MSN messenger virus

April 4, 2009 at 16:48:55
Specs: Windows XP
I have an MSN virus that sends a porn link to my friends in my contact list. I have Panda antivirus and it doesn't seem to pick it up. I have downloaded combofix and it didn't fix it. I changed my password for msn and when I open messenger I get an offline message from myself. How do I fix it? Please let me know. My log is below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:30 PM, on 4/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\apvxdwin.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\SRVLOAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.al.ufh:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ufh.ac.za;*.ufhel.ac.za;*intranet.ufh*;*.ufh;<local>;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2009\Inicio.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1574305099-2034843119-3451147484-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1574305099-2034843119-3451147484-1005\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
O4 - HKUS\S-1-5-21-1574305099-2034843119-3451147484-1005\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?')
O4 - HKUS\S-1-5-21-1574305099-2034843119-3451147484-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.c...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {FDD6CEF8-3C6E-42E0-BC7B-D730085CFABC} (Jaxtr Outlook Importer) - http://www.jaxtr.com/user/activex/J...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\SCOTTC~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe

--
End of file - 18115 bytes


See More: MSN messenger virus

Report •


#1
April 4, 2009 at 17:58:39
In order for me to help you, please follow these simple steps.

1. Download Malwarebytes Anti-Malware.
2. Double click mbam-setup.exe to install the application.
3. Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
4. Select "Perform Quick Scan", then click Scan.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
8. The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab.
9. Please be sure to paste the content of this log file with your post.

1. Use an online system scanner to double check for malware on your computer.
2. You can use ASquared, HouseCall, ESET
3. If malware is detected and your are given the option to remove it, go ahead and do so.
4. Remember to post the results of your system scan.

Once you have followed these steps let me know what you find as we'll take it from there.

Regards,

Rising PC Security @ Rising-UK.com


Report •

#2
April 4, 2009 at 22:10:11
Here is the Malware log:
Malwarebytes' Anti-Malware 1.35
Database version: 1940
Windows 5.1.2600 Service Pack 3

4/4/2009 9:17:56 PM
mbam-log-2009-04-04 (21-17-56).txt

Scan type: Quick Scan
Objects scanned: 91583
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the Asquared log:
a-squared Free - Version 4.0
Last update: 4/4/2009 9:53:13 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 4/4/2009 9:54:03 PM

c:\program files\the weather channel fw detected: Trace.Directory.Desktop Weather!A2
c:\documents and settings\scott chiverton\application data\ics detected: Trace.Directory.Inside Chat Spy!A2
c:\workssetup detected: Trace.Directory.SpyWare.MateWatcher!A2
Value: HKEY_USERS\S-1-5-21-1574305099-2034843119-3451147484-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bittorrent --> Order detected: Trace.Registry.Bittorrent 5.0!A2
Key: HKEY_USERS\S-1-5-21-1574305099-2034843119-3451147484-1005\software\kazaa detected: Trace.Registry.KaZaA!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1233835485754668 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1233835485754669 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1233835485754670 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1233835485754671 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1235099758796875 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1235288574795625 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1235343835723601 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1235348669270476 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1235348669317351 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1235567069218750 detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1236716763812500 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238852209640627 detected: Trace.TrackingCookie.preferences!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238869008250002 detected: Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238888822796875 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238888822796876 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238888822796877 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238888822796878 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238891779187500 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238891779187501 detected: Trace.TrackingCookie.humanclick!A2
C:\Qoobox\Quarantine\C\Program Files\Setup.exe.vir detected: Trojan-PWS.Win32.Agent.jp!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193337.rbf detected: Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193338.rbf detected: Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193347.rbf detected: Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193348.rbf detected: Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193349.rbf detected: Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193351.rbf detected: Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193352.rbf detected: Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193353.rbf detected: Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193358.rbf detected: Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193361.rbf detected: Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP550\A0193433.exe detected: Trojan-PWS.Win32.OnLineGames!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP565\A0208084.exe detected: Trojan-PWS.Win32.Agent.jp!IK

Scanned

Files: 327359
Traces: 627733
Cookies: 1572
Processes: 90

Found

Files: 13
Traces: 5
Cookies: 19
Processes: 0
Registry keys: 0

Scan end: 4/5/2009 12:53:00 AM
Scan time: 2:58:57

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP550\A0193433.exe Deleted Trojan-PWS.Win32.OnLineGames!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193337.rbf Deleted Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193338.rbf Deleted Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193347.rbf Deleted Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193348.rbf Deleted Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193349.rbf Deleted Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193351.rbf Deleted Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193352.rbf Deleted Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193353.rbf Deleted Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193358.rbf Deleted Virus.Win32.Sality!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP548\A0193361.rbf Deleted Virus.Win32.Sality!IK
C:\Qoobox\Quarantine\C\Program Files\Setup.exe.vir Deleted Trojan-PWS.Win32.Agent.jp!IK
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP565\A0208084.exe Deleted Trojan-PWS.Win32.Agent.jp!IK
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238888822796875 Deleted Trace.TrackingCookie.com!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238888822796876 Deleted Trace.TrackingCookie.com!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238888822796877 Deleted Trace.TrackingCookie.com!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238888822796878 Deleted Trace.TrackingCookie.com!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238869008250002 Deleted Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238852209640627 Deleted Trace.TrackingCookie.preferences!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1235567069218750 Deleted Trace.TrackingCookie.media!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1235348669270476 Deleted Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1235348669317351 Deleted Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238891779187500 Deleted Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1238891779187501 Deleted Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1235343835723601 Deleted Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1236716763812500 Deleted Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1233835485754668 Deleted Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1233835485754669 Deleted Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1233835485754670 Deleted Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1233835485754671 Deleted Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1235099758796875 Deleted Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Scott Chiverton\Application Data\Mozilla\Firefox\Profiles\24x7cajk.default\cookies.sqlite:1235288574795625 Deleted Trace.TrackingCookie.pop!A2
Key: HKEY_USERS\S-1-5-21-1574305099-2034843119-3451147484-1005\software\kazaa Deleted Trace.Registry.KaZaA!A2
Value: HKEY_USERS\S-1-5-21-1574305099-2034843119-3451147484-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bittorrent --> Order Deleted Trace.Registry.Bittorrent 5.0!A2
c:\workssetup Deleted Trace.Directory.SpyWare.MateWatcher!A2
c:\documents and settings\scott chiverton\application data\ics Deleted Trace.Directory.Inside Chat Spy!A2
c:\program files\the weather channel fw Deleted Trace.Directory.Desktop Weather!A2
c:\workssetup Deleted Trace.Directory.SpyWare.MateWatcher!A2
c:\documents and settings\scott chiverton\application data\ics Deleted Trace.Directory.Inside Chat Spy!A2
c:\program files\the weather channel fw Deleted Trace.Directory.Desktop Weather!A2

Deleted

Files: 13
Traces: 8
Cookies: 19

c:\workssetup Quarantined Trace.Directory.SpyWare.MateWatcher!A2
c:\documents and settings\scott chiverton\application data\ics Quarantined Trace.Directory.Inside Chat Spy!A2
c:\program files\the weather channel fw Quarantined Trace.Directory.Desktop Weather!A2

Quarantined

Files: 0
Traces: 3
Cookies: 0

Thanks for your help


Report •

#3
April 4, 2009 at 22:46:00
Ok,

MBAM & A2 removed a lot of malware from your system there.

I would now recommend you download an application called UnHackMe, you will find this on google. Reboot your computer and this should hunt out any rootkit (hidden trojans).

Secondly, install PCTools Threatfire. This small application will inform you of suspicious activity on your computer. A great tool to have to backup your antivirus.

Finally, if you can afford spend a few quid, get yourself HIPs software. HIPs will stop malware from infecting your system, even if the antivirus doesn't detect anything. Our Rising Internet Security has this feature if you wish to take a look.

I would suggest you change your MSN password, email password, along with any online games you might play. If you have a portal hard drive or usb drive, the malware could have spread onto these so be careful not to autorun them.

Regards,
Rising PC Security @ Rising-UK.com


Report •

Related Solutions


Ask Question