Iv Been Hi-jacked! Aaaaah


Recommended Posts

my Internet Explorer homepage hijacked and loads of pop-ups interfering with my browsing.The home page is hijacked. I found IE Custom Tools/IE Saftey Features etc. in the windows add/remove programs list. When i try to uninstall them it asks me to restart the computer before un-installing . I ran a Norton Antivirus 2007 scan to no avail. I am running Windows xp . below is my hijack log and also my combo fix log. please help1 Thanks!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:39:24 PM, on 12/31/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Video Add-on\isfmntr.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\AOL\1168623263\ee\AOLSoftware.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Yossi\My Documents\My Received Files\hijackthis\HJTInstall.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: (no name) - {69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014} - C:\Program Files\Video Add-on\isfmdl.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

O3 - Toolbar: IE Custom Tools - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - C:\Program Files\Video Add-on\ictmdl.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168623263\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yossi\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

O15 - Trusted Zone: *.stumbleupon.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170048330937

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O22 - SharedTaskScheduler: ficklety - {e31f5c72-8e0d-4921-8375-9573746c170c} - (no file)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 13625 bytes

====================================================================

ComboFix 07-12-31.4 - Yossi 2007-12-31 21:48:28.1 - NTFSx86

Running from: C:\Documents and Settings\Yossi\My Documents\My Received Files\hijackthis\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\Helper

C:\Program Files\Helper\turbosearchsite.dll

C:\Program Files\Video Add-on

C:\Program Files\Video Add-on\icmntr.exe

C:\Program Files\Video Add-on\ictmdl.dll

C:\Program Files\Video Add-on\ictun.exe

C:\Program Files\Video Add-on\icun.exe

C:\Program Files\Video Add-on\isfmdl.dll

C:\Program Files\Video Add-on\isfmntr.exe

C:\Program Files\Video Add-on\isfun.exe

C:\Program Files\Video Add-on\ot.ico

C:\Program Files\Video Add-on\ts.ico

C:\Program Files\Video Add-on\uninst.exe

.

((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))

.

2007-12-31 21:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-12-31 16:49 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys

2007-12-31 16:49 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat

2007-12-31 16:49 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf

2007-12-11 16:35 . 2007-12-11 16:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe

2007-12-11 16:35 . 2007-12-11 16:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

2007-12-11 16:34 . 2007-12-11 16:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-12-11 16:34 . 2007-12-11 16:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-12-11 16:34 . 2007-12-11 16:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-12-11 16:32 . 2007-12-11 16:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-12-11 16:32 . 2007-12-11 16:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-01 03:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2007-12-31 23:10 --------- d-----w C:\Program Files\QuickTime

2007-12-31 22:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-12-31 22:47 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-12-31 22:47 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-12-31 22:47 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-12-31 22:47 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-12-31 22:47 --------- d-----w C:\Program Files\Symantec

2007-12-31 22:45 --------- d-----w C:\Program Files\Norton Internet Security

2007-12-31 15:29 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-31 15:29 --------- d-----w C:\Program Files\Hewlett-Packard

2007-12-31 04:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2007-12-19 04:10 --------- d-----w C:\Program Files\DivX

2007-12-19 04:09 13,312 --s-a-w C:\WINDOWS\system32\ezzhjmt.dll

2007-12-13 04:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995

2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-12-11 19:46 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2007-12-11 19:46 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2007-12-11 19:46 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-12-11 19:46 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-12-09 05:01 --------- d-----w C:\Documents and Settings\Yossi\Application Data\Move Networks

2007-12-02 19:55 --------- d-----w C:\Program Files\FriendBlasterPro

2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2007-11-13 19:27 --------- d-----w C:\Documents and Settings\Yossi\Application Data\StumbleUpon

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-06 02:32 --------- d-----w C:\Documents and Settings\Yossi\Application Data\LimeWire

2007-10-31 01:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll

2007-10-31 01:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll

2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-27 23:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-25 02:56 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll

2007-10-25 02:56 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll

2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll

2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-10 23:55 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll

2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll

2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll

2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll

2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2005-09-24 07:49 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 09:00 15360]

"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 22:05 344064]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 16:22 794713]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 12:39 94208]

"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 09:57 405504]

"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 15:26 233534]

"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 11:23 1187840]

"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 10:52 643072]

"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45 507904]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 20:22 26248]

"HostManager"="C:\Program Files\Common Files\AOL\1168623263\ee\AOLSoftware.exe" [2006-05-09 18:24 50760]

"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 10:59 124520]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-11 17:43 185896]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]

"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-01 10:48 171448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-09 21:23:56]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]

AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 05:43:54]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24]

HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 02:39:30]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-08-29 23:12:52]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]

R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 03:06]

R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2005-11-03 18:56]

S3 Ndp0xangrac;Ndp0xangrac;C:\WINDOWS\system32\drivers\bridge.sys [2004-08-10 09:00]

S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-11-03 18:43]

*Newly Created Service* - COMHOST

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2007-12-26 03:08:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-12-29 02:00:01 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Yossi.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:

"2007-12-31 18:00:00 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"

- C:\Program Files\Norton SystemWorks\OBC.exe

"2007-12-31 06:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job"

- C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-31 21:54:02

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????4????|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-31 21:54:46

C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 03:54:38

.

2007-12-30 16:45:30 --- E O F ---

Link to post
Share on other sites

ps , now after runing the combo fix (per your responce to a prev. posters issue which seemd to be the same problem as mine) the popups and weird toolbar are gone and home page is back to normal. but i am still seeing the weird programs listed in the add/remove program list.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...