Solved: Red Bioharzard

[lycanthrope]

Apparently, I've been hijacked, judging by the BIG UGLY biohazard symbol stuck on my wallpaper. I've found one other thread that addressed this issue but, it didn't explain what the fix is. A little help PLEASE???!!!

Here's my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:37 AM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\skeys.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,SKEYS /I
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - (no file)
O2 - BHO: MSVPS System - {4118A625-1B64-4ED1-A2E9-76DEC529D2D2} - C:\WINDOWS\qnxplugin.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143421815260
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: msddx - {FA35E349-AC06-4AD6-8722-A18A0FBC5E63} - C:\WINDOWS\msddx.dll
O21 - SSODL: msqnx - {09072CC8-2F2F-4605-9D59-0CEEEC0CAFD6} - C:\WINDOWS\msqnx.dll
O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

 

[lycanthrope]

I've been reading posts and have downloaded, and am running SUPERAntispyware now. I hope I'm on the right track?!

 

[MFDnNC]

Post a new log after SAS but it is likely it will get it all

 

[lycanthrope]

Heres the SAS log and Hijack log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/08/2007 at 05:15 PM

Application Version : 3.9.1008

Core Rules Database Version : 3266
Trace Rules Database Version: 1277

Scan type : Complete Scan
Total Scan Time : 04:21:37

Memory items scanned : 467
Memory threats detected : 0
Registry items scanned : 7594
Registry threats detected : 9
File items scanned : 150735
File threats detected : 374

Trojan.Net-MSV/VPS-G
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}
HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}
HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}
HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}\InprocServer32
HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}\InprocServer32#ThreadingModel
HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}\ProgID
HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}\Programmable
HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}\TypeLib
HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}\VersionIndependentProgID
C:\WINDOWS\QNXPLUGIN.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Chris\Cookies\[email protected][2].txt
C:\Documents and Settings\Chris\Cookies\[email protected][1].txt
C:\Documents and Settings\Chris\Cookies\[email protected][1].txt
C:\Documents and Settings\Chris\Cookies\[email protected][2].txt
C:\Documents and Settings\Chris\Cookies\[email protected][2].txt
C:\Documents and Settings\Chris\Cookies\[email protected][1].txt
C:\Documents and Settings\Chris\Cookies\[email protected][1].txt
C:\Documents and Settings\Chris\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][3].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][3].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][3].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
C:\Documents and Settings\Nicholes\Cookies\ni[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected]_Banner[1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][3].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][3].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt

Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger
C:\Documents and Settings\Chris\Desktop\Error Cleaner.url
C:\Documents and Settings\Chris\Desktop\Privacy Protector.url
C:\Documents and Settings\Chris\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Chris\Favorites\Error Cleaner.url
C:\Documents and Settings\Chris\Favorites\Privacy Protector.url
C:\Documents and Settings\Chris\Favorites\Spyware&Malware Protection.url
C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\CAPT.GIF.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\DANGER.JPG.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\DOWN.GIF.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\INDEX.HTM.VIR

Malware.VirusProtectPro
C:\DOCUMENTS AND SETTINGS\NICHOLES\LOCAL SETTINGS\TEMP\BR3652.EXE
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\VIRUSPROTECTPRO 3.3\VIRUSPROTECTPRO 3.3.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{201F9937-E82F-47CC-A6DD-3D3DA1167247}\RP354\A0212269.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{201F9937-E82F-47CC-A6DD-3D3DA1167247}\RP362\A0213416.EXE

Desktop Hijacker.AboutYourPrivacy-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{201F9937-E82F-47CC-A6DD-3D3DA1167247}\RP362\A0213418.EXE

 

[lycanthrope]

And new Hijack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31, on 2007-07-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\skeys.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,SKEYS /I
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143421815260
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: msddx - {FA35E349-AC06-4AD6-8722-A18A0FBC5E63} - C:\WINDOWS\msddx.dll
O21 - SSODL: msqnx - {09072CC8-2F2F-4605-9D59-0CEEEC0CAFD6} - C:\WINDOWS\msqnx.dll
O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 10636 bytes

 

[MFDnNC]

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
==================

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

 

[lycanthrope]

Here's the logs.

SmitFraudFix v2.202

Scan done at 18:32:12.87, 2007-07-08
Run from C:\Documents and Settings\Chris\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{98ca7898-6029-41ab-8f67-ea4f5e1afc22}"="biocomputing"

[HKEY_CLASSES_ROOT\CLSID\{98ca7898-6029-41ab-8f67-ea4f5e1afc22}\InProcServer32]
@="C:\WINDOWS\system32\myqlejy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{98ca7898-6029-41ab-8f67-ea4f5e1afc22}\InProcServer32]
@="C:\WINDOWS\system32\myqlejy.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\myqlejy.dll -> Hoax.Win32.Renos.gen.o
C:\WINDOWS\system32\myqlejy.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\msddx.dll Deleted
C:\WINDOWS\msqnx.dll Deleted
C:\WINDOWS\privacy_danger\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{43FA7E32-CC06-4879-B713-3566EC401A79}: DhcpNameServer=66.75.164.90 66.75.164.89
HKLM\SYSTEM\CS1\Services\Tcpip\..\{43FA7E32-CC06-4879-B713-3566EC401A79}: DhcpNameServer=66.75.164.90 66.75.164.89
HKLM\SYSTEM\CS3\Services\Tcpip\..\{43FA7E32-CC06-4879-B713-3566EC401A79}: DhcpNameServer=66.75.164.90 66.75.164.89
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=66.75.164.90 66.75.164.89
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=66.75.164.90 66.75.164.89
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=66.75.164.90 66.75.164.89


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

[lycanthrope]

combofix.

"Chris" - 2007-07-08 18:44:05 - ComboFix 07-07-09.3 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt


((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


2007-07-08 18:32 3,542 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-08 12:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 11:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-08 11:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-08 11:52 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\SUPERAntiSpyware.com
2007-07-08 11:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-08 11:46 <DIR> d-------- C:\VundoFix Backups
2007-07-08 10:27 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-07 21:40 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-27 14:23 <DIR> d-------- C:\DOCUME~1\Chris\Incomplete
2007-06-27 14:23 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\LimeWire
2007-06-25 18:08 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-06-25 17:56 <DIR> d-------- C:\Program Files\World of Warcraft
2007-06-24 09:04 19,805 -ra------ C:\WINDOWS\system32\drivers\usbio.sys
2007-06-24 08:59 <DIR> d-------- C:\Program Files\Datel
2007-06-18 17:43 <DIR> d-------- C:\DOCUME~1\Jennifer\Contacts
2007-06-17 15:07 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-08 08:06 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-06-08 08:06 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\SmartFTP


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-08 17:14:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-08 17:13:37 -------- d-----w C:\Program Files\UltimateBet
2007-07-08 04:19:01 -------- d-----w C:\Program Files\GameHouse
2007-07-08 02:14:37 -------- d-----w C:\Program Files\Warcraft III
2007-06-21 13:00:37 11,721 ----a-w C:\WINDOWS\mozver.dat
2007-06-17 22:57:11 -------- d-----w C:\Program Files\LimeWire
2007-06-17 22:07:41 -------- d-----w C:\Program Files\MSN Messenger
2007-05-30 02:42:00 184,320 ----a-w C:\WINDOWS\system32\ssce5332.dll
2007-05-26 20:04:35 -------- d-----w C:\Program Files\Ubisoft
2007-05-26 19:45:05 -------- d-----w C:\Program Files\Mattel Media
2007-05-19 19:07:37 -------- d-----w C:\Program Files\Coupons
2007-05-19 19:07:35 31 ---ha-w C:\WINDOWS\uccspecc.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-21 14:32:24 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 13:20:43 298,104 ----a-w C:\WINDOWS\system32\imon.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 17:39 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 16:29 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2005-11-10 14:22 184423 --a------ C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\system32\nwiz.exe]
"nForce Tray Options"="sstray.exe" [2003-09-02 18:25 C:\WINDOWS\system32\sstray.exe]
"CHotkey"="zHotkey.exe" [2003-06-03 12:01 C:\WINDOWS\zHotkey.exe]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 19:44]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-11-19 20:32]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-13 06:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe" [2005-01-24 20:58]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 10:10]
"MEDIC"="C:\Program Files\MEDIC\bin\sprtcmd.exe" [2006-12-27 19:04]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"


Contents of the 'Scheduled Tasks' folder
2007-07-05 17:38:06 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-09 01:40:21 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-08 18:52:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-08 18:53:20
C:\ComboFix-quarantined-files.txt ... 2007-07-08 18:53
C:\ComboFix2.txt ... 2007-07-08 12:53

--- E O F ---

 

[lycanthrope]

And Hijack.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:58 PM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\skeys.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143421815260
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9320 bytes

 

[MFDnNC]

Fix these with HiJackThis – mark them, close IE, click fix checked

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
================


Clean

If you feel its is fixed mark it solved via Thread Tools above

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

This clears infected restore points and sets a new, clean one.

 

[lycanthrope]

I'm getting this error in other user profiles.

Cannot find 'file:///C:WINDOWS/privacy_danger/index.htm'. Make sure the path or internet address is correct.

combofix log.

"Chris" - 2007-07-08 19:48:30 - ComboFix 07-07-09.3 - Service Pack 2


((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


2007-07-08 18:32 3,542 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-08 12:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 11:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-08 11:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-08 11:52 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\SUPERAntiSpyware.com
2007-07-08 11:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-08 11:46 <DIR> d-------- C:\VundoFix Backups
2007-07-08 10:27 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-07 21:40 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-27 14:23 <DIR> d-------- C:\DOCUME~1\Chris\Incomplete
2007-06-27 14:23 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\LimeWire
2007-06-25 18:08 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-06-25 17:56 <DIR> d-------- C:\Program Files\World of Warcraft
2007-06-24 09:04 19,805 -ra------ C:\WINDOWS\system32\drivers\usbio.sys
2007-06-24 08:59 <DIR> d-------- C:\Program Files\Datel
2007-06-18 17:43 <DIR> d-------- C:\DOCUME~1\Jennifer\Contacts
2007-06-17 15:07 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-08 08:06 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-06-08 08:06 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\SmartFTP


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-08 17:14:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-08 17:13:37 -------- d-----w C:\Program Files\UltimateBet
2007-07-08 04:19:01 -------- d-----w C:\Program Files\GameHouse
2007-07-08 02:14:37 -------- d-----w C:\Program Files\Warcraft III
2007-06-21 13:00:37 11,721 ----a-w C:\WINDOWS\mozver.dat
2007-06-17 22:57:11 -------- d-----w C:\Program Files\LimeWire
2007-06-17 22:07:41 -------- d-----w C:\Program Files\MSN Messenger
2007-05-30 02:42:00 184,320 ----a-w C:\WINDOWS\system32\ssce5332.dll
2007-05-26 20:04:35 -------- d-----w C:\Program Files\Ubisoft
2007-05-26 19:45:05 -------- d-----w C:\Program Files\Mattel Media
2007-05-19 19:07:37 -------- d-----w C:\Program Files\Coupons
2007-05-19 19:07:35 31 ---ha-w C:\WINDOWS\uccspecc.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-21 14:32:24 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 13:20:43 298,104 ----a-w C:\WINDOWS\system32\imon.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 17:39 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 16:29 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2005-11-10 14:22 184423 --a------ C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\system32\nwiz.exe]
"nForce Tray Options"="sstray.exe" [2003-09-02 18:25 C:\WINDOWS\system32\sstray.exe]
"CHotkey"="zHotkey.exe" [2003-06-03 12:01 C:\WINDOWS\zHotkey.exe]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 19:44]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-11-19 20:32]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-13 06:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe" [2005-01-24 20:58]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 10:10]
"MEDIC"="C:\Program Files\MEDIC\bin\sprtcmd.exe" [2006-12-27 19:04]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

*Newly Created Service* - GTNDIS5

Contents of the 'Scheduled Tasks' folder
2007-07-05 17:38:06 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-09 02:37:47 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-08 19:57:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-08 19:57:49
C:\ComboFix-quarantined-files.txt ... 2007-07-08 19:57
C:\ComboFix2.txt ... 2007-07-08 18:53
C:\ComboFix3.txt ... 2007-07-08 12:53

--- E O F ---

 

[lycanthrope]

I think I tracked down the solution by looking through the old posts. I found the info for going through control panel to delete the web image. Thank you VERY, VERY much for all the help! I'll DEFINITELY be donating to show my appreciation!!