Hidden popup??

[GameMaster]

Heya xxarlokxx,

It will be hard to get fixed.

It will be a multifaceted process to repair your system. Unforunately this will require multiple scans and multiple log postings on your part.

It is not surprising that an infection of this magnitude has infected your system. You download torrents and there is no evidence of an antivirus program or firewall on your system.

Use a tool to directly target the trojan horses appearing on your system.

Download SDFix to your desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click SDFix.exe on your desktop and it will extract the files to the root directory where your operating system resides.

Next boot your pc into "Safe mode" using the f8 key during start-up.

Please do not use msconfig method whenever booting into "Safe Mode" for malware removal as this can cause boot loop

IN SAFE MODE

1) Open the extracted SDFix folder and double click RunThis to start the script. This can be found in the root directory usually C:\SDFix.

2) Type Y to begin the cleanup process.

3) It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

4) Press any Key and it will restart the PC.

5) When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

6) Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

7) Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Wow there goes another

 

[nobbly niblets]

Heya GameMaster,

Wow there goes another [End Quote]

Did I do something wrong?

You quoted my whole post and ad-libbed with "Wow there goes another".

I'm not too sure what exactly to make of this.

Please enlighten me

 

[GameMaster]

I mean another security expert...or something similar.

 

[nobbly niblets]

Okaaaay,

Hmmmm,

I feel like I've stepped on toes.

I'll edit out the post completely, not because I feel the advice given is wrong, but because I know there is adequate advice being given already.

Forgive my intrusion.

 

[Buzz1927]

Okaaaay,

Hmmmm,

I feel like I've stepped on toes.

I'll edit out the post completely, not because I feel the advice given is wrong, but because I know there is adequate advice being given already.

Forgive my intrusion.

I don't know what you posted, but could you please put it back?

Oops, now I saw the quote, put it back anyway, Gamemaster doesn't decide things here.

 

[nobbly niblets]

Heya Buzz1927,

Sorry I didn't keep the post, but it is quoted at the top of this page.

Basically it was just a set of instructions for SDFix.

How do I reply to a PM or conversation?

 

[Buzz1927]

Heya Buzz1927,

Sorry I didn't keep the post, but it is quoted at the top of this page.

Basically it was just a set of instructions for SDFix.

How do I reply to a PM or conversation?

I'll put your post back.
You need 100 posts to pm (had problems with spammers). I'm not sure about visitor messages, can you not reply?

 

[GameMaster]

Hi haha.
I was just commenting the professionalism of your SDFix instructions. With that, I didn't want to point out that ceewi1 ( another expert ) is already helping the OP, or anything similar.
In fact I'm sure ceewi1 would like having an expert helping him ( in helping other people .

Sorry if you misunderstood my post(s),
Cheers

 

[nobbly niblets]

Cheers Buzz1927,

No, only the option to report... Kinda figured this was for offensive messages.

 

[Buzz1927]

Cheers Buzz1927,

No, only the option to report... Kinda figured this was for offensive messages.

I think that was changed to 100 posts as well, anyway, enough thread-jacking, sorry to the OP.

 

[nobbly niblets]

It's all good GameMaster,

I thought I might have been interrupting on current instructions given by ceewi1, and to be honest I had reservations about posting because of this.

I have seen the quality advice given by ceewi1 and it is nothing short of impressive. I thought because the post was made yesterday?, that I could help the OP move forward.

Actually I was in two minds whether to advise an online scan with bitdefender (to remove some of the offending entries) or to go with SDFix, but because one online scan had already been run I went with the latter.

No harm, No foul.

xxarlokxx sorry that you have to read my ramblings while you continue with your fix. Apologies.

 

[xxarlokxx]

SD fix report..=P...


SDFix: Version 1.203
Run by Steven C on Tue 07/08/2008 at 05:07 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 05:18:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:031d9f9e
"s2"=dword:f9a6c9fd
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:c9,09,8d,86,a4,bf,17,f2,f0,7c,f8,ab,ad,3c,d4,f1,13,b7,e4,6f,a9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:37,0e,8c,33,21,b5,3a,e6,de,b7,da,20,a5,50,b2,71,3a,aa,5d,f4,aa,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,44,a2,32,09,65,94,73,09,24,81,7f,78,f8,e1,6e,b3,ca,..
"khjeh"=hex:13,52,ac,81,68,86,b7,2b,a8,ab,d5,31,e8,17,b9,ac,dc,13,63,16,2a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d6,0b,90,81,22,23,7f,c1,c6,c0,56,df,a3,c7,98,6d,2a,e5,6f,b0,85,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:c9,09,8d,86,a4,bf,17,f2,f0,7c,f8,ab,ad,3c,d4,f1,13,b7,e4,6f,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:37,0e,8c,33,21,b5,3a,e6,de,b7,da,20,a5,50,b2,71,3a,aa,5d,f4,aa,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,44,a2,32,09,65,94,73,09,24,81,7f,78,f8,e1,6e,b3,ca,..
"khjeh"=hex:13,52,ac,81,68,86,b7,2b,a8,ab,d5,31,e8,17,b9,ac,dc,13,63,16,2a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d6,0b,90,81,22,23,7f,c1,c6,c0,56,df,a3,c7,98,6d,2a,e5,6f,b0,85,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C044C803-7FD5-3F74-26B9-99B97348F63E}]
"dbkopjdaclfkhifhefhjcccmkaamgfkfleioknch"=hex:6b,61,69,6b,64,62,66,61,62,6d,65,6c,69,64,6f,6f,61,66,6f,64,6e,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaws.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaws.exe:*:Enabled:javaws"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :



Files with Hidden Attributes :

Wed 4 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Wed 25 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4844df1d57a292079101da42a26d7d72\BIT3.tmp"
Wed 25 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
Sun 6 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\78670cbd6a90baaa408a8a72f52fdce2\BIT2.tmp"
Wed 25 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT4.tmp"
Wed 25 Jun 2008 95,315,977 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f8e4c50bd1c41feac24607e18c5505bd\BIT2A.tmp"
Fri 9 Mar 2007 231,936 A..H. --- "C:\Documents and Settings\Steven C\Desktop\University of Waterloo\Chem 267L\~WRL0005.tmp"
Fri 9 Mar 2007 243,712 A..H. --- "C:\Documents and Settings\Steven C\Desktop\University of Waterloo\Chem 267L\~WRL0703.tmp"
Fri 9 Mar 2007 243,712 A..H. --- "C:\Documents and Settings\Steven C\Desktop\University of Waterloo\Chem 267L\~WRL1177.tmp"

Finished!

 

[xxarlokxx]

hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:05 AM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE /P26 "EPSON Stylus CX1500 Series" /O5 "LPT1:" /M "Stylus CX1500"
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stevenching28.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214379191747
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162425286125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45ABDAA6-9586-4E5E-A01E-2E395570E348}: NameServer = 203.198.23.208 205.252.144.126
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7624 bytes

 

[xxarlokxx]

haha..its ok, man....need to thank you alot for helping me...
also...can u suggest a fireball/antivirus program??
dont know which one is reliable, and the common one always need to be purchased online and i dont trust those online thing..-_-"...

 

[cohen]

haha..its ok, man....need to thank you alot for helping me...
also...can u suggest a fireball/antivirus program??
dont know which one is reliable, and the common one always need to be purchased online and i dont trust those online thing..-_-"...

AVG 8.0 is good free one.

 

[xxarlokxx]

AVG 8.0 is good free one.

thxxx...=]...
so hows my system now?? still badly infected???

 

[cohen]

thxxx...=]...
so hows my system now?? still badly infected???

yeah, no problems,

yes, are you still having problems, like pop ups etc?

 

[xxarlokxx]

hmm...didnt have any pop ups long time ago...i was just worrying about keylogger...so i wonder if that thing is removed? because sometimes i need to go on banking stuff...

 

[GameMaster]

hmm...didnt have any pop ups long time ago...i was just worrying about keylogger...so i wonder if that thing is removed? because sometimes i need to go on banking stuff...

That's the part when you should have decided to reformat/reinstall!
Ceewi1 warned you about the consequences, keyloggers are very dangerous, as they record every key you type...

 

[xxarlokxx]

ooo...so it cant be completely cleared w/o reformatting it?? i'll reformat once i get the window cd @ home...

That's the part when you should have decided to reformat/reinstall!
Ceewi1 warned you about the consequences, keyloggers are very dangerous, as they record every key you type...