Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\windows\privacy_danger\images\spacer.gif Help Please


  • Please log in to reply
1 reply to this topic

#1 jes5ant

jes5ant

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 04 March 2008 - 02:08 AM

ok so i used combofix. its seems to have partially fixed the problem. The biohazard link is no longer taking overmy desktop. However my computer still keeps trying to find the file and send an error message saying it cannot find the path to said spyware. That and my background instead of the link is a plain white wall blocking my wallpaper which blocks me from right clicking. here is my combofix log

ComboFix 08-03-04.2 - Owner 2008-03-04 1:23:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.381 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\keyboard211.dat
C:\WINDOWS\keyboard221.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
D:\Autorun.inf
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-03 23:14 . 2008-03-03 23:14 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-03 23:11 . 2008-03-03 23:11 16,468 --a------ C:\Program Files\tmp140750.exe
2008-03-03 17:30 . 2007-12-06 21:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-03 17:30 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-03 17:30 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-03 17:30 . 2007-12-06 21:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-03 17:30 . 2007-12-06 21:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-03 17:30 . 2007-12-06 21:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-03 17:30 . 2007-12-06 21:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-03 17:30 . 2007-12-06 21:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-03 17:30 . 2007-12-06 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-03 17:19 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-03-03 17:10 . 2008-03-03 17:10 16,604 --a------ C:\Program Files\tmp73562.exe
2008-03-03 15:42 . 2008-03-03 15:42 16,456 --a------ C:\Program Files\tmp73750.exe
2008-03-03 02:49 . 2008-03-03 02:49 35,844 --a------ C:\Program Files\instaler.exe
2008-03-03 02:49 . 2008-03-03 02:49 16,516 --a------ C:\Program Files\tmp1294351843.exe
2008-03-03 02:49 . 2008-03-03 02:49 11,980 --a------ C:\Program Files\antiviirus.exe
2008-03-03 02:48 . 2008-03-02 23:04 335,872 --a------ C:\WINDOWS\btrklfr.dll
2008-03-03 02:48 . 2008-03-02 23:04 270,336 --a------ C:\WINDOWS\dkxrstqofr.dll
2008-03-03 02:48 . 2008-03-02 23:04 172,032 --a------ C:\WINDOWS\enlfxgw.dll
2008-03-03 02:48 . 2008-03-02 23:04 81,920 --a------ C:\WINDOWS\fqspogw.exe
2008-02-28 16:11 . 2008-02-28 16:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-28 16:11 . 2008-02-28 16:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-27 18:09 . 2008-02-27 18:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 05:09 --------- d-----w C:\Program Files\Lavasoft Ad-Aware
2008-03-04 04:10 --------- d-----w C:\Program Files\McAfee
2008-03-04 04:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\WTablet
2008-03-03 22:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-03 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-03 20:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-03-03 11:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-02-20 20:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-02-17 08:21 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-01-19 09:58 --------- d-----w C:\Program Files\Soulseek
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-02-19 11:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2007-05-24 08:15 168 --sh--r C:\WINDOWS\system32\A6C8A03C38.sys
2007-11-18 05:41 2,672 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A817505E-AB08-40AB-AD4D-643831AE697A}]
2008-03-02 23:04 270336 --a------ C:\WINDOWS\dkxrstqofr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9ACA3CE-1376-FDF7-A280-BCD7DE321F50}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F26F5668-8EA8-F9AF-F4B9-A7311AE7879C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{E4C0E700-8988-4D34-A531-CE8092750335}

[HKEY_CLASSES_ROOT\clsid\{e4c0e700-8988-4d34-a531-ce8092750335}]
[HKEY_CLASSES_ROOT\enlfxgw.1]
[HKEY_CLASSES_ROOT\TypeLib\{9F8C34C8-43C3-4C51-B632-50742BE3E269}]
[HKEY_CLASSES_ROOT\enlfxgw]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2002-10-01 02:39 548933 C:\WINDOWS\system32\nview.dll]
"Cash vga"="C:\DOCUME~1\Owner\APPLIC~1\ELSEHO~1\multi wma.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 15:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlockTracker"="c:\hp\bin\BlockTracker.exe" [ ]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 10:05 114688]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-07 00:56 61440]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 11:01 155648]
"MoneyStartUp10.0"="c:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 20:00 241714]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 22:40 143360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-10-01 02:39 372736 C:\WINDOWS\system32\nwiz.exe]
"ATIModeChange"="Ati2mdxx.exe" [2002-10-02 00:27 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-22 17:10 290816]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 23:28 81920]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-22 02:28 188416]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-11-12 15:13 190024]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 15:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 16:03 36975]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-21 13:54 684032]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-24 13:56 180269]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 05:41 49152]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 21:58 856064]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 00:30 483328]
"NWEReboot"="" []
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2006-07-24 15:28 35992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 12:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 19:51 257088]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 05:33 582992]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 00:28 36352]
"antiviirus"="C:\Program Files\antiviirus.exe" [2008-03-03 02:49 11980]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-11 00:19:41 113664]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 02:00:00 111376]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-11-17 02:00:00 51984]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-12-06 03:26:42 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-11 00:19:41 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 07:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 10:56:20 73728]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-04-24 21:02:23 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-04-24 21:02:18 106496]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-09-20 22:20:02 53248]
WinZip Quick Pick.lnk - C:\Documents and Settings\Owner\Desktop\WinZip\WZQKPICK.EXE [2005-09-07 01:58:25 106560]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RunOnceMon"= {7ec4795c-105c-4c72-9f2f-24ff807a8a6e} - C:\WINDOWS\Installer\{7ec4795c-105c-4c72-9f2f-24ff807a8a6e}\RunOnceMon.dll [2008-03-03 02:48 18678]
"zip"= {fc87f5a9-62cd-4e3c-a9a3-b2ac87b5a45e} - C:\WINDOWS\Installer\{fc87f5a9-62cd-4e3c-a9a3-b2ac87b5a45e}\zip.dll [2008-03-03 02:49 22806]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"C:\\Documents and Settings\\Owner\\My Documents\\utorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2006-12-07 18:40]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 17:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-02-14 17:19]
S3 ATICDSDr;ATICDSDr;C:\Program Files\ATI Technologies\ATI Control Panel\atiicdxx.sys [2002-08-22 17:10]
S3 msCMTSrvc;Content Monitoring Tool;C:\WINDOWS\system32\msCMTSrvc.exe []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-04 06:00:00 C:\WINDOWS\Tasks\A6FE8853918906A3.job"
- c:\docume~1\owner\applic~1\elseho~1\RdrWipeCast.exe
"2008-02-29 14:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-04 06:00:00 C:\WINDOWS\Tasks\ECB93C3F962AF653.job"
- c:\docume~1\owner\applic~1\elseho~1\RdrWipeCast.exe
"2008-02-15 06:30:43 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-03-01 06:01:33 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
"2005-09-02 23:36:21 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 01:27:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-04 1:29:10
ComboFix-quarantined-files.txt 2008-03-04 06:28:55
.
2008-03-03 22:33:34 --- E O F ---





here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:52 AM, on 04/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\antiviirus.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Documents and Settings\Owner\Desktop\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\U5Lw3bqL.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nypjjqrmerev.uk/qO4zQ7hgyToJ/TX...uOfX243zKT.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: RDL Rolex - {A817505E-AB08-40AB-AD4D-643831AE697A} - C:\WINDOWS\dkxrstqofr.dll
O2 - BHO: (no name) - {A9ACA3CE-1376-FDF7-A280-BCD7DE321F50} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F26F5668-8EA8-F9AF-F4B9-A7311AE7879C} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: enlfxgw - {E4C0E700-8988-4D34-A531-CE8092750335} - C:\WINDOWS\enlfxgw.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Cash vga] C:\DOCUME~1\Owner\APPLIC~1\ELSEHO~1\multi wma.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Owner\Desktop\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125695996515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125696685406
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O21 - SSODL: RunOnceMon - {7ec4795c-105c-4c72-9f2f-24ff807a8a6e} - C:\WINDOWS\Installer\{7ec4795c-105c-4c72-9f2f-24ff807a8a6e}\RunOnceMon.dll
O21 - SSODL: zip - {fc87f5a9-62cd-4e3c-a9a3-b2ac87b5a45e} - C:\WINDOWS\Installer\{fc87f5a9-62cd-4e3c-a9a3-b2ac87b5a45e}\zip.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 16276 bytes

BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 18 March 2008 - 01:24 PM

jes5ant

Sorry for the delay.

Could you post a fresh Hijackthis log?
Posted Image
Microsoft MVP - Windows Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users