!0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - !!02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - !!1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - !!6902F36D-E8DE-4F58-9A64-5B68B888130D} - (no file)
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MSVPS System - !!7AF59C20-A1D8-4C1C-927A-99DD9F2A9E0B} - C:\WINDOWS\duocore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Adobe PDF - !!47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - !!90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7pro Preferences - !!0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - !!0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - !!77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - !!77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-6.9.1.38/hangman/hangman-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.9.3.29/tumbee2/tumbee2-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.9.1.38/wordwhomp2/whomp2-en_US.cab
O16 - DPF: !!406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: !!5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: !!8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)
O21 - SSODL: wmpconf - !!765E8C41-9263-4DF6-9AB9-905997878364} - C:\WINDOWS\wmpconf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\symantec\liveupdate\LuComServer_3_2.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11998 bytes
«1

Comments

  • Tokenfreak
    Tokenfreak Posts: 8 Forumite
    Can someone please help me? I have try everything. Thanks a lot!!
  • Donnie
    Donnie Posts: 9,862 Forumite
    I would certainly fix all of the R entries.
  • Tokenfreak
    Tokenfreak Posts: 8 Forumite
    Donnie wrote: »
    I would certainly fix all of the R entries.

    I fixed them all but 1 just keeps coming back everytime...heres my log now..

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:15:46 PM, on 8/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WhatPulse\WhatPulse.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    O2 - BHO: IE7pro - !!00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7Pro.dll
    O2 - BHO: IDM Helper - !!0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Yahoo! Toolbar Helper - !!02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - !!1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - !!6902F36D-E8DE-4F58-9A64-5B68B888130D} - (no file)
    O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: MSVPS System - !!7AF59C20-A1D8-4C1C-927A-99DD9F2A9E0B} - C:\WINDOWS\duocore.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: Adobe PDF - !!47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Show Norton Toolbar - !!90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WhatPulse] "C:\Program Files\WhatPulse\WhatPulse.exe"
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: IE7pro Preferences - !!0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll
    O9 - Extra 'Tools' menuitem: IE7pro Preferences - !!0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll
    O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Send to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash2X Flash Hunter - !!77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
    O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - !!77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
    O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-6.9.1.38/hangman/hangman-en_US.cab
    O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.9.3.29/tumbee2/tumbee2-en_US.cab
    O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.9.1.38/wordwhomp2/whomp2-en_US.cab
    O16 - DPF: !!406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: !!5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: !!8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)
    O21 - SSODL: wmpconf - !!765E8C41-9263-4DF6-9AB9-905997878364} - C:\WINDOWS\wmpconf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\symantec\liveupdate\LuComServer_3_2.exe
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 11758 bytes
  • Tokenfreak
    Tokenfreak Posts: 8 Forumite
    I see where some people on the net has posted their combo fix log so heres mine please help:

    ComboFix 07-08-09.3 - "Owner" 2007-08-13 21:18:41.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.112 [GMT -4:00]


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Owner\Desktop.\Spyware&Malware Protection.url
    C:\DOCUME~1\Owner\Desktop\Error Cleaner.url
    C:\DOCUME~1\Owner\Desktop\Privacy Protector.url
    C:\DOCUME~1\Owner\FAVORI~1.\Error Cleaner.url
    C:\DOCUME~1\Owner\FAVORI~1.\Privacy Protector.url
    C:\DOCUME~1\Owner\FAVORI~1.\Spyware&Malware Protection.url
    C:\WINDOWS\dat.txt


    ((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))


    2007-08-13 14:17 <DIR> d
    C:\DOCUME~1\Owner\.housecall6.6
    2007-08-11 10:10 51,200 --a
    C:\WINDOWS\nircmd.exe
    2007-08-10 17:45 <DIR> d
    C:\Program Files\Trend Micro
    2007-08-10 17:15 2,868 --a
    C:\WINDOWS\system32\tmp.reg
    2007-08-10 16:24 <DIR> d
    C:\Program Files\Lavasoft
    2007-08-10 16:24 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-08-10 16:23 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-09 17:56 <DIR> d
    C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
    2007-08-09 17:54 786,432 --ah
    C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-08-09 17:36 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-09 17:30 <DIR> d
    C:\Program Files\XoftSpySE
    2007-08-08 12:15 221,184 --a
    C:\WINDOWS\wmpconf.dll
    2007-08-08 12:15 188,416 --a
    C:\WINDOWS\duocore.dll
    2007-08-01 17:38 25,544 --a
    C:\WINDOWS\system32\drivers\ElbyCDIO.sys
    2007-08-01 13:29 <DIR> d
    C:\Program Files\Google
    2007-07-31 16:24 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MPK
    2007-07-31 09:21 96,704 --a
    C:\WINDOWS\system32\drivers\AnyDVD.sys
    2007-07-22 21:25 <DIR> d
    C:\DOCUME~1\Owner\APPLIC~1\My Games
    2007-07-22 20:18 <DIR> d
    C:\Program Files\Firaxis Games
    2007-07-20 07:32 93,128 --a
    C:\WINDOWS\system32\ElbyCDIO.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-13 21:02
    d
    C:\DOCUME~1\Owner\APPLIC~1\DMCache
    2007-08-13 17:58
    d
    C:\DOCUME~1\Owner\APPLIC~1\Azureus
    2007-08-11 15:08
    d
    C:\Program Files\Common Files\Symantec Shared
    2007-08-02 21:48
    d
    C:\Program Files\SlySoft
    2007-08-02 21:31
    d
    C:\Program Files\Elaborate Bytes
    2007-08-01 20:45
    d
    C:\DOCUME~1\Owner\APPLIC~1\U3
    2007-07-31 20:02
    d
    C:\DOCUME~1\Owner\APPLIC~1\IDM
    2007-07-28 11:13
    d--h
    C:\Program Files\InstallShield Installation Information
    2007-07-23 22:03
    d
    C:\Program Files\MySpace
    2007-07-19 21:11
    d
    C:\Program Files\Azureus
    2007-07-17 12:21 186256 --a
    C:\WINDOWS\system32\SymNPPWA.dll
    2007-07-16 21:40
    d
    C:\Program Files\Cheat Engine
    2007-07-12 16:45
    d
    C:\Program Files\NoteBurner
    2007-07-11 21:16
    d
    C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
    2007-07-11 17:12
    d
    C:\Program Files\Rhapsody
    2007-07-11 17:10
    d
    C:\Program Files\Common Files\Real
    2007-07-11 17:07 8413 --a
    C:\WINDOWS\system32\drivers\mcstrm.sys
    2007-07-11 17:07
    d
    C:\DOCUME~1\Owner\APPLIC~1\Real
    2007-07-11 17:06
    d
    C:\Program Files\Real
    2007-07-08 10:23
    d
    C:\Program Files\iTunes
    2007-07-08 10:23
    d
    C:\Program Files\iPod
    2007-07-08 10:21
    d
    C:\Program Files\QuickTime Alternative
    2007-07-08 10:20
    d
    C:\Program Files\Common Files\Apple
    2007-07-01 22:09
    d
    C:\DOCUME~1\Owner\APPLIC~1\MySpace
    2007-06-25 20:24 34308 --a
    C:\WINDOWS\system32\Chip.dll
    2007-06-22 18:15 22768 --a
    C:\WINDOWS\system32\drivers\usbsermpt.sys
    2007-06-22 09:54 99904 --a
    C:\WINDOWS\system32\drivers\AnyDVD.sys.bak
    2007-06-21 18:43
    d--h
    C:\DOCUME~1\Owner\APPLIC~1\Move Networks
    2007-06-19 19:28
    d
    C:\DOCUME~1\Owner\APPLIC~1\Smith Micro
    2007-06-16 08:43
    d
    C:\Program Files\Trillian Pro
    2007-05-22 19:14 8784 --a
    C:\WINDOWS\system32\ractrlkeyhook.dll
    2007-05-16 11:12 86528
    c--- C:\WINDOWS\system32\dllcache\directdb.dll
    2007-05-16 11:12 85504
    c--- C:\WINDOWS\system32\dllcache\wabimp.dll
    2007-05-16 11:12 683520 --a
    C:\WINDOWS\system32\inetcomm.dll
    2007-05-16 11:12 683520
    c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-05-16 11:12 510976
    c--- C:\WINDOWS\system32\dllcache\wab32.dll
    2007-05-16 11:12 1314816
    c--- C:\WINDOWS\system32\dllcache\msoe.dll
    2007-03-16 16:45 87608 --a
    C:\DOCUME~1\Owner\APPLIC~1\ezpinst.exe
    2007-03-16 16:45 47360 --a
    C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
    2007-01-21 10:35 774144 --a
    C:\Program Files\RngInterstitial.dll
    2006-10-22 17:39:52 88 --sh--r C:\WINDOWS\system32\C1844EF3C9.sys
    2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-03-07 02:44:25 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\!!6902F36D-E8DE-4F58-9A64-5B68B888130D}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\!!7AF59C20-A1D8-4C1C-927A-99DD9F2A9E0B}]
    2007-08-07 13:43 188416 --a
    C:\WINDOWS\duocore.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
    "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-04-27 09:41]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25]
    "NWEReboot"="" []
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32]
    "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-11-11 18:30]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 07:59]
    "AgataSoft ShutDown Pro"="" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
    "WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 13:48]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-05-29 13:59]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"=Narrator.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "wmpconf"= !!765E8C41-9263-4DF6-9AB9-905997878364} - C:\WINDOWS\wmpconf.dll [2007-08-07 13:43 221184]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuqw32]
    winuqw32.dll

    R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys
    R3 ElbyCDFL;ElbyCDFL;C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
    R3 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
    S3 bvrp_pci;bvrp_pci;\??\C:\WINDOWS\System32\drivers\bvrp_pci.sys
    S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
    S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
    S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR
    S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys
    S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR
    S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS
    S3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
    S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
    S3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!6db28faf-8fc3-11db-884e-000cf1f9a6eb}]
    AutoRun\command- H:\LaunchU3.exe -a

    *Newly Created Service* - COMHOST

    Contents of the 'Scheduled Tasks' folder
    2007-07-28 18:04:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    2007-08-09 01:06:34 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
    2007-08-14 01:01:50 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
    2007-08-09 21:30:30 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-13 21:22:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-13 21:23:15
    C:\ComboFix-quarantined-files.txt ... 2007-08-13 21:22
    C:\ComboFix2.txt ... 2007-08-11 10:16

    --- E O F ---
  • Donnie
    Donnie Posts: 9,862 Forumite
    Have you changed your Start page by going in to 'Tools' and 'Options'?
  • Tokenfreak
    Tokenfreak Posts: 8 Forumite
    Donnie wrote: »
    Have you changed your Start page by going in to 'Tools' and 'Options'?

    Just did and It worked wow...I think everything is fixed now...Thanks so much...I will let you know if something else goes wrong.
  • Tokenfreak
    Tokenfreak Posts: 8 Forumite
    Please help everything is back and even worst.
  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    Post a new hijack log and download combofix again, they update it a lot , and post that log too
  • Tokenfreak
    Tokenfreak Posts: 8 Forumite
    Hijack Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:38:35 AM, on 8/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\WhatPulse\WhatPulse.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.homepressway.com
    O2 - BHO: IE7pro - !!00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7Pro.dll
    O2 - BHO: IDM Helper - !!0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Yahoo! Toolbar Helper - !!02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - !!1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: MSVPS System - !!47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
    O2 - BHO: (no name) - !!6902F36D-E8DE-4F58-9A64-5B68B888130D} - (no file)
    O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: MSVPS System - !!7AF59C20-A1D8-4C1C-927A-99DD9F2A9E0B} - C:\WINDOWS\duocore.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: Adobe PDF - !!47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Show Norton Toolbar - !!90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WhatPulse] "C:\Program Files\WhatPulse\WhatPulse.exe"
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: IE7pro Preferences - !!0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll
    O9 - Extra 'Tools' menuitem: IE7pro Preferences - !!0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll
    O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Send to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash2X Flash Hunter - !!77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
    O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - !!77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
    O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-6.9.1.38/hangman/hangman-en_US.cab
    O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.9.3.29/tumbee2/tumbee2-en_US.cab
    O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.9.1.38/wordwhomp2/whomp2-en_US.cab
    O16 - DPF: !!406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: !!5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: !!8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)
    O21 - SSODL: wmpenv - {C6B6BF35-55CD-4873-A280-F3F1364B74B2} - C:\WINDOWS\wmpenv.dll
    O21 - SSODL: wmpconf - !!6C43E4D5-CADD-45C4-BAA5-1A44B37FF43B} - C:\WINDOWS\wmpconf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\symantec\liveupdate\LuComServer_3_2.exe
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 12051 bytes
  • Tokenfreak
    Tokenfreak Posts: 8 Forumite
    ComboFix 07-08-14.4 - "Owner" 2007-08-14 8:42:27.5 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.165 [GMT -4:00]


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Owner\Desktop.\Spyware&Malware Protection.url
    C:\DOCUME~1\Owner\Desktop\Error Cleaner.url
    C:\DOCUME~1\Owner\Desktop\Privacy Protector.url
    C:\DOCUME~1\Owner\FAVORI~1.\Error Cleaner.url
    C:\DOCUME~1\Owner\FAVORI~1.\Privacy Protector.url
    C:\DOCUME~1\Owner\FAVORI~1.\Spyware&Malware Protection.url
    C:\WINDOWS\dat.txt
    C:\WINDOWS\duocore.dll
    C:\WINDOWS\privacy_danger
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\index.htm
    C:\WINDOWS\wmpconf.dll
    C:\WINDOWS\wmpenv.dll


    ((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))


    2007-08-13 14:17 <DIR> d
    C:\DOCUME~1\Owner\.housecall6.6
    2007-08-11 10:10 51,200 --a
    C:\WINDOWS\nircmd.exe
    2007-08-10 17:45 <DIR> d
    C:\Program Files\Trend Micro
    2007-08-10 17:15 2,868 --a
    C:\WINDOWS\system32\tmp.reg
    2007-08-10 16:24 <DIR> d
    C:\Program Files\Lavasoft
    2007-08-10 16:24 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-08-10 16:23 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-09 17:56 <DIR> d
    C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
    2007-08-09 17:54 786,432 --ah
    C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-08-09 17:36 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-09 17:30 <DIR> d
    C:\Program Files\XoftSpySE
    2007-08-01 17:38 25,544 --a
    C:\WINDOWS\system32\drivers\ElbyCDIO.sys
    2007-08-01 13:29 <DIR> d
    C:\Program Files\Google
    2007-07-31 16:24 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MPK
    2007-07-31 09:21 96,704 --a
    C:\WINDOWS\system32\drivers\AnyDVD.sys
    2007-07-22 21:25 <DIR> d
    C:\DOCUME~1\Owner\APPLIC~1\My Games
    2007-07-22 20:18 <DIR> d
    C:\Program Files\Firaxis Games
    2007-07-20 07:32 93,128 --a
    C:\WINDOWS\system32\ElbyCDIO.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-14 08:41
    d
    C:\DOCUME~1\Owner\APPLIC~1\DMCache
    2007-08-13 17:58
    d
    C:\DOCUME~1\Owner\APPLIC~1\Azureus
    2007-08-11 15:08
    d
    C:\Program Files\Common Files\Symantec Shared
    2007-08-02 21:48
    d
    C:\Program Files\SlySoft
    2007-08-02 21:31
    d
    C:\Program Files\Elaborate Bytes
    2007-08-01 20:45
    d
    C:\DOCUME~1\Owner\APPLIC~1\U3
    2007-07-31 20:02
    d
    C:\DOCUME~1\Owner\APPLIC~1\IDM
    2007-07-28 11:13
    d--h
    C:\Program Files\InstallShield Installation Information
    2007-07-23 22:03
    d
    C:\Program Files\MySpace
    2007-07-19 21:11
    d
    C:\Program Files\Azureus
    2007-07-17 12:21 186256 --a
    C:\WINDOWS\system32\SymNPPWA.dll
    2007-07-16 21:40
    d
    C:\Program Files\Cheat Engine
    2007-07-12 16:45
    d
    C:\Program Files\NoteBurner
    2007-07-11 21:16
    d
    C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
    2007-07-11 17:12
    d
    C:\Program Files\Rhapsody
    2007-07-11 17:10
    d
    C:\Program Files\Common Files\Real
    2007-07-11 17:07 8413 --a
    C:\WINDOWS\system32\drivers\mcstrm.sys
    2007-07-11 17:07
    d
    C:\DOCUME~1\Owner\APPLIC~1\Real
    2007-07-11 17:06
    d
    C:\Program Files\Real
    2007-07-08 10:23
    d
    C:\Program Files\iTunes
    2007-07-08 10:23
    d
    C:\Program Files\iPod
    2007-07-08 10:21
    d
    C:\Program Files\QuickTime Alternative
    2007-07-08 10:20
    d
    C:\Program Files\Common Files\Apple
    2007-07-01 22:09
    d
    C:\DOCUME~1\Owner\APPLIC~1\MySpace
    2007-06-25 20:24 34308 --a
    C:\WINDOWS\system32\Chip.dll
    2007-06-22 18:15 22768 --a
    C:\WINDOWS\system32\drivers\usbsermpt.sys
    2007-06-22 09:54 99904 --a
    C:\WINDOWS\system32\drivers\AnyDVD.sys.bak
    2007-06-21 18:43
    d--h
    C:\DOCUME~1\Owner\APPLIC~1\Move Networks
    2007-06-19 19:28
    d
    C:\DOCUME~1\Owner\APPLIC~1\Smith Micro
    2007-06-16 08:43
    d
    C:\Program Files\Trillian Pro
    2007-05-22 19:14 8784 --a
    C:\WINDOWS\system32\ractrlkeyhook.dll
    2007-05-16 11:12 86528
    c--- C:\WINDOWS\system32\dllcache\directdb.dll
    2007-05-16 11:12 85504
    c--- C:\WINDOWS\system32\dllcache\wabimp.dll
    2007-05-16 11:12 683520 --a
    C:\WINDOWS\system32\inetcomm.dll
    2007-05-16 11:12 683520
    c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-05-16 11:12 510976
    c--- C:\WINDOWS\system32\dllcache\wab32.dll
    2007-05-16 11:12 1314816
    c--- C:\WINDOWS\system32\dllcache\msoe.dll
    2007-03-16 16:45 87608 --a
    C:\DOCUME~1\Owner\APPLIC~1\ezpinst.exe
    2007-03-16 16:45 47360 --a
    C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
    2007-01-21 10:35 774144 --a
    C:\Program Files\RngInterstitial.dll
    2006-10-22 17:39:52 88 --sh--r C:\WINDOWS\system32\C1844EF3C9.sys
    2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-03-07 02:44:25 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\!!6902F36D-E8DE-4F58-9A64-5B68B888130D}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
    "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-04-27 09:41]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25]
    "NWEReboot"="" []
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32]
    "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-11-11 18:30]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 07:59]
    "AgataSoft ShutDown Pro"="" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
    "WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 13:48]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-05-29 13:59]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"=Narrator.exe

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= file:///C:\WINDOWS\privacy_danger\index.htm
    FriendlyName= Privacy Protection

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuqw32]
    winuqw32.dll

    R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys
    S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
    S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
    S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys
    S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!6db28faf-8fc3-11db-884e-000cf1f9a6eb}]
    AutoRun\command- H:\LaunchU3.exe -a

    *Newly Created Service* - COMHOST

    Contents of the 'Scheduled Tasks' folder
    2007-07-28 18:04:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    2007-08-14 07:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
    2007-08-14 12:48:02 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
    2007-08-14 11:18:16 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-14 08:48:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-14 8:50:46 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-08-14 08:50
    C:\ComboFix2.txt ... 2007-08-14 08:16
    C:\ComboFix3.txt ... 2007-08-13 21:23

    --- E O F ---
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.5K Banking & Borrowing
  • 253.7K Reduce Debt & Boost Income
  • 454.5K Spending & Discounts
  • 245.5K Work, Benefits & Business
  • 601.5K Mortgages, Homes & Bills
  • 177.6K Life & Family
  • 259.5K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture