1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Big red bio privacy screen

Discussion in 'Virus & Other Malware Removal' started by petell, Jul 16, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. petell

    petell Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    5
    How do I get rid of this big red bio hazard screen about privcy
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  3. petell

    petell Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    5
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:58:33 PM, on 7/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSVPS System - {C87D64B5-DF92-4703-90CB-B465B6982941} - C:\WINDOWS\qnxplugin.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [orzddfhqst] c:\windows\system32\orzddfhqst.exe orzddfhqst
    O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Dogfour] C:\DOCUME~1\PEDROG~1\APPLIC~1\TRAYBY~1\Media love htm.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\RACLE~1\cmd.exe" -vt yazb
    O4 - HKCU\..\Run: [Aeuih] "C:\Documents and Settings\Pedro Garcia\My Documents\??stem32\?xplorer.exe"
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: MP3 Rocket (silent).lnk = C:\Program Files\MP3 Rocket\MP3Rocket_on_startup.exe
    O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk572EKUS
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O20 - AppInit_DLLs: secuload.dll
    O21 - SSODL: msddx - {C2F0E502-6021-4BDF-A8D5-E30E0253E42D} - C:\WINDOWS\msddx.dll
    O21 - SSODL: msqnx - {1F584614-845B-4936-B3EC-685AE658C386} - C:\WINDOWS\msqnx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 10833 bytes
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

    Download this file :

    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    or
    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall

    ===============
    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This will take some time!!!!!!!!
     
  5. petell

    petell Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    5
    "Pedro Garcia" - 2007-07-17 0:25:08 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\PEDROG~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\HRU3XL77\www.broadcaster.com
    C:\DOCUME~1\PEDROG~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\PEDROG~1\FAVORI~1.\Error Cleaner.url
    C:\DOCUME~1\PEDROG~1\FAVORI~1.\Privacy Protector.url
    C:\DOCUME~1\PEDROG~1\FAVORI~1.\Spyware&Malware Protection.url
    C:\Program Files\Common Files\smbols~1
    C:\Program Files\outerinfo
    C:\WINDOWS\dat.txt
    C:\WINDOWS\msddx.dll
    C:\WINDOWS\msqnx.dll
    C:\WINDOWS\privacy_danger
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\index.htm
    C:\WINDOWS\qnxplugin.dll
    C:\WINDOWS\racle~1
    C:\WINDOWS\rs.txt
    C:\WINDOWS\system32\bszip.dll
    C:\WINDOWS\system32\cmd.com
    C:\WINDOWS\system32\crosof~1.net
    C:\WINDOWS\system32\netstat.com
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\ping.com
    C:\WINDOWS\system32\taskkill.com
    C:\WINDOWS\system32\tasklist.com
    C:\WINDOWS\system32\tracert.com


    ((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))


    2007-07-16 22:57 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-16 17:58 <DIR> d-------- C:\Program Files\Trend Micro
    2007-07-16 14:23 <DIR> d-------- C:\Program Files\Privacy Guardian
    2007-07-16 10:10 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2007-07-16 10:10 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2007-07-16 10:09 41,504 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-07-16 10:09 4,680,736 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-07-16 10:09 <DIR> d-------- C:\Program Files\Kaspersky Lab
    2007-07-16 10:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
    2007-07-16 10:08 <DIR> d-------- C:\KAV
    2007-07-16 01:46 <DIR> d-------- C:\DOCUME~1\PEDROG~1\APPLIC~1\SpywareBot
    2007-07-16 01:45 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-07-16 01:45 <DIR> d-------- C:\Program Files\SpywareBot
    2007-07-16 00:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
    2007-07-16 00:38 <DIR> d-------- C:\Program Files\twc
    2007-07-16 00:38 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
    2007-07-16 00:25 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
    2007-07-16 00:25 <DIR> d-------- C:\Program Files\Common Files\Scanner
    2007-07-15 23:49 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-07-15 23:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-07-15 23:22 <DIR> d-------- C:\Program Files\RogueRemover PRO
    2007-07-15 23:21 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2007-07-15 23:17 <DIR> d-------- C:\DOCUME~1\PEDROG~1\APPLIC~1\PC Tools
    2007-07-15 20:25 <DIR> d-------- C:\Program Files\Alwil Software
    2007-07-15 18:55 9,728 --a------ C:\WINDOWS\system32\syswin6000.exe
    2007-06-28 16:00 <DIR> d----c--- C:\WINDOWS\ie7(2)
    2007-06-28 15:29 <DIR> d-------- C:\WINDOWS\network diagnostic
    2007-06-27 08:15 4,094 --a------ C:\WINDOWS\system32\tmp.reg
    2007-06-26 11:05 <DIR> d-------- C:\DOCUME~1\PEDROG~1\APPLIC~1\DivX
    2007-06-26 00:38 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2007-06-25 23:04 <DIR> d-------- C:\Program Files\Veoh Networks
    2007-06-25 15:26 44,752 --a------ C:\WINDOWS\asbinstallclose.exe
    2007-06-25 00:17 <DIR> d--hs---- C:\WINDOWS\CSC
    2007-06-24 22:22 4,718,592 --a------ C:\DOCUME~1\PEDROG~1\ntuser.dat
    2007-06-24 18:35 <DIR> d-------- C:\My Downloads
    2007-06-24 16:25 <DIR> d-------- C:\DOCUME~1\PEDROG~1\APPLIC~1\Tenebril
    2007-06-24 16:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril
    2007-06-24 16:08 40,960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll
    2007-06-24 16:08 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
    2007-06-24 16:08 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
    2007-06-24 16:08 <DIR> d-------- C:\Program Files\SpyCatcher
    2007-06-23 17:42 <DIR> d-------- C:\Program Files\Enigma Software Group
    2007-06-22 17:59 <DIR> d-------- C:\Program Files\IObit
    2007-06-22 15:37 <DIR> d-------- C:\Program Files\Traybyteview
    2007-06-22 15:33 <DIR> d-------- C:\Program Files\BitDownload
    2007-06-22 14:10 <DIR> d-------- C:\DOCUME~1\PEDROG~1\APPLIC~1\Traybyteview
    2007-06-17 00:28 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-17 00:45:38 63,044 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2007-07-17 00:45:38 4,556 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-07-16 05:25:04 -------- d-----w C:\DOCUME~1\PEDROG~1\APPLIC~1\Yahoo!
    2007-07-16 05:24:22 -------- d-----w C:\Program Files\Google
    2007-07-16 04:35:56 -------- d-----w C:\Program Files\Yahoo!
    2007-07-16 04:22:11 2,014 ---h--r C:\WINDOWS\system32\drivers\hosts
    2007-07-12 20:54:18 -------- d-----w C:\DOCUME~1\PEDROG~1\APPLIC~1\MP3Rocket
    2007-07-10 23:41:45 -------- d-----w C:\Program Files\Lexmark X1100 Series
    2007-07-03 16:46:13 33,178 ----a-w C:\DOCUME~1\PEDROG~1\APPLIC~1\wklnhst.dat
    2007-06-26 05:39:03 -------- d-----w C:\Program Files\DivX
    2007-06-26 04:04:51 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-25 19:11:14 -------- d-----w C:\Program Files\Common Files\AOL
    2007-06-25 19:11:13 -------- d-----w C:\Program Files\McAfee.com
    2007-06-25 19:08:40 -------- d-----w C:\DOCUME~1\PEDROG~1\APPLIC~1\AOL
    2007-06-25 05:15:40 -------- d-----w C:\Program Files\MP3 Rocket
    2007-06-25 04:44:46 -------- d-----w C:\Program Files\Project64 1.6
    2007-06-11 21:30:57 -------- d-----w C:\Program Files\Registry Genius
    2007-06-11 04:56:45 -------- d-----w C:\DOCUME~1\PEDROG~1\APPLIC~1\RegistrySmart
    2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-26 04:09:49 79,552 ----a-w C:\DOCUME~1\PEDROG~1\APPLIC~1\GDIPFONTCACHEV1.DAT
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:24 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
    2007-04-23 00:15:24 116,472 -c----w C:\WINDOWS\system32\pxcpyi64.exe
    2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2006-03-28 23:52:48 104 -csh--r C:\WINDOWS\system32\9DBC4E1764.sys
    2006-03-28 23:52:49 5,852 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    2007-05-30 16:18 808472 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}]
    2005-08-22 21:57 118784 --a------ C:\Program Files\SpyCatcher\SCActiveBlock.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    2004-08-13 01:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar2.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C87D64B5-DF92-4703-90CB-B465B6982941}]
    C:\WINDOWS\qnxplugin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    2006-01-25 20:36 90112 --a------ c:\Program Files\GoogleAFE\GoogleAE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 C:\WINDOWS\stsystra.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05]
    "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-03-09 19:10]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
    "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05]
    "MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2005-11-11 18:00]
    "YBrowser"="C:\Program Files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 15:51]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 05:43]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01]
    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 17:16]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 10:51]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-29 15:53]
    "medicsp2"="C:\Program Files\twc\medicsp2\bin\sprtcmd.exe" [2007-03-07 11:53]
    "SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 19:03]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2004-08-10 12:42]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
    "Dogfour"="C:\DOCUME~1\PEDROG~1\APPLIC~1\TRAYBY~1\Media love htm.exe" []
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]
    "@"="" []
    "Uaol"="C:\WINDOWS\RACLE~1\cmd.exe" []
    "Aeuih"="C:\Documents and Settings\Pedro Garcia\My Documents\??stem32\?xplorer.exe" []
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 17:10]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-15 23:51]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoResolveSearch"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoLowDiskSpaceChecks"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= file:///C:\WINDOWS\privacy_danger\index.htm
    FriendlyName= Privacy Protection

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=secuload.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 nwprovau


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    AutoRun\command- E:\setup.exe


    Contents of the 'Scheduled Tasks' folder
    2007-07-16 08:30:00 C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job
    2007-07-16 16:48:16 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-17 00:29:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-17 0:29:41
    C:\ComboFix-quarantined-files.txt ... 2007-07-17 00:29

    --- E O F ---
     
  6. petell

    petell Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    5
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/17/2007 at 02:22 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3270
    Trace Rules Database Version: 1281

    Scan type : Complete Scan
    Total Scan Time : 01:31:24

    Memory items scanned : 444
    Memory threats detected : 0
    Registry items scanned : 6246
    Registry threats detected : 101
    File items scanned : 121012
    File threats detected : 78

    Adware.MyWebSearch
    HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\TypeLib

    Trojan.Net-MSV/VPS
    HKLM\Software\Classes\CLSID\{C87D64B5-DF92-4703-90CB-B465B6982941}
    HKCR\CLSID\{C87D64B5-DF92-4703-90CB-B465B6982941}
    HKCR\CLSID\{C87D64B5-DF92-4703-90CB-B465B6982941}
    HKCR\CLSID\{C87D64B5-DF92-4703-90CB-B465B6982941}\InprocServer32
    HKCR\CLSID\{C87D64B5-DF92-4703-90CB-B465B6982941}\InprocServer32#ThreadingModel
    HKCR\CLSID\{C87D64B5-DF92-4703-90CB-B465B6982941}\ProgID
    HKCR\CLSID\{C87D64B5-DF92-4703-90CB-B465B6982941}\Programmable
    HKCR\CLSID\{C87D64B5-DF92-4703-90CB-B465B6982941}\TypeLib
    HKCR\CLSID\{C87D64B5-DF92-4703-90CB-B465B6982941}\VersionIndependentProgID
    C:\WINDOWS\QNXPLUGIN.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C87D64B5-DF92-4703-90CB-B465B6982941}
    C:\QOOBOX\QUARANTINE\C\WINDOWS\QNXPLUGIN.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP469\A0230331.DLL

    Adware.Tracking Cookie
    C:\Documents and Settings\Pedro Garcia\Cookies\pedro [email protected][2].txt
    C:\Documents and Settings\Pedro Garcia\Cookies\pedro [email protected][2].txt
    C:\Documents and Settings\Pedro Garcia\Cookies\pedro [email protected][1].txt
    C:\Documents and Settings\Pedro Garcia\Cookies\pedro [email protected][2].txt
    C:\Documents and Settings\Pedro Garcia\Cookies\pedro [email protected][1].txt
    C:\Documents and Settings\Pedro Garcia\Cookies\pedro [email protected][1].txt
    C:\Documents and Settings\Pedro Garcia\Cookies\pedro [email protected][1].txt
    C:\Documents and Settings\Pedro Garcia\Cookies\pedro [email protected][1].txt
    C:\Documents and Settings\Pedro Garcia\Cookies\pedro [email protected][2].txt
    C:\Documents and Settings\Pedro Garcia\Cookies\pedro [email protected][2].txt
    C:\Documents and Settings\Pedro Garcia\Cookies\pedro [email protected][1].txt
    C:\Documents and Settings\Pedro Garcia\Cookies\pedro [email protected][1].txt
    C:\Documents and Settings\Pedro Garcia\Cookies\pedro [email protected][1].txt
    C:\Documents and Settings\Pedro Garcia\Cookies\pedro [email protected][2].txt
    C:\Documents and Settings\Addy\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Addy\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Addy\Local Settings\Temp\Cookies\[email protected]revolver[2].txt
    C:\Documents and Settings\Addy\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Addy\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Addy\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Addy\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Addy\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Addy\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Addy\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Addy\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\[email protected][2].txt

    Unclassified.SpywareBot (Not A Threat)
    HKU\S-1-5-21-3132376651-199611951-3318164842-1005\Software\SpywareBot
    C:\Program Files\SpywareBot\Log\2007 Jul 16 - 01_46_07 AM.log
    C:\Program Files\SpywareBot\Log
    C:\Program Files\SpywareBot

    Adware.ClickSpring/Outer Info Network
    C:\Documents and Settings\Pedro Garcia\Start Menu\Programs\Outerinfo\Terms.lnk
    C:\Documents and Settings\Pedro Garcia\Start Menu\Programs\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\Pedro Garcia\Start Menu\Programs\Outerinfo

    Malware.SpyCrush
    HKCR\TypeLib\{3A57F88E-E4E8-470C-B032-6162923681D5}
    HKCR\TypeLib\{3A57F88E-E4E8-470C-B032-6162923681D5}\1.0
    HKCR\TypeLib\{3A57F88E-E4E8-470C-B032-6162923681D5}\1.0\FLAGS
    HKCR\TypeLib\{3A57F88E-E4E8-470C-B032-6162923681D5}\1.0\HELPDIR
    HKCR\Interface\{077B1BF5-5C71-4167-ADCE-5AFD86E00FF5}
    HKCR\Interface\{077B1BF5-5C71-4167-ADCE-5AFD86E00FF5}\ProxyStubClsid
    HKCR\Interface\{077B1BF5-5C71-4167-ADCE-5AFD86E00FF5}\ProxyStubClsid32
    HKCR\Interface\{077B1BF5-5C71-4167-ADCE-5AFD86E00FF5}\TypeLib
    HKCR\Interface\{077B1BF5-5C71-4167-ADCE-5AFD86E00FF5}\TypeLib#Version
    HKCR\Interface\{2CAFAFE4-E098-458F-BCCE-0D8F873C38FC}
    HKCR\Interface\{2CAFAFE4-E098-458F-BCCE-0D8F873C38FC}\ProxyStubClsid
    HKCR\Interface\{2CAFAFE4-E098-458F-BCCE-0D8F873C38FC}\ProxyStubClsid32
    HKCR\Interface\{2CAFAFE4-E098-458F-BCCE-0D8F873C38FC}\TypeLib
    HKCR\Interface\{2CAFAFE4-E098-458F-BCCE-0D8F873C38FC}\TypeLib#Version
    HKCR\Interface\{667C305A-10F1-4591-9652-966B41BEE5A1}
    HKCR\Interface\{667C305A-10F1-4591-9652-966B41BEE5A1}\ProxyStubClsid
    HKCR\Interface\{667C305A-10F1-4591-9652-966B41BEE5A1}\ProxyStubClsid32
    HKCR\Interface\{667C305A-10F1-4591-9652-966B41BEE5A1}\TypeLib
    HKCR\Interface\{667C305A-10F1-4591-9652-966B41BEE5A1}\TypeLib#Version
    HKCR\Interface\{66EB826C-4A16-40D4-9418-F3D4E319722B}
    HKCR\Interface\{66EB826C-4A16-40D4-9418-F3D4E319722B}\ProxyStubClsid
    HKCR\Interface\{66EB826C-4A16-40D4-9418-F3D4E319722B}\ProxyStubClsid32
    HKCR\Interface\{66EB826C-4A16-40D4-9418-F3D4E319722B}\TypeLib
    HKCR\Interface\{66EB826C-4A16-40D4-9418-F3D4E319722B}\TypeLib#Version
    HKCR\Interface\{67917213-04FB-46AE-ABFB-95CFCDDAF7DF}
    HKCR\Interface\{67917213-04FB-46AE-ABFB-95CFCDDAF7DF}\ProxyStubClsid
    HKCR\Interface\{67917213-04FB-46AE-ABFB-95CFCDDAF7DF}\ProxyStubClsid32
    HKCR\Interface\{67917213-04FB-46AE-ABFB-95CFCDDAF7DF}\TypeLib
    HKCR\Interface\{67917213-04FB-46AE-ABFB-95CFCDDAF7DF}\TypeLib#Version
    HKCR\Interface\{7277172E-E708-4168-99F0-DF09FDDF0BE0}
    HKCR\Interface\{7277172E-E708-4168-99F0-DF09FDDF0BE0}\ProxyStubClsid
    HKCR\Interface\{7277172E-E708-4168-99F0-DF09FDDF0BE0}\ProxyStubClsid32
    HKCR\Interface\{7277172E-E708-4168-99F0-DF09FDDF0BE0}\TypeLib
    HKCR\Interface\{7277172E-E708-4168-99F0-DF09FDDF0BE0}\TypeLib#Version
    HKCR\Interface\{A30A1054-61A4-411E-8E6B-E7EED2917409}
    HKCR\Interface\{A30A1054-61A4-411E-8E6B-E7EED2917409}\ProxyStubClsid
    HKCR\Interface\{A30A1054-61A4-411E-8E6B-E7EED2917409}\ProxyStubClsid32
    HKCR\Interface\{A30A1054-61A4-411E-8E6B-E7EED2917409}\TypeLib
    HKCR\Interface\{A30A1054-61A4-411E-8E6B-E7EED2917409}\TypeLib#Version
    HKCR\Interface\{A9E40D6A-D26E-4413-9431-832E42C51C3C}
    HKCR\Interface\{A9E40D6A-D26E-4413-9431-832E42C51C3C}\ProxyStubClsid
    HKCR\Interface\{A9E40D6A-D26E-4413-9431-832E42C51C3C}\ProxyStubClsid32
    HKCR\Interface\{A9E40D6A-D26E-4413-9431-832E42C51C3C}\TypeLib
    HKCR\Interface\{A9E40D6A-D26E-4413-9431-832E42C51C3C}\TypeLib#Version
    HKCR\Interface\{A9E61BA4-EB7D-4699-8742-2BCFC842CD26}
    HKCR\Interface\{A9E61BA4-EB7D-4699-8742-2BCFC842CD26}\ProxyStubClsid
    HKCR\Interface\{A9E61BA4-EB7D-4699-8742-2BCFC842CD26}\ProxyStubClsid32
    HKCR\Interface\{A9E61BA4-EB7D-4699-8742-2BCFC842CD26}\TypeLib
    HKCR\Interface\{A9E61BA4-EB7D-4699-8742-2BCFC842CD26}\TypeLib#Version
    HKCR\Interface\{AA4A709C-25B9-4BA5-95AD-3185FEBD9A7F}
    HKCR\Interface\{AA4A709C-25B9-4BA5-95AD-3185FEBD9A7F}\ProxyStubClsid
    HKCR\Interface\{AA4A709C-25B9-4BA5-95AD-3185FEBD9A7F}\ProxyStubClsid32
    HKCR\Interface\{AA4A709C-25B9-4BA5-95AD-3185FEBD9A7F}\TypeLib
    HKCR\Interface\{AA4A709C-25B9-4BA5-95AD-3185FEBD9A7F}\TypeLib#Version
    HKCR\Interface\{AF64B18F-C7B6-4FCE-A4E6-4248344A196F}
    HKCR\Interface\{AF64B18F-C7B6-4FCE-A4E6-4248344A196F}\ProxyStubClsid
    HKCR\Interface\{AF64B18F-C7B6-4FCE-A4E6-4248344A196F}\ProxyStubClsid32
    HKCR\Interface\{AF64B18F-C7B6-4FCE-A4E6-4248344A196F}\TypeLib
    HKCR\Interface\{AF64B18F-C7B6-4FCE-A4E6-4248344A196F}\TypeLib#Version
    HKCR\Interface\{B3E0E19A-FA96-4BBE-B429-CA4C9D8EC0A9}
    HKCR\Interface\{B3E0E19A-FA96-4BBE-B429-CA4C9D8EC0A9}\ProxyStubClsid
    HKCR\Interface\{B3E0E19A-FA96-4BBE-B429-CA4C9D8EC0A9}\ProxyStubClsid32
    HKCR\Interface\{B3E0E19A-FA96-4BBE-B429-CA4C9D8EC0A9}\TypeLib
    HKCR\Interface\{B3E0E19A-FA96-4BBE-B429-CA4C9D8EC0A9}\TypeLib#Version
    HKCR\Interface\{B9211B3D-5FC6-4311-998E-B4138C256532}
    HKCR\Interface\{B9211B3D-5FC6-4311-998E-B4138C256532}\ProxyStubClsid
    HKCR\Interface\{B9211B3D-5FC6-4311-998E-B4138C256532}\ProxyStubClsid32
    HKCR\Interface\{B9211B3D-5FC6-4311-998E-B4138C256532}\TypeLib
    HKCR\Interface\{B9211B3D-5FC6-4311-998E-B4138C256532}\TypeLib#Version
    HKCR\Interface\{C34B689D-78D9-436B-86A1-717CC7172B67}
    HKCR\Interface\{C34B689D-78D9-436B-86A1-717CC7172B67}\ProxyStubClsid
    HKCR\Interface\{C34B689D-78D9-436B-86A1-717CC7172B67}\ProxyStubClsid32
    HKCR\Interface\{C34B689D-78D9-436B-86A1-717CC7172B67}\TypeLib
    HKCR\Interface\{C34B689D-78D9-436B-86A1-717CC7172B67}\TypeLib#Version
    HKCR\Interface\{CAAC1FBA-7BBE-4890-8156-D203FEA81D96}
    HKCR\Interface\{CAAC1FBA-7BBE-4890-8156-D203FEA81D96}\ProxyStubClsid
    HKCR\Interface\{CAAC1FBA-7BBE-4890-8156-D203FEA81D96}\ProxyStubClsid32
    HKCR\Interface\{CAAC1FBA-7BBE-4890-8156-D203FEA81D96}\TypeLib
    HKCR\Interface\{CAAC1FBA-7BBE-4890-8156-D203FEA81D96}\TypeLib#Version
    HKCR\Interface\{FEC3BC5A-60C0-414C-8FD4-5C967597C25D}
    HKCR\Interface\{FEC3BC5A-60C0-414C-8FD4-5C967597C25D}\ProxyStubClsid
    HKCR\Interface\{FEC3BC5A-60C0-414C-8FD4-5C967597C25D}\ProxyStubClsid32
    HKCR\Interface\{FEC3BC5A-60C0-414C-8FD4-5C967597C25D}\TypeLib
    HKCR\Interface\{FEC3BC5A-60C0-414C-8FD4-5C967597C25D}\TypeLib#Version
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP424\A0209430.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP430\A0210007.EXE

    Browser Hijacker.Favorites
    C:\DOCUMENTS AND SETTINGS\PEDRO GARCIA\DESKTOP\UNUSED DESKTOP SHORTCUTS\PHANDLER.PHP.URL

    Malware.Installer-Pkg/Gen
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

    Adware.ClickSpring/Yazzle
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE.VIR

    Desktop Hijacker.AboutYourPrivacy
    C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\CAPT.GIF.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\DANGER.JPG.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\DOWN.GIF.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\INDEX.HTM.VIR

    Trojan.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSCPICOM32.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0217208.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0217344.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP469\A0229264.EXE

    Trojan.Downloader-NoName
    C:\WINDOWS\SYSTEM32\SYSWIN6000.EXE
    (thanks NC) u rock!
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Need a new hijack log
     
  8. petell

    petell Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    5
    Thanks for helping get rid of my bugs. used to station at camp lejeune NC back in the 80's North Carolina has lot love from this Texan.
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    I need a new hijack log
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/596615

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice