|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
05-12-2008, 04:55 PM
|
#1 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 11
OS: XP
|
"WINDOWS\privacy_danger\index.htm" - Help please
Please advise instructions to clear this issue! Much appriciated!!!
-- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:54:56 PM, on 5/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: MyIdentityDefender - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\DMA\Local Settings\Application Data\CyberDefender\ssstbar.dll (file missing) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: QXK Rhythm - {BA99F228-D9E2-47D5-9A8D-A295E8E52E93} - C:\WINDOWS\fvowketqplo.dll (file missing) O2 - BHO: MyIdentityDefender - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\DMA\Local Settings\Application Data\CyberDefender\ssstbar.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: pvnsmfor - {5AC18EE0-E9B2-428D-844F-6D3EEA227215} - C:\WINDOWS\pvnsmfor.dll (file missing) O3 - Toolbar: MyIdentityDefender - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\DMA\Local Settings\Application Data\CyberDefender\ssstbar.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas9.exe" /minimize O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Belkin Wireless Utility.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Risk\Images\stg_drm.ocx O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Risk\Images\armhelper.ocx O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O21 - SSODL: mpfanvqg - {396B7BD4-D1A5-4643-9B8C-368CF9E40C4F} - C:\WINDOWS\mpfanvqg.dll (file missing) O21 - SSODL: vbksrofa - {C71A9994-515A-4154-BF0A-7A27EE6AF54C} - C:\WINDOWS\vbksrofa.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 8786 bytes |
|
     |
|
05-15-2008, 10:22 AM
|
#2 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 25,565
OS: 2000 Pro; XP Pro; XP Home
|
Re: "WINDOWS\privacy_danger\index.htm" - Help please
Hello and Welcome.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a Quote:
--------------------------------------------------------------------------------------------- Please follow our 5 Step process outlined here: IMPORTANT - Read This Before Posting For Malware Removal Help After running through all the steps, you shall have a proper set of logs. Please post them. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum. Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience. |
|
|
|
|
|
05-21-2008, 08:54 PM
|
#3 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 11
OS: XP
|
Re: "WINDOWS\privacy_danger\index.htm" - Help please
Sorry it took so long, but all 5 steps are completed.
Here are all my logs, but I tried twice and did not receive an extra.txt ---- Deckard's System Scanner v20071014.68 Run by DMA on 2008-05-21 20:46:51 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as DMA.exe) ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:46:53 PM, on 5/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe C:\Documents and Settings\DMA\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\DMA.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: pvnsmfor - {5AC18EE0-E9B2-428D-844F-6D3EEA227215} - C:\WINDOWS\pvnsmfor.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas9.exe" /minimize O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Belkin Wireless Utility.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Treasure Island\Images\stg_drm.ocx O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Risk\Images\armhelper.ocx O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 7976 bytes -- Files created between 2008-04-21 and 2008-05-21 ----------------------------- 2008-05-21 20:35:54 0 d-------- C:\WINDOWS\Prefetch 2008-05-21 20:28:06 0 d-------- C:\WINDOWS\system32\scripting 2008-05-21 20:28:06 0 d-------- C:\WINDOWS\l2schemas 2008-05-21 20:28:05 0 d-------- C:\WINDOWS\system32\en 2008-05-21 20:28:05 0 d-------- C:\WINDOWS\system32\bits 2008-05-21 20:25:55 0 d-------- C:\WINDOWS\ServicePackFiles 2008-05-21 20:23:36 0 d-------- C:\WINDOWS\network diagnostic 2008-05-21 20:20:14 0 d-------- C:\WINDOWS\EHome 2008-05-21 20:01:15 0 d-------- C:\Program Files\SpywareBlaster 2008-05-21 19:08:40 0 d-------- C:\Program Files\Panda Security 2008-05-16 21:13:32 0 d-------- C:\Documents and Settings\DMA\Application Data\Chessmaster Challenge 2008-05-16 21:12:52 0 d-------- C:\Program Files\Chessmaster Challenge 2008-05-12 16:46:13 0 d-------- C:\Program Files\Trend Micro 2008-05-12 15:30:22 0 d--h----- C:\$AVG8.VAULT$ 2008-05-12 15:27:10 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-05-12 15:27:00 0 d-------- C:\Program Files\AVG 2008-05-12 15:27:00 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-05-12 14:18:00 0 d-------- C:\Documents and Settings\DMA\Application Data\TmpRecentIcons 2008-05-12 13:00:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-12 12:45:11 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!> 2008-05-11 23  05 0 d-------- C:\Program Files\Risk2008-05-11 22 44 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia2008-05-11 22 03 0 d-------- C:\Program Files\ReflexiveArcade2008-05-11 20:37:37 0 d-------- C:\Documents and Settings\DMA\Application Data\iWin 2008-05-11 20:37:23 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-11 20:36:59 0 d-------- C:\Documents and Settings\DMA\Application Data\SpinTop 2008-04-28 16:58:34 0 d-------- C:\Program Files\American Airlines DealFinder 2008-04-27 20:39:49 0 d-------- C:\GARMIN -- Find3M Report --------------------------------------------------------------- 2008-05-21 20:28:22 0 d-------- C:\Program Files\Messenger 2008-05-21 20:28:05 0 d-------- C:\Program Files\Movie Maker 2008-05-21 20:25:42 0 d-------- C:\Program Files\Windows NT 2008-05-21 19:08:40 2780 --a------ C:\WINDOWS\mozver.dat 2008-04-26 11:00:39 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-12 20:36:22 0 d-------- C:\Program Files\Bethesda Softworks 2008-04-06 14:54:51 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-02 12:47:36 0 d-------- C:\Program Files\SystemRequirementsLab 2008-04-02 12:47:35 0 d-------- C:\Documents and Settings\DMA\Application Data\SystemRequirementsLab 2008-04-02 10:09:35 0 d-------- C:\Documents and Settings\DMA\Application Data\ICAClient 2008-04-02 10:05:39 0 d-------- C:\Program Files\Citrix 2008-03-29 19:18:13 0 d-------- C:\Program Files\Netflix 2008-03-29 19:17:49 0 dr-h----- C:\Documents and Settings\DMA\Application Data\yahoo! 2008-03-26 05:51:37 0 d-------- C:\Program Files\Wirelwss LAN Utility 2008-03-25 18:50:04 0 d-------- C:\Program Files\Sirius 2008-03-25 18:20:34 0 d-------- C:\Program Files\Carbonite 2008-03-25 17:56:16 0 d-------- C:\Program Files\World of Warcraft 2008-03-25 12:16:20 0 d-------- C:\Program Files\Realtek 2008-03-25 12:16:08 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program> 2008-03-25 11:22:28 0 d-------- C:\Program Files\VIA 2008-03-25 10:57:26 0 d-------- C:\Documents and Settings\DMA\Application Data\ATI -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [11/09/2006 04:07 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2007 09:18 AM] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 04:57 PM] "SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [06/25/2007 09:47 AM] "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [06/25/2007 09:47 AM] "SkyTel"="SkyTel.EXE" [05/17/2006 11:04 AM C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [01/31/2007 11:54 AM C:\WINDOWS\RTHDCPL.EXE] "Alcmtr"="ALCMTR.EXE" [05/04/2005 11:43 AM C:\WINDOWS\ALCMTR.EXE] "TI WLAN"="C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe" [12/09/2004 04:49 PM] "Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [02/09/2008 07:04 AM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM] "nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] "ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [] "CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe" [] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/12/2008 03:27 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="" [] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/27/2007 08:03 PM] "CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\cdas9.exe" [] C:\Documents and Settings\DMA\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Belkin Wireless Utility.lnk - C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe [2/20/2007 8 36 PM][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "disableregistrytools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -- End of Deckard's System Scanner: finished at 2008-05-21 20:48:06 ------------ ----- ANALYSIS: 2008-05-21 19:59:43 PROTECTIONS: 2 MALWARE: 26 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== AVG Anti-Virus Free 8.0 Yes Yes CyberDefender Internet Security 2008 Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.trafficmp.com/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.doubleclick.net/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Cookies\dma@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.atdmt.com/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.fastclick.net/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Cookies\dma@tribalfusion[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.mediaplex.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.com.com/] 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Cookies\dma@yadro[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[ad.yieldmanager.com/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.apmebf.com/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[server.iad.liveperson.net/hc/22878428] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[server.iad.liveperson.net/hc/60672102] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[server.iad.liveperson.net/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[server.iad.liveperson.net/hc/19452074] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Cookies\dma@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.advertising.com/] 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[statse.webtrendslive.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.ads.pointroll.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.realmedia.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Cookies\dma@questionmarket[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.questionmarket.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.questionmarket.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.zedo.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.adrevolver.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.adrevolver.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.adultfriendfinder.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.go.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Application Data\Mozilla\Firefox\Profiles\hkkr46ht.default\cookies.txt[.did-it.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Cookies\dma@atwola[2].txt 00296582 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Cookies\dma@www.drivecleaner[1].txt 00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Cookies\dma@stats.drivecleaner[2].txt 00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Cookies\dma@drivecleaner[2].txt 00530383 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\DMA\Cookies\dma@go.drivecleaner[1].txt ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== |
|
|
|
|
05-21-2008, 08:57 PM
|
#4 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 25,565
OS: 2000 Pro; XP Pro; XP Home
|
Re: "WINDOWS\privacy_danger\index.htm" - Help please
Please run Deckard's System Scanner once again, this time using these instructions:
Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK "%userprofile%\desktop\dss.exe" /configClick on "Check All" Click on "Uncheck All" On the right side, under Extra Log, check all except "Event Logs". Click Scan! When finished, it shall produce a log for you. Post that log in your next reply.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum. Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience. |
|
|
|
|
05-22-2008, 06:04 AM
|
#5 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 11
OS: XP
|
Re: "WINDOWS\privacy_danger\index.htm" - Help please
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 3.0 Architecture: X86; Language: English CPU 0: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz Percentage of Memory in Use: 26% Physical Memory (total/avail): 2047.17 MiB / 1504.44 MiB Pagefile Memory (total/avail): 3433.7 MiB / 3034.52 MiB Virtual Memory (total/avail): 2047.88 MiB / 1989.75 MiB C: is Fixed (NTFS) - 74.52 GiB total, 15.41 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST380013A - 74.53 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 74.52 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\DMA\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=DOMINIC ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\DMA LOGONSERVER=\\DOMINIC NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Ahead\Lib\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0d ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\DMA\LOCALS~1\Temp TMP=C:\DOCUME~1\DMA\LOCALS~1\Temp USERDOMAIN=DOMINIC USERNAME=DMA USERPROFILE=C:\Documents and Settings\DMA windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- DMA (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\CyberDefender\cdinstx.exe" /u "C:\Program Files\CyberDefender\earlySpam\cdinstx.log" /t "CyberDefender Early Detection Center - AntiSpam" --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\NuNInst.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} AIM 6.0 --> C:\Program Files\AIM6\uninst.exe Apple Mobile Device Support --> MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB} Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Belkin 802.11g Wireless PCI Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4BA782D-AE40-48A4-B160-652DA8D9B7C3}\Setup.exe" Carbonite --> C:\Program Files\Carbonite\Carbonite Backup\CarboniteSetup.exe /remove Chessmaster Challenge --> C:\Program Files\Chessmaster Challenge\uninstall.exe Citrix Presentation Server Client - Web Only --> MsiExec.exe /X{23E8D2D6-F7C8-4A35-816C-6C914EE0A601} DropBox --> "C:\Program Files\DropBox\Uninstall.exe" Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5} High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" iTunes --> MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} LimeWire 4.14.12 --> "C:\Program Files\LimeWire\uninstall.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MyIdentityDefender Toolbar (CyberDefender Corporation) --> C:\Documents and Settings\DMA\Local Settings\Application Data\CyberDefender\cdinstx.exe /u Nero 7 Essentials --> MsiExec.exe /X{8E72B982-D54F-486F-B35A-C24B6F171033} neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2} NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Realtek High Definition Audio Driver --> RtlUpd.exe -r -m Risk --> C:\Program Files\Risk\uninstall.exe Risk II --> "C:\Program Files\Risk II\ReflexiveArcade\unins000.exe" SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe" System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe The Witcher --> "C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Wireless LAN Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07DEC7A1-F8D2-4DBB-900B-A2F9302647BB}\setup.exe" -l0x9 World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- End of Deckard's System Scanner: finished at 2008-05-22 06:04:03 ------------ |
|
|
|
|
05-22-2008, 08:09 AM
|
#6 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 25,565
OS: 2000 Pro; XP Pro; XP Home
|
Re: "WINDOWS\privacy_danger\index.htm" - Help please
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- P2P - I see you have P2P software ( Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. References for the risk of these programs are here, here and here. I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. --------------------------------------------------------------------------------------------- Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following :
--------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum. Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience. |
|
|
|
|
05-22-2008, 04:57 PM
|
#7 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 11
OS: XP
|
Re: "WINDOWS\privacy_danger\index.htm" - Help please
SDFix: Version 1.184 Run by DMA on Thu 05/22/2008 at 04:42 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\DMA\Desktop\SDFix\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default Desktop Wallpaper Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\SYSTEM32\CTFMONB.BMP - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-22 16:47:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\DropBox\\DropBox\\DropBox.exe"="C:\\Program Files\\DropBox\\DropBox\\DropBox.exe:*:Enabled:DropBox" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad" "C:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe:*:Enabled:_aunchPad" "C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\DealBook 360\\DealBookFX.exe"="C:\\Program Files\\DealBook 360\\DealBookFX.exe:*:Enabled:DealBookFX" "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "D:\\Installation\\Setupx.exe"="D:\\Installation\\Setupx.exe:*:Enabled:Nero ProductSetup" "C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas9.exe"="C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas9.exe:*:Disabled:CyberDefender Trial component" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\DOCUME~1\DMA\Desktop\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes : Sat 29 Mar 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 30 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Finished! --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:55:13 PM, on 5/22/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime |
