• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
michadl

OnlineSecurityWorld infecetion

7 posts in this topic

Pest: ONLINESECURITYWORLD

 

I have read your DO THIS FIRST and have followed the instructions.

Thanks for your asistance.

 

Problems:

Three Shortcuts created on desktop:

- Privacy Protector (hxxttp://onlinesecurityworld.com/shandler.php?s=0)

- Error Cleaner (hxxttp://onlinesecurityworld.com/shandler.php?s=1)

- Spyware & Malware Protection (hxxttp://onlinesecurityworld.com/shandler.php?s=2)

Red Shield added in status bar.

Desktop Background was replaced with 'spacer.gif'

 

 

 

http addresses obfuscated

 

Popup Window displayed periodically and in runs of five or so, and whenever attempt to change Desktop Background (which fails)

Title: Windows Internet Explorer

Msg: Cannot find 'file:///C:/WINDOWS/privacy_danger/index.htm'. Make sure the path or Internet address is correct.

 

I searched other posts with similar symptoms, but the objects they indicated to look for were not found.

 

As per instructions i have already:

1. Run Lavasoft Adaware, it removed 38 critical entries

 

2. Run Spybot, it removed 6 entries.

 

3. Run AVG AntiSpyware 7.5

When run first time it got to a file "C:\My Work\2007_04_01_13_060.C00 and proceeded no further.

Could not cancel task and so had to shut down.

Restarted, deleted C:\My Work folder with three C00 files. AVG AntiSpy then ran through OK. (log below)

 

4. After reboot, shortcuts on desktop remain. but Background is now white (spacer.gif is gone).

Red Shield in status bar gone.

Still get the Windows Internet Explorer window about 'privacy_danger' on startup and if try to change display background.

 

5. Ran Panda Activescan. (log below)

 

6. Ran Kaspersky Online Scan. (log below)

 

7. Ran Hijackthis. No changed made. (log below)

 

Current Status:

- Popup Windows Internet Explorer window about 'privacy_danger' occurs on startup but is only seems to reoccur if try to change Desktop Background.

- Background white. Changes to Display settings have no effect.

- Red Shield gone from Status Bar

 

 

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 12:27:54 PM 3/06/2007

 

+ Scan result:

 

 

 

C:\WINDOWS\wow.dll -> Adware.Agent : Cleaned with backup (quarantined).

C:\Program Files\NewMediaCodec -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{2724E072-19D0-486d-A819-9D914191AE92} -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5} -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5} -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\VideoExtension -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2724E072-19D0-486d-A819-9D914191AE92} -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vsmart -> Adware.Generic : Cleaned with backup (quarantined).

HKU\S-1-5-21-1960640836-1121682473-4113313429-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Adware.Generic : Cleaned with backup (quarantined).

HKU\S-1-5-21-1960640836-1121682473-4113313429-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2724E072-19D0-486D-A819-9D914191AE92} -> Adware.Generic : Cleaned with backup (quarantined).

HKU\S-1-5-21-1960640836-1121682473-4113313429-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Adware.Generic : Cleaned with backup (quarantined).

HKU\S-1-5-21-1960640836-1121682473-4113313429-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5} -> Adware.Generic : Cleaned with backup (quarantined).

C:\WINDOWS\msdn.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\WINDOWS\mssmart.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\WINDOWS\privacy_danger -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\WINDOWS\privacy_danger\images -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\WINDOWS\privacy_danger\images\capt.gif -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\WINDOWS\privacy_danger\images\danger.jpg -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\WINDOWS\privacy_danger\images\down.gif -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\WINDOWS\privacy_danger\images\spacer.gif -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\WINDOWS\privacy_danger\index.htm -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\WINDOWS\tlhelp.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\WINDOWS\vsmart.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\WINDOWS\wowsupport.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\mssmart -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@navrcholu[1].txt -> TrackingCookie.Navrcholu : Cleaned.

C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.

C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

 

 

::Report end

 

 

 

PANDA ACTIVESCAN LOG

-------------------------------

Incident Status Location

 

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15-3.inf

Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch

Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NIRCMD.EXE

Virus:Trj/Agent.FAY Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\My Documents\My Chat Logs\SetupImvu_full.exe[CallStack_release.dll]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\SmitfraudFix.zip[smitfraudFix/Process.exe]

Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\SmitfraudFix.zip[smitfraudFix/restart.exe]

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\SmitfraudFix\SmitfraudFix\Process.exe

Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\SmitfraudFix\SmitfraudFix\RESTART.EXE

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@stats.drivecleaner[2].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@drivecleaner[1].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@www.drivecleaner[1].txt

Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@i.screensavers[2].txt

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\16\4e807890-4dc1179b[blackBox.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\16\4e807890-4dc1179b[VerifierBug.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\16\4e807890-4dc1179b[Dummy.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\16\4e807890-4dc1179b[beyond.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\38\458ac9a6-425fc4c0[blackBox.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\38\458ac9a6-425fc4c0[VerifierBug.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\38\458ac9a6-425fc4c0[Dummy.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\38\458ac9a6-425fc4c0[beyond.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\42\687af3ea-61db5bbc[Matrix.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\42\687af3ea-61db5bbc[Counter.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\42\687af3ea-61db5bbc[Dummy.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\42\687af3ea-61db5bbc[Parser.class]

Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\60\3bd7e57c-48e04943[GetAccess.class]

Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\60\3bd7e57c-48e04943[installer.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\60\3bd7e57c-48e04943[NewSecurityClassLoader.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\60\3bd7e57c-48e04943[NewURLClassLoader.class]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\# Installs\Security - FW, AV, malware\Combofix\ComboFix.exe[ComboFixT\nircmd.exe]

Potentially unwanted tool:Application/Processor Not disinfected C:\# Installs\Security - FW, AV, malware\EWIDO\smitRem 20051214.exe[smitRem/Process.exe]

Potentially unwanted tool:Application/Processor Not disinfected C:\# Installs\Security - FW, AV, malware\Smitfraudfix\SmitfraudFix.zip[smitfraudFix/Process.exe]

Virus:Trj/Shutdown.Z Disinfected C:\# Installs\Security - FW, AV, malware\Smitfraudfix\SmitfraudFix.zip[smitfraudFix/restart.exe]

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Sunday, June 03, 2007 2:26:13 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.93.0

Kaspersky Anti-Virus database last update: 3/06/2007

Kaspersky Anti-Virus database records: 336602

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

C:\

D:\

E:\

F:\

H:\

I:\

 

Scan Statistics:

Total number of scanned objects: 64611

Number of viruses found: 7

Number of infected objects: 20

Number of suspicious objects: 0

Duration of the scan process: 00:30:42

 

Infected Object Name / Virus Name / Last Action

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\drivers\sptd4509.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\Temp\ZLT03ae4.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT03ae7.TMP Object is locked skipped

C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_d4.dat Object is locked skipped

C:\WINDOWS\Temp\sqlite_XaVhEg8hyD2udah Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_b10.dat Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{126B34E0-E201-419D-9EE0-4E4F280F37F4}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\Internet Logs\WARDELL-A7C1087.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Temp\Perflib_Perfdata_ce4.dat Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Temp\Perflib_Perfdata_914.dat Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Temp\Perflib_Perfdata_860.dat Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Temp\Perflib_Perfdata_f50.dat Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Temp\~DFF2AF.tmp Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\History\History.IE5\MSHist012007060320070604\index.dat Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Application Data\ApplicationHistory\Acer.Empowering.Framework.Launcher.exe.7c55249b.ini.inuse Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Application Data\Acer Arcade\Log\Trace20070603.log Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4dc1179b/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4dc1179b/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4dc1179b/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4dc1179b ZIP: infected - 3 skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-425fc4c0/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-425fc4c0/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-425fc4c0/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-425fc4c0 ZIP: infected - 3 skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-61db5bbc/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-61db5bbc/Counter.class Infected: Trojan.Java.ClassLoader.h skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-61db5bbc/Parser.class Infected: Trojan.Java.ClassLoader.d skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-61db5bbc ZIP: infected - 3 skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\60\3bd7e57c-48e04943/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\60\3bd7e57c-48e04943/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\60\3bd7e57c-48e04943 ZIP: infected - 2 skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\chandir.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\inuse.txt Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\main.log Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\chandir.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\L0000005.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\storydb.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\storydb.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\chn.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\chn.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_die.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_die.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs.idx Object is locked skipped

C:\# Installs\Security - FW, AV, malware\Smitfraudfix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\# Installs\Security - FW, AV, malware\Smitfraudfix\SmitfraudFix.zip ZIP: infected - 1 skipped

 

Scan process completed.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 2:28:33 PM, on 3/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\AVG\avgamsvr.exe

C:\PROGRA~1\AVG\avgupsvc.exe

C:\PROGRA~1\AVG\avgemc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Program Files\ZoneAlarm\zlclient.exe

C:\PROGRA~1\AVG\avgcc.exe

C:\WINDOWS\system32\LVComsX.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/hp/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: services.lnk = ?

O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\KILLIAN WEINSTOCK\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by133fd.bay133.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A71D21E1-4EFD-495F-9275-943AF02C689A}: NameServer = 203.12.160.35,203.12.160.36

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgemc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

 

 

Thanks for your assistance.

Edited by nasdaq

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Go to the Windows register and erase the key that contains link below:

 

file:///C:/WINDOWS/privacy_danger/index.htm

 

After that restart the computer!!!

Share this post


Link to post
Share on other sites

Hello,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Please change the location of HijackThis.exe.

Create a new folder in your C: Drive

Name it C:\HJT or HijackThis and move the HijackThis.exe file in it.

It's best for this tool NOT TO be located in your Desktop or in a TEMP folder.

This way you can undo any changes if something goes wrong and will prevent the tool placing shortcuts on your Desktop.

 

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/hp/

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

 

Click on Fix Checked when finished and exit HijackThis.

 

Restart the computer normally to reset the registry.

 

Download this file - combofix.exe

 

and save it to your desktop (Important). Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

 

"%userprofile%\desktop\combofix.exe"

 

Boot into safe mode by tapping the F8 key just before Windows starts to load.

 

go to start --> run and copy/paste in the following:

 

"%userprofile%\desktop\combofix.exe"

 

When finished, it shall produce a log for you. Save it and post that log in your next reply.

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

In your next post, please include

  • new hijackthis log
  • combofix log

*use separate posts to ensure the logs don't get cut off!

Share this post


Link to post
Share on other sites

I am having this exact same problem as we speak. I have been running AVG Anti-Spyware and Ad-Aware repeatedly all day in an attempt to remove all traces of this pest, but the file 'privacy_danger' keeps returning to my Windows folder.

 

I have replied to this topic because it did not appear to be very old, and I am in desperate need of help, just as the user above is.

Share this post


Link to post
Share on other sites

GenericUser

 

Please read this article and follow the protocol.

http://forums.spywareinfo.com/index.php?showtopic=23382

 

Please START YOUR OWN TOPIC. DO NOT POST IN SOMEONE ELSE'S TOPIC!

 

Then submit a fresh HijackThis log. It's the only way we can give you sound advice.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0