1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Red Bioharzard

Discussion in 'Virus & Other Malware Removal' started by lycanthrope, Jul 8, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. lycanthrope

    lycanthrope Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    9
    Apparently, I've been hijacked, judging by the BIG UGLY biohazard symbol stuck on my wallpaper. I've found one other thread that addressed this issue but, it didn't explain what the fix is. A little help PLEASE???!!!

    Here's my HijackThis log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:27:37 AM, on 7/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\system32\skeys.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\sstray.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\MEDIC\bin\sprtcmd.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,SKEYS /I
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - (no file)
    O2 - BHO: MSVPS System - {4118A625-1B64-4ED1-A2E9-76DEC529D2D2} - C:\WINDOWS\qnxplugin.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
    O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143421815260
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O21 - SSODL: msddx - {FA35E349-AC06-4AD6-8722-A18A0FBC5E63} - C:\WINDOWS\msddx.dll
    O21 - SSODL: msqnx - {09072CC8-2F2F-4605-9D59-0CEEEC0CAFD6} - C:\WINDOWS\msqnx.dll
    O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
     
  2. lycanthrope

    lycanthrope Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    9
    I've been reading posts and have downloaded, and am running SUPERAntispyware now. I hope I'm on the right track?!
     
  3. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Post a new log after SAS but it is likely it will get it all
     
  4. lycanthrope

    lycanthrope Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    9
    Heres the SAS log and Hijack log.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/08/2007 at 05:15 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3266
    Trace Rules Database Version: 1277

    Scan type : Complete Scan
    Total Scan Time : 04:21:37

    Memory items scanned : 467
    Memory threats detected : 0
    Registry items scanned : 7594
    Registry threats detected : 9
    File items scanned : 150735
    File threats detected : 374

    Trojan.Net-MSV/VPS-G
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}
    HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}
    HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}
    HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}\InprocServer32
    HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}\InprocServer32#ThreadingModel
    HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}\ProgID
    HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}\Programmable
    HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}\TypeLib
    HKCR\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}\VersionIndependentProgID
    C:\WINDOWS\QNXPLUGIN.DLL

    Adware.Tracking Cookie
    C:\Documents and Settings\Chris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Chris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Chris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Chris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Chris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Chris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Chris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Chris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][3].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][1].txt
    C:\Documents and Settings\Christopher\Cookies\[email protected][2].txt
    C:\Documents and Settings\Christopher\Cookies\christop[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][3].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][3].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][3].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nicholes\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected]_Banner[1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected]box[2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][3].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][3].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][1].txt
    C:\Documents and Settings\Nikki\Cookies\[email protected][2].txt

    Desktop Hijacker.AboutYourPrivacy
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\images
    C:\WINDOWS\privacy_danger\index.htm
    C:\WINDOWS\privacy_danger
    C:\Documents and Settings\Chris\Desktop\Error Cleaner.url
    C:\Documents and Settings\Chris\Desktop\Privacy Protector.url
    C:\Documents and Settings\Chris\Desktop\Spyware&Malware Protection.url
    C:\Documents and Settings\Chris\Favorites\Error Cleaner.url
    C:\Documents and Settings\Chris\Favorites\Privacy Protector.url
    C:\Documents and Settings\Chris\Favorites\Spyware&Malware Protection.url
    C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\CAPT.GIF.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\DANGER.JPG.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\DOWN.GIF.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\INDEX.HTM.VIR

    Malware.VirusProtectPro
    C:\DOCUMENTS AND SETTINGS\NICHOLES\LOCAL SETTINGS\TEMP\BR3652.EXE
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\VIRUSPROTECTPRO 3.3\VIRUSPROTECTPRO 3.3.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{201F9937-E82F-47CC-A6DD-3D3DA1167247}\RP354\A0212269.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{201F9937-E82F-47CC-A6DD-3D3DA1167247}\RP362\A0213416.EXE

    Desktop Hijacker.AboutYourPrivacy-Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{201F9937-E82F-47CC-A6DD-3D3DA1167247}\RP362\A0213418.EXE
     
  5. lycanthrope

    lycanthrope Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    9
    And new Hijack log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:31, on 2007-07-08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\system32\skeys.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\sstray.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\MEDIC\bin\sprtcmd.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,SKEYS /I
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - (no file)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143421815260
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: msddx - {FA35E349-AC06-4AD6-8722-A18A0FBC5E63} - C:\WINDOWS\msddx.dll
    O21 - SSODL: msqnx - {09072CC8-2F2F-4605-9D59-0CEEEC0CAFD6} - C:\WINDOWS\msqnx.dll
    O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 10636 bytes
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
    ==================

    NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

    Download this file :

    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    or
    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall
     
  7. lycanthrope

    lycanthrope Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    9
    Here's the logs.

    SmitFraudFix v2.202

    Scan done at 18:32:12.87, 2007-07-08
    Run from C:\Documents and Settings\Chris\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{98ca7898-6029-41ab-8f67-ea4f5e1afc22}"="biocomputing"

    [HKEY_CLASSES_ROOT\CLSID\{98ca7898-6029-41ab-8f67-ea4f5e1afc22}\InProcServer32]
    @="C:\WINDOWS\system32\myqlejy.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{98ca7898-6029-41ab-8f67-ea4f5e1afc22}\InProcServer32]
    @="C:\WINDOWS\system32\myqlejy.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost
    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\myqlejy.dll -> Hoax.Win32.Renos.gen.o
    C:\WINDOWS\system32\myqlejy.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\msddx.dll Deleted
    C:\WINDOWS\msqnx.dll Deleted
    C:\WINDOWS\privacy_danger\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{43FA7E32-CC06-4879-B713-3566EC401A79}: DhcpNameServer=66.75.164.90 66.75.164.89
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{43FA7E32-CC06-4879-B713-3566EC401A79}: DhcpNameServer=66.75.164.90 66.75.164.89
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{43FA7E32-CC06-4879-B713-3566EC401A79}: DhcpNameServer=66.75.164.90 66.75.164.89
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=66.75.164.90 66.75.164.89
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=66.75.164.90 66.75.164.89
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=66.75.164.90 66.75.164.89


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  8. lycanthrope

    lycanthrope Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    9
    combofix.

    "Chris" - 2007-07-08 18:44:05 - ComboFix 07-07-09.3 - Service Pack 2


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\dat.txt
    C:\WINDOWS\rs.txt


    ((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


    2007-07-08 18:32 3,542 --a------ C:\WINDOWS\system32\tmp.reg
    2007-07-08 12:24 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-08 11:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-07-08 11:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-07-08 11:52 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\SUPERAntiSpyware.com
    2007-07-08 11:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-08 11:46 <DIR> d-------- C:\VundoFix Backups
    2007-07-08 10:27 <DIR> d-------- C:\Program Files\Trend Micro
    2007-07-07 21:40 <DIR> d-------- C:\Program Files\Windows Defender
    2007-06-27 14:23 <DIR> d-------- C:\DOCUME~1\Chris\Incomplete
    2007-06-27 14:23 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\LimeWire
    2007-06-25 18:08 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
    2007-06-25 17:56 <DIR> d-------- C:\Program Files\World of Warcraft
    2007-06-24 09:04 19,805 -ra------ C:\WINDOWS\system32\drivers\usbio.sys
    2007-06-24 08:59 <DIR> d-------- C:\Program Files\Datel
    2007-06-18 17:43 <DIR> d-------- C:\DOCUME~1\Jennifer\Contacts
    2007-06-17 15:07 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-06-08 08:06 <DIR> d-------- C:\Program Files\SmartFTP Client
    2007-06-08 08:06 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\SmartFTP


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-08 17:14:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-08 17:13:37 -------- d-----w C:\Program Files\UltimateBet
    2007-07-08 04:19:01 -------- d-----w C:\Program Files\GameHouse
    2007-07-08 02:14:37 -------- d-----w C:\Program Files\Warcraft III
    2007-06-21 13:00:37 11,721 ----a-w C:\WINDOWS\mozver.dat
    2007-06-17 22:57:11 -------- d-----w C:\Program Files\LimeWire
    2007-06-17 22:07:41 -------- d-----w C:\Program Files\MSN Messenger
    2007-05-30 02:42:00 184,320 ----a-w C:\WINDOWS\system32\ssce5332.dll
    2007-05-26 20:04:35 -------- d-----w C:\Program Files\Ubisoft
    2007-05-26 19:45:05 -------- d-----w C:\Program Files\Mattel Media
    2007-05-19 19:07:37 -------- d-----w C:\Program Files\Coupons
    2007-05-19 19:07:35 31 ---ha-w C:\WINDOWS\uccspecc.sys
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-21 14:32:24 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-13 13:20:43 298,104 ----a-w C:\WINDOWS\system32\imon.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2001-04-16 17:39 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    2006-10-31 16:29 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2005-11-10 14:22 184423 --a------ C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\system32\nwiz.exe]
    "nForce Tray Options"="sstray.exe" [2003-09-02 18:25 C:\WINDOWS\system32\sstray.exe]
    "CHotkey"="zHotkey.exe" [2003-06-03 12:01 C:\WINDOWS\zHotkey.exe]
    "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 19:44]
    "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-11-19 20:32]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-13 06:20]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe" [2005-01-24 20:58]
    "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 10:10]
    "MEDIC"="C:\Program Files\MEDIC\bin\sprtcmd.exe" [2006-12-27 19:04]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
    "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"


    Contents of the 'Scheduled Tasks' folder
    2007-07-05 17:38:06 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-07-09 01:40:21 C:\WINDOWS\tasks\MP Scheduled Scan.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-08 18:52:45
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-08 18:53:20
    C:\ComboFix-quarantined-files.txt ... 2007-07-08 18:53
    C:\ComboFix2.txt ... 2007-07-08 12:53

    --- E O F ---
     
  9. lycanthrope

    lycanthrope Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    9
    And Hijack.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:54:58 PM, on 7/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\system32\skeys.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    C:\WINDOWS\system32\sstray.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\MEDIC\bin\sprtcmd.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\LVComsX.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143421815260
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    --
    End of file - 9320 bytes
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these with HiJackThis – mark them, close IE, click fix checked

    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    ================


    Clean [​IMG]
    If you feel its is fixed mark it solved via Thread Tools above

    Turn off restore points, boot, turn them back on – here’s how

    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

    This clears infected restore points and sets a new, clean one.
     
  11. lycanthrope

    lycanthrope Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    9
    I'm getting this error in other user profiles.

    Cannot find 'file:///C:WINDOWS/privacy_danger/index.htm'. Make sure the path or internet address is correct.

    combofix log.

    "Chris" - 2007-07-08 19:48:30 - ComboFix 07-07-09.3 - Service Pack 2


    ((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


    2007-07-08 18:32 3,542 --a------ C:\WINDOWS\system32\tmp.reg
    2007-07-08 12:24 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-08 11:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-07-08 11:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-07-08 11:52 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\SUPERAntiSpyware.com
    2007-07-08 11:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-08 11:46 <DIR> d-------- C:\VundoFix Backups
    2007-07-08 10:27 <DIR> d-------- C:\Program Files\Trend Micro
    2007-07-07 21:40 <DIR> d-------- C:\Program Files\Windows Defender
    2007-06-27 14:23 <DIR> d-------- C:\DOCUME~1\Chris\Incomplete
    2007-06-27 14:23 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\LimeWire
    2007-06-25 18:08 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
    2007-06-25 17:56 <DIR> d-------- C:\Program Files\World of Warcraft
    2007-06-24 09:04 19,805 -ra------ C:\WINDOWS\system32\drivers\usbio.sys
    2007-06-24 08:59 <DIR> d-------- C:\Program Files\Datel
    2007-06-18 17:43 <DIR> d-------- C:\DOCUME~1\Jennifer\Contacts
    2007-06-17 15:07 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-06-08 08:06 <DIR> d-------- C:\Program Files\SmartFTP Client
    2007-06-08 08:06 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\SmartFTP


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-08 17:14:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-08 17:13:37 -------- d-----w C:\Program Files\UltimateBet
    2007-07-08 04:19:01 -------- d-----w C:\Program Files\GameHouse
    2007-07-08 02:14:37 -------- d-----w C:\Program Files\Warcraft III
    2007-06-21 13:00:37 11,721 ----a-w C:\WINDOWS\mozver.dat
    2007-06-17 22:57:11 -------- d-----w C:\Program Files\LimeWire
    2007-06-17 22:07:41 -------- d-----w C:\Program Files\MSN Messenger
    2007-05-30 02:42:00 184,320 ----a-w C:\WINDOWS\system32\ssce5332.dll
    2007-05-26 20:04:35 -------- d-----w C:\Program Files\Ubisoft
    2007-05-26 19:45:05 -------- d-----w C:\Program Files\Mattel Media
    2007-05-19 19:07:37 -------- d-----w C:\Program Files\Coupons
    2007-05-19 19:07:35 31 ---ha-w C:\WINDOWS\uccspecc.sys
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-21 14:32:24 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-13 13:20:43 298,104 ----a-w C:\WINDOWS\system32\imon.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2001-04-16 17:39 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    2006-10-31 16:29 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2005-11-10 14:22 184423 --a------ C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\system32\nwiz.exe]
    "nForce Tray Options"="sstray.exe" [2003-09-02 18:25 C:\WINDOWS\system32\sstray.exe]
    "CHotkey"="zHotkey.exe" [2003-06-03 12:01 C:\WINDOWS\zHotkey.exe]
    "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 19:44]
    "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-11-19 20:32]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-13 06:20]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe" [2005-01-24 20:58]
    "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 10:10]
    "MEDIC"="C:\Program Files\MEDIC\bin\sprtcmd.exe" [2006-12-27 19:04]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
    "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

    *Newly Created Service* - GTNDIS5

    Contents of the 'Scheduled Tasks' folder
    2007-07-05 17:38:06 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-07-09 02:37:47 C:\WINDOWS\tasks\MP Scheduled Scan.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-08 19:57:13
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-08 19:57:49
    C:\ComboFix-quarantined-files.txt ... 2007-07-08 19:57
    C:\ComboFix2.txt ... 2007-07-08 18:53
    C:\ComboFix3.txt ... 2007-07-08 12:53

    --- E O F ---
     
  12. lycanthrope

    lycanthrope Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    9
    I think I tracked down the solution by looking through the old posts. I found the info for going through control panel to delete the web image. Thank you VERY, VERY much for all the help! I'll DEFINITELY be donating to show my appreciation!! :)
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/593263

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice