Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have a virus (it may be Coonflicker) Please Help! (Log inside)


  • This topic is locked This topic is locked
15 replies to this topic

#1 IcyB

IcyB

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 08 April 2009 - 01:48 AM

My name is Ryan. This is actually my roomates account that he's letting me use. He had a serious virus infection about a year ago and someone from this forum, I think it was RichieUK helped him out when nothing else would work, and now his computer is as good as new.

Anyhow, I seem to have contracted a virus; it may be that conflicker virus, although I contracted it befoer April 1st. I've tried all the programs and nothing seems to work, these include webroot antivirus--antispyware (purchased version), and AVG antivirus (free online version).

My system is Windows XP, this is my problem. I get random pop-ups of fake mircrosoft spyware removal programs. (the most common is websheild and spyware remover 2009). Also there is an X in a red circle at the bottom rit hand corner next to my time. It constantly says Warning! you have a security promblem...I think this is caused from the virus.

I have manually updated microsoft windows and all my antivirus programs, still nothing works. I am even less web-savy than my freind, so if you guys could talk me thrugh everything step by step like you did him I think I'll be fine. Than You.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:17 PM, on 4/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Memeo\Memeo Share\MemeoShare.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [Monitor] "C:\WINDOWS\PixArt\PAC207\Monitor.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Memeo Share] "C:\Program Files\Memeo\Memeo Share\MemeoLauncher.exe" --silent
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /H
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1227563073000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152664657593
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 10833 bytes

BC AdBot (Login to Remove)

 


#2 IcyB

IcyB
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 08 April 2009 - 01:39 PM

My bad the websheild is my own security device.

#3 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:52 AM

Posted 08 April 2009 - 01:51 PM

Hello, IcyB

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

If you do not make a reply in 5 days, we will have to close your topic.


You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.


Sounds like you have some Rogue Programs installed, although I cannot see anything bad in your log. Let's try a quick scan.

MalwareBytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

DDS

Download DDS and save it to your desktop from one of these locations:

Link 1
Link 2

Disable any script blocker, and then double click dds.scr to run the tool. Follow the instructions provided on how you should post these logs.


In your next reply, please post:
  • MBAM log
  • DDS log

Edited by Jat90, 08 April 2009 - 01:52 PM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#4 IcyB

IcyB
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 08 April 2009 - 11:36 PM

Thank You For Helping ME

MBAM Log

Malwarebytes' Anti-Malware 1.36
Database version: 1954
Windows 5.1.2600 Service Pack 3

4/8/2009 9:29:56 PM
mbam-log-2009-04-08 (21-29-56).txt

Scan type: Quick Scan
Objects scanned: 78399
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 41
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 13
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a44b024a-ce32-4bda-0075-c799a4bff141} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Ryan.RHYNO-5CF0B785B\Local Settings\Temporary Internet Files\Content.IE5\47JZQWG4\vsm_free_setup[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\025A99DE.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1EpC7q8J.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.

~~~~~~~~~~~~~~~~~~~
DDS Log 1
DDS (Ver_09-03-16.01) - NTFSx86
Run by Ryan at 21:32:35.01 on Wed 04/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1092 [GMT -7:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Memeo\Memeo Share\MemeoShare.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ryan.RHYNO-5CF0B785B\Local Settings\Temporary Internet Files\Content.IE5\EGQXVT5H\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://channels.aimtoday.com/search/aimtoolbar.jsp
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://channels.aimtoday.com/search/aimtoolbar.jsp
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [RegistryMechanic] "c:\program files\registry mechanic\RegMech.exe" /H
mRun: [HPDJ Taskbar Utility] "c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe"
mRun: [Monitor] "c:\windows\pixart\pac207\Monitor.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE"
mRun: [Alcmtr] "c:\windows\ALCMTR.EXE"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Memeo Share] "c:\program files\memeo\memeo share\MemeoLauncher.exe" --silent
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /install /silent
StartupFolder: c:\docume~1\ryan~2.rhy\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227563073000
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152664657593
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229852688994&h=462d6afa155a7de5547bd16fe7c25689/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ryan~2.rhy\applic~1\mozilla\firefox\profiles\h66udwya.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-7 130424]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-7 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-7 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-7 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-7 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-7 298264]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-7 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-7 1095560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-24 24652]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-2-25 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-3-30 1178728]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-8 38496]
R3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [2008-8-6 505984]

=============== Created Last 30 ================


==================== Find3M ====================

2009-03-30 01:57 56,832 a------- c:\windows\system32\userinit.exe
2009-03-05 17:10 1,553,784 a------- c:\windows\WRSetup.dll
2009-02-25 15:24 176,752 a------- c:\windows\system32\drivers\ssidrv.sys
2009-02-25 15:24 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2009-02-25 15:24 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2003-08-27 15:19 36,963 ac---r-- c:\program files\common files\SM1updtr.dll

============= FINISH: 21:33:36.92 ===============

~~~~~
DDS Log 2


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/24/2008 12:53:51 PM
System Uptime: 4/7/2009 6:59:11 PM (27 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | G31M-ES2L
Processor: Intel Pentium III Xeon processor | Socket 775 | 2666/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 264.436 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP56: 1/9/2009 10:14:53 AM - System Checkpoint
RP57: 1/10/2009 11:14:53 AM - System Checkpoint
RP58: 1/11/2009 12:14:53 PM - System Checkpoint
RP59: 1/12/2009 1:26:53 PM - System Checkpoint
RP60: 1/13/2009 2:14:53 PM - System Checkpoint
RP61: 1/14/2009 3:00:13 AM - Software Distribution Service 3.0
RP62: 1/15/2009 3:00:13 AM - Software Distribution Service 3.0
RP63: 1/16/2009 3:10:38 AM - System Checkpoint
RP64: 1/17/2009 4:10:38 AM - System Checkpoint
RP65: 1/18/2009 4:33:21 AM - System Checkpoint
RP66: 1/19/2009 5:33:21 AM - System Checkpoint
RP67: 1/20/2009 6:33:21 AM - System Checkpoint
RP68: 1/21/2009 7:33:21 AM - System Checkpoint
RP69: 1/22/2009 7:33:35 AM - System Checkpoint
RP70: 1/23/2009 8:33:35 AM - System Checkpoint
RP71: 1/24/2009 9:33:35 AM - System Checkpoint
RP72: 1/25/2009 10:33:35 AM - System Checkpoint
RP73: 1/26/2009 10:45:35 AM - System Checkpoint
RP74: 1/27/2009 11:33:36 AM - System Checkpoint
RP75: 1/28/2009 12:33:35 PM - System Checkpoint
RP76: 1/29/2009 12:33:58 PM - System Checkpoint
RP77: 1/30/2009 2:50:26 PM - System Checkpoint
RP78: 1/31/2009 6:50:33 PM - System Checkpoint
RP79: 2/1/2009 7:33:58 PM - System Checkpoint
RP80: 2/2/2009 8:33:59 PM - System Checkpoint
RP81: 2/3/2009 9:33:58 PM - System Checkpoint
RP82: 2/4/2009 10:23:09 PM - System Checkpoint
RP83: 2/5/2009 11:49:29 PM - System Checkpoint
RP84: 2/7/2009 12:34:14 AM - System Checkpoint
RP85: 2/8/2009 12:38:09 AM - System Checkpoint
RP86: 2/9/2009 1:21:27 AM - System Checkpoint
RP87: 2/10/2009 2:21:27 AM - System Checkpoint
RP88: 2/11/2009 3:21:27 AM - System Checkpoint
RP89: 2/15/2009 2:18:59 PM - Software Distribution Service 3.0
RP90: 2/15/2009 2:49:01 PM - Installed HDView for Internet Explorer
RP91: 2/16/2009 3:00:13 AM - Software Distribution Service 3.0
RP92: 2/17/2009 5:35:49 AM - System Checkpoint
RP93: 2/18/2009 6:23:49 AM - System Checkpoint
RP94: 2/19/2009 7:23:49 AM - System Checkpoint
RP95: 2/20/2009 7:48:59 AM - System Checkpoint
RP96: 2/21/2009 8:23:48 AM - System Checkpoint
RP97: 2/22/2009 9:23:49 AM - System Checkpoint
RP98: 2/23/2009 9:49:45 AM - System Checkpoint
RP99: 2/24/2009 10:49:45 AM - System Checkpoint
RP100: 2/25/2009 12:15:23 AM - Software Distribution Service 3.0
RP101: 3/1/2009 4:42:20 PM - System Checkpoint
RP102: 3/2/2009 5:35:01 PM - System Checkpoint
RP103: 3/3/2009 5:48:54 PM - System Checkpoint
RP104: 3/4/2009 7:30:00 PM - System Checkpoint
RP105: 3/5/2009 8:31:05 PM - System Checkpoint
RP106: 3/6/2009 8:36:49 PM - System Checkpoint
RP107: 3/7/2009 9:51:37 PM - System Checkpoint
RP108: 3/8/2009 11:49:29 PM - System Checkpoint
RP109: 3/10/2009 12:39:37 AM - System Checkpoint
RP110: 3/11/2009 3:00:13 AM - Software Distribution Service 3.0
RP111: 3/12/2009 11:51:10 AM - System Checkpoint
RP112: 3/13/2009 12:14:49 PM - System Checkpoint
RP113: 3/14/2009 12:30:01 PM - System Checkpoint
RP114: 3/15/2009 3:00:16 AM - Software Distribution Service 3.0
RP115: 3/16/2009 3:06:16 AM - System Checkpoint
RP116: 3/17/2009 5:25:45 AM - System Checkpoint
RP117: 3/18/2009 6:06:16 AM - System Checkpoint
RP118: 3/22/2009 9:23:58 PM - Configured Microsoft Office Home and Student 2007
RP119: 3/22/2009 10:15:02 PM - Configured Microsoft Office Home and Student 2007
RP120: 3/22/2009 10:13:33 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP121: 3/23/2009 10:42:58 PM - System Checkpoint
RP122: 3/24/2009 10:50:50 PM - System Checkpoint
RP123: 3/25/2009 11:48:37 PM - System Checkpoint
RP124: 3/27/2009 12:05:35 AM - System Checkpoint
RP125: 3/28/2009 12:05:44 AM - System Checkpoint
RP126: 3/29/2009 12:07:23 AM - System Checkpoint
RP127: 3/30/2009 7:28:33 AM - System Checkpoint
RP128: 3/31/2009 8:15:28 AM - System Checkpoint
RP129: 4/1/2009 3:35:39 PM - System Checkpoint
RP130: 4/2/2009 6:00:51 PM - System Checkpoint
RP131: 4/3/2009 7:00:41 PM - System Checkpoint
RP132: 4/4/2009 7:24:56 PM - System Checkpoint
RP133: 4/5/2009 8:00:56 PM - System Checkpoint
RP134: 4/6/2009 8:48:17 PM - System Checkpoint
RP135: 4/7/2009 12:42:36 AM - Software Distribution Service 3.0
RP136: 4/7/2009 12:54:40 AM - Printer Driver Microsoft XPS Document Writer Installed
RP137: 4/7/2009 10:16:10 PM - Installed AVG Free 8.5
RP138: 4/8/2009 3:00:14 AM - Software Distribution Service 3.0

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe AIR
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
AIM 6
Aim Plugin for QQ Games
AIM Search
AIM Toolbar 5.0
AIMTunes
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoImpression 2
Ask.com Toolbar
AVG 8.5
Bonjour
Cheetah DVD Burner
CIF USB Camera
Critical Update for Windows Media Player 11 (KB959772)
Cypress USB Mass Storage Driver Installation
deskPDF 2.5 Standard Edition
DVD Shrink 3.2
HDView for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
hp deskjet 825c series (Remove only)
Intel® Graphics Media Accelerator Driver
iPod for Windows 2006-03-23
IrfanView (remove only)
iTunes
Java™ 6 Update 11
KM400 Display Driver and Utilities
Lemmings Revolution
LimeWire 4.18.8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Memeo Share
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.8)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
QQ Games
QuickTime
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Registry Mechanic 8.0
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Spy Sweeper
Spy Sweeper Core
Spyware Doctor 6.0
Update for Office 2007 (KB946691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Storage Adapter FX (SM1)
Viewpoint Media Player
Virtual DJ - Atomix Productions
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
Xilisoft DVD Creator
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

4/4/2009 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
4/4/2009 8:00:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
4/4/2009 7:00:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
4/4/2009 6:00:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
4/4/2009 5:00:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
4/4/2009 4:00:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
4/4/2009 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
4/4/2009 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
4/4/2009 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
4/4/2009 12:36:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
4/3/2009 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
4/3/2009 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
4/3/2009 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
4/3/2009 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
4/3/2009 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
4/3/2009 6:00:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
4/3/2009 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
4/3/2009 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
4/3/2009 3:00:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
4/3/2009 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
4/3/2009 1:57:11 PM, error: Print [19] - Sharing printer failed + 1722, Printer hp deskjet 825c series share name Printer.
4/3/2009 1:56:57 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001FD01505DD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/2/2009 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
4/2/2009 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
4/2/2009 11:00:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
4/2/2009 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
4/7/2009 11:11:54 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001FD01505DD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

#5 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:52 AM

Posted 09 April 2009 - 06:20 AM

Hello,

Your logs look better. Let's do this:

Registry Fix

Open Notepad and copy and paste the following fix:

REGEDIT 4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

Then click File, then Save. In the box type fix.reg and save it to your Desktop.
Double click fix.reg
A confirmation message will pop up, click Yes and another message will pop up saying "Merged Successfully"
You may now delete the file.

Update Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Viewpoint

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

ESET Online Scan

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.
  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Uncheck (untick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
ReScan

Please rescan with DDS and post DDS.txt


In your next reply, please post:
  • ESET log
  • DDS log

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#6 IcyB

IcyB
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 11 April 2009 - 07:10 PM

Sorry, been busy with school and work. Thank you for your continued help. An update: My omputer is working much better now. The virus seems to have gone away or at the very least the popups have stopped. I still want to make sure that its compleatly gone though. The only visible side effect is that my computer is now running very slow. :-(

ESET Log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4002 (20090411)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=cb20c5bea54704459a1fbb6e1ca218e6
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-04-11 11:59:46
# local_time=2009-04-11 04:59:46 (-0700, US Mountain Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=197269
# found=3
# scan_time=3751
C:\Documents and Settings\Ryan.RHYNO-5CF0B785B\My Documents\LimeWire\Saved\Britney Spears - Opps! ... I did it again.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan C62CD93D90526E345A5BD34BFA6E46BF
C:\Documents and Settings\Ryan.RHYNO-5CF0B785B\My Documents\LimeWire\Saved\mr brightside - high quality.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 0C6DCEA8A74AB98D9FF36882ED310CAD
C:\WINDOWS\system32\userinit.exe Win32/Spy.Zbot.NL trojan 7888CB96611E3AFA252934861CCE9626

DDS Log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/24/2008 12:53:51 PM
System Uptime: 4/8/2009 11:23:45 PM (66 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | G31M-ES2L
Processor: Intel Pentium III Xeon processor | Socket 775 | 2666/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 264.016 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP58: 1/11/2009 12:14:53 PM - System Checkpoint
RP59: 1/12/2009 1:26:53 PM - System Checkpoint
RP60: 1/13/2009 2:14:53 PM - System Checkpoint
RP61: 1/14/2009 3:00:13 AM - Software Distribution Service 3.0
RP62: 1/15/2009 3:00:13 AM - Software Distribution Service 3.0
RP63: 1/16/2009 3:10:38 AM - System Checkpoint
RP64: 1/17/2009 4:10:38 AM - System Checkpoint
RP65: 1/18/2009 4:33:21 AM - System Checkpoint
RP66: 1/19/2009 5:33:21 AM - System Checkpoint
RP67: 1/20/2009 6:33:21 AM - System Checkpoint
RP68: 1/21/2009 7:33:21 AM - System Checkpoint
RP69: 1/22/2009 7:33:35 AM - System Checkpoint
RP70: 1/23/2009 8:33:35 AM - System Checkpoint
RP71: 1/24/2009 9:33:35 AM - System Checkpoint
RP72: 1/25/2009 10:33:35 AM - System Checkpoint
RP73: 1/26/2009 10:45:35 AM - System Checkpoint
RP74: 1/27/2009 11:33:36 AM - System Checkpoint
RP75: 1/28/2009 12:33:35 PM - System Checkpoint
RP76: 1/29/2009 12:33:58 PM - System Checkpoint
RP77: 1/30/2009 2:50:26 PM - System Checkpoint
RP78: 1/31/2009 6:50:33 PM - System Checkpoint
RP79: 2/1/2009 7:33:58 PM - System Checkpoint
RP80: 2/2/2009 8:33:59 PM - System Checkpoint
RP81: 2/3/2009 9:33:58 PM - System Checkpoint
RP82: 2/4/2009 10:23:09 PM - System Checkpoint
RP83: 2/5/2009 11:49:29 PM - System Checkpoint
RP84: 2/7/2009 12:34:14 AM - System Checkpoint
RP85: 2/8/2009 12:38:09 AM - System Checkpoint
RP86: 2/9/2009 1:21:27 AM - System Checkpoint
RP87: 2/10/2009 2:21:27 AM - System Checkpoint
RP88: 2/11/2009 3:21:27 AM - System Checkpoint
RP89: 2/15/2009 2:18:59 PM - Software Distribution Service 3.0
RP90: 2/15/2009 2:49:01 PM - Installed HDView for Internet Explorer
RP91: 2/16/2009 3:00:13 AM - Software Distribution Service 3.0
RP92: 2/17/2009 5:35:49 AM - System Checkpoint
RP93: 2/18/2009 6:23:49 AM - System Checkpoint
RP94: 2/19/2009 7:23:49 AM - System Checkpoint
RP95: 2/20/2009 7:48:59 AM - System Checkpoint
RP96: 2/21/2009 8:23:48 AM - System Checkpoint
RP97: 2/22/2009 9:23:49 AM - System Checkpoint
RP98: 2/23/2009 9:49:45 AM - System Checkpoint
RP99: 2/24/2009 10:49:45 AM - System Checkpoint
RP100: 2/25/2009 12:15:23 AM - Software Distribution Service 3.0
RP101: 3/1/2009 4:42:20 PM - System Checkpoint
RP102: 3/2/2009 5:35:01 PM - System Checkpoint
RP103: 3/3/2009 5:48:54 PM - System Checkpoint
RP104: 3/4/2009 7:30:00 PM - System Checkpoint
RP105: 3/5/2009 8:31:05 PM - System Checkpoint
RP106: 3/6/2009 8:36:49 PM - System Checkpoint
RP107: 3/7/2009 9:51:37 PM - System Checkpoint
RP108: 3/8/2009 11:49:29 PM - System Checkpoint
RP109: 3/10/2009 12:39:37 AM - System Checkpoint
RP110: 3/11/2009 3:00:13 AM - Software Distribution Service 3.0
RP111: 3/12/2009 11:51:10 AM - System Checkpoint
RP112: 3/13/2009 12:14:49 PM - System Checkpoint
RP113: 3/14/2009 12:30:01 PM - System Checkpoint
RP114: 3/15/2009 3:00:16 AM - Software Distribution Service 3.0
RP115: 3/16/2009 3:06:16 AM - System Checkpoint
RP116: 3/17/2009 5:25:45 AM - System Checkpoint
RP117: 3/18/2009 6:06:16 AM - System Checkpoint
RP118: 3/22/2009 9:23:58 PM - Configured Microsoft Office Home and Student 2007
RP119: 3/22/2009 10:15:02 PM - Configured Microsoft Office Home and Student 2007
RP120: 3/22/2009 10:13:33 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP121: 3/23/2009 10:42:58 PM - System Checkpoint
RP122: 3/24/2009 10:50:50 PM - System Checkpoint
RP123: 3/25/2009 11:48:37 PM - System Checkpoint
RP124: 3/27/2009 12:05:35 AM - System Checkpoint
RP125: 3/28/2009 12:05:44 AM - System Checkpoint
RP126: 3/29/2009 12:07:23 AM - System Checkpoint
RP127: 3/30/2009 7:28:33 AM - System Checkpoint
RP128: 3/31/2009 8:15:28 AM - System Checkpoint
RP129: 4/1/2009 3:35:39 PM - System Checkpoint
RP130: 4/2/2009 6:00:51 PM - System Checkpoint
RP131: 4/3/2009 7:00:41 PM - System Checkpoint
RP132: 4/4/2009 7:24:56 PM - System Checkpoint
RP133: 4/5/2009 8:00:56 PM - System Checkpoint
RP134: 4/6/2009 8:48:17 PM - System Checkpoint
RP135: 4/7/2009 12:42:36 AM - Software Distribution Service 3.0
RP136: 4/7/2009 12:54:40 AM - Printer Driver Microsoft XPS Document Writer Installed
RP137: 4/7/2009 10:16:10 PM - Installed AVG Free 8.5
RP138: 4/8/2009 3:00:14 AM - Software Distribution Service 3.0
RP139: 4/8/2009 9:40:51 PM - Avg8 Update
RP140: 4/9/2009 1:45:45 PM - Removed Java™ 6 Update 11
RP141: 4/9/2009 1:48:12 PM - Installed Java™ 6 Update 13
RP142: 4/10/2009 8:36:38 AM - Avg8 Update
RP143: 4/11/2009 2:47:51 PM - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe AIR
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
AIM 6
Aim Plugin for QQ Games
AIM Search
AIM Toolbar 5.0
AIMTunes
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoImpression 2
Ask.com Toolbar
AVG 8.5
Bonjour
Cheetah DVD Burner
CIF USB Camera
Critical Update for Windows Media Player 11 (KB959772)
Cypress USB Mass Storage Driver Installation
deskPDF 2.5 Standard Edition
DVD Shrink 3.2
ESET Online Scanner
HDView for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
hp deskjet 825c series (Remove only)
Intel® Graphics Media Accelerator Driver
iPod for Windows 2006-03-23
IrfanView (remove only)
iTunes
Java™ 6 Update 13
KM400 Display Driver and Utilities
Lemmings Revolution
LimeWire 4.18.8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Memeo Share
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.8)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
QQ Games
QuickTime
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Registry Mechanic 8.0
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Spy Sweeper
Spy Sweeper Core
Spyware Doctor 6.0
Update for Office 2007 (KB946691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Storage Adapter FX (SM1)
Virtual DJ - Atomix Productions
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
Xilisoft DVD Creator
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

4/7/2009 12:36:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
4/6/2009 11:29:05 PM, error: Print [19] - Sharing printer failed + 1722, Printer hp deskjet 825c series share name Printer.
4/6/2009 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
4/6/2009 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
4/6/2009 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
4/6/2009 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
4/6/2009 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
4/6/2009 6:00:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
4/6/2009 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
4/6/2009 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
4/6/2009 3:00:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
4/6/2009 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
4/6/2009 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
4/6/2009 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
4/6/2009 11:00:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
4/6/2009 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
4/6/2009 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
4/6/2009 8:00:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
4/6/2009 7:00:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
4/6/2009 6:00:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
4/6/2009 5:00:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
4/6/2009 4:00:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
4/6/2009 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
4/6/2009 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
4/6/2009 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
4/7/2009 9:07:03 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001FD01505DD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/7/2009 11:11:54 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001FD01505DD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/9/2009 1:45:21 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/9/2009 1:46:12 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

Edited by IcyB, 11 April 2009 - 07:13 PM.


#7 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:52 AM

Posted 12 April 2009 - 05:06 AM

Hello,

One of the infections found by ESET has backdoor capabilities.

:thumbup2: Backdoor Threat

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#8 IcyB

IcyB
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 12 April 2009 - 09:37 PM

Thank You for the information. I would still like to try and clean it to the best of our ability. I will for sure take your advice though and make sure my Identity is still in tact.

#9 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:52 AM

Posted 13 April 2009 - 05:46 AM

Hello,

Let's do this:

ComboFix

Please download ComboFix from one of these locations (If you already have it, delete it and download again):

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Note** ComboFix was designed only to be used under the supervision of a helper, not for general use.

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#10 IcyB

IcyB
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 13 April 2009 - 11:42 PM

ComboFix 09-04-14.01 - Ryan 04/13/2009 21:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1274 [GMT -7:00]
Running from: c:\documents and settings\Ryan.RHYNO-5CF0B785B\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_004265_.tmp.dll
c:\windows\system32\_004266_.tmp.dll
c:\windows\system32\_004267_.tmp.dll
c:\windows\system32\_004268_.tmp.dll
c:\windows\system32\_004275_.tmp.dll
c:\windows\system32\_004276_.tmp.dll
c:\windows\system32\_004277_.tmp.dll
c:\windows\system32\_004278_.tmp.dll
c:\windows\system32\_004280_.tmp.dll
c:\windows\system32\_004281_.tmp.dll
c:\windows\system32\_004284_.tmp.dll
c:\windows\system32\_004285_.tmp.dll
c:\windows\system32\_004287_.tmp.dll
c:\windows\system32\_004288_.tmp.dll
c:\windows\system32\_004289_.tmp.dll
c:\windows\system32\_004291_.tmp.dll
c:\windows\system32\_004294_.tmp.dll
c:\windows\system32\_004295_.tmp.dll
c:\windows\system32\_004299_.tmp.dll
c:\windows\system32\_004300_.tmp.dll
c:\windows\system32\_004302_.tmp.dll
c:\windows\system32\_004305_.tmp.dll
c:\windows\system32\_004307_.tmp.dll
c:\windows\system32\_004308_.tmp.dll
c:\windows\system32\_004309_.tmp.dll
c:\windows\system32\_004310_.tmp.dll
c:\windows\system32\_004311_.tmp.dll
c:\windows\system32\_004314_.tmp.dll
c:\windows\system32\_004315_.tmp.dll
c:\windows\system32\_004316_.tmp.dll
c:\windows\system32\_004317_.tmp.dll
c:\windows\system32\_004318_.tmp.dll
c:\windows\system32\_004323_.tmp.dll
c:\windows\system32\_004325_.tmp.dll

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe


.
((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-11 22:55 . 2009-04-11 23:59 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-09 20:48 . 2009-04-09 20:48 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-08 23:03 . 2009-04-08 23:03 -------- d-----w c:\documents and settings\Ryan.RHYNO-5CF0B785B\Application Data\Malwarebytes
2009-04-08 23:03 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-08 23:03 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-08 23:03 . 2009-04-08 23:03 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-04-08 23:03 . 2009-04-08 23:03 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-08 06:35 . 2009-04-08 06:35 -------- d-----w c:\program files\Trend Micro
2009-04-08 06:14 . 2009-04-08 19:20 -------- d--h--w C:\$AVG8.VAULT$
2009-04-08 05:16 . 2009-04-08 05:16 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-08 05:16 . 2009-04-08 05:16 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-08 05:16 . 2009-04-08 05:16 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-08 05:16 . 2009-04-13 20:55 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-08 05:16 . 2009-04-08 05:19 -------- d-----w c:\documents and settings\Ryan.RHYNO-5CF0B785B\Application Data\AVGTOOLBAR
2009-04-08 05:16 . 2009-04-14 04:12 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-04-08 05:16 . 2009-04-08 05:16 -------- d-----w c:\program files\AVG
2009-04-08 05:10 . 2008-12-11 15:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-08 05:10 . 2009-03-06 23:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-08 05:10 . 2008-12-18 19:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-08 05:10 . 2009-04-14 04:31 -------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-04-08 05:10 . 2009-04-08 05:13 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-08 05:10 . 2008-12-10 19:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-08 05:10 . 2009-04-10 13:08 -------- d-----w c:\program files\Spyware Doctor
2009-04-08 05:10 . 2009-04-08 05:10 -------- d-----w c:\documents and settings\Ryan.RHYNO-5CF0B785B\Application Data\PC Tools
2009-04-08 05:10 . 2009-04-08 05:10 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2009-04-08 02:08 . 2009-01-09 19:19 1089593 -c----w c:\windows\system32\dllcache\ntprint.cat
2009-04-07 07:45 . 2009-04-07 07:45 -------- d-----w c:\windows\system32\XPSViewer
2009-04-07 07:45 . 2009-04-07 07:45 -------- d-----w c:\program files\MSBuild
2009-04-07 07:45 . 2009-04-07 07:45 -------- d-----w c:\program files\Reference Assemblies
2009-04-07 07:45 . 2009-04-07 07:45 -------- d-----w C:\7eb5af25828f9f9745d23a88968864
2009-04-07 07:45 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-07 07:45 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-07 07:45 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-07 07:45 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-07 07:45 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-07 07:45 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-07 07:45 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-30 23:22 . 2009-04-14 04:13 -------- d-----w c:\documents and settings\Ryan.RHYNO-5CF0B785B\Local Settings\Application Data\AskToolbar
2009-03-30 23:20 . 2009-03-30 23:20 -------- d-----w c:\program files\Ask.com
2009-03-30 23:20 . 2009-03-30 23:20 -------- d-----w c:\program files\MSSOAP
2009-03-15 10:02 . 2009-03-15 10:02 -------- d-----w c:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 04:31 . 2008-12-21 09:45 -------- d-----w c:\documents and settings\Ryan.RHYNO-5CF0B785B\Application Data\LimeWire
2009-04-11 22:53 . 2005-02-21 01:38 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2009-04-11 22:53 . 2005-01-10 04:27 -------- d-----w c:\program files\Viewpoint
2009-04-09 20:48 . 2008-12-21 09:44 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-07 07:55 . 2005-02-21 01:10 28648 ----a-w c:\documents and settings\Ryan.RHYNO-5CF0B785B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-30 23:24 . 2006-10-23 23:36 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Webroot
2009-03-25 04:18 . 2008-12-14 22:45 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-03-23 05:14 . 2008-12-14 22:47 -------- d-----w c:\program files\Microsoft Works
2009-03-23 03:38 . 2008-08-12 09:21 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-06 00:10 . 2008-09-29 18:38 1553784 ----a-w c:\windows\WRSetup.dll
2009-02-25 22:24 . 2006-10-23 23:37 23152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-02-25 22:24 . 2006-10-23 23:37 176752 ----a-w c:\windows\system32\drivers\ssidrv.sys
2009-02-25 22:24 . 2008-08-09 21:42 29808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-02-23 20:22 . 2009-02-23 20:22 -------- d-----w c:\program files\Cheetah Burner
2009-02-23 20:22 . 2005-01-12 02:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 05:39 . 2008-07-25 04:09 -------- d-----w c:\program files\AIMTunes
2009-02-21 22:58 . 2005-03-03 04:17 -------- d-----w c:\documents and settings\Ryan.RHYNO-5CF0B785B\Application Data\Apple Computer
2009-02-15 21:49 . 2009-02-15 21:49 -------- d-----w c:\program files\Microsoft Research
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2005-01-11 23:11 . 2005-01-11 23:11 12328 -c--a-w c:\documents and settings\Ryan B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2003-08-27 22:19 . 2005-03-22 00:33 36963 -c--a-r c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 22:06 764296 ----a-w c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-03-06 00:02 238968 ----a-w c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-09 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-06 196608]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2008-02-13 16857600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Memeo Share"="c:\program files\Memeo\Memeo Share\MemeoLauncher.exe" [2008-11-10 144656]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-08 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-09 148888]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-03-06 6308728]

c:\documents and settings\Ryan.RHYNO-5CF0B785B\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-08 05:16 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m‘|\ü [X]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-02-25 29808]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-08 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-08 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-08 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-08 298264]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-03-30 1178728]
S3 PAC207;CIF USB Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-11-10 505984]

.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-04-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 22:06]

2009-04-13 c:\windows\Tasks\wrSpySweeper20050823175209.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]

2009-04-13 c:\windows\Tasks\wrSpySweeper20050823175209.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]

2009-04-10 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]

2009-04-10 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]

2009-04-10 c:\windows\Tasks\wrSpySweeper_L1A1F5000FFBC4E21B5025CAF8161EE9C.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]

2009-04-10 c:\windows\Tasks\wrSpySweeper_L1A1F5000FFBC4E21B5025CAF8161EE9C.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]

2009-04-14 c:\windows\Tasks\wrSpySweeper_L5EE6C4F6EEB6462CAC8A75AF35387B39.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]

2009-04-14 c:\windows\Tasks\wrSpySweeper_L5EE6C4F6EEB6462CAC8A75AF35387B39.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ryan.RHYNO-5CF0B785B\Application Data\Mozilla\Firefox\Profiles\h66udwya.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 21:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1096)
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Memeo\Memeo Share\MemeoShare.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Webroot\Spy Sweeper\SSU.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 04:40

Pre-Run: 283,399,049,216 bytes free
Post-Run: 283,508,391,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

274 --- E O F --- 2009-04-08 10:00

#11 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:52 AM

Posted 14 April 2009 - 02:49 AM

Hello, how is your pc now?

CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\Ryan.RHYNO-5CF0B785B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

Folder::
C:\7eb5af25828f9f9745d23a88968864


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#12 IcyB

IcyB
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 16 April 2009 - 02:31 AM

ComboFix 09-04-14.01 - Ryan 04/13/2009 21:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1274 [GMT -7:00]
Running from: c:\documents and settings\Ryan.RHYNO-5CF0B785B\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_004265_.tmp.dll
c:\windows\system32\_004266_.tmp.dll
c:\windows\system32\_004267_.tmp.dll
c:\windows\system32\_004268_.tmp.dll
c:\windows\system32\_004275_.tmp.dll
c:\windows\system32\_004276_.tmp.dll
c:\windows\system32\_004277_.tmp.dll
c:\windows\system32\_004278_.tmp.dll
c:\windows\system32\_004280_.tmp.dll
c:\windows\system32\_004281_.tmp.dll
c:\windows\system32\_004284_.tmp.dll
c:\windows\system32\_004285_.tmp.dll
c:\windows\system32\_004287_.tmp.dll
c:\windows\system32\_004288_.tmp.dll
c:\windows\system32\_004289_.tmp.dll
c:\windows\system32\_004291_.tmp.dll
c:\windows\system32\_004294_.tmp.dll
c:\windows\system32\_004295_.tmp.dll
c:\windows\system32\_004299_.tmp.dll
c:\windows\system32\_004300_.tmp.dll
c:\windows\system32\_004302_.tmp.dll
c:\windows\system32\_004305_.tmp.dll
c:\windows\system32\_004307_.tmp.dll
c:\windows\system32\_004308_.tmp.dll
c:\windows\system32\_004309_.tmp.dll
c:\windows\system32\_004310_.tmp.dll
c:\windows\system32\_004311_.tmp.dll
c:\windows\system32\_004314_.tmp.dll
c:\windows\system32\_004315_.tmp.dll
c:\windows\system32\_004316_.tmp.dll
c:\windows\system32\_004317_.tmp.dll
c:\windows\system32\_004318_.tmp.dll
c:\windows\system32\_004323_.tmp.dll
c:\windows\system32\_004325_.tmp.dll

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe


.
((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-11 22:55 . 2009-04-11 23:59 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-09 20:48 . 2009-04-09 20:48 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-08 23:03 . 2009-04-08 23:03 -------- d-----w c:\documents and settings\Ryan.RHYNO-5CF0B785B\Application Data\Malwarebytes
2009-04-08 23:03 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-08 23:03 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-08 23:03 . 2009-04-08 23:03 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-04-08 23:03 . 2009-04-08 23:03 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-08 06:35 . 2009-04-08 06:35 -------- d-----w c:\program files\Trend Micro
2009-04-08 06:14 . 2009-04-08 19:20 -------- d--h--w C:\$AVG8.VAULT$
2009-04-08 05:16 . 2009-04-08 05:16 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-08 05:16 . 2009-04-08 05:16 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-08 05:16 . 2009-04-08 05:16 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-08 05:16 . 2009-04-13 20:55 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-08 05:16 . 2009-04-08 05:19 -------- d-----w c:\documents and settings\Ryan.RHYNO-5CF0B785B\Application Data\AVGTOOLBAR
2009-04-08 05:16 . 2009-04-14 04:12 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-04-08 05:16 . 2009-04-08 05:16 -------- d-----w c:\program files\AVG
2009-04-08 05:10 . 2008-12-11 15:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-08 05:10 . 2009-03-06 23:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-08 05:10 . 2008-12-18 19:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-08 05:10 . 2009-04-14 04:31 -------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-04-08 05:10 . 2009-04-08 05:13 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-08 05:10 . 2008-12-10 19:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-08 05:10 . 2009-04-10 13:08 -------- d-----w c:\program files\Spyware Doctor
2009-04-08 05:10 . 2009-04-08 05:10 -------- d-----w c:\documents and settings\Ryan.RHYNO-5CF0B785B\Application Data\PC Tools
2009-04-08 05:10 . 2009-04-08 05:10 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2009-04-08 02:08 . 2009-01-09 19:19 1089593 -c----w c:\windows\system32\dllcache\ntprint.cat
2009-04-07 07:45 . 2009-04-07 07:45 -------- d-----w c:\windows\system32\XPSViewer
2009-04-07 07:45 . 2009-04-07 07:45 -------- d-----w c:\program files\MSBuild
2009-04-07 07:45 . 2009-04-07 07:45 -------- d-----w c:\program files\Reference Assemblies
2009-04-07 07:45 . 2009-04-07 07:45 -------- d-----w C:\7eb5af25828f9f9745d23a88968864
2009-04-07 07:45 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-07 07:45 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-07 07:45 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-07 07:45 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-07 07:45 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-07 07:45 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-07 07:45 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-30 23:22 . 2009-04-14 04:13 -------- d-----w c:\documents and settings\Ryan.RHYNO-5CF0B785B\Local Settings\Application Data\AskToolbar
2009-03-30 23:20 . 2009-03-30 23:20 -------- d-----w c:\program files\Ask.com
2009-03-30 23:20 . 2009-03-30 23:20 -------- d-----w c:\program files\MSSOAP
2009-03-15 10:02 . 2009-03-15 10:02 -------- d-----w c:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 04:31 . 2008-12-21 09:45 -------- d-----w c:\documents and settings\Ryan.RHYNO-5CF0B785B\Application Data\LimeWire
2009-04-11 22:53 . 2005-02-21 01:38 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2009-04-11 22:53 . 2005-01-10 04:27 -------- d-----w c:\program files\Viewpoint
2009-04-09 20:48 . 2008-12-21 09:44 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-07 07:55 . 2005-02-21 01:10 28648 ----a-w c:\documents and settings\Ryan.RHYNO-5CF0B785B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-30 23:24 . 2006-10-23 23:36 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Webroot
2009-03-25 04:18 . 2008-12-14 22:45 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-03-23 05:14 . 2008-12-14 22:47 -------- d-----w c:\program files\Microsoft Works
2009-03-23 03:38 . 2008-08-12 09:21 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-06 00:10 . 2008-09-29 18:38 1553784 ----a-w c:\windows\WRSetup.dll
2009-02-25 22:24 . 2006-10-23 23:37 23152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-02-25 22:24 . 2006-10-23 23:37 176752 ----a-w c:\windows\system32\drivers\ssidrv.sys
2009-02-25 22:24 . 2008-08-09 21:42 29808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-02-23 20:22 . 2009-02-23 20:22 -------- d-----w c:\program files\Cheetah Burner
2009-02-23 20:22 . 2005-01-12 02:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 05:39 . 2008-07-25 04:09 -------- d-----w c:\program files\AIMTunes
2009-02-21 22:58 . 2005-03-03 04:17 -------- d-----w c:\documents and settings\Ryan.RHYNO-5CF0B785B\Application Data\Apple Computer
2009-02-15 21:49 . 2009-02-15 21:49 -------- d-----w c:\program files\Microsoft Research
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2005-01-11 23:11 . 2005-01-11 23:11 12328 -c--a-w c:\documents and settings\Ryan B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2003-08-27 22:19 . 2005-03-22 00:33 36963 -c--a-r c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 22:06 764296 ----a-w c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-03-06 00:02 238968 ----a-w c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-09 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-06 196608]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2008-02-13 16857600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Memeo Share"="c:\program files\Memeo\Memeo Share\MemeoLauncher.exe" [2008-11-10 144656]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-08 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-09 148888]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-03-06 6308728]

c:\documents and settings\Ryan.RHYNO-5CF0B785B\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-08 05:16 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m‘|\ü [X]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-02-25 29808]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-08 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-08 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-08 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-08 298264]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-03-30 1178728]
S3 PAC207;CIF USB Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-11-10 505984]

.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-04-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 22:06]

2009-04-13 c:\windows\Tasks\wrSpySweeper20050823175209.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]

2009-04-13 c:\windows\Tasks\wrSpySweeper20050823175209.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]

2009-04-10 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]

2009-04-10 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]

2009-04-10 c:\windows\Tasks\wrSpySweeper_L1A1F5000FFBC4E21B5025CAF8161EE9C.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]

2009-04-10 c:\windows\Tasks\wrSpySweeper_L1A1F5000FFBC4E21B5025CAF8161EE9C.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]

2009-04-14 c:\windows\Tasks\wrSpySweeper_L5EE6C4F6EEB6462CAC8A75AF35387B39.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]

2009-04-14 c:\windows\Tasks\wrSpySweeper_L5EE6C4F6EEB6462CAC8A75AF35387B39.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-23 00:10]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ryan.RHYNO-5CF0B785B\Application Data\Mozilla\Firefox\Profiles\h66udwya.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 21:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1096)
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Memeo\Memeo Share\MemeoShare.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Webroot\Spy Sweeper\SSU.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 04:40

Pre-Run: 283,399,049,216 bytes free
Post-Run: 283,508,391,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

274 --- E O F --- 2009-04-08 10:00

#13 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:52 AM

Posted 16 April 2009 - 05:20 AM

This log looks healthy. How is your pc now? Let's perform an online scan:

ESET Online Scan

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.
  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Uncheck (untick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#14 IcyB

IcyB
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 17 April 2009 - 04:52 PM

It seems to be running well but still infected,that scan found two things wrong.


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4017 (20090417)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=cb20c5bea54704459a1fbb6e1ca218e6
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-04-17 09:42:30
# local_time=2009-04-17 02:42:30 (-0700, US Mountain Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=197243
# found=2
# scan_time=2464
C:\Documents and Settings\Ryan.RHYNO-5CF0B785B\My Documents\LimeWire\Saved\Britney Spears - Opps! ... I did it again.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan C62CD93D90526E345A5BD34BFA6E46BF
C:\Documents and Settings\Ryan.RHYNO-5CF0B785B\My Documents\LimeWire\Saved\mr brightside - high quality.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 0C6DCEA8A74AB98D9FF36882ED310CAD

#15 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:52 AM

Posted 18 April 2009 - 05:54 AM

Hello,

Remove two Antivirus

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove two of either AVG or Spyware Doctor or Webroot.

P2P Warning

If you are going to use p2p file sharing, I suggest you choose a safe program from here: http://p2p.malwareremoval.com/.

If you use P2P software, make sure you are careful about what you open and what P2P program you install. Malware is all over the P2P networks and the programs often come bundled with Adware and Spyware.

Further readings of interest in regards to the p2p "issue" are: http://pcpitstop.com/spycheck/p2p.asp and this:
http://pcpitstop.com/spycheck/badtorrent.asp

Limewire is listed in the "clean" list but you must use it with caution, and in any case the downloading of music is illegal.

Please do the following:
  • Open My Computer
  • Click on Local Disk (C:)
  • Go to Documents and Settings
  • Click on Ryan.RHYNO-5CF0B785B
  • Go to My Documents
  • Find the folder named "Limewire"
  • Go into it the folder named "Saved"
  • Press Ctrl + a simultaneously to select all items. Now press the delete key on your keyboard.
Close that window and right click the Recycled Bin and click "Empty Recycle Bin"

ReScan

Please rescan with DDS and post DDS.txt
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users