Your Privacy (Red Screen) [HJT log]

I have recently had a problem with a redscreen (YOUR PRIVACY) appearing when my computer logs on. I am running windows 2000 and multiple popups etc keep comming back. It is slowly seeping my computer's ability to function properly. Can anyone help me to delete this? Does anyone know the liability of having it? Is it a trojan or virus? Has or does it steal passwords and will a disk restore completely remove or repair this? I also just did a combofix and this is the log:

"Administrator" - 2007-07-20 21:09:47 - ComboFix 07-07-14.6 - Service Pack 4 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADMINI~1\Desktop.\Error Cleaner.url
C:\DOCUME~1\ADMINI~1\Desktop.\Privacy Protector.url
C:\DOCUME~1\ADMINI~1\Desktop.\Spyware&Malware Protection.url
C:\DOCUME~1\ADMINI~1\FAVORI~1.\Error Cleaner.url
C:\DOCUME~1\ADMINI~1\FAVORI~1.\Privacy Protector.url
C:\DOCUME~1\ADMINI~1\FAVORI~1.\Spyware&Malware Protection.url
C:\WINNT\dat.txt
C:\WINNT\rs.txt


((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))


2007-07-19 19:01 51,200 --a------ C:\WINNT\nircmd.exe
2007-07-19 11:10 82,258 --a------ C:\WINNT\SYSTEM32\DRIVERS\klin.dat
2007-07-19 11:10 82,258 --a------ C:\WINNT\SYSTEM32\DRIVERS\klick.dat
2007-07-19 11:08 74,784 --ahs---- C:\WINNT\SYSTEM32\DRIVERS\fidbox2.dat
2007-07-19 11:08 1,517,856 --ahs---- C:\WINNT\SYSTEM32\DRIVERS\fidbox.dat
2007-07-19 11:08 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-07-19 11:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-19 07:05 172,032 --a------ C:\WINNT\soundplugin.dll
2007-07-19 07:05 163,840 --a------ C:\WINNT\sounddrv.dll
2007-07-19 07:05 151,552 --a------ C:\WINNT\xvideo.dll
2007-07-18 14:19 <DIR> d-------- C:\unzipped
2007-07-18 13:12 <DIR> d-------- C:\WINNT\winsxs
2007-07-12 05:23 <DIR> d-------- C:\Program Files\MagicISO
2007-07-11 21:46 <DIR> d-------- C:\Program Files\Flash Player Pro 3.2
2007-07-11 20:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-11 20:55 <DIR> d-------- C:\Program Files\Flash Slideshow Maker Professional


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-21 00:28:04 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\BitTorrent
2007-07-20 02:59:46 7,724 --sha-w C:\WINNT\system32\drivers\fidbox2.idx
2007-07-20 02:59:46 20,444 --sha-w C:\WINNT\system32\drivers\fidbox.idx
2007-07-19 17:52:17 -------- d-----w C:\Program Files\Google
2007-07-05 23:35:51 630,200 ----a-w C:\WINNT\system32\drivers\VetEFile.sys
2007-07-05 23:35:51 108,392 ----a-w C:\WINNT\system32\drivers\VetEBoot.sys
2007-06-05 14:51:22 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-06-05 11:52:38 1,156 ----a-w C:\WINNT\mozver.dat
2007-05-20 05:37:14 206,352 ----a-w C:\WINNT\system32\klogon.dll
2007-04-25 07:52:16 147,216 ----a-w C:\WINNT\system32\SCHANNEL.DLL
2007-04-23 06:22:01 939,280 ----a-w C:\WINNT\system32\ntdsa.dll
2006-12-20 14:07:28 10,503,520 ----a-w C:\Program Files\adware.exe
2006-12-20 13:39:09 11,894,024 ----a-w C:\Program Files\spycatcher-express.exe
2006-12-09 13:36:24 457,542 ----a-w C:\Program Files\SetupDeletor.exe
2006-12-09 13:28:38 1,039,019 ----a-w C:\Program Files\purge_en.exe
2006-08-18 11:34:22 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2003-08-15 18:01:10 2,865,152 ----a-w C:\Program Files\WORD11.MSI
2003-08-15 18:00:24 473,931 ----a-w C:\Program Files\SKU01B.XML
2003-08-15 17:47:28 4,934,144 ----a-w C:\Program Files\STDP11.MSI
2003-08-15 17:45:50 473,931 ----a-w C:\Program Files\SKU0CA.XML
2003-08-15 17:31:06 4,716,032 ----a-w C:\Program Files\STD11.MSI
2003-08-15 17:29:20 473,931 ----a-w C:\Program Files\SKU012.XML
2003-08-15 17:23:08 2,285,568 ----a-w C:\Program Files\PUB11.MSI
2003-08-15 17:22:30 473,931 ----a-w C:\Program Files\SKU019.XML
2003-08-15 17:18:50 5,923,328 ----a-w C:\Program Files\PRO11.MSI
2003-08-15 17:10:20 473,931 ----a-w C:\Program Files\SKU011.XML
2003-08-15 17:04:46 2,758,144 ----a-w C:\Program Files\PPT11.MSI
2003-08-15 17:03:30 473,931 ----a-w C:\Program Files\SKU018.XML
2003-08-15 16:59:18 3,428,352 ----a-w C:\Program Files\OUTLS11.MSI
2003-08-15 16:58:28 473,931 ----a-w C:\Program Files\SKU0E0.XML
2003-08-15 16:53:08 3,431,936 ----a-w C:\Program Files\OUTL11.MSI
2003-08-15 16:51:36 473,931 ----a-w C:\Program Files\SKU01A.XML
2003-08-15 16:45:08 1,683,968 ----a-w C:\Program Files\ONOTE11.MSI
2003-08-15 16:44:16 473,931 ----a-w C:\Program Files\SKU0A1.XML
2003-08-15 16:41:06 2,316,800 ----a-w C:\Program Files\INF11.MSI
2003-08-15 16:40:12 473,931 ----a-w C:\Program Files\SKU044.XML
2003-08-15 16:36:48 3,035,648 ----a-w C:\Program Files\FP11.MSI
2003-08-15 16:28:12 487,323 ----a-w C:\Program Files\SKU017.XML
2003-08-15 16:25:24 3,042,816 ----a-w C:\Program Files\EXCEL11.MSI
2003-08-15 16:24:06 473,931 ----a-w C:\Program Files\SKU016.XML
2003-08-15 16:21:12 3,345,920 ----a-w C:\Program Files\ACC11.MSI
2003-08-15 16:15:56 473,931 ----a-w C:\Program Files\SKU015.XML
2003-08-15 15:39:06 167,963 ----a-w C:\Program Files\SKU0CA.CAB
2003-08-15 13:56:16 167,974 ----a-w C:\Program Files\SKU012.CAB
2003-08-15 13:10:04 74,352 ----a-w C:\Program Files\SKU016.CAB
2003-08-15 13:08:32 168,123 ----a-w C:\Program Files\SKU01B.CAB
2003-08-15 13:05:38 74,316 ----a-w C:\Program Files\SKU018.CAB
2003-08-15 12:45:32 2,948,275 ----a-w C:\Program Files\WV561405.CAB
2003-08-15 12:45:06 1,038,975 ----a-w C:\Program Files\W4561405.CAB
2003-08-15 12:44:58 763,821 ----a-w C:\Program Files\ZE561406.CAB
2003-08-15 12:44:38 2,642,875 ----a-w C:\Program Files\W3561405.CAB
2003-08-15 12:43:58 6,270,298 ----a-w C:\Program Files\W2561405.CAB
2003-08-15 12:42:30 6,282,476 ----a-w C:\Program Files\SKU011.CAB
2003-08-15 12:41:34 1,256,026 ----a-w C:\Program Files\QV561405.CAB
2003-08-15 12:41:28 73,909 ----a-w C:\Program Files\SKU017.CAB
2003-08-15 12:41:24 545,200 ----a-w C:\Program Files\Q4561405.CAB
2003-08-15 12:41:02 2,346,637 ----a-w C:\Program Files\Q3561405.CAB
2003-08-15 12:40:30 3,053,221 ----a-w C:\Program Files\Q2561405.CAB
2003-08-15 12:39:30 192,632 ----a-w C:\Program Files\ZA561401.CAB
2003-08-15 12:38:28 471,375 ----a-w C:\Program Files\P4561402.CAB
2003-08-15 12:35:14 17,574,505 ----a-w C:\Program Files\F2561406.CAB
2003-08-15 12:28:34 6,187,164 ----a-w C:\Program Files\SKU015.CAB
2003-08-15 12:23:48 720,116 ----a-w C:\Program Files\E4561410.CAB
2003-08-15 12:23:24 5,331,769 ----a-w C:\Program Files\E2561410.CAB
2003-08-15 12:18:22 3,032,343 ----a-w C:\Program Files\A4561405.CAB
2003-08-15 12:17:02 5,675,627 ----a-w C:\Program Files\A3561405.CAB
2003-08-15 12:16:18 1,861,080 ----a-w C:\Program Files\FV561403.CAB
2003-08-15 12:15:40 3,580,152 ----a-w C:\Program Files\A2561405.CAB
2003-08-15 12:15:38 1,816,318 ----a-w C:\Program Files\F3561403.CAB
2003-08-15 12:12:36 2,164,117 ----a-w C:\Program Files\EV561405.CAB
2003-08-15 12:11:56 2,977,781 ----a-w C:\Program Files\E3561405.CAB
2003-08-15 12:10:34 1,280,153 ----a-w C:\Program Files\F4561401.CAB
2003-08-15 12:09:02 1,952,821 ----a-w C:\Program Files\AV561403.CAB
2003-08-15 11:36:28 1,013,663 ----a-w C:\Program Files\X3561401.CAB
2003-08-15 11:36:22 9,298,714 ----a-w C:\Program Files\X2561401.CAB
2003-08-15 11:35:24 8,168 ----a-w C:\Program Files\SKU044.CAB
2003-08-15 11:26:28 47,671,800 ----a-w C:\Program Files\YS561401.CAB
2003-08-15 11:23:14 73,874 ----a-w C:\Program Files\SKU019.CAB
2003-08-15 11:23:08 2,951,706 ----a-w C:\Program Files\PW561401.CAB
2003-08-15 11:22:04 1,255,537 ----a-w C:\Program Files\PV561401.CAB
2003-08-15 11:21:40 5,671,270 ----a-w C:\Program Files\P3561401.CAB
2003-08-15 11:19:54 29,543,747 ----a-w C:\Program Files\P2561401.CAB
2003-08-15 11:16:54 17,922 ----a-w C:\Program Files\ZU561401.CAB
2003-08-15 11:16:48 310,133 ----a-w C:\Program Files\ZO561401.CAB
2003-08-15 11:16:36 83,634 ----a-w C:\Program Files\ZI561402.CAB
2003-08-15 11:16:30 147,457 ----a-w C:\Program Files\ZK561401.CAB
2003-08-15 11:16:10 2,679,261 ----a-w C:\Program Files\ZC561402.CAB
2003-08-15 11:16:02 27,929 ----a-w C:\Program Files\ZR561403.CAB
2003-08-15 11:15:48 353,051 ----a-w C:\Program Files\ZT561401.CAB
2003-08-15 11:15:38 243,555 ----a-w C:\Program Files\ZH561403.CAB
2003-08-15 11:15:30 1,539,271 ----a-w C:\Program Files\YL561402.CAB
2003-08-15 11:15:02 821,637 ----a-w C:\Program Files\YO561403.CAB
2003-08-15 11:15:00 103,723 ----a-w C:\Program Files\ZJ561401.CAB
2003-08-15 11:14:58 4,475,718 ----a-w C:\Program Files\YH561403.CAB
2003-08-15 11:14:50 63,208 ----a-w C:\Program Files\YM561403.CAB
2003-08-15 11:14:46 47,824 ----a-w C:\Program Files\ZG561401.CAB
2003-08-15 11:14:46 2,248,811 ----a-w C:\Program Files\ZF561402.CAB
2003-08-15 11:14:40 2,056,750 ----a-w C:\Program Files\TR308222.CAB
2003-08-15 11:14:22 614,643 ----a-w C:\Program Files\YC561403.CAB
2003-08-15 11:14:16 168,028 ----a-w C:\Program Files\SKU0E0.CAB


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
07-03-20 14:39 803864 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
06-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}]
C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
05-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85E659D3-E110-4CE7-9D99-416FD61A1720}]
07-07-18 09:21 172032 --a------ C:\WINNT\soundplugin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
07-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
05-02-03 18:07 124032 --a------ C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager "= "mobsync.exe" [03-06-19 12:05 C:\WINNT\SYSTEM32\mobsync.exe]
"ATIModeChange "= "Ati2mdxx.exe" [02-05-22 21:14 C:\WINNT\SYSTEM32\Ati2mdxx.exe]
"AtiPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03-01-23 21:00 ]
"eabconfg.cpl "= "C:\Program Files\Compaq\EAB\EabServr.exe" [02-04-09 11:49 ]
"hkss "= "C:\Program Files\Compaq\Hotkey Software\hkss.exe" [02-03-19 11:09 ]
"Cpqset "= "c:\compaq\cpqsetup\cpqset.exe" [02-05-09 14:13 ]
"Picasa Media Detector "= "C:\Program Files\Picasa2\PicasaMediaDetector.exe" [06-12-11 17:36 ]
"CaAvTray "= "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [06-08-18 05:00 ]
"CAVRID "= "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [06-08-18 05:00 ]
"YOP "= "C:\PROGRA~1\Yahoo!\YOP\yop.exe" [05-04-22 19:49 ]
"PicasaNet "= "C:\Program Files\Hello\Hello.exe" []
"SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe" [06-02-13 12:53 ]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06-11-27 04:48 ]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06-09-01 16:57 ]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [07-05-11 03:06 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"BitTorrent "= "C:\Program Files\BitTorrent\bittorrent.exe" [07-03-01 16:11 ]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [07-07-18 19:54 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop "=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINNT\privacy_danger\index.htm
FriendlyName= my current home page

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{48E94413-0235-48A1-B85D-49A642500729} "= "C:\WINNT\xvideo.dll" [07-07-18 09:21 ]
"{4AE32844-ED74-4AFF-85DD-09EDDCA868B8} "= "C:\WINNT\sounddrv.dll" [07-07-18 09:21 ]


Contents of the 'Scheduled Tasks' folder
2007-07-09 14:31:06 C:\WINNT\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-20 21:20:21
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-20 21:28:43
C:\ComboFix-quarantined-files.txt ... 07-07-20 21:28
C:\ComboFix2.txt ... 07-07-19 19:31
C:\ComboFix3.txt ... 07-07-19 19:18

--- E O F ---

 

I just did a highjack filelog and this is it.

Logfile of HijackThis v1.99.1
Scan saved at 19:53, on 2007-07-20
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINNT\system32\PRISMSVR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSVPS System - {85E659D3-E110-4CE7-9D99-416FD61A1720} - C:\WINNT\soundplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe "
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe "
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe "
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2719ab45b7bb02caf206/netzip/RdxIE601.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll
O21 - SSODL: xvideo - {48E94413-0235-48A1-B85D-49A642500729} - C:\WINNT\xvideo.dll
O21 - SSODL: sounddrv - {4AE32844-ED74-4AFF-85DD-09EDDCA868B8} - C:\WINNT\sounddrv.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Windows Connectione Sharing - Unknown owner - C:\WINNT\lPErs.exe (file missing)

 

Hi mypursuit
Welcome to Windowsbbs

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Right click your desktop, choose properties, under the desktop tab click the "Customize desktop " button under the Web tab remove all the pages entries from there except the "My Current Home Page" and OK your way out.

Please post the SDFix log and a New HJT log.

Thanks
Geri

 

Thanks

Your are god sent, thank you very much. Here is the log.


SDFix: Version 1.92

Run by Administrator on Sat 2007-07-21 at 13:21

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\DOCUME~1\ADMINI~1\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default IE HomePage
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\Administrator\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Administrator\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Administrator\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Administrator\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Administrator\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Administrator\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINNT\dat.txt - Deleted
C:\WINNT\rs.txt - Deleted
C:\WINNT\sounddrv.dll - Deleted
C:\WINNT\soundplugin.dll - Deleted
C:\WINNT\xvideo.dll - Deleted



Removing Temp Files...

ADS Check:

C:\WINNT
No streams found.

C:\WINNT\system32
No streams found.

C:\WINNT\system32\svchost.exe
No streams found.

C:\WINNT\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\ADMINI~1\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\WINNT\Downloaded Program Files\˜**_A_’˜\_A_’\y275443.EXE

Finished

 

Hi mypursuit

I would like to see a New HJT log, Please post one.

Also, I do not know what this is, I believe it's in a different language.

C:\WINNT\Downloaded Program Files\˜**_A_’˜\_A_’\y275443.EXE

If it's something you do not use I would delete it.

Thanks
Geri

 

Hey Sorry it had taken me so long to get back to ya.

Everything worked fine right off. Then my computer began to get progressively slower in all it's operations. I tried to delete files through the control panel that I no longer used (extra slow). A large majority of the files I wanted to backup I was able to do. I'm just around the corner from doing a disk recovery unless you can help out. I however will try the SDfix again if possible as it has given me the results I needed thus far. The file

C:\WINNT\Downloaded Program Files\˜**_A_’˜\_A_’\y275443.EXE

I could not find to delete. The computer just paged extra slow through all the files when I tried to search "y275443.EXE" in files containing parts of file names.

Thanks again for the help and I will keep a result post on the site.

 

Hi mypursuit

Download ATF Cleaner by Atribune and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin


The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Then Please download and run this, Post the log it gives you and a new HJT log Please.

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As ", in FF it's "Save Link As ") to download Silent Runners.

• Save it to the desktop.
• Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
• You will receive a prompt:
  • Do you want to skip supplementary searches?
    click NO
• If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
• You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
• Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

Also Please give me a Start Up list, Here is how...

Create a Startup List

• Open HiJackThis
• Click on the "Config..." button on the bottom right
• Click on the tab "Misc Tools "
• Check off the 2 boxes next to the Box that says "Generate StartupList log "
• Click on the button "Generate StartupList log "
• Copy and past the StartupList from the notepad into your next post

Thanks
Geri