# Another Windows Live Messenger Virus



## xtremesy (Dec 3, 2007)

Hello,

I also stupidly clicked on the link sent to me by a friend and now I'm sending the same message to my contacts as well. I tried to look at the solutions offered to other people but I'm not sure if the same will apply to me, so here is my hijack-this log and also the combofix log. I have tried scanning with F-prot antivirus, spybot, and ad-aware (all defintions have been updated) and nothing has helped. I tried to uninstall and reinstall messenger, and now, several of my contacts have just blocked me so I'm sure that I still have a problem. Also, I'm using Windows XP, thank you in advance.

ComboFix 07-12-02.7 - njanevsk 2007-12-03 13:38:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.203 [GMT -5:00]
Running from: C:\Documents and Settings\njanevsk\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-03 13:24 . 2007-12-03 13:29 d--------	C:\Program Files\Windows Live
2007-11-30 16:06 . 2007-11-30 16:06 d--------	C:\Documents and Settings\njanevsk\Application Data\Lavasoft
2007-11-30 16:05 . 2007-11-30 16:05 d--------	C:\Program Files\Lavasoft
2007-11-30 11:45 . 2007-07-30 19:19	271,224	--a------	C:\WINDOWS\system32\mucltui.dll
2007-11-30 11:45 . 2007-07-30 19:19	207,736	--a------	C:\WINDOWS\system32\muweb.dll
2007-11-30 11:45 . 2007-07-30 19:19	30,072	--a------	C:\WINDOWS\system32\mucltui.dll.mui
2007-11-30 03:01 . 2007-11-30 03:01 d--------	C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-29 18:19 . 2007-12-03 13:26 d--------	C:\WINDOWS\LastGood
2007-11-29 18:13 . 2007-11-29 18:18 d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-29 18:12 . 2007-12-03 13:24 d--------	C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-24 03:11 . 2007-11-24 04:50	66,936	--ahs----	C:\WINDOWS\dlinfo_0.drv
2007-11-24 03:10 . 2007-11-24 03:11 d--------	C:\Diablo
2007-11-24 03:10 . 2007-11-24 03:10	86,528	--a------	C:\WINDOWS\bnetunin.exe
2007-11-24 03:10 . 2007-11-24 03:10	61,440	--a------	C:\WINDOWS\diabunin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 18:34	---------	d-----w	C:\Documents and Settings\njanevsk\Application Data\BitTorrent DNA
2007-11-19 04:16	---------	d-----w	C:\Documents and Settings\njanevsk\Application Data\LimeWire
2007-11-13 19:14	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-11-08 07:16	---------	d-----w	C:\Documents and Settings\njanevsk\Application Data\BitTorrent
2007-10-29 23:57	---------	d-----w	C:\Documents and Settings\njanevsk\Application Data\AdobeUM
2007-10-27 15:49	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2007-10-27 15:49	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-20 17:30	---------	d-----w	C:\Program Files\AC3Filter
2007-10-18 16:31	51,224	----a-w	C:\WINDOWS\system32\sirenacm.dll
2007-10-18 00:36	---------	d-----w	C:\Program Files\PlayOnline
2007-10-16 18:57	---------	d-----w	C:\Documents and Settings\njanevsk\Application Data\Ahead
2007-10-16 18:29	---------	d-----w	C:\Program Files\Common Files\Adobe Systems Shared
2007-10-16 18:29	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Macrovision
2007-10-16 18:28	---------	d-----w	C:\Program Files\Common Files\Adobe
2007-10-16 15:21	---------	d-----w	C:\Documents and Settings\njanevsk\Application Data\DivX
2007-10-16 05:54	---------	d-----w	C:\Program Files\DivX
2007-10-15 21:12	---------	d-----w	C:\Program Files\Macromedia
2007-10-15 21:12	---------	d-----w	C:\Program Files\Common Files\Macromedia
2007-10-15 18:10 ---------	d-----w	C:\Program Files\LimeWire
2007-10-15 07:00	---------	d-----w	C:\Program Files\MSXML 4.0
2007-10-14 17:53	---------	d-----w	C:\Program Files\BitTorrent_DNA
2007-10-14 17:53	---------	d-----w	C:\Program Files\BitTorrent
2007-10-14 17:06	---------	d-----w	C:\Program Files\Java
2007-10-14 16:13	---------	d-----w	C:\Documents and Settings\njanevsk\Application Data\Skype
2007-10-14 14:40	---------	d-----w	C:\Program Files\Skype
2007-10-14 14:40	---------	d-----w	C:\Program Files\Common Files\Skype
2007-10-14 14:40	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Skype
2007-10-14 14:17	---------	d-----w	C:\Program Files\Common Files\LogiShrd
2007-10-14 14:14	---------	d-----w	C:\Program Files\Logitech
2007-10-14 14:14	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-14 14:14	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Logishrd
2007-09-17 18:23	823,296	----a-w	C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23	823,296	----a-w	C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22	802,816	----a-w	C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22	739,840	----a-w	C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14	156,992	----a-w	C:\WINDOWS\system32\DivXCodecVersionChecker.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-10-14 12:53]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-11-16 04:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-11-16 04:15]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 14:01 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 13:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 13:38]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 13:01]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 00:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-11-12 11:40]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 15:17]
"KeyAccess"="C:\WINDOWS\keyacc32.exe" [2003-12-16 12:00]
"F-StopW"="C:\Program Files\FSI\F-Prot\F-StopW.EXE" [2005-02-25 10:27]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-27 16:16]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:56 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-27 16:32]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 00:12]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 00:13]

C:\Documents and Settings\Deploy\Start Menu\Programs\Startup\
eXtreme Deployment Bootstrap.lnk - C:\xDeploy\bin\deploy.bat [2004-01-09 14:23:34]
reg.exe.lnk - C:\WINDOWS\system32\reg.exe [2002-08-29 07:00:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-16 13:28:34]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 09:28:16]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-06-22 11:53:13]
KeyAccess.lnk - C:\WINDOWS\keyacc32.exe [2003-12-16 12:00:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=KATRACK.DLL

R0 FPA_RTP;FPA_RTP;C:\WINDOWS\system32\Drivers\FSTOPW.SYS
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys

*Newly Created Service* - CATCHME 
*Newly Created Service* - PROCEXP90 
*Newly Created Service* - WLSETUPSVC 
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 13:42:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?4?4?5??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 13:43:54
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:45:28 PM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\FSI\F-Prot\F-StopW.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\njanevsk\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.drew.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 62.162.73.66
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: KeyAccess.lnk = C:\WINDOWS\keyacc32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\Software\..\Telephony: DomainName = ad.drew.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7951 bytes

Thanks again.


----------



## xtremesy (Dec 3, 2007)

bump


----------



## xtremesy (Dec 3, 2007)

Am I doing something wrong, I noticed several threads of the same issue being answered so I know I'm posting in the right area, and I understand this is entirely volunteer and I don't want to sound impatient or inconsiderate, but....I don't know, maybe some one can reply with at least a "hello"?


----------



## cybertech (Apr 16, 2002)

Please download *MsnCleaner.zip* and Save it to your Desktop.
Unzip it to the Desktop.
Now reboot your computer into *Safe Mode*. You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. Use your up arrow key to highlight SafeMode then hit Enter.
Double-click *MsnCleaner.exe* to run it.
Click the *Analyze* button.
A report will be created once after you finish scan.
If it finds an infection, click the *Deleted* button.
Now, please reboot back to normal mode.
Please post the contents of C:\*MsnCleaner.txt* in a reply to this post along with a new HJT log.


----------



## xtremesy (Dec 3, 2007)

Hello Cybertech, thanks for your help, here are the files:

- Logfile MSNCleaner 1.4.8 by www.forospyware.com
- Created Logfile: 12/10/2007 on 1:01:45 PM
- Operative System: Windows XP
- Boot mode: Safe mode
_________________________________________

Detected files: 0
Deleted file: 0
Undeleted Files: 0

<<<<<<< No file found >>>>>>>

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:08:27 PM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\njanevsk\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://home.drew.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =

62.162.73.66
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup

Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog

Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"

/tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch

Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless

Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
O4 - HKLM\..\Run: [F-StopW] "C:\Program Files\FSI\F-Prot\F-StopW.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"

/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KeyAccess.lnk = C:\WINDOWS\keyacc32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} -

C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger -

{3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/eng/partner/200015205/kavwebscan_unicode.cab
O17 - HKLM\Software\..\Telephony: DomainName = ad.drew.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader -

{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT

Corporation\BlueSoleil\BTNtService.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program

Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P.

- C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common

files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common

Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog

Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7783 bytes


----------



## cybertech (Apr 16, 2002)

Please download *ATF Cleaner* by Atribune. 
*This program is for XP and Windows 2000 only*
 
Double-click *ATF-Cleaner.exe* to run the program. 
Under *Main* choose: *Select All* 
Click the *Empty Selected* button. 

Click *Exit* on the Main menu to close the program.

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation. 
An icon will be created on your desktop. Double-click that icon to launch the program. 
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._) 
Under "*Configuration and Preferences*", click the *Preferences* button. 
Click the *Scanning Control* tab. 
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._ 
_Scan for tracking cookies._ 
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen. 
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*. 
On the left, make sure you check *C:\Fixed Drive*. 
On the right, under "*Complete Scan*", choose *Perform Complete Scan*. 
Click "*Next*" to start the scan. Please be patient while it scans your computer. 
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*". 
Make sure everything has a checkmark next to it and click "*Next*". 
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu. 
If asked if you want to reboot, click "*Yes*". 
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._ 
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._ 
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._ 
*Please copy and paste the Scan Log results in your next reply with a new hijackthis log.*

Click *Close* to exit the program.


----------



## xtremesy (Dec 3, 2007)

Hello, here are the logs, thanks again.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/10/2007 at 03:51 PM

Application Version : 3.9.1008

Core Rules Database Version : 3358
Trace Rules Database Version: 1357

Scan type : Complete Scan
Total Scan Time : 02:04:17

Memory items scanned : 478
Memory threats detected : 0
Registry items scanned : 5791
Registry threats detected : 0
File items scanned : 113040
File threats detected : 0

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:36:22 PM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\njanevsk\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.drew.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 62.162.73.66
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
O4 - HKLM\..\Run: [F-StopW] "C:\Program Files\FSI\F-Prot\F-StopW.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KeyAccess.lnk = C:\WINDOWS\keyacc32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/200015205/kavwebscan_unicode.cab
O17 - HKLM\Software\..\Telephony: DomainName = ad.drew.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7850 bytes


----------



## cybertech (Apr 16, 2002)

I don't see any anti-virus running. I see the updater running but where is the real-time protection?

*Run HJT again and put a check in the following:*

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"

*Close all applications and browser windows before you click "fix checked".*

Please *download* the *OTMoveIt by OldTimer*.

 *Save* it to your *desktop*.
 Please double-click *OTMoveIt.exe* to run it.
*Copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy):



> *C:\WINDOWS\bnetunin.exe
> C:\WINDOWS\diabunin.exe*



 Return to OTMoveIt, right click on the *"Paste List of Files/Folders to be moved"* window and choose *Paste*.
Click the red *Moveit!* button.
Close *OTMoveIt*
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*


----------



## xtremesy (Dec 3, 2007)

Ok, I did both, was not asked to reboot. I also checked my anitivirus and it says that it's fine, the real-time protector is enabled and I just updated again.


----------



## cybertech (Apr 16, 2002)

OK, are you still having problems?


----------



## xtremesy (Dec 3, 2007)

Hello,
Yes, I just asked a friend if I was still sending him messages with some sort of link, and apparently I still am


----------



## cybertech (Apr 16, 2002)

Please perform a scan with *Kaspersky Webscan Online Virus Scanner*

1. Read the Requirements and Privacy statement, then select "*Accept*". 
2. A new window will appear promting you to install an ActiveX component from Kaspersky - "*Do you want to install this software*?". 
3. Click "*Yes*" or select "*Install*" to download the ActiveX controls that allows ActiveScan to run. 
4. When the download is complete it will say ready, click "*Next*". 
5. Click "*Scan Settings*" and check the option to use the *Extended Database* if available otherwise Standard). 
6. Click "*Scan Options*" and select both "*Scan Archives*" and "*Scan Mail Bases*". 
7. Click "*OK*". 
8. Under "*Select a target to scan*", click on "*My Computer*". 
9. When the scan is complete choose to save the results as "*Save as Text*" named kaspersky.txt to your desktop and post them in your next reply.

Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for _Free Online Virus Scanner_. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps *here* and reboot afterwards if your system does not reboot automatically or it will show '_Kaspersky Online Scanner license key was not found!_


----------



## xtremesy (Dec 3, 2007)

Finally got that one done, here it is, thank you. 

KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 11, 2007 12:27:56 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/12/2007
Kaspersky Anti-Virus database records: 479464
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 115049
Number of viruses found 1
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 01:27:35

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\KeyAccess Audit Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\njanevsk\Application Data\Mozilla\Firefox\Profiles\mvcp0rjq.default\cert8.db Object is locked skipped
C:\Documents and Settings\njanevsk\Application Data\Mozilla\Firefox\Profiles\mvcp0rjq.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\njanevsk\Application Data\Mozilla\Firefox\Profiles\mvcp0rjq.default\history.dat Object is locked skipped
C:\Documents and Settings\njanevsk\Application Data\Mozilla\Firefox\Profiles\mvcp0rjq.default\key3.db Object is locked skipped
C:\Documents and Settings\njanevsk\Application Data\Mozilla\Firefox\Profiles\mvcp0rjq.default\parent.lock Object is locked skipped
C:\Documents and Settings\njanevsk\Application Data\Mozilla\Firefox\Profiles\mvcp0rjq.default\search.sqlite Object is locked skipped
C:\Documents and Settings\njanevsk\Application Data\Mozilla\Firefox\Profiles\mvcp0rjq.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\njanevsk\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\njanevsk\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A04_FC44_4FC_3473\dfsr.db Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A04_FC44_4FC_3473\fsr.log Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A04_FC44_4FC_3473\fsrtmp.log Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A04_FC44_4FC_3473\tmp.edb Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvcp0rjq.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvcp0rjq.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvcp0rjq.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvcp0rjq.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\History\History.IE5\MSHist012007121020071211\index.dat Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Temp\~DF383.tmp Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Temp\~DF38E.tmp Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Temp\~DFBB1.tmp Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Temp\~DFBC6.tmp Object is locked skipped
C:\Documents and Settings\njanevsk\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\njanevsk\My Documents\Shared\(working) imala majka vaska ilieva 07.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\njanevsk\My Documents\Shared\01 imala majka vaska ilieva 11.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\njanevsk\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\njanevsk\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8846B657-32B4-4BC5-83F7-68CAC2671E81}\RP210\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{640FF255-F969-411F-920B-BAC74183844E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\novell\nici\Administrator\XMGRCFG.KS2 Object is locked skipped
C:\WINDOWS\system32\novell\nici\Administrator\XMGRCFG.KS3 Object is locked skipped
C:\WINDOWS\system32\novell\nici\Deploy\XMGRCFG.KS2 Object is locked skipped
C:\WINDOWS\system32\novell\nici\Deploy\XMGRCFG.KS3 Object is locked skipped
C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS2 Object is locked skipped
C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS3 Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.


----------



## cybertech (Apr 16, 2002)

These are the two infected objects:
C:\Documents and Settings\njanevsk\My Documents\Shared\(working) imala majka vaska ilieva 07.wma
C:\Documents and Settings\njanevsk\My Documents\Shared\01 imala majka vaska ilieva 11.wma

Looks like something you downloaded. I would delete those.


----------



## xtremesy (Dec 3, 2007)

I just deleted those files, but they were sent to me by a friend a long time ago, perhaps 6 months ago, whereas I first started having problems with my messenger about 2 weeks ago. And I'm still having the same problem. I REALLY appreciate all of your help but it seems that I still have whatever it is that messing with my messenger.


----------



## cybertech (Apr 16, 2002)

Please download *MsnCleaner.zip* and Save it to your Desktop.
Unzip it to the Desktop.
Now reboot your computer into *Safe Mode*. You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. Use your up arrow key to highlight SafeMode then hit Enter.
Double-click *MsnCleaner.exe* to run it.
Click the *Analyze* button.
A report will be created once after you finish scan.
If it finds an infection, click the *Deleted* button.
Now, please reboot back to normal mode.
Please post the contents of C:\*MsnCleaner.txt* in a reply to this post along with a new HJT log.


----------



## xtremesy (Dec 3, 2007)

Here are both, thank you.

- Logfile MSNCleaner 1.4.8 by www.forospyware.com
- Created Logfile: 12/11/2007 on 6:04:25 PM
- Operative System: Windows XP
- Boot mode: Safe mode
_________________________________________

Detected files: 0
Deleted file: 0
Undeleted Files: 0

<<<<<<< No file found >>>>>>>

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:13:00 PM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\njanevsk\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.drew.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 62.162.73.66
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
O4 - HKLM\..\Run: [F-StopW] "C:\Program Files\FSI\F-Prot\F-StopW.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KeyAccess.lnk = C:\WINDOWS\keyacc32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/200015205/kavwebscan_unicode.cab
O17 - HKLM\Software\..\Telephony: DomainName = ad.drew.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7791 bytes


----------



## cybertech (Apr 16, 2002)

Fix this one if you did not configure it.

*Run HJT again and put a check in the following:*

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 62.162.73.66

*Close all applications and browser windows before you click "fix checked".*

Aside from that if you still have problems I would suggest removing all of your P2P programs.


----------



## xtremesy (Dec 3, 2007)

Hello, I just removed limewire and bittorrent and, I'm still having the problem. I had my friend unblock me to see if I was still sending him the messages and it's still going on. I really don't want to reformat, but is there any other option at this point? Thanks again for all your time and help.


----------



## cybertech (Apr 16, 2002)

Delete your current Combofix, download it again and post the resulting log.


----------



## xtremesy (Dec 3, 2007)

Ok, I was speaking with a friend and he asked me if I had changed my password since this happened, and I hadn't. So I did that yesterday, and since then, I have not had any problems with messenger. What that means...I don't know, but here's the combofix file you requested. Thanks again.

ComboFix 07-12-15.1 - njanevsk 2007-12-14 13:01:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.189 [GMT -5:00]
Running from: C:\Documents and Settings\njanevsk\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-15 to 2007-12-15 )))))))))))))))))))))))))))))))
.

2007-12-13 16:45 . 2007-12-13 16:45 d--------	C:\WINDOWS\system32\LogFiles
2007-12-10 13:43 . 2007-12-10 13:43 d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-10 13:42 . 2007-12-10 13:44 d--------	C:\Program Files\SUPERAntiSpyware
2007-12-10 13:42 . 2007-12-10 13:42 d--------	C:\Documents and Settings\njanevsk\Application Data\SUPERAntiSpyware.com
2007-12-10 13:41 . 2007-12-10 13:41 d--------	C:\Program Files\Common Files\Wise Installation Wizard
2007-12-07 18:37 . 2007-12-07 18:37 d--------	C:\Program Files\Thomson
2007-12-03 15:25 . 2007-12-03 15:25 d--------	C:\Program Files\r2 Studios
2007-12-03 15:25 . 2007-12-03 15:25 d--------	C:\Documents and Settings\njanevsk\Application Data\r2 Studios
2007-12-03 15:25 . 2007-12-03 15:25 d--------	C:\Documents and Settings\All Users\Application Data\r2 Studios
2007-12-03 13:24 . 2007-12-03 13:29 d--------	C:\Program Files\Windows Live
2007-11-30 16:06 . 2007-11-30 16:06 d--------	C:\Documents and Settings\njanevsk\Application Data\Lavasoft
2007-11-30 16:05 . 2007-11-30 16:05 d--------	C:\Program Files\Lavasoft
2007-11-30 11:45 . 2007-07-30 19:19	271,224	--a------	C:\WINDOWS\system32\mucltui.dll
2007-11-30 11:45 . 2007-07-30 19:19	207,736	--a------	C:\WINDOWS\system32\muweb.dll
2007-11-30 11:45 . 2007-07-30 19:19	30,072	--a------	C:\WINDOWS\system32\mucltui.dll.mui
2007-11-30 03:01 . 2007-11-30 03:01 d--------	C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-29 18:13 . 2007-11-29 18:18 d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-29 18:12 . 2007-12-03 13:24 d--------	C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-24 03:11 . 2007-11-24 04:50	66,936	--ahs----	C:\WINDOWS\dlinfo_0.drv
2007-11-24 03:10 . 2007-11-24 03:11 d--------	C:\Diablo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 21:38	---------	d-----w	C:\Documents and Settings\njanevsk\Application Data\LimeWire
2007-11-13 19:14	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-11-13 10:25	20,480	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 23:57	---------	d-----w	C:\Documents and Settings\njanevsk\Application Data\AdobeUM
2007-10-29 22:43	1,287,680	----a-w	C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40	227,328	----a-w	C:\WINDOWS\system32\wmasf.dll
2007-10-27 15:49	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2007-10-27 15:49	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-20 17:30	---------	d-----w	C:\Program Files\AC3Filter
2007-10-18 16:31	51,224	----a-w	C:\WINDOWS\system32\sirenacm.dll
2007-10-18 00:36	---------	d-----w	C:\Program Files\PlayOnline
2007-10-16 18:57	---------	d-----w	C:\Documents and Settings\njanevsk\Application Data\Ahead
2007-10-16 18:29	---------	d-----w	C:\Program Files\Common Files\Adobe Systems Shared
2007-10-16 18:29	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Macrovision
2007-10-16 18:28	---------	d-----w	C:\Program Files\Common Files\Adobe
2007-10-16 15:21	---------	d-----w	C:\Documents and Settings\njanevsk\Application Data\DivX
2007-10-16 05:54	---------	d-----w	C:\Program Files\DivX
2007-10-15 21:12	---------	d-----w	C:\Program Files\Macromedia
2007-10-15 21:12	---------	d-----w	C:\Program Files\Common Files\Macromedia
2007-10-15 07:00	---------	d-----w	C:\Program Files\MSXML 4.0
2007-09-17 18:23	823,296	----a-w	C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23	823,296	----a-w	C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22	802,816	----a-w	C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22	739,840	----a-w	C:\WINDOWS\system32\DivX.dll
.

((((((((((((((((((((((((((((( [email protected]_13.42.58.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-30 08:01:17	593,920	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-12-12 17:25:45	593,920	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-11-30 08:01:17	12,288	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-12-12 17:25:45	12,288	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-11-30 08:01:17	86,016	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-12-12 17:25:45	86,016	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-11-30 08:01:17	135,168	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-12 17:25:45	135,168	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-11-30 08:01:17	11,264	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-12-12 17:25:45	11,264	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-11-30 08:01:18	27,136	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-12 17:25:45	27,136	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-11-30 08:01:18	4,096	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-12-12 17:25:45	4,096	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-11-30 08:01:18	794,624	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-12 17:25:45	794,624	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-11-30 08:01:17	249,856	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-12-12 17:25:45	249,856	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-11-30 08:01:17	61,440	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-12-12 17:25:45	61,440	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-11-30 08:01:18	23,040	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-12-12 17:25:45	23,040	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-11-30 08:01:17	286,720	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-12-12 17:25:45	286,720	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-11-30 08:01:17	409,600	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-12 17:25:45	409,600	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-10 18:42:54	29,696	----a-r	C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-12-10 18:42:54	18,944	----a-r	C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-12-10 18:42:54	65,024	----a-r	C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2007-08-22 12:55:28	1,022,976	----a-w	C:\WINDOWS\system32\browseui.dll
+ 2007-10-11 05:57:29	1,024,000	----a-w	C:\WINDOWS\system32\browseui.dll
- 2007-08-22 12:55:29	151,040	----a-w	C:\WINDOWS\system32\cdfview.dll
+ 2007-10-11 05:57:29	151,040	----a-w	C:\WINDOWS\system32\cdfview.dll
- 2007-08-22 12:55:30	1,054,208	----a-w	C:\WINDOWS\system32\danim.dll
+ 2007-10-11 05:57:30	1,054,208	----a-w	C:\WINDOWS\system32\danim.dll
- 2007-08-22 12:55:28	1,022,976	-c----w	C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-10-11 05:57:29	1,024,000	-c----w	C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-08-22 12:55:29	151,040	-c----w	C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-10-11 05:57:29	151,040	-c----w	C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-08-22 12:55:30	1,054,208	-c----w	C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-10-11 05:57:30	1,054,208	-c----w	C:\WINDOWS\system32\dllcache\danim.dll
- 2007-08-22 12:55:30	357,888	-c----w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-10-11 05:57:30	357,888	-c----w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-22 12:55:31	205,824	-c----w	C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-11 05:57:30	205,824	-c----w	C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-22 12:55:31	55,808	-c----w	C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-11 05:57:30	55,808	-c----w	C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-21 10:19:39	18,432	-c----w	C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-10-10 10:48:23	18,432	-c----w	C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-08-22 12:55:32	251,904	-c----w	C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-10-11 05:57:31	251,904	-c----w	C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-08-22 12:55:32	96,256	-c----w	C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-10-11 05:57:31	96,256	-c----w	C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25	450,560	-c----w	C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-11-14 07:26:56	450,560	-c----w	C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-08-22 12:55:32	16,384	-c----w	C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-11 05:57:31	16,384	-c----w	C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-07-06 10:05:47	72,960	-c----w	C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 12:46:59	138,240	-c----w	C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59	47,104	-c----w	C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59	16,896	-c----w	C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59	660,992	-c----w	C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59	177,152	-c----w	C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59	95,744	-c----w	C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59	48,640	-c----w	C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59	471,552	-c----w	C:\WINDOWS\system32\dllcache\mqutil.dll
- 2007-08-22 12:55:36	3,064,832	-c----w	C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-10-30 09:55:21	3,065,856	-c----w	C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-22 12:55:37	449,024	-c----w	C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-11 05:57:36	449,024	-c----w	C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-22 12:55:37	146,432	-c----w	C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-11 05:57:36	146,432	-c----w	C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-22 12:55:38	532,480	-c----w	C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-11 05:57:37	532,480	-c----w	C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-22 12:55:38	39,424	-c----w	C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-11 05:57:37	39,424	-c----w	C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-29 22:43:03	1,287,680	-c----w	C:\WINDOWS\system32\dllcache\quartz.dll
- 2007-08-22 12:55:40	1,498,112	-c----w	C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-10-11 05:57:39	1,498,112	-c----w	C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2007-08-22 12:55:41	474,112	-c----w	C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-10-11 05:57:40	474,112	-c----w	C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2007-08-22 12:55:43	617,984	-c----w	C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-11 05:57:40	617,984	-c----w	C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-03-15 22:16:42	236,928	-c----w	C:\WINDOWS\system32\dllcache\WgaLogon.dll
+ 2007-04-10 19:00:46	236,928	-c----w	C:\WINDOWS\system32\dllcache\WgaLogon.dll
- 2007-03-15 22:17:08	336,768	-c----w	C:\WINDOWS\system32\dllcache\WgaTray.exe
+ 2007-04-10 19:01:18	336,768	-c----w	C:\WINDOWS\system32\dllcache\WgaTray.exe
- 2007-08-22 12:55:44	665,600	-c----w	C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-11 05:57:41	666,112	-c----w	C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-11 05:45:04	229,376	-c--a-w	C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 22:40:06	227,328	-c--a-w	C:\WINDOWS\system32\dllcache\wmasf.dll
- 2004-08-04 05:58:20	72,960	----a-w	C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47	72,960	----a-w	C:\WINDOWS\system32\drivers\mqac.sys
- 2007-08-22 12:55:30	357,888	----a-w	C:\WINDOWS\system32\dxtmsft.dll
+ 2007-10-11 05:57:30	357,888	----a-w	C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-22 12:55:31	205,824	----a-w	C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-11 05:57:30	205,824	----a-w	C:\WINDOWS\system32\dxtrans.dll
- 2007-08-22 12:55:31	55,808	----a-w	C:\WINDOWS\system32\extmgr.dll
+ 2007-10-11 05:57:30	55,808	----a-w	C:\WINDOWS\system32\extmgr.dll
- 2007-08-22 12:55:32	251,904	----a-w	C:\WINDOWS\system32\iepeers.dll
+ 2007-10-11 05:57:31	251,904	----a-w	C:\WINDOWS\system32\iepeers.dll
- 2007-08-22 12:55:32	96,256	----a-w	C:\WINDOWS\system32\inseng.dll
+ 2007-10-11 05:57:31	96,256	----a-w	C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25	450,560	----a-w	C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:26:56	450,560	----a-w	C:\WINDOWS\system32\jscript.dll
- 2007-08-22 12:55:32	16,384	----a-w	C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-11 05:57:31	16,384	----a-w	C:\WINDOWS\system32\jsproxy.dll
- 2007-03-15 22:19:28	1,476,992	----a-w	C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-04-10 19:02:50	1,476,992	----a-w	C:\WINDOWS\system32\LegitCheckControl.dll
- 2004-08-04 07:56:42	138,240	----a-w	C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59	138,240	----a-w	C:\WINDOWS\system32\mqad.dll
- 2004-08-04 07:56:42	47,104	----a-w	C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59	47,104	----a-w	C:\WINDOWS\system32\mqdscli.dll
- 2004-08-04 07:56:42	16,896	----a-w	C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59	16,896	----a-w	C:\WINDOWS\system32\mqise.dll
- 2004-08-04 07:56:42	660,992	----a-w	C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59	660,992	----a-w	C:\WINDOWS\system32\mqqm.dll
- 2004-08-04 07:56:42	177,152	----a-w	C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59	177,152	----a-w	C:\WINDOWS\system32\mqrt.dll
- 2004-08-04 07:56:42	95,744	----a-w	C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59	95,744	----a-w	C:\WINDOWS\system32\mqsec.dll
- 2004-08-04 07:56:42	48,640	----a-w	C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59	48,640	----a-w	C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-04 07:56:42	471,552	----a-w	C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59	471,552	----a-w	C:\WINDOWS\system32\mqutil.dll
- 2007-11-02 07:12:57	18,238,072	----a-w	C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:05	18,684,536	----a-w	C:\WINDOWS\system32\MRT.exe
- 2007-08-22 12:55:36	3,064,832	----a-w	C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 09:55:21	3,065,856	----a-w	C:\WINDOWS\system32\mshtml.dll
- 2007-08-22 12:55:37	449,024	----a-w	C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-11 05:57:36	449,024	----a-w	C:\WINDOWS\system32\mshtmled.dll
- 2007-08-22 12:55:37	146,432	----a-w	C:\WINDOWS\system32\msrating.dll
+ 2007-10-11 05:57:36	146,432	----a-w	C:\WINDOWS\system32\msrating.dll
- 2007-08-22 12:55:38	532,480	----a-w	C:\WINDOWS\system32\mstime.dll
+ 2007-10-11 05:57:37	532,480	----a-w	C:\WINDOWS\system32\mstime.dll
- 2007-11-29 22:57:29	50,934	----a-w	C:\WINDOWS\system32\perfc009.dat
+ 2007-12-07 23:39:18	50,934	----a-w	C:\WINDOWS\system32\perfc009.dat
- 2007-11-29 22:57:29	374,632	----a-w	C:\WINDOWS\system32\perfh009.dat
+ 2007-12-07 23:39:18	374,632	----a-w	C:\WINDOWS\system32\perfh009.dat
- 2007-08-22 12:55:38	39,424	----a-w	C:\WINDOWS\system32\pngfilt.dll
+ 2007-10-11 05:57:37	39,424	----a-w	C:\WINDOWS\system32\pngfilt.dll
- 2007-08-22 12:55:40	1,498,112	----a-w	C:\WINDOWS\system32\shdocvw.dll
+ 2007-10-11 05:57:39	1,498,112	----a-w	C:\WINDOWS\system32\shdocvw.dll
- 2007-08-22 12:55:41	474,112	----a-w	C:\WINDOWS\system32\shlwapi.dll
+ 2007-10-11 05:57:40	474,112	----a-w	C:\WINDOWS\system32\shlwapi.dll
- 2006-12-10 18:10:02	14,640	------w	C:\WINDOWS\system32\spmsg.dll
+ 2006-12-10 19:10:02	14,640	------w	C:\WINDOWS\system32\spmsg.dll
- 2007-07-22 23:39:27	279,552	----a-w	C:\WINDOWS\system32\swreg.exe
+ 2007-12-14 02:26:50	156,160	----a-w	C:\WINDOWS\system32\swreg.exe
- 2007-07-18 12:42:22	60,416	------w	C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11	60,416	------w	C:\WINDOWS\system32\tzchange.exe
- 2007-08-22 12:55:43	617,984	----a-w	C:\WINDOWS\system32\urlmon.dll
+ 2007-10-11 05:57:40	617,984	----a-w	C:\WINDOWS\system32\urlmon.dll
- 2007-03-15 22:16:42	236,928	------w	C:\WINDOWS\system32\WgaLogon.dll
+ 2007-04-10 19:00:46	236,928	----a-w	C:\WINDOWS\system32\WgaLogon.dll
- 2007-03-15 22:17:08	336,768	------w	C:\WINDOWS\system32\WgaTray.exe
+ 2007-04-10 19:01:18	336,768	------w	C:\WINDOWS\system32\WgaTray.exe
- 2007-08-22 12:55:44	665,600	----a-w	C:\WINDOWS\system32\wininet.dll
+ 2007-10-11 05:57:41	666,112	----a-w	C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2007-07-12 04:36]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-11-16 04:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-11-16 04:15]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 14:01 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 13:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 13:38]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 13:01]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 00:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-11-12 11:40]
"KeyAccess"="C:\WINDOWS\keyacc32.exe" [2003-12-16 12:00]
"F-StopW"="C:\Program Files\FSI\F-Prot\F-StopW.EXE" [2005-02-25 10:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-27 16:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-27 16:16]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 15:17]

C:\Documents and Settings\Deploy\Start Menu\Programs\Startup\
eXtreme Deployment Bootstrap.lnk - C:\xDeploy\bin\deploy.bat [2004-01-09 14:23:34]
reg.exe.lnk - C:\WINDOWS\system32\reg.exe [2002-08-29 07:00:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-16 13:28:34]
KeyAccess.lnk - C:\WINDOWS\keyacc32.exe [2003-12-16 12:00:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=KATRACK.DLL

R0 FPA_RTP;FPA_RTP;C:\WINDOWS\system32\Drivers\FSTOPW.SYS
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-15 13:05:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????d????|?P???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-15 13:07:53
C:\ComboFix2.txt ... 2007-12-03 13:43
.
2007-12-12 17:26:00	--- E O F ---


----------

