|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
Thread Tools |
06-18-2008, 10:05 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 1
OS: Windows XP
|
Your privacy is in danger !!!
Hello,
I have read Aaflac's instruction on how to remove the "your privacy is in danger" wall paper and followed the instructions by running SDFix and ComboFix. The wall paper is gone ... but I was wondering if the experts can review the log files and confirm that the system is clean? Also, any suggestions I could give back to my parents along with the lap top from preventing this to happen in a future would be greatly appreciated SDFix: Version 1.194 Run by Administrator on Tue 06/17/2008 at 11:01 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\Jack\Desktop\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Windows ProductId To Remove Fake Virus Alert Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\pmnnOHBu.dll - Deleted C:\Documents and Settings\Jack\Desktop\Error Cleaner.url - Deleted C:\Documents and Settings\Jack\Favorites\Error Cleaner.url - Deleted C:\Documents and Settings\Jack\Desktop\Privacy Protector.url - Deleted C:\Documents and Settings\Jack\Favorites\Privacy Protector.url - Deleted C:\Documents and Settings\Jack\Desktop\Spyware&Malware Protection.url - Deleted C:\Documents and Settings\Jack\Favorites\Spyware&Malware Protection.url - Deleted C:\WINDOWS\privacy_danger\index.htm - Deleted C:\WINDOWS\privacy_danger\images\capt.gif - Deleted C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted C:\WINDOWS\privacy_danger\images\down.gif - Deleted C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted C:\WINDOWS\kvsdpfeawdo.dll - Deleted C:\WINDOWS\browser.exe - Deleted C:\WINDOWS\esdn.exe - Deleted C:\WINDOWS\pebgkxwq.exe - Deleted C:\WINDOWS\rnopbfgt.dll - Deleted C:\WINDOWS\rtsplgob.dll - Deleted C:\WINDOWS\xkefqtgs.dll - Deleted Folder C:\WINDOWS\privacy_danger - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-17 23:09:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Disabled:Windows Explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : File Backups: - C:\DOCUME~1\Jack\Desktop\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 22 Apr 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Fri 8 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 9 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1B.tmp" Finished!  ------------------------------------------------------------- ComboFix 08-06-16.5 - Jack 2008-06-17 23:14:44.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.489 [GMT -5:00] Running from: C:\Documents and Settings\Jack\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\SeekmoSA C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyCleaner C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyCleaner\PCPrivacyCleaner.lnk C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyCleaner\Uninstall PCPrivacyCleaner.lnk C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\License Agreement.lnk C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\Register.lnk C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\Uninstall.lnk C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\WinIFixer.lnk C:\Documents and Settings\Jack\Application Data\Seekmo C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.txt C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.idx C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.cdf C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.txt C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\progress.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\progress.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.res C:\Documents and Settings\Jack\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip C:\Program Files\PCPrivacyCleaner C:\Program Files\PCPrivacyCleaner\pcpc.exe C:\Program Files\WinIFixer C:\Program Files\WinIFixer\database.dat C:\Program Files\WinIFixer\license.txt C:\Program Files\WinIFixer\MFC71.dll C:\Program Files\WinIFixer\MFC71ENU.DLL C:\Program Files\WinIFixer\msvcp71.dll C:\Program Files\WinIFixer\msvcr71.dll C:\Program Files\WinIFixer\Uninstall.exe C:\Program Files\WinIFixer\WinIFixer.exe.local C:\Program Files\WinIFixer\WinIFixerSkin.dll C:\WINDOWS\BMf7b5bd12.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\drivers\fad.sys C:\WINDOWS\system32\hbkipdep.dll C:\WINDOWS\system32\lbwubhto.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\pedpikbh.ini C:\WINDOWS\system32\rfxwaplk.dll C:\WINDOWS\system32\sDNnVvut.ini C:\WINDOWS\system32\sDNnVvut.ini2 C:\WINDOWS\system32\tuvVnNDs.dll C:\WINDOWS\system32\veoocert.ini C:\WINDOWS\system32\vwenwjnh.dll . ((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))) . 2008-06-17 22:51 . 2008-06-17 22:51 <DIR> d-------- C:\WINDOWS\ERUNT 2008-06-17 22:49 . 2008-06-17 22:49 <DIR> d-------- C:\Documents and Settings\Administrator . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-18 04:21 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-06-16 01:13 --------- d-----w C:\Documents and Settings\Jack\Application Data\MSN6 . ------- Sigcheck ------- 2002-09-03 14:57 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe 2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe 2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe 2004-08-04 02:56 17408 30cebd5a194a967854344fda9a3157bc C:\WINDOWS\system32\svchost.exe 2002-09-03 15:03 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe 2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe 2004-08-04 02:56 506368 ef0ea0d1109750e0595dc3d53c1038b5 C:\WINDOWS\system32\winlogon.exe 2007-06-13 05:23 1035776 c1fdee50508a6087fea7e0eaf0bc99e0 C:\WINDOWS\explorer.exe 2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2002-09-03 14:37 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe 2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe 2002-09-03 14:55 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe 2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe 2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe 2004-08-04 02:56 110592 0974050642ad1e736791cb9332c9406c C:\WINDOWS\system32\services.exe 2002-09-03 14:42 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\$NtServicePackUninstall$\lsass.exe 2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe 2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe 2004-08-04 02:56 14848 8a36dd7d50e79fc2bf422858de0dd658 C:\WINDOWS\system32\lsass.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 14:08 4670968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-06-24 18:32 4800512] "nwiz"="nwiz.exe" [2003-06-24 18:32 323584 C:\WINDOWS\system32\nwiz.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14 53408] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40 124656] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-13 19:53 77824] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706] "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51 442455] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 03:47:22 151552] Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423] SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-09-18 20:33:16 217088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "jAGSnki"= {F4868E22-5E2C-2488-9D68-DBE4C3D949E3} - C:\WINDOWS\System32\xyqytx.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-17 23:21:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\Symantec AntiVirus\DoScan.exe . ************************************************************************** . Completion time: 2008-06-17 23:23:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-18 04:23:50 Pre-Run: 72,169,529,344 bytes free Post-Run: 72,601,038,848 bytes free 192 --- E O F --- 2008-05-16 08:01:10 |
|
     |
| Thread Tools | |
|
|
