Since 2 days ago I always got a pop-up message evertime I turn on my computer like:
Security Warning!
Trojan.W32.Looksky detected on your machine. This virus is distributed via the Internet through e-mail and Active-X objects. The worm has its own SMTP engine which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.
This process should be removed from your system.
and
Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vista
Security risk (0-5): 5
Recommendations: Click Yes to remove it from your PC immediately.
I've downloaded a Combo fix and SuperAntiApyware and followed all the instructions step by step but again and again I kept getting the pop-up message and it changed my desktop background too. I combo fix it for threetimes, is that OK?
Here is my last HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:28 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BillingExplorer Ver 4.43 DeskPro 4.0\billing16.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...a...&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.c...spx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{4C279D01-5B9C-4EAA-BB6C-34472C76EC10}: NameServer = 124.81.123.110,202.155.0.20
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: wmpenv - {B75C69B9-E6E2-4759-878E-37E2BB21F2A6} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {288A45DA-FA02-4110-9025-569438C10762} - C:\WINDOWS\wmpconf.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 5797 bytes
This is my last Combo Fix log:
ComboFix 07-08-09.3 - "Danny" 2007-08-11 2:45:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.159 [GMT 7:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Danny\Desktop.\Spyware&Malware Protection.url
C:\DOCUME~1\Danny\Desktop\Error Cleaner.url
C:\DOCUME~1\Danny\Desktop\Privacy Protector.url
C:\DOCUME~1\Danny\FAVORI~1.\Error Cleaner.url
C:\DOCUME~1\Danny\FAVORI~1.\Privacy Protector.url
C:\DOCUME~1\Danny\FAVORI~1.\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))
2007-08-10 22:16 15 --a------ C:\WINDOWS\system32\mslck.dat
2007-08-10 22:09 12 --a------ C:\WINDOWS\system32\Mlkf.dll
2007-08-10 22:07 153,088 --a------ C:\WINDOWS\system32\fldlckun.exe
2007-08-10 22:07 <DIR> d-------- C:\Program Files\FolderAccess
2007-08-10 22:03 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-08-10 21:47 38,400 --a------ C:\WINDOWS\system32\UUCODE32.DLL
2007-08-10 21:47 <DIR> d-------- C:\Program Files\BillingExplorer Ver 4.43 DeskPro 4.0
2007-08-10 20:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-10 20:04 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-08-10 19:33 158,752 --a------ C:\DOCUME~1\Danny\APPLIC~1\installer_en[1].exe
2007-08-10 19:29 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-10 19:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-10 19:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-10 19:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-10 19:02 <DIR> d-------- C:\DOCUME~1\Danny\APPLIC~1\SUPERAntiSpyware.com
2007-08-10 18:41 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 18:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-10 18:08 <DIR> d-------- C:\Deckard
2007-08-10 17:52 <DIR> d-------- C:\SmitfraudFix
2007-08-10 17:42 888,569 --a------ C:\SmitfraudFix.exe
2007-08-10 17:29 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-10 17:24 1,814 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-10 17:04 <DIR> d-------- C:\Program Files\Microsoft AntiSpyware
2007-08-10 16:38 610,304 --a------ C:\WINDOWS\system32\eraser.dll
2007-08-10 16:38 282,624 --a------ C:\WINDOWS\system32\erasext.dll
2007-08-10 16:38 233,472 --a------ C:\WINDOWS\system32\eraserl.exe
2007-08-10 16:38 <DIR> d-------- C:\Program Files\Eraser
2007-08-10 13:12 <DIR> d-------- C:\Program Files\Crawler
2007-08-10 11:16 <DIR> d-------- C:\DOCUME~1\Danny\APPLIC~1\TrustedAntivirus
2007-08-10 11:15 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-08-10 11:15 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-08-10 05:41 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-08-10 05:41 36,864 --a------ C:\WINDOWS\system32\LckFldService.exe
2007-08-10 04:07 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-10 03:56 221,184 --a------ C:\WINDOWS\wmpconf.dll
2007-08-10 03:56 188,416 --a------ C:\WINDOWS\wmpenv.dll
2007-08-10 02:25 77,824 --a------ C:\WINDOWS\system32\FLKill.exe
2007-08-10 02:25 256 --a------ C:\sccfg.sys
2007-08-10 02:25 <DIR> d-------- C:\Program Files\Folder Lock
2007-08-10 02:19 282,624 --a------ C:\WINDOWS\system32\wgp.exe
2007-08-10 02:19 212,992 --a------ C:\WINDOWS\system32\wodShellMenu.dll
2007-08-08 18:32 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-08 08:39 <DIR> d-------- C:\DOCUME~1\Danny\APPLIC~1\Google
2007-08-08 08:38 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-08-08 08:38 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-08 08:38 <DIR> d-------- C:\Program Files\Google
2007-08-08 08:38 <DIR> d-------- C:\Program Files\DAP
2007-08-08 08:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-08 01:22 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-08-08 01:22 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-08-08 01:22 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-08-08 01:22 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-08-08 01:22 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2007-08-08 01:22 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2007-08-08 01:22 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2007-08-08 01:22 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-08-08 01:22 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-08-08 01:22 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-08-08 01:22 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2007-08-08 01:22 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-08-07 09:01 <DIR> d-------- C:\DOCUME~1\Danny\APPLIC~1\ACD Systems
2007-08-07 09:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
2007-08-07 08:59 <DIR> d-------- C:\Program Files\ACD Systems
2007-08-06 21:23 <DIR> d---s---- C:\DOCUME~1\Danny\UserData
2007-08-06 13:50 <DIR> d-------- C:\WINDOWS\ShellNew
2007-08-06 13:50 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-08-06 13:25 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-08-06 13:25 <DIR> d-------- C:\Program Files\Winamp
2007-08-03 18:15 <DIR> d-------- C:\DOCUME~1\Danny\APPLIC~1\MSN6
2007-08-03 18:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-08-02 15:49 77,824 --a------ C:\WINDOWS\system32\ODBCTL32.dll
2007-08-02 15:49 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2007-08-02 15:49 403,216 --a------ C:\WINDOWS\system32\MsRepl35.dll
2007-08-02 15:49 37,136 --a------ C:\WINDOWS\system32\MSJInt35.dll
2007-08-02 15:49 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll
2007-08-02 15:49 251,664 --a------ C:\WINDOWS\system32\MSRD2x35.dll
2007-08-02 15:49 24,336 --a------ C:\WINDOWS\system32\MSJtEr35.dll
2007-08-02 15:49 1,039,360 --a------ C:\WINDOWS\system32\MSJet35.dll
2007-08-02 14:53 <DIR> d--hs---- C:\RECYCLER
2007-08-02 14:42 <DIR> d-------- C:\client
2007-08-02 13:18 <DIR> d-------- C:\DOCUME~1\Danny\APPLIC~1\Lavasoft
2007-08-02 13:18 <DIR> d-------- C:\Ad-Aware SE Personal
2007-08-02 12:54 83,672 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-02 12:54 73,224 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-02 12:54 <DIR> d-------- C:\WINDOWS\system32\CBA
2007-08-02 12:54 <DIR> d-------- C:\Program Files\Symantec
2007-08-02 12:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-02 12:53 <DIR> d-------- C:\Program Files\Symantec_Client_Security
2007-08-02 12:53 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-02 12:51 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-02 12:51 <DIR> d-------- C:\Program Files\Yahoo!
2007-08-02 12:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-08-02 12:50 2,775 --a------ C:\WINDOWS\mozver.dat
2007-08-01 21:01 32 --a------ C:\WINDOWS\popcinfo.dat
2007-07-30 23:49 65,536 --a------ C:\WINDOWS\system32\sonypvi3.dll
2007-07-30 23:49 64,964 --a------ C:\WINDOWS\system32\drivers\sonypvd3.sys
2007-07-30 23:49 619,390 --a------ C:\WINDOWS\system32\drivers\sonypvf3.sys
2007-07-30 23:49 423,454 --a------ C:\WINDOWS\system32\drivers\sonypvt3.sys
2007-07-30 23:49 4,464 --a------ C:\WINDOWS\system32\SonyPVC3.dll
2007-07-30 23:49 18,110 --a------ C:\WINDOWS\system32\drivers\sonypvl3.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 11:35]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-08-08 08:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 14:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
"wmpenv"= {C4B187F6-D5B1-4EEB-AD91-8CDD48F4F651} - C:\WINDOWS\wmpenv.dll [2007-08-10 00:43 188416]
"wmpconf"= {EF30A982-A319-4258-A9D9-CCCEB89FE253} - C:\WINDOWS\wmpconf.dll [2007-08-10 00:43 221184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurePCCleaner]
C:\Program Files\SecurePCCleaner\GDC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys
R2 NAVAPEL;NAVAPEL;\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
R3 NAVAP;NAVAP;\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
S3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{0917d714-454f-11dc-b1c4-001921f55535}]
AutoRun\command- My Zodiak v03A Setup.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 02:48:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-11 2:49:10
C:\ComboFix-quarantined-files.txt ... 2007-08-11 02:48
C:\ComboFix2.txt ... 2007-08-10 18:44
--- E O F ---
This is a SUPERAntiSpyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/11/2007 at 03:57 AM
Application Version : 3.9.1008
Core Rules Database Version : 3283
Trace Rules Database Version: 1294
Scan type : Complete Scan
Total Scan Time : 01:02:00
Memory items scanned : 319
Memory threats detected : 0
Registry items scanned : 5540
Registry threats detected : 28
File items scanned : 42542
File threats detected : 14
Trojan.Net-MSV/VPS-G
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\InprocServer32
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\InprocServer32#ThreadingModel
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\ProgID
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\Programmable
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\TypeLib
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\VersionIndependentProgID
C:\WINDOWS\DUOCORE.DLL
Trojan.VideoCach/Gen
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\win32
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\FLAGS
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\HELPDIR
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib#Version
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version
Trojan.Net-MSV/VPS
HKCR\MSVPS.MSVPSApp
HKCR\MSVPS.MSVPSApp\CLSID
HKCR\MSVPS.MSVPSApp\CurVer
Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger
C:\Documents and Settings\Danny\Favorites\Error Cleaner.url
C:\Documents and Settings\Danny\Favorites\Privacy Protector.url
C:\Documents and Settings\Danny\Favorites\Spyware&Malware Protection.url
C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\CAPT.GIF.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\DANGER.JPG.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\DOWN.GIF.VIR
Is there anything I should do to kill this? I hope I've given enough information about it
Thank's a million if someone could help me
Regards,
Danny Zakaria
Edited by zdanska, 11 August 2007 - 05:32 AM.