Windows Live Messenger Virus - Free Antivirus Forum

Windows Live Messenger Virus

BullGuard Antivirus Forum > Virus > Virus Questions > Windows Live Messenger Virus

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

mryuck
New Member

Date Joined Jun 2008
Total Posts : 10

Posted 7-8-2008 5:06 (GMT +2)

Hello, I am new to this forum.

Here is my first of many problems.

My windows live messenger sends out random links to my friends. I believe I acquired this when I clicked on the same type of link from one of my friends. it has to do with something like "Imageshack/name"
I read through this post http://www.bullguard.com/forum/10/Is-This-U-Windows-Live-Messeng_39866.html I tried everything in it. I found no errors. I need something done, cause I feel like a social outcast, since all my friends have me blocked now on MSN.

I also ran Kasperky. I have logs from Hijackthis. let me know if you want them

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13131

Posted 7-8-2008 5:40 (GMT +2)

Hello

It´s an old topic you´ve found there ;-)

Please download Combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

And save to the desktop.

Close all other browser windows.

Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".

Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Post the contents of that log in your next reply with a new hijackthis log.

Please copy and paste your log files. DO NOT add it as an attachment

NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

mryuck
New Member

Date Joined Jun 2008
Total Posts : 10

Posted 7-8-2008 6:31 (GMT +2)

ComboFix 08-07-07.3 - TJ 2008-07-08 12:27:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.650 [GMT -4:00]
Running from: C:\Documents and Settings\TJ\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

2008-07-08 10:47 . 2008-07-08 10:47 <DIR> d-------- C:\Program Files\CCleaner
2008-07-08 10:28 . 2008-07-08 10:28 <DIR> d-------- C:\Documents and Settings\TJ\DoctorWeb
2008-07-08 10:06 . 2008-07-08 10:06 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-08 09:55 . 2008-07-08 09:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-08 09:55 . 2008-07-08 09:55 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\SUPERAntiSpyware.com
2008-07-08 09:55 . 2008-07-08 09:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-08 09:54 . 2008-07-08 09:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 22:39 . 2008-07-07 22:45 <DIR> d-------- C:\Program Files\Windows Live
2008-07-06 15:27 . 2004-08-04 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-06 12:45 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-06 12:45 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-05 17:17 . 2008-07-05 17:17 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-07-05 17:13 . 2008-07-05 17:13 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\Viewpoint
2008-07-05 15:12 . 2008-07-05 15:12 <DIR> d-------- C:\Program Files\Power Tab Software
2008-07-03 16:20 . 2008-07-03 16:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-03 16:20 . 2008-07-03 16:20 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-03 16:20 . 2008-07-08 10:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-03 16:06 . 2008-07-03 16:30 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-03 16:06 . 2008-07-03 16:30 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-03 16:05 . 2008-07-08 12:29 2,119,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-03 16:05 . 2008-07-08 12:29 52,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-03 16:05 . 2008-07-08 09:59 32,492 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-03 16:05 . 2008-07-08 09:59 6,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-03 16:03 . 2008-07-03 16:05 <DIR> d-------- C:\kav
2008-07-02 10:09 . 2008-07-02 10:10 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\DivX
2008-07-02 10:05 . 2008-07-02 10:05 <DIR> d-------- C:\Program Files\DivX
2008-07-02 10:05 . 2008-06-10 20:07 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-07-02 10:05 . 2008-06-10 20:07 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-06-30 11:52 . 2008-06-30 11:52 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\acccore
2008-06-30 11:24 . 2008-06-30 11:24 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-29 14:06 . 2008-06-30 22:06 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-06-29 12:32 . 2008-06-29 12:32 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-06-29 12:25 . 2008-06-29 12:26 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-29 12:22 . 2008-06-29 12:22 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\DAEMON Tools
2008-06-29 12:22 . 2008-06-29 12:22 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-28 19:50 . 2007-09-18 23:41 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-06-28 19:47 . 2007-09-18 23:41 514,337,164 --a------ C:\WINDOWS\data4.pck
2008-06-28 19:46 . 2007-09-18 22:55 629,164,503 --a------ C:\WINDOWS\data3.pck
2008-06-28 19:45 . 2007-09-18 17:10 629,175,968 --a------ C:\WINDOWS\data2.pck
2008-06-28 19:44 . 2007-09-19 10:14 <DIR> d-------- C:\WINDOWS\background
2008-06-28 19:44 . 2007-09-18 12:03 629,147,117 --a------ C:\WINDOWS\data1.pck
2008-06-28 19:44 . 2007-09-18 09:58 1,080,216 --a------ C:\WINDOWS\check.md
2008-06-28 19:44 . 2007-09-18 23:41 372,736 --a------ C:\WINDOWS\ijl15.dll
2008-06-28 19:44 . 2007-09-18 23:41 258,352 --a------ C:\WINDOWS\unicows.dll
2008-06-28 19:44 . 2007-09-18 23:41 28,672 --a------ C:\WINDOWS\JPGI.dll
2008-06-28 19:44 . 2007-09-18 23:41 4,968 --a------ C:\WINDOWS\install.ini
2008-06-27 13:22 . 2008-06-27 13:23 <DIR> d-------- C:\Program Files\Microsoft Expression
2008-06-27 13:15 . 2008-06-27 13:15 162 --a------ C:\WINDOWS\ODBC.INI
2008-06-27 13:11 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-27 13:09 . 2008-06-27 13:09 <DIR> d-------- C:\Program Files\MSBuild
2008-06-27 13:09 . 2008-06-27 13:09 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-27 13:07 . 2008-06-27 13:07 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-27 13:05 . 2008-06-27 13:05 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-27 13:04 . 2008-06-27 13:19 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-27 13:03 . 2008-07-06 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-27 13:02 . 2008-06-27 13:02 <DIR> dr-h----- C:\MSOCache
2008-06-26 14:13 . 2008-06-26 14:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-25 00:12 . 2008-06-25 00:12 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\SecondLife
2008-06-24 11:32 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-24 11:32 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-24 11:32 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-23 23:11 . 2008-06-23 23:11 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-23 23:11 . 2008-06-24 19:22 <DIR> d-------- C:\Documents and Settings\TJ\Contacts
2008-06-23 23:07 . 2008-06-23 23:10 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-23 23:07 . 2008-07-08 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-23 06:13 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-23 06:13 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-23 06:00 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-23 05:58 . 2008-06-27 09:18 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\LimeWire
2008-06-23 05:57 . 2008-06-23 05:57 <DIR> d-------- C:\Program Files\Java
2008-06-23 05:57 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-23 05:56 . 2008-06-23 05:56 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-23 05:54 . 2008-06-23 05:57 <DIR> d-------- C:\Program Files\LimeWire
2008-06-22 18:27 . 2008-07-06 15:42 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-21 12:26 . 2008-06-21 12:26 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-06-21 12:26 . 2008-06-21 12:26 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-21 12:07 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2008-06-21 12:06 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-21 12:06 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-06-21 12:06 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-06-21 12:06 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-06-21 12:06 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-06-21 12:06 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-06-21 12:06 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-06-21 12:06 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-21 12:06 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-21 11:49 . 2008-06-21 12:05 <DIR> d-------- C:\Program Files\HP
2008-06-21 11:48 . 2008-06-21 12:27 110,415 --a------ C:\WINDOWS\hpoins11.dat
2008-06-21 11:48 . 2006-04-12 20:04 49,664 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-06-21 11:48 . 2006-04-12 20:04 21,568 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-06-21 11:48 . 2006-04-12 20:04 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-06-21 11:47 . 2006-04-12 20:02 827,392 --a------ C:\WINDOWS\system32\hpotiop2.dll
2008-06-21 11:47 . 2006-04-12 20:02 659,456 --a------ C:\WINDOWS\system32\hpowiax2.dll
2008-06-21 11:47 . 2006-04-12 20:04 282,624 --a------ C:\WINDOWS\system32\HPZc3212.dll
2008-06-21 11:47 . 2006-04-12 20:02 254,026 --a------ C:\WINDOWS\system32\hpovst09.dll
2008-06-21 11:47 . 2005-07-18 21:38 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-06-21 11:47 . 2006-01-04 04:12 77,824 --a------ C:\WINDOWS\system32\HPZIDS01.dll
2008-06-21 11:46 . 2006-05-05 23:10 6,947 --a------ C:\WINDOWS\hpomdl11.dat
2008-06-21 09:24 . 2008-06-21 09:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-21 09:24 . 2008-07-08 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-21 09:23 . 2008-06-21 09:23 <DIR> d-------- C:\Program Files\Winamp Remote
2008-06-21 09:23 . 2008-06-21 09:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-06-21 09:21 . 2008-06-21 09:24 <DIR> d-------- C:\Program Files\Winamp
2008-06-21 09:21 . 2008-06-21 09:27 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\Winamp
2008-06-21 09:20 . 2008-06-21 09:20 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std
2008-06-21 09:18 . 2008-06-21 09:18 <DIR> d-------- C:\WINDOWS\system32\quicktime
2008-06-21 09:18 . 2008-06-21 09:18 <DIR> d-------- C:\Program Files\IObit
2008-06-21 09:18 . 2008-06-21 09:27 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-21 09:18 . 2008-06-21 09:18 <DIR> d-------- C:\Program Files\AVI Codec Pack
2008-06-21 09:18 . 2008-07-06 15:08 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\BitTorrent
2008-06-21 09:17 . 2008-06-21 09:17 <DIR> d-------- C:\Program Files\Viewpoint
2008-06-21 09:17 . 2008-06-21 09:17 <DIR> d-------- C:\Program Files\AIM Search
2008-06-21 09:17 . 2008-06-30 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-21 09:17 . 2008-06-21 09:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-06-21 09:16 . 2008-06-21 09:16 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-06-21 09:16 . 2008-06-30 11:51 <DIR> d-------- C:\Program Files\AIM6
2008-06-21 09:16 . 2008-06-30 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-21 09:16 . 2008-06-21 09:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-06-21 09:16 . 2008-06-30 11:51 834 --ah----- C:\IPH.PH
2008-06-20 21:24 . 2008-06-20 21:43 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\Ventrilo
2008-06-20 15:14 . 2008-06-20 15:14 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\ATI
2008-06-20 15:14 . 2008-06-20 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-20 15:14 . 2008-06-20 15:14 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-20 15:13 . 2008-06-20 15:13 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-20 15:09 . 2008-06-20 15:09 <DIR> d-------- C:\Program Files\ANWIDA Soft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 20:30 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-29 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 18:51 --------- d-----w C:\Program Files\ATI Technologies
2008-06-20 18:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-20 18:41 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-11 00:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-03 01:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-30 18:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 18:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 18:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 18:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 18:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 18:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 18:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 08:00 158208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^TJ^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\TJ\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-06-19 13:51 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-09-07 19:01 43008 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 05:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 14:49 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\kav\\kis\\setup.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - WLSETUPSVC
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 12:29:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-08 12:30:25
ComboFix-quarantined-files.txt 2008-07-08 16:30:02
ComboFix2.txt 2008-07-08 14:52:42

Pre-Run: 8,603,992,064 bytes free
Post-Run: 8,595,451,904 bytes free

264 --- E O F --- 2008-07-06 19:45:06

mryuck
New Member

Date Joined Jun 2008
Total Posts : 10

Posted 7-8-2008 6:34 (GMT +2)

Logfile of HijackThis v1.99.1
Scan saved at 12:33:46 PM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TJ\Desktop\alternativ.exe

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13131

Posted 7-8-2008 7:48 (GMT +2)

Please download Malwarebytes' Anti-Malware:

http://www.besttechie.net/tools/mbam-setup.exe

to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location.

Copy and Paste that log into your next reply, along with new combofix log .

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

mryuck
New Member

Date Joined Jun 2008
Total Posts : 10

Posted 7-8-2008 8:01 (GMT +2)

LOL so many anti-viral and malware programs to download, Do you have all these running on your comp?

mryuck
New Member

Date Joined Jun 2008
Total Posts : 10

Posted 7-8-2008 8:30 (GMT +2)

Malwarebytes' Anti-Malware 1.20
Database version: 932
Windows 5.1.2600 Service Pack 2

2:24:13 PM 7/8/2008
mbam-log-7-8-2008 (14-24-13).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 75546
Time elapsed: 22 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{b1e22eb8-2ae8-4e8e-96ae-74f2a1764533} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dlp.dlpobj (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dlp.dlpobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{be2ed590-ca49-46b5-8cce-244fb2e0d1aa} (Adware.WebDir) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\TJ\Desktop\GALA-NET\Rappelz_USA\Launcher.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

ComboFix 08-07-07.3 - TJ 2008-07-08 14:25:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.693 [GMT -4:00]
Running from: C:\Documents and Settings\TJ\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

2008-07-08 14:05 . 2008-07-08 14:05 <DIR> d-------- C:\WINDOWS\Sun
2008-07-08 14:05 . 2008-07-08 14:06 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-07-08 14:05 . 2008-07-08 14:05 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\SystemRequirementsLab
2008-07-08 14:00 . 2008-07-08 14:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-08 14:00 . 2008-07-08 14:00 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\Malwarebytes
2008-07-08 14:00 . 2008-07-08 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-08 14:00 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-08 14:00 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-08 10:47 . 2008-07-08 10:47 <DIR> d-------- C:\Program Files\CCleaner
2008-07-08 10:28 . 2008-07-08 10:28 <DIR> d-------- C:\Documents and Settings\TJ\DoctorWeb
2008-07-08 10:06 . 2008-07-08 10:06 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-08 09:55 . 2008-07-08 09:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-08 09:55 . 2008-07-08 09:55 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\SUPERAntiSpyware.com
2008-07-08 09:55 . 2008-07-08 09:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-08 09:54 . 2008-07-08 09:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 22:39 . 2008-07-07 22:45 <DIR> d-------- C:\Program Files\Windows Live
2008-07-06 15:27 . 2004-08-04 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-06 12:45 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-06 12:45 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-05 17:17 . 2008-07-05 17:17 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-07-05 17:13 . 2008-07-05 17:13 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\Viewpoint
2008-07-05 15:12 . 2008-07-05 15:12 <DIR> d-------- C:\Program Files\Power Tab Software
2008-07-03 16:20 . 2008-07-03 16:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-03 16:20 . 2008-07-03 16:20 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-03 16:20 . 2008-07-08 10:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-03 16:06 . 2008-07-03 16:30 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-03 16:06 . 2008-07-03 16:30 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-03 16:05 . 2008-07-08 14:27 2,154,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-03 16:05 . 2008-07-08 14:27 54,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-03 16:05 . 2008-07-08 09:59 32,492 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-03 16:05 . 2008-07-08 09:59 6,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-03 16:03 . 2008-07-03 16:05 <DIR> d-------- C:\kav
2008-07-02 10:09 . 2008-07-02 10:10 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\DivX
2008-07-02 10:05 . 2008-07-02 10:05 <DIR> d-------- C:\Program Files\DivX
2008-07-02 10:05 . 2008-06-10 20:07 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-07-02 10:05 . 2008-06-10 20:07 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-06-30 11:52 . 2008-06-30 11:52 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\acccore
2008-06-30 11:24 . 2008-06-30 11:24 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-29 14:06 . 2008-06-30 22:06 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-06-29 12:32 . 2008-06-29 12:32 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-06-29 12:25 . 2008-06-29 12:26 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-29 12:22 . 2008-06-29 12:22 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\DAEMON Tools
2008-06-29 12:22 . 2008-06-29 12:22 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-28 19:50 . 2007-09-18 23:41 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-06-28 19:47 . 2007-09-18 23:41 514,337,164 --a------ C:\WINDOWS\data4.pck
2008-06-28 19:46 . 2007-09-18 22:55 629,164,503 --a------ C:\WINDOWS\data3.pck
2008-06-28 19:45 . 2007-09-18 17:10 629,175,968 --a------ C:\WINDOWS\data2.pck
2008-06-28 19:44 . 2007-09-19 10:14 <DIR> d-------- C:\WINDOWS\background
2008-06-28 19:44 . 2007-09-18 12:03 629,147,117 --a------ C:\WINDOWS\data1.pck
2008-06-28 19:44 . 2007-09-18 09:58 1,080,216 --a------ C:\WINDOWS\check.md
2008-06-28 19:44 . 2007-09-18 23:41 372,736 --a------ C:\WINDOWS\ijl15.dll
2008-06-28 19:44 . 2007-09-18 23:41 258,352 --a------ C:\WINDOWS\unicows.dll
2008-06-28 19:44 . 2007-09-18 23:41 28,672 --a------ C:\WINDOWS\JPGI.dll
2008-06-28 19:44 . 2007-09-18 23:41 4,968 --a------ C:\WINDOWS\install.ini
2008-06-27 13:22 . 2008-06-27 13:23 <DIR> d-------- C:\Program Files\Microsoft Expression
2008-06-27 13:15 . 2008-06-27 13:15 162 --a------ C:\WINDOWS\ODBC.INI
2008-06-27 13:11 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-27 13:09 . 2008-06-27 13:09 <DIR> d-------- C:\Program Files\MSBuild
2008-06-27 13:09 . 2008-06-27 13:09 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-27 13:07 . 2008-06-27 13:07 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-27 13:05 . 2008-06-27 13:05 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-27 13:04 . 2008-06-27 13:19 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-27 13:03 . 2008-07-06 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-27 13:02 . 2008-06-27 13:02 <DIR> dr-h----- C:\MSOCache
2008-06-26 14:13 . 2008-06-26 14:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-25 00:12 . 2008-06-25 00:12 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\SecondLife
2008-06-24 11:32 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-24 11:32 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-24 11:32 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-23 23:11 . 2008-06-23 23:11 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-23 23:11 . 2008-06-24 19:22 <DIR> d-------- C:\Documents and Settings\TJ\Contacts
2008-06-23 23:07 . 2008-06-23 23:10 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-23 23:07 . 2008-07-08 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-23 06:13 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-23 06:13 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-23 06:00 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-23 05:58 . 2008-06-27 09:18 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\LimeWire
2008-06-23 05:57 . 2008-06-23 05:57 <DIR> d-------- C:\Program Files\Java
2008-06-23 05:57 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-23 05:56 . 2008-06-23 05:56 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-23 05:54 . 2008-06-23 05:57 <DIR> d-------- C:\Program Files\LimeWire
2008-06-22 18:27 . 2008-07-06 15:42 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-21 12:26 . 2008-06-21 12:26 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-06-21 12:26 . 2008-06-21 12:26 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-21 12:07 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2008-06-21 12:06 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-21 12:06 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-06-21 12:06 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-06-21 12:06 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-06-21 12:06 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-06-21 12:06 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-06-21 12:06 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-06-21 12:06 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-21 12:06 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-21 11:49 . 2008-06-21 12:05 <DIR> d-------- C:\Program Files\HP
2008-06-21 11:48 . 2008-06-21 12:27 110,415 --a------ C:\WINDOWS\hpoins11.dat
2008-06-21 11:48 . 2006-04-12 20:04 49,664 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-06-21 11:48 . 2006-04-12 20:04 21,568 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-06-21 11:48 . 2006-04-12 20:04 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-06-21 11:47 . 2006-04-12 20:02 827,392 --a------ C:\WINDOWS\system32\hpotiop2.dll
2008-06-21 11:47 . 2006-04-12 20:02 659,456 --a------ C:\WINDOWS\system32\hpowiax2.dll
2008-06-21 11:47 . 2006-04-12 20:04 282,624 --a------ C:\WINDOWS\system32\HPZc3212.dll
2008-06-21 11:47 . 2006-04-12 20:02 254,026 --a------ C:\WINDOWS\system32\hpovst09.dll
2008-06-21 11:47 . 2005-07-18 21:38 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-06-21 11:47 . 2006-01-04 04:12 77,824 --a------ C:\WINDOWS\system32\HPZIDS01.dll
2008-06-21 11:46 . 2006-05-05 23:10 6,947 --a------ C:\WINDOWS\hpomdl11.dat
2008-06-21 09:24 . 2008-06-21 09:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-21 09:24 . 2008-07-08 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-21 09:23 . 2008-06-21 09:23 <DIR> d-------- C:\Program Files\Winamp Remote
2008-06-21 09:23 . 2008-06-21 09:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-06-21 09:21 . 2008-06-21 09:24 <DIR> d-------- C:\Program Files\Winamp
2008-06-21 09:21 . 2008-06-21 09:27 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\Winamp
2008-06-21 09:20 . 2008-06-21 09:20 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std
2008-06-21 09:18 . 2008-06-21 09:18 <DIR> d-------- C:\WINDOWS\system32\quicktime
2008-06-21 09:18 . 2008-06-21 09:18 <DIR> d-------- C:\Program Files\IObit
2008-06-21 09:18 . 2008-06-21 09:27 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-21 09:18 . 2008-06-21 09:18 <DIR> d-------- C:\Program Files\AVI Codec Pack
2008-06-21 09:18 . 2008-07-06 15:08 <DIR> d-------- C:\Documents and Settings\TJ\Application Data\BitTorrent
2008-06-21 09:17 . 2008-06-21 09:17 <DIR> d-------- C:\Program Files\Viewpoint
2008-06-21 09:17 . 2008-06-21 09:17 <DIR> d-------- C:\Program Files\AIM Search
2008-06-21 09:17 . 2008-06-30 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-21 09:17 . 2008-06-21 09:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-06-21 09:16 . 2008-06-21 09:16 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-06-21 09:16 . 2008-06-30 11:51 <DIR> d-------- C:\Program Files\AIM6
2008-06-21 09:16 . 2008-06-30 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 20:30 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-29 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 18:51 --------- d-----w C:\Program Files\ATI Technologies
2008-06-20 18:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-20 18:41 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-11 00:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-03 01:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-30 18:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 18:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 18:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 18:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 18:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 18:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 18:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 08:00 158208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^TJ^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\TJ\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-06-19 13:51 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-09-07 19:01 43008 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 05:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 14:49 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\kav\\kis\\setup.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - WLSETUPSVC
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 14:27:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-08 14:29:21
ComboFix-quarantined-files.txt 2008-07-08 18:28:52
ComboFix2.txt 2008-07-08 16:30:30
ComboFix3.txt 2008-07-08 14:52:42

Pre-Run: 8,595,275,776 bytes free
Post-Run: 8,589,127,680 bytes free

265 --- E O F --- 2008-07-06 19:45:06

mryuck
New Member

Date Joined Jun 2008
Total Posts : 10

Posted 7-8-2008 8:35 (GMT +2)

Files Infected:
C:\Documents and Settings\TJ\Desktop\GALA-NET\Rappelz_USA\Launcher.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

LOL just ruined my game. I can't load it now.. so here goes another 4 hour download.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13131

Posted 7-9-2008 7:15 (GMT +2)

You should be able to restore it from Malwarebytes' Anti-Malware qurantine. when you have restored it, please let Me know how things are running now ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

mryuck
New Member

Date Joined Jun 2008
Total Posts : 10

Posted 7-9-2008 4:56 (GMT +2)

I had a friend send me the .exe file so the game is fine.. and so far no report from my friends on any mysterious links

mryuck
New Member

Date Joined Jun 2008
Total Posts : 10

Posted 7-13-2008 4:53 (GMT +2)

Ok it seems as thought the problem is still here. I just got an offline message from a friend saying he got the link again. Should I just rerun all the applications?

mryuck
New Member

Date Joined Jun 2008
Total Posts : 10

Posted 7-15-2008 3:15 (GMT +2)

I re-ran all the apps, still having the problem :/

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13131

Posted 7-16-2008 5:11 (GMT +2)

Ok. Uninstall live messenger

Reboot, install it again

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

mryuck
New Member

Date Joined Jun 2008
Total Posts : 10

Posted 7-16-2008 5:44 (GMT +2)

I uninstalled, restarted, and ran every app I could think of, found 3-4 problems, removed them, and reinstalled. Anything else you would like me to do?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13131

Posted 7-17-2008 7:53 (GMT +2)

Just let Me know how things are running ;-)

In the meantime, I´ll suggest you -

Read Tony Klein's excellent article about how to prevent against spyware/hijackers in the future

http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted