kaimi

Hi im getting the error message file:///C:\\WINDOWS\\privacy_danger\\index.htm
and my desk is all white i cant have a backround i've read that this is a trojan or something .. and that you use hijackthis to get rid of it but you have to know what to fix, so i've scanned with hijackthis can someone tell me wich items to fix i would be really thankful!

kaimi

Here are the scan results, please help me..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:12:06, on 2008-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\windetd5.exe
C:\Program\Logitech\QuickCam\Quickcam.exe
C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRAM\MOZILL~1\FIREFOX.EXE
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program\uTorrent\utorrent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {ed8c4de1-131c-25d9-95c4-141207e3556d} - {d6553e70-2141-4c59-9d52-c1311ed4c8de} - C:\WINDOWS\system32\taqicqws.dll (file missing)
O4 - HKLM\..\Run: [WinampAgent] ----------C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [DriverMagicLogon] ----------"C:\Program\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [RegistryMechanic] ----------
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] ----------"C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] ----------C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ShareSearcher] --C:\wsusupd.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [Winupdates] windetd5.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] ----------C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MSMSGS] ----------"C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] ----------"C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program\Xfire\Xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program\Xfire\Xfire.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Xfire.lnk = C:\Program\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tuvwwwu - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Unknown owner - ----------"C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe" (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\WINDOWS\system32\pr2agqwb.exe
O23 - Service: Läsartjänsten USN Journal för mappdelning i Messenger (usnjsvc) - Unknown owner - ----------"C:\Program\MSN Messenger\usnsvc.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - ----------"C:\Program\Windows Media Player\WMPNetwk.exe" (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8159 bytes

TheBruce1

Hello and welcome to TSF

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

=========================
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<---Attached