[programm]

I have Kaspersky Antivirus but it couldn't detect the trojan with the the title up there. I will start with the sympthoms:

• a red screen with a crap reddish logo with circles with 'privacy danger' covering the desktop, can be moved to the corner of the desktop so as your desktop to be revealed, then by deleting the created by the trojan folder c:\Windows\privacy_danger\ the crap disappears but after some time it reappears with the screen and has to be deleted again and again.
• System Alert: a Windows message about an impact viruses may have on your pc
• red triangle windows message in the taskbar
• a warning message with red (X) sign: Windows has detected an Internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scab bow to protect your PC from Internet atatcks, hijacking attempts and spyware! Click here to download spyware reniver for total protection. [OK]
• A message: Trojan.W32.Looksky detected on your machine. The virus is distributed via the Internet throgh e-mails and Active X objects. The worm has its own SMTP engine which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this wormcan allow attackers to access your computer stealing passwords and personal data.
This process should be removed from your system.

Type: Virus
Systems Affected: Windows 2000, NT, ME, XP, Vista
Security Risk (0-5): 5
Click 'Yes' to remove it from your PC immediately

• the home page of IE changed to http://ucleaner.com/main.php?wmid=60...0&mid=MjI6Ojg5 or drivecleaner

• icons with privacy protection, antispyware appear in the desktop

Note: The so called 'ultimate cleaner' as well as 'drive cleaner', also the WinAntiVirus Pro appearing as pop ups from the warning messages are nothing but crap. Not only they do nothing but keep on asking for registration. There is no ordinary program that forces you to use the program and to buy it or register, as the popus up, the unchangeable home page and the appearing icons on the desktop are that. Not to say that such forcing to use programs should rather make you not use them, so that the creators rethink their approach to attracting customers. Do not use these programs, they may harm your PC, not help. They are a junk, you can burn them, throw them, bury them, erase them from the world. Programs like SAS even detect malware exactly with source - the mentioned programs.

This is not just an info thread, I need help. I found this forum looking for the trojan and thx to this forum I found the first program to detect the trojans - SUPERAntispyware (SAS). Before that I tried all the three mentioned up, also paretologic anti-spyware which could detect some but never found anything entitled 'Trojan' while SAS did it. There were some malware files (20), entitled 'Trojan' and after removing them with SAS and rebooting, I thought everything was ok - in the 1st minute no sign of it. However, my homepage still was something else, if I want to change it, then it changes back to the mentioned up hompage url and SAS asks me if I shoud allow or block the change of my attempt to add my homepage with the automatically set crap of this crap ultimate cleaner. Then the same sympthons appeared, the same messages, SAS cleaned something finally, but obviously not the main parasite. Should I expect the name of this trojan w32 found because SAS cannot find it, it found some others, I cleaned them but this still remains. I have had problems with prolly other types in the past and the best sign for a removal of the trojan is seeing the homepage stays as I set it each time I start IE. Pls help with earisng this trojan, its creator must burn in flames among with his creation.

[programm]

Here is the log, too long to be in one post:

Logfile of HijackThis v1.99.1
Scan saved at 21:28:21, on 18.7.2007 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Datecs\FlexType 2K\FType2K.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mister X\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {C87D64B5-DF92-4703-90CB-B465B6982941} - C:\WINDOWS\qnxplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: FlexType 2K.lnk = C:\Datecs\FlexType 2K\FType2K.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: msddx - {514D5CEE-3903-40D1-9DBA-C37C06A5D785} - C:\WINDOWS\msddx.dll
O21 - SSODL: msqnx - {82A31E68-827C-4FC0-B483-AFFB45CF1BC0} - C:\WINDOWS\msqnx.dll
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[cybertech]

Hi, Welcome to TSG!!


Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall