What is happening is my desktop background keeps being changed to a (Warning Your Computer is infected with Spyware!) Also I keep getting a pop-up on the toolbar saying (windows has detected spyware infection) and it links me to a Site to buy a Anti-Spyware program.
Could someone please help?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:26 AM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec
Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Mil Incorporated\Mil
Shield\ShieldService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround
Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program
Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch
pad\Easy-Link internet launch pad.exe
C:\WINDOWS\sysabmpmfr.exe
C:\WINDOWS\sysahbecjh.exe
C:\WINDOWS\sysatjsicj.exe
C:\WINDOWS\sysawechod.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Mil Incorporated\Mil
Shield\ShieldWorker.exe
C:\Program Files\Sony\Sony Picture
Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page = \blank.htm
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: (no name) -
{77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) -
{7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar -
{90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program
Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program
Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program
Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [BearShare] "C:\Program
Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton
Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program
Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.
exe" /a /m "C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEn
g.dll"
O4 - HKLM\..\Run: [eligmini] C:\Program
Files\Fisher-Price\Easy-Link internet launch
pad\Easy-Link internet launch pad.exe 0
O4 - HKLM\..\Run:
[{DD651081-A909-45ad-BD71-2335B0ADE043}]
"C:\WINDOWS\sysabmpmfr.exe"
O4 - HKLM\..\Run:
[{7DD4A7AC-A3F1-4495-884A-7947C5B89108}]
"C:\WINDOWS\sysahbecjh.exe"
O4 - HKLM\..\Run:
[{9754B85A-3B34-4969-BE1F-CD03227E9470}]
"C:\WINDOWS\sysatjsicj.exe"
O4 - HKLM\..\Run:
[{2C70168B-97CE-4f31-B85D-1FEC5002721D}]
"C:\WINDOWS\sysavxjgdu.exe"
O4 - HKLM\..\Run:
[{BAAA759D-56F0-428c-B8DA-827EA3B08C2C}]
"C:\WINDOWS\sysawechod.exe"
O4 - HKCU\..\Run: [QuickPhrase] "C:\Program
Files\TypingMaster\quickphrase\quickphrase.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic
Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [MilShieldSlave] "C:\Program Files\Mil
Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - S-1-5-18 Startup: Cyber-shot Viewer Media Check
Tool.lnk = C:\Program Files\Sony\Sony Picture
Utility\VolumeWatcher\SPUVolumeWatcher.exe (User
'SYSTEM')
O4 - .DEFAULT Startup: Cyber-shot Viewer Media Check
Tool.lnk = C:\Program Files\Sony\Sony Picture
Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default
user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk =
C:\Program Files\Sony\Sony Picture
Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live
Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel
- res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:
NameServer = 85.255.114.55 85.255.112.21
O23 - Service: Automatic LiveUpdate Scheduler - Symantec
Corporation - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service
(CLTNetCnService) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation
- C:\Program Files\Common Files\Symantec
Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd -
C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc)
- Symantec Corporation - C:\Program Files\Norton Internet
Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate
Notice Ex) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.
exe
O23 - Service: MilShieldCleaner - Unknown owner -
C:\Program Files\Mil Incorporated\Mil
Shield\ShieldService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner -
C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner -
C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spyware Doctor Auxiliary Service
(sdAuxService) - PC Tools - C:\Program Files\Spyware
Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) -
PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner -
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\AppCore\AppSvc32.exe
--