Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Something is very wrong with pc it takes ...
Go to first new post How did you find PC CLEANER PRO on my c ...
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Missing Photos/Black Desktop/Phantom Use ...
Go to first new post Network, good; Internet, bad
Go to first new post Need Help
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Tag Cloud
access acer asus bios bsod crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop mac malware memory monitor motherboard network operating system printer problem ram registry router security slow software sound svchost.exe trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: Please Help! I think my computer is infected with Virus or Malware. Cpu usage 100%

Reply  
Thread Tools
JudeG's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Aug 2010
Experience: Intermediate
30-Aug-2010, 01:39 PM #1
Unhappy Please Help! I think my computer is infected with Virus or Malware. Cpu usage 100%
Hi! Please help me! My computer have been acting weird lately. I have run AVG anti virus and had detected svchost.exe and explorer.exe in memory (trojan adload) but cannot remove/fix or heal it. fake alerts were also popping up but it had stoped after i have run malwarebytes anti-malware. still my iexplorer acting up and cpu usage high in 100% slowing my computer.
Here are the required logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:46 AM, on 8/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [DyanPointMouseDriverHelper] C:\Program Files\Sakar\Mouse Driver\MouseDriver.exe
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1275210071-1606980848-839522115-1005\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Judy')
O4 - HKUS\S-1-5-21-1275210071-1606980848-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Judy')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.atribune.org
O15 - Trusted Zone: http://download.bleepingcomputer.com
O15 - Trusted Zone: http://oldtimer.geekstogo.com
O15 - Trusted Zone: http://www.geekstogo.com
O15 - Trusted Zone: http://www.gmer.net
O15 - Trusted Zone: http://www.2.gmer.net
O15 - Trusted Zone: http://www.neuber.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
--
End of file - 7699 bytes


Here is the DDS log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Judan at 22:40:23.42 on Sun 08/29/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.448 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Judan\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} -
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IPInSightLAN 02] "c:\program files\visual networks\visual ip insight\sbc\IPClient.exe" -l
mRun: [IPInSightMonitor 02] "c:\program files\visual networks\visual ip insight\sbc\IPMon32.exe"
mRun: [RegKillElbyCheck] "c:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [DyanPointMouseDriverHelper] c:\program files\sakar\mouse driver\MouseDriver.exe
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\colorc~1.lnk - c:\program files\sec\magictune 2.5\GammaTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\natura~1.lnk - c:\program files\sec\natural color\NaturalColorLoad.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: atribune.org\www
Trusted Zone: bleepingcomputer.com\download
Trusted Zone: geekstogo.com\oldtimer
Trusted Zone: geekstogo.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: neuber.com\www
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-17 64288]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2008-9-26 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-10 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-10 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-10 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-3-27 165160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-3-9 6144]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]
S3 Aox402Camera;Eye-Q Mini (Video);c:\windows\system32\drivers\aox402vc.sys [2005-6-24 129084]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S3 SE402RefCameraStill;Eye-Q Mini (WDM);c:\windows\system32\drivers\aox402sc.sys [2005-6-24 67332]
UnknownUnknown lrapqads;lrapqads; [x]
=============== Created Last 30 ================
2010-08-30 04:28:46 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-08-29 01:54:18 226 ---ha-w- C:\aaw7boot.cmd
2010-08-28 17:51:45 0 d-----w- c:\docume~1\judan\applic~1\PeaZip
2010-08-28 17:51:12 0 d-----w- c:\program files\PeaZip
2010-08-28 17:13:34 0 d-sha-r- C:\cmdcons
2010-08-28 16:57:58 0 d-----w- c:\docume~1\judan\applic~1\AVG9
2010-08-26 16:51:05 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-26 16:49:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-08-26 16:49:48 0 d-----w- c:\program files\Hitman Pro 3.5
2010-08-26 16:42:15 5376 ----a-w- c:\windows\system32\drivers\VIAIDE.SYS
2010-08-26 06:22:56 0 d-----w- c:\windows\system32\MpEngineStore
2010-08-25 17:09:17 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-25 17:09:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-23 00:57:15 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-23 00:57:15 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-23 00:57:15 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-23 00:57:15 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-23 00:57:15 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-08-23 00:57:12 0 d-----w- c:\docume~1\judan\applic~1\Simply Super Software
2010-08-23 00:57:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-08-23 00:32:45 0 d-----w- c:\docume~1\judan\applic~1\Uniblue
2010-08-22 18:28:51 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-22 18:08:24 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-22 16:45:30 0 d-----w- c:\docume~1\judan\applic~1\Malwarebytes
2010-08-22 16:45:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 16:45:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 16:45:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-22 16:45:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 16:27:21 54156 ---ha-w- c:\windows\QTFont.qfn
2010-08-22 16:27:21 1409 ----a-w- c:\windows\QTFont.for
2010-08-17 23:05:43 0 d-----w- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-08-17 22:45:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-08-17 22:38:01 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-08-17 19:35:50 0 ----a-w- c:\windows\Hpeyihepalam.bin
2010-08-17 19:35:49 120 ----a-w- c:\windows\Fmevamikumipober.dat
==================== Find3M ====================
2010-08-18 03:11:45 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-18 03:11:43 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-08-12 12:15:20 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-12 12:15:20 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-15 16:51:03 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 16:51:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 16:50:11 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2001-11-23 04:08:20 712704 ----a-w- c:\windows\inf\other\AUDIO3D.DLL
2009-12-08 05:02:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-12-08 05:02:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009120720091208\index.dat
2009-12-08 05:02:46 49152 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat
============= FINISH: 22:40:49.67 ===============

Here is the log from GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-30 06:24:52
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Judan\LOCALS~1\Temp\kwldipob.sys

---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF771F87E]
SSDT IPVNMon.sys (IPVNMon/Visual Networks) ZwDeviceIoControlFile [0xF74FDCEF]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF771FBFE]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMSetAttributesEx] [F74FDC29] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMRegisterMiniport] [F74FD8B5] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F74FDBFF] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F74FDB45] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMSetAttributesEx] [F74FDC29] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F74FD656] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMRegisterMiniport] [F74FD8B5] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F74FD656] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F74FDB45] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F74FDBFF] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMSetAttributesEx] [F74FDC29] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMRegisterMiniport] [F74FD8B5] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMSetAttributesEx] [F74FDC29] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMRegisterMiniport] [F74FD8B5] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisIMRegisterLayeredMiniport] [F74FD7D0] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F74FD656] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F74FDB45] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisMSetAttributesEx] [F74FDC29] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F74FDBFF] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMSetAttributesEx] [F74FDC29] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMRegisterMiniport] [F74FD8B5] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F74FD656] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F74FDBFF] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F74FDB45] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F74FDBFF] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F74FDB45] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F74FD656] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F74FD656] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F74FDB45] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F74FDBFF] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F74FD656] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F74FDBFF] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F74FDB45] IPVNMon.sys (IPVNMon/Visual Networks)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\Explorer.EXE[2600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrUnloadDll] [58002663] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPHk2KS2.DLL (Windows 2000 SP2 System Hook DLL/Visual Networks)
IAT C:\WINDOWS\Explorer.EXE[2600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] [580025DE] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPHk2KS2.DLL (Windows 2000 SP2 System Hook DLL/Visual Networks)
IAT C:\WINDOWS\Explorer.EXE[2600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [580024F8] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPHk2KS2.DLL (Windows 2000 SP2 System Hook DLL/Visual Networks)
IAT C:\WINDOWS\Explorer.EXE[2600] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [58002861] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPHk2KS2.DLL (Windows 2000 SP2 System Hook DLL/Visual Networks)
IAT C:\WINDOWS\Explorer.EXE[2600] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5800277E] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPHk2KS2.DLL (Windows 2000 SP2 System Hook DLL/Visual Networks)
IAT C:\WINDOWS\Explorer.EXE[2600] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [58002861] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPHk2KS2.DLL (Windows 2000 SP2 System Hook DLL/Visual Networks)
IAT C:\WINDOWS\Explorer.EXE[2600] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [58002861] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPHk2KS2.DLL (Windows 2000 SP2 System Hook DLL/Visual Networks)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
---- EOF - GMER 1.0.15 ----

I hope someone can help me. thanks, JudeG
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Register for free to hide this ad!
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
31-Aug-2010, 03:34 AM #2
Hello & Welcome to TechSupportGuy

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

Create a System Restore Point
You don't have any System Restore Points. We need to create at least one. Even if it's infected at least we will have something to roll back to should things go pear shaped.
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like Pre-Cleaning then press the Create button and once it's done press Close

Looking through your logs now... be back soon with further instructions.
__________________
Teacher, Malware Removal University - You too could train to help others
Member - UNITE, Alliance of Security Analysis Professionals
Topics not replied to within 3 days will be removed from my Subscribed Threads List
Last edited by jmw3; 31-Aug-2010 at 03:42 AM..
JudeG's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Aug 2010
Experience: Intermediate
31-Aug-2010, 11:17 AM #3
Thank you for you quick response. I created the restore point and named it Pre-Cleaning per you advice. I have also back up personal files and folders. what do i do next?
Last edited by JudeG; 31-Aug-2010 at 11:33 AM..
JudeG's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Aug 2010
Experience: Intermediate
31-Aug-2010, 01:49 PM #4
Jmw3 thanks for you quick response to my post. As I mention in my post that AVG anti-virus detected the virus but couldn't fix or heal then I had ran the Malwarebytes Anti-malware. Just to avoid confusion, I am including to this post the AVG report and the Malwarebytes Logs when i first run the two programs.

Here is the Malwarebytes Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4462
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/22/2010 10:03:06 AM
mbam-log-2010-08-22 (10-03-06).txt
Scan type: Quick scan
Objects scanned: 154937
Time elapsed: 11 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 6
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HDExtrem (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDEx trem (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vide o ActiveX Enhancement (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\ Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frowvaij (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frowvaij (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cqqewqet (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameS erver (Trojan.DNSChanger) -> Data: 85.255.112.13,85.255.112.110 -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\HDExtrem (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judan\Start Menu\Programs\HDExtrem (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3.7332063192853555E7.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Program Files\HDExtrem\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judan\Start Menu\Programs\HDExtrem\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judan\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.


here is the AVG report

AVG 9.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2010 AVG Technologies
Program version 9.0.832, engine 9.0.846
Virus Database: Version 271.1.1/3093 2010-08-25
C:\WINDOWS\system32\svchost.exe (728):\memory_001a0000 Trojan horse Adload_r.AKC
C:\WINDOWS\system32\svchost.exe (728) Trojan horse Adload_r.AKC
C:\WINDOWS\Explorer.EXE (1076):\memory_001a0000 Trojan horse Adload_r.AKC
C:\WINDOWS\Explorer.EXE (1076) Trojan horse Adload_r.AKC
c:\WINDOWS\system32\config\default Locked file. Not tested.
c:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
c:\WINDOWS\system32\config\SAM Locked file. Not tested.
c:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
c:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
c:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
c:\WINDOWS\system32\config\software Locked file. Not tested.
c:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
c:\WINDOWS\system32\config\system Locked file. Not tested.
c:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
------------------------------------------------------------
Objects scanned : 176826
Found infections : 4
Found PUPs : 0
Healed infections : 2
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------
End of AVG report LOG

thanks again for helping me.
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
31-Aug-2010, 07:56 PM #5
Hi

Thanks for those.

P2P Warning!
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire 4.18.8

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P file sharing used to be fairly safe. That is no longer true. I'd like you to read the Perils of P2P File Sharing where we explain why it's not a good idea to have them.
References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/...rotection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs here

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

Advanced SystemCare 3
MediaBar 2.0

If some programs listed are not present, please do not panic

While in Add or Remove Programs, you should also uninstall the following outdated versions of Java as they are open to exploitation. We will update you to the latest Java in due course:
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
  • Save any unsaved work. TFC Cleaner will close all open application windows
  • Double-click TFC.exe to run the program, your desktop will temporarily disappear
  • If prompted, click Yes to reboot
Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

To post in next reply:
ComboFix log
Update on how the computer is running
__________________
Teacher, Malware Removal University - You too could train to help others
Member - UNITE, Alliance of Security Analysis Professionals
Topics not replied to within 3 days will be removed from my Subscribed Threads List
JudeG's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Aug 2010
Experience: Intermediate
02-Sep-2010, 12:44 AM #6
Hi! jmw3, thanks again for your continous help. As per you advice I have removed my Limewire P2P program, and removed the program below. I run the TFC and Combofix which are saved on my desktop. Included in this email is the combofix log. so far so good. my computer's cpu usage i think is back to normal. my concern is that when my computer boots up a scanner from program Hitman Pro 3.5 displays that Internet Explorer is running under proxy server 127.0.0.1:6522 and repairs it. Another is when i'm browsing the internet using Internet Explorer adwatch sometimes displays a warning that, Internet Explorer trying to connect to a malicious website and blocks it. I also notice that my keystrokes are no longer sluggish or delayed. thanks again for your continous support, your help is very much appreciated. -judeG

Programs Removed:

*Advanced SystemCare 3
MediaBar 2.0*


*J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1*


Here is the ComboFix Log

ComboFix 10-09-01.02 - Judan 09/01/2010 20:10:48.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.593 [GMT -7:00]
Running from: c:\documents and settings\Judan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.
2010-08-30 20:00 . 2010-08-30 20:00 891 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372.dll
2010-08-30 17:21 . 2010-08-30 17:21 -------- d-----w- c:\documents and settings\Judan\Local Settings\Application Data\Opera
2010-08-30 17:21 . 2010-08-30 18:04 -------- d-----w- c:\program files\Opera
2010-08-30 04:28 . 2010-08-30 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-08-28 17:51 . 2010-08-28 17:52 -------- d-----w- c:\documents and settings\Judan\Application Data\PeaZip
2010-08-28 17:51 . 2010-08-28 17:51 -------- d-----w- c:\program files\PeaZip
2010-08-28 16:57 . 2010-08-28 16:57 -------- d-----w- c:\documents and settings\Judan\Application Data\AVG9
2010-08-26 16:51 . 2010-09-02 02:36 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-26 16:49 . 2010-08-26 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-26 16:49 . 2010-08-26 16:49 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-26 16:42 . 2010-08-26 16:42 5376 ----a-w- c:\windows\system32\drivers\VIAIDE.SYS
2010-08-26 06:22 . 2010-08-26 16:43 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-25 18:28 . 2010-08-25 18:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-25 18:25 . 2010-08-25 18:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-25 17:09 . 2010-08-25 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-25 17:09 . 2010-08-25 17:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-23 00:57 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-23 00:57 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-23 00:57 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-23 00:57 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-08-23 00:57 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-23 00:57 . 2010-08-23 00:57 -------- d-----w- c:\documents and settings\Judan\Application Data\Simply Super Software
2010-08-23 00:57 . 2010-08-23 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-08-23 00:32 . 2010-08-23 00:32 -------- d-----w- c:\documents and settings\Judan\Application Data\Uniblue
2010-08-22 18:28 . 2010-08-22 18:28 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-22 18:08 . 2010-08-22 18:08 -------- d-----w- c:\documents and settings\Judan\Local Settings\Application Data\Sunbelt Software
2010-08-22 18:08 . 2010-08-22 18:08 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-22 18:08 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-22 16:45 . 2010-08-22 16:45 -------- d-----w- c:\documents and settings\Judan\Application Data\Malwarebytes
2010-08-22 16:45 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 16:45 . 2010-08-22 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-22 16:45 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 16:45 . 2010-08-22 17:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-21 02:52 . 2010-08-21 05:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\tiepdsgew
2010-08-21 02:52 . 2010-08-21 02:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-17 23:05 . 2010-08-18 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-08-17 22:45 . 2010-08-18 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-17 22:38 . 2010-08-17 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-08-17 19:35 . 2010-08-22 16:25 0 ----a-w- c:\windows\Hpeyihepalam.bin
2010-08-17 19:35 . 2010-08-22 18:48 120 ----a-w- c:\windows\Fmevamikumipober.dat
2010-08-05 17:52 . 2010-08-05 17:52 90264 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 02:25 . 2005-06-23 02:08 -------- d-----w- c:\program files\Java
2010-09-02 00:54 . 2005-06-23 02:01 -------- d-----w- c:\program files\LimeWire
2010-08-30 20:07 . 2010-08-30 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-08-30 20:00 . 2010-08-30 20:00 817 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D125B56382665B041A1CFBD6800279AD.dll
2010-08-29 01:54 . 2009-08-26 19:22 -------- d-----w- c:\program files\YouTube Downloader
2010-08-26 16:41 . 2006-02-26 19:38 -------- d-----w- c:\program files\Guitar Pro
2010-08-18 18:15 . 2008-08-29 15:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-18 04:14 . 2010-01-10 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-18 03:11 . 2008-01-29 19:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-18 03:11 . 2008-01-29 19:02 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-08-17 22:45 . 2008-08-29 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-12 12:15 . 2009-03-17 09:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 12:15 . 2009-03-17 09:26 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-01 05:44 . 2009-09-07 04:04 -------- d-----w- c:\documents and settings\Judy\Application Data\ZoomBrowser EX
2010-08-01 05:43 . 2008-08-16 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-07-29 17:19 . 2006-01-04 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-07-19 20:20 . 2010-07-19 20:20 -------- d-----w- c:\documents and settings\Judan\Application Data\EPSON
2010-07-19 20:10 . 2010-07-19 04:34 -------- d-----w- c:\program files\USBDiskEjector
2010-07-15 16:51 . 2010-01-10 19:23 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 16:51 . 2010-07-15 16:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 16:50 . 2010-01-10 19:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-10 20:05 . 2010-01-10 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-30 12:31 . 2008-07-03 20:57 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2005-04-27 17:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2008-07-03 20:57 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-07-03 20:57 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-07-03 20:58 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-07-03 20:58 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2008-07-03 20:57 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"IPInSightLAN 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"IPInSightMonitor 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"RegKillElbyCheck"="c:\program files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2001-12-06 45056]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-15 257088]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-08-12 864624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-03-27 181544]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"DyanPointMouseDriverHelper"="c:\program files\Sakar\Mouse Driver\MouseDriver.exe" [2006-02-10 53248]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-09-02 6300480]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-22 110592]
Color Calibration.lnk - c:\program files\SEC\MagicTune 2.5\GammaTray.exe [2005-6-22 36864]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2005-6-22 155715]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 16:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/17/2009 2:26 AM 64288]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [9/26/2008 2:40 AM 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/10/2010 12:23 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/10/2010 12:23 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:50 AM 308136]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 3:54 PM 165160]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [3/9/2002 8:37 PM 6144]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2010 8:29 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 5:15 AM 1355416]
S3 Aox402Camera;Eye-Q Mini (Video);c:\windows\system32\drivers\aox402vc.sys [6/24/2005 9:41 PM 129084]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 5:15 AM 15008]
S3 SE402RefCameraStill;Eye-Q Mini (WDM);c:\windows\system32\drivers\aox402sc.sys [6/24/2005 9:42 PM 67332]
--- Other Services/Drivers In Memory ---
*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder
2010-09-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
2010-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]
2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 03:29]
2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 03:29]
2010-09-02 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2010-05-30 13:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com
Trusted Zone: atribune.org\www
Trusted Zone: bleepingcomputer.com\download
Trusted Zone: geekstogo.com\oldtimer
Trusted Zone: geekstogo.com\www
Trusted Zone: gmer.net\www
Trusted Zone: gmer.net\www.2
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: neuber.com\www
Trusted Zone: opera.com\get3
Trusted Zone: opera.com\www
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Judan\Application Data\Mozilla\Firefox\Profiles\qscgrd9z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Judy\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Judy\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 20:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DyanPointMouseDriverHelper = c:\program files\Sakar\Mouse Driver\MouseDriver.exe????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ?
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = c:\program files\Creative\MediaSource\Detector\CTDetect.exe /R??o?u?r?c?e?\?D?e?t?e?c?t?o?r?\?C?T?D?e?t?e?c?t?.?e?x?e??????????????????? ??????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,a8,88,5a,03,a9,9c,4f,a3,84,f3, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,a8,88,5a,03,a9,9c,4f,a3,84,f3, \
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(4068)
c:\windows\system32\WININET.dll
c:\program files\Sakar\Mouse Driver\MouseHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-01 20:18:33
ComboFix-quarantined-files.txt 2010-09-02 03:18
ComboFix2.txt 2010-08-28 17:30
Pre-Run: 72,968,683,520 bytes free
Post-Run: 72,961,908,736 bytes free
- - End Of File - - 89E474D94F3ADE4715245D743FEF7D02
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
02-Sep-2010, 01:41 AM #7
Hi

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code:
http://forums.techguy.org/virus-other-malware-removal/946734-please-help-i-think-my.html
Collect::
c:\windows\Hpeyihepalam.bin
c:\windows\Fmevamikumipober.dat
Folder::
c:\documents and settings\All Users\Application Data\SecTaskMan
c:\program files\LimeWire
c:\documents and settings\NetworkService\Local Settings\Application Data\tiepdsgew
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
Trusted Zone: atribune.org\www
Trusted Zone: bleepingcomputer.com\download
Trusted Zone: geekstogo.com\oldtimer
Trusted Zone: geekstogo.com\www
Trusted Zone: gmer.net\www
Trusted Zone: gmer.net\www.2
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: neuber.com\www
Trusted Zone: opera.com\get3
Trusted Zone: opera.com\www
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
Save this as CFScript.txt, in the same location as ComboFix.exe



Referring to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

To post in next reply:
ComboFix log
__________________
Teacher, Malware Removal University - You too could train to help others
Member - UNITE, Alliance of Security Analysis Professionals
Topics not replied to within 3 days will be removed from my Subscribed Threads List
JudeG's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Aug 2010
Experience: Intermediate
02-Sep-2010, 01:08 PM #8
Hi! jmw3, I copied and past the Code Script and saved it as CFScript.txt in the Desktop, I dragged it over the ComboFix program it automatically started and had produced this Log. So far, so good. Nothing unusual activity going on regarding performance. Cpu usage normal. You are great! Again thanks for helping me.-JudeG

Here is the Log:

ComboFix 10-09-01.04 - Judan 09/02/2010 8:41.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.409 [GMT -7:00]
Running from: c:\documents and settings\Judan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Judan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
file zipped: c:\windows\Fmevamikumipober.dat
file zipped: c:\windows\Hpeyihepalam.bin
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\SecTaskMan
c:\documents and settings\All Users\Application Data\SecTaskMan\_algCA7AE00
c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\_ExplorerBD8C60F
c:\documents and settings\All Users\Application Data\SecTaskMan\_IPClient542CD005
c:\documents and settings\All Users\Application Data\SecTaskMan\_IPHk2KS24FA68001
c:\documents and settings\All Users\Application Data\SecTaskMan\_IPMon324F67E001
c:\documents and settings\All Users\Application Data\SecTaskMan\_SDHelper34C9AF74
c:\documents and settings\All Users\Application Data\SecTaskMan\_svchost14F83800
c:\documents and settings\All Users\Application Data\SecTaskMan\_WUDFSvc1358DA00
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021599B0090400000000000F01FEC
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0532C55FAEE03D112875000CF48634EF
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0532C55FAEE03D112875000CF48634EF.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_083CC74A69C5245489AE3288E4BC246C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_083CC74A69C5245489AE3288E4BC246C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0C430169FD85FD1179DF000565084666
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0C430169FD85FD1179DF000565084666.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12341rg
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12345db
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1E20F6C4378D3F548B258DF348EB8A4D
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1E20F6C4378D3F548B258DF348EB8A4D.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_26517BDA21C53D11087F000093C16101
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_26517BDA21C53D11087F000093C16101.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_29A2DDF857F960748B2C8094A989366E
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_29A2DDF857F960748B2C8094A989366E.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2E5B2C9D98E42DB4FAAA77E273AFA1FD
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2E5B2C9D98E42DB4FAAA77E273AFA1FD.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2F0F48BCB729D854D95C7838E2D36C35
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2F0F48BCB729D854D95C7838E2D36C35.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3198093425736D112AD50005ABF74A7B
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3198093425736D112AD50005ABF74A7B.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3e43b73803c7c394f8a6b2f0402e19c2
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3e43b73803c7c394f8a6b2f0402e19c2.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4EA42A62D9304AC4784BF238120621FF
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4EA42A62D9304AC4784BF238120621FF.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_508A456A9D147C04AA64A40FF440D416
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_508A456A9D147C04AA64A40FF440D416.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_51C740D3958C7F5418EC2F86718760B9
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_51C740D3958C7F5418EC2F86718760B9.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_571368E5D58E6A4498862805D743EAF7
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_571368E5D58E6A4498862805D743EAF7.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5B84B90E141EA724BAC03D06157222A4
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5B84B90E141EA724BAC03D06157222A4.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_60AB8338725EB19449005F7180EF6E59
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_60AB8338725EB19449005F7180EF6E59.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_62287FAB00234BD4EB33D429A2978904
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_62287FAB00234BD4EB33D429A2978904.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA330100007706000000000020
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA330100007706000000000020.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7448A2100000030
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7448A2100000030.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7CC977B152F53B921505FA446A020133
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7CC977B152F53B921505FA446A020133.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_876543AA4B2143C1214D21436587FFEE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_876543AA4B2143C1214D21436587FFEE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_87A4D6BBBDB4DBF418BC00CDF22CFB14
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_87A4D6BBBDB4DBF418BC00CDF22CFB14.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510001
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510001.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510002
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510002.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510004
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510004.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510006
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510006.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511001
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511001.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610007
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610007.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8AC6852B21F03D112885000CF48634EF
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8AC6852B21F03D112885000CF48634EF.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_904000001E872D116BF00006799C897E
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_904000001E872D116BF00006799C897E.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_93BAD29AC2E44034A96BCB446EB8552E
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_93BAD29AC2E44034A96BCB446EB8552E.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_946918A893873D11C8AA000CF4063B47
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_946918A893873D11C8AA000CF4063B47.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96F67BA0167EAFC49B0B1A09B6E4E9B4
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96F67BA0167EAFC49B0B1A09B6E4E9B4.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9EC9653600AFC964FAC55E4D9DA3FC19
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9EC9653600AFC964FAC55E4D9DA3FC19.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9FA2096768ADD9145B33706734217422
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9FA2096768ADD9145B33706734217422.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A5EC0653FE4C0BD4E9CCAB30F53E905C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A5EC0653FE4C0BD4E9CCAB30F53E905C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ABDEFB73A2E33D116B51000CF42C5F5A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ABDEFB73A2E33D116B51000CF42C5F5A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B50A775126EECBB4D97BEF47F84AE42C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B50A775126EECBB4D97BEF47F84AE42C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BF3C65B6F99F2D110A490001A542DC33
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BF3C65B6F99F2D110A490001A542DC33.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C94709BA22470854A8A766CCE5E9F589
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C94709BA22470854A8A766CCE5E9F589.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C98364860CAB473408E81B028FA65F7D
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C98364860CAB473408E81B028FA65F7D.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D125B56382665B041A1CFBD6800279AD
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D125B56382665B041A1CFBD6800279AD.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D1D05B87C24698B4CB7C53E2EA63417D
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D1D05B87C24698B4CB7C53E2EA63417D.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D33A333FC5212A23D8ECC5D54132E172
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D33A333FC5212A23D8ECC5D54132E172.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DC3BF90CC0D3D2F398A9A6D1762F70F3
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DC3BF90CC0D3D2F398A9A6D1762F70F3.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DEA27ECB2333368459765CCD9B50C22A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DEA27ECB2333368459765CCD9B50C22A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DFAD2CEE8555CA04E8C905508C8F018E
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DFAD2CEE8555CA04E8C905508C8F018E.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E08AC3B60CA65274ABFBB9F0FE88C03B
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E08AC3B60CA65274ABFBB9F0FE88C03B.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E660CAB29E2F2D111A17000CF4C6F94A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E660CAB29E2F2D111A17000CF4C6F94A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E83E246D42D0C684A9D23E61DD96F6B4
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E83E246D42D0C684A9D23E61DD96F6B4.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EDFC2A4507CD0E6429CACD886F03D393
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EDFC2A4507CD0E6429CACD886F03D393.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EF3F18B1CD495274F9E7F40B00428746
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EF3F18B1CD495274F9E7F40B00428746.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EF979583F4CD0414E8DA5A695200D027
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EF979583F4CD0414E8DA5A695200D027.dll
c:\documents and settings\NetworkService\Local Settings\Application Data\tiepdsgew
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid3228.log
c:\program files\LimeWire\Incomplete\T-4004554-Weezer - Troublemaker.mp3
c:\program files\LimeWire\Incomplete\T-6983598-Pink Floyd - Learning To Fly.mp3
c:\program files\LimeWire\Incomplete\T-721417922-girls gone wild - endless spring break volume 5 2003.avi
c:\program files\LimeWire\Incomplete\T-721417922-girls_gone_wild_-_endless_spring_break_5_(2003) xxx xdmnx sharereactor.avi
c:\program files\LimeWire\Incomplete\T-732864512-Ip.Man.2008.RETAiL.DVDRip.XviD-CoWRY.avi
c:\program files\LimeWire\Incomplete\T-735732430-Repo Men.2010.UNRATED.DvdRip.Xvid {1337x}-Noir.avi
c:\program files\LimeWire\Shared Files\( EBOOK - PDF - ENG ) Pimsleur - Learn Spanish I - Reading Booklet ( 1st Edition ).pdf
c:\program files\LimeWire\Shared Files\(ebook - dic) English - spanish dictionary (20 756 entries).pdf
c:\program files\LimeWire\Shared Files\(Ebook - Science - Mathematics) Principles Of Modern Physics.pdf
c:\program files\LimeWire\Shared Files\(eBook english) Auto Repair for Dummies.pdf
c:\program files\LimeWire\Shared Files\(ebook pdf) hobbies - piano for dummies - idg books.pdf
c:\program files\LimeWire\Shared Files\(ebook pdf) McGraw-Hill - The Illustrated Dictionary of Electronics 8th Edition.pdf
c:\program files\LimeWire\Shared Files\(EBook) - Martial Arts - Kenpo Techniques.pdf
c:\program files\LimeWire\Shared Files\(EBooks) Survival - Homemade, Traps And Snares.pdf
c:\program files\LimeWire\Shared Files\3 Days Grace - Home.mp3
c:\program files\LimeWire\Shared Files\80's Music - Pat Benatar - I Love Rock 'n Roll.mp3
c:\program files\LimeWire\Shared Files\80s-Bruce Springsteen - Born in the USA.mp3
c:\program files\LimeWire\Shared Files\Aerosmith - Dream On.mp3
c:\program files\LimeWire\Shared Files\AlbumArt_{2FE01579-1138-4C4A-BDC0-D0A7810E29B6}_Large.jpg
c:\program files\LimeWire\Shared Files\AlbumArt_{2FE01579-1138-4C4A-BDC0-D0A7810E29B6}_Small.jpg
c:\program files\LimeWire\Shared Files\AlbumArtSmall.jpg
c:\program files\LimeWire\Shared Files\American Idol - David Cook - Billie Jean.mp3
c:\program files\LimeWire\Shared Files\Asin - Cotabato.mp3
c:\program files\LimeWire\Shared Files\B.o.B - Nothing On You ft. Bruno Mars.mp3
c:\program files\LimeWire\Shared Files\Beatles - Something In The Way She Moves.mp3
c:\program files\LimeWire\Shared Files\Beatles - I Am The Walrus.mp3
c:\program files\LimeWire\Shared Files\Beatles - John Lennon - Imagine.mp3
c:\program files\LimeWire\Shared Files\Beatles - Lucy In The Sky With Diamonds.mp3
c:\program files\LimeWire\Shared Files\Beatles - Revolution.mp3
c:\program files\LimeWire\Shared Files\Beatles - Stand By Me (John Lennon).mp3
c:\program files\LimeWire\Shared Files\Beatles - The Long And Winding Road.mp3
c:\program files\LimeWire\Shared Files\Beatles - Here Comes The Sun.mp3
c:\program files\LimeWire\Shared Files\Billy Idol - Dancing with my self.mp3
c:\program files\LimeWire\Shared Files\Billy Idol - Rebel.mp3
c:\program files\LimeWire\Shared Files\Billy Idol - White Wedding.mp3
c:\program files\LimeWire\Shared Files\Blade 2 Soundtrack - Enter The Rave (Darude And Rob Zombie).mp3
c:\program files\LimeWire\Shared Files\Blade 2 Techno - New Order - Confusion (Blade Soundtrack - Rave Scene).mp3
c:\program files\LimeWire\Shared Files\Blade Soundtrack- Blood Rave Techno (Bloodbath Mix).MP3
c:\program files\LimeWire\Shared Files\Brandi Carlile - Hallelujah.mp3
c:\program files\LimeWire\Shared Files\Brandi Carlile - The Story.mp3
c:\program files\LimeWire\Shared Files\Brandi Carlile - Turpentine.mp3
c:\program files\LimeWire\Shared Files\Bruce Springsteen - I'm On Fire.mp3
c:\program files\LimeWire\Shared Files\Bruce Springsteen - Streets of Philadelphia.mp3
c:\program files\LimeWire\Shared Files\Carrie Underwood - Before He Cheats.Mp3
c:\program files\LimeWire\Shared Files\CCR - Bad Moon Rising.mp3
c:\program files\LimeWire\Shared Files\CHEMISTRY - Homemade Recipes for many things - (eBook 28175 .txt) (TEC@NZ) .txt
c:\program files\LimeWire\Shared Files\Compressed Programs\Adobe Acrobat 7.0 Professional.zip
c:\program files\LimeWire\Shared Files\Compressed Programs\Cakewalk Home Studio 2002 + serial.zip
c:\program files\LimeWire\Shared Files\Compressed Programs\Cakewalk Pro Audio 9 0 Final with serial (E) zip.zip
c:\program files\LimeWire\Shared Files\Compressed Programs\Cakewalk Pro Audio v9.03 - Multi Track Recording Studio.zip
c:\program files\LimeWire\Shared Files\Compressed Programs\Cubase Sx 3.0.1.514 Really Working!!! (With Serial,Crack, Install Instructions).zip
c:\program files\LimeWire\Shared Files\Compressed Programs\Dreamweaver MX 2004 Full Version + SERIAL.zip
c:\program files\LimeWire\Shared Files\Compressed Programs\dvdshrink32setup.zip
c:\program files\LimeWire\Shared Files\Compressed Programs\Fruity Loops STUDIO 5_XXL_cracked (Full Version) RTAS VST Dxi pro tools cakewalk soft synth.zip
c:\program files\LimeWire\Shared Files\Compressed Programs\Guitar Lessons-Absolute Fretboard Trainer Pro 2.36.zip
c:\program files\LimeWire\Shared Files\Compressed Programs\Guitar Pro 4.1.0 + KeyGen.zip
c:\program files\LimeWire\Shared Files\Compressed Programs\Guitar Pro 5 + Serial.zip
c:\program files\LimeWire\Shared Files\Compressed Programs\PC Games - Tetris Arcade - Full Version - Nice Sound And Graphics!.zip
c:\program files\LimeWire\Shared Files\Compressed Programs\Ultimate Video Converter (TMPGEnc Newest), converts, mpeg, divx, avi, wmv, mp3, wma, wav, dvd, vcd(2).zip
c:\program files\LimeWire\Shared Files\Corey Hart - I Wear my Sunglasses at Night (80s).mp3
c:\program files\LimeWire\Shared Files\Corey Hart - Never Surrender.mp3
c:\program files\LimeWire\Shared Files\Crafts - Woodworking - Plans - (ebook) - Over the sink cutting board.pdf
c:\program files\LimeWire\Shared Files\Credence Clearwater Revival - Bad Moon Rising.mp3
c:\program files\LimeWire\Shared Files\Creed - Higher.mp3
c:\program files\LimeWire\Shared Files\Creed - My Sacrifice.mp3
c:\program files\LimeWire\Shared Files\Daft Punk - Harder, Better, Faster, Stronger.mp3
c:\program files\LimeWire\Shared Files\David Bowie & Queen - Under Pressure.mp3
c:\program files\LimeWire\Shared Files\David Cook - This Is The Time Of My Life.mp3
c:\program files\LimeWire\Shared Files\Def Lepperd - Pour Some Sugar On Me.mp3
c:\program files\LimeWire\Shared Files\desktop.ini
c:\program files\LimeWire\Shared Files\Dixie Chicks - Landslide.mp3
c:\program files\LimeWire\Shared Files\Don McLean - American Pie.mp3
c:\program files\LimeWire\Shared Files\Drowning Pool - Let The Bodies Hit The Floor.mp3
c:\program files\LimeWire\Shared Files\Drowning Pool - Rise Up (new theme from WWE SmackDown).mp3
c:\program files\LimeWire\Shared Files\dvd decrypter\SetupDVDDecrypter_3.5.4.0.exe
c:\program files\LimeWire\Shared Files\Eminem - Till I Collapse.mp3
c:\program files\LimeWire\Shared Files\Fleetwood Mac - Landslide - Stevie Nicks.mp3
c:\program files\LimeWire\Shared Files\Folder.jpg
c:\program files\LimeWire\Shared Files\Garbage - #1 Crush.mp3
c:\program files\LimeWire\Shared Files\Garbage - Bad Boyfriend.mp3
c:\program files\LimeWire\Shared Files\Garbage - Bleed Like Me.mp3
c:\program files\LimeWire\Shared Files\Garbage - Cherryy Lips.mp3
c:\program files\LimeWire\Shared Files\Garbage - Crush (Romeo And Juliet Soundtrack).mp3
c:\program files\LimeWire\Shared Files\Garbage - Dumb.mp3
c:\program files\LimeWire\Shared Files\Garbage - I Think I'm Paranoid.mp3
c:\program files\LimeWire\Shared Files\Garbage - Im Only Happy When It Rains.mp3
c:\program files\LimeWire\Shared Files\Garbage - Medication.mp3
c:\program files\LimeWire\Shared Files\Garbage - Milk (Massive Attack Very Rare Trance Mix).mp3
c:\program files\LimeWire\Shared Files\Garbage - Push It.mp3
c:\program files\LimeWire\Shared Files\Garbage - Run Baby Run.mp3
c:\program files\LimeWire\Shared Files\Garbage - Special.mp3
c:\program files\LimeWire\Shared Files\Garbage - Stupid Girl.mp3
c:\program files\LimeWire\Shared Files\Garbage - Tell Me Where It Hurts.mp3
c:\program files\LimeWire\Shared Files\Garbage - Temptation Waits.mp3
c:\program files\LimeWire\Shared Files\Garbage - The World Is Not Enough.mp3
c:\program files\LimeWire\Shared Files\Garbage - Thirteen.mp3
c:\program files\LimeWire\Shared Files\Garbage - Use Me.mp3
c:\program files\LimeWire\Shared Files\Garbage - When I Grow Up.mp3
c:\program files\LimeWire\Shared Files\Garbage - Why Do You Love Me.mp3
c:\program files\LimeWire\Shared Files\Garbage - You Look So Fine.mp3
c:\program files\LimeWire\Shared Files\Garden State Soundtrack - 04 - The Shins - New Slang.mp3
c:\program files\LimeWire\Shared Files\Grey's Anatomy - Brandi Carlile - Tragedy.mp3
c:\program files\LimeWire\Shared Files\Grey's Anatomy - Brandi Carlile - What Can I Say.mp3
c:\program files\LimeWire\Shared Files\Guitar Lessons-Absolute Fretboard Trainer Pro 2.36\Guitar Lessons-Absolute Fretboard Trainer Pro 2.36.exe
c:\program files\LimeWire\Shared Files\Guitar Lessons-Absolute Fretboard Trainer Pro 2.36\Guitar Pro 4.1.0 + KeyGen.zip
c:\program files\LimeWire\Shared Files\IYAZ - Replay.mp3
c:\program files\LimeWire\Shared Files\Jace Everett - Bad Things - True Blood Theme Song.mp3
c:\program files\LimeWire\Shared Files\Jeff Buckley - hallelujah.mp3
c:\program files\LimeWire\Shared Files\Joan Jett - I Love Rock n Roll 80s.mp3
c:\program files\LimeWire\Shared Files\Johnny Cash - Folsom Prison Blues.mp3
c:\program files\LimeWire\Shared Files\Kanye West - Harder, Better, Stronger, Faster Remix.mp3
c:\program files\LimeWire\Shared Files\Kelly Clarkson - My Life Would Suck Without You(1).mp3
c:\program files\LimeWire\Shared Files\Kelly Clarkson - My Life Would Suck Without You(2).mp3
c:\program files\LimeWire\Shared Files\Kelly Clarkson - My Life Would Suck Without You.mp3
c:\program files\LimeWire\Shared Files\Kelly Clarksonn - My Life Would Suck Without You.mp3
c:\program files\LimeWire\Shared Files\Keri Hilson - Knock You Down ft. Kanye West & Ne-Yo.mp3
c:\program files\LimeWire\Shared Files\Kesha - TiK-ToK.mp3
c:\program files\LimeWire\Shared Files\kim carnes - betty davis eyes.mp3
c:\program files\LimeWire\Shared Files\Kings of Leon - Use Somebody.mp3
c:\program files\LimeWire\Shared Files\Led Zeppelin - Black Dog.mp3
c:\program files\LimeWire\Shared Files\New Boyz - Tie Me Down (feat. Ray J).mp3
c:\program files\LimeWire\Shared Files\Nick Drake - Black Eyed Dog.mp3
c:\program files\LimeWire\Shared Files\Parokya Ni Edgar - [Live] 3 Stars And The Sun feat. Francis M.mp3
c:\program files\LimeWire\Shared Files\Parokya Ni Edgar - Buloy.mp3
c:\program files\LimeWire\Shared Files\Parokya Ni Edgar - Cooking Ng Ina Mo.mp3
c:\program files\LimeWire\Shared Files\Parokya Ni Edgar - Kaleidoscope World (Live feat Francis Magalona).mp3
c:\program files\LimeWire\Shared Files\Parokya Ni Edgar - Maniwala Ka Sana.mp3
c:\program files\LimeWire\Shared Files\Parokya Ni Edgar - Tatlong Araw.mp3
c:\program files\LimeWire\Shared Files\Parokya Ni Edgar - Trip.mp3
c:\program files\LimeWire\Shared Files\Pat Benatar - Hit Me With Your Best Shot (128 kbps - original rip from cd) (80's music).mp3
c:\program files\LimeWire\Shared Files\Pat Benatar - love is a battle feild.mp3
c:\program files\LimeWire\Shared Files\pat benatar - we belong.mp3
c:\program files\LimeWire\Shared Files\Pink Floyd - Comfortably Numb.mp3
c:\program files\LimeWire\Shared Files\Pink Floyd - Learning to Fly.mp3
c:\program files\LimeWire\Shared Files\Pink Floyd - Wish You Were Here.mp3
c:\program files\LimeWire\Shared Files\Queen - Another One Bites The Dust(1).mp3
c:\program files\LimeWire\Shared Files\Queen - Crazy Little Thing Called Love .mp3
c:\program files\LimeWire\Shared Files\Queen - Killer Queen.mp3
c:\program files\LimeWire\Shared Files\Queen - We Will Rock You.mp3
c:\program files\LimeWire\Shared Files\Queen - Your My Best Friend.mp3
c:\program files\LimeWire\Shared Files\Queen -Fat Bottomed Girls.mp3
c:\program files\LimeWire\Shared Files\Rolling's Stones - Paint in black.mp3
c:\program files\LimeWire\Shared Files\Smashing Pumpkins - 1979.mp3
c:\program files\LimeWire\Shared Files\Smashing Pumpkins - Disarm.mp3
c:\program files\LimeWire\Shared Files\Smashing Pumpkins - Landslide.mp3
c:\program files\LimeWire\Shared Files\Smashing Pumpkins - Today.mp3
c:\program files\LimeWire\Shared Files\The Beatles- Ticket to Ride.mp3
c:\program files\LimeWire\Shared Files\The Beatles - Across The Universe.mp3
c:\program files\LimeWire\Shared Files\The Beatles - All My Loving.mp3
c:\program files\LimeWire\Shared Files\the beatles - Beetles-All You Need Is Love.mp3
c:\program files\LimeWire\Shared Files\The beatles - Beetles - Love Me Do.mp3
c:\program files\LimeWire\Shared Files\The beatles - Beetles - Yesterday.mp3
c:\program files\LimeWire\Shared Files\The Beatles - Can't Buy Me Love.mp3
c:\program files\LimeWire\Shared Files\The Beatles - Come Together.mp3
c:\program files\LimeWire\Shared Files\The Beatles - Dear Prudence.mp3
c:\program files\LimeWire\Shared Files\The Beatles - Hello Goodbye.mp3
c:\program files\LimeWire\Shared Files\The Beatles - Helter Skelter(1).mp3
c:\program files\LimeWire\Shared Files\The Beatles - Hey Jude.mp3
c:\program files\LimeWire\Shared Files\The Beatles - If I Fell In Love With You.mp3
c:\program files\LimeWire\Shared Files\The Beatles - Let It Be.mp3
c:\program files\LimeWire\Shared Files\The Beatles - Strawberry Fields Forever.mp3
c:\program files\LimeWire\Shared Files\The Beatles - Twist and Shout.mp3
c:\program files\LimeWire\Shared Files\The Beatles - While My Guitar Gently Weeps.mp3
c:\program files\LimeWire\Shared Files\The Beatles - With A Little Help From My Friends(1).mp3
c:\program files\LimeWire\Shared Files\The Beatles - Yellow Submarine.mp3
c:\program files\LimeWire\Shared Files\The Breeders - Cannonball.mp3
c:\program files\LimeWire\Shared Files\The Killers - Mr.Brightside.mp3
c:\program files\LimeWire\Shared Files\The Killers - When You Were Young.mp3
c:\program files\LimeWire\Shared Files\The Rolling Stones - Gimme Shelter.mp3
c:\program files\LimeWire\Shared Files\The Rolling Stones - Satisfaction.mp3
c:\program files\LimeWire\Shared Files\tmpgenc\TMPGEnc 2.510.49.157 Plus + Serial\TMPGEnc-2.510.49.157-Plus-ENInstaller-DL.exe
c:\program files\LimeWire\Shared Files\tmpgenc\TMPGEnc 2.510.49.157 Plus + Serial\TMPGEnc Plus 2-58-44-152 serial.txt
c:\program files\LimeWire\Shared Files\Ugly Kid Joe - Cats In The Cradle.mp3
c:\program files\LimeWire\Shared Files\Uncle Kracker - Drift Away.mp3
c:\program files\LimeWire\Shared Files\Usher ft. Nicki Minaj - Little Freak.mp3
c:\program files\LimeWire\Shared Files\Usher ft. Will.I.Am.- OMG.mp3
c:\program files\LimeWire\Shared Files\Walk the Line Soundtrack_ Folsom Prison Blues- Joaquin Phoenix.mp3
c:\program files\LimeWire\Shared Files\Walk the Line Soundtrack_ Ring of Fire- Joaquin Phoenix.mp3
c:\program files\LimeWire\Shared Files\workout1.doc
c:\program files\LimeWire\Shared Files\workout2.doc
c:\program files\LimeWire\Shared Files\workout3.doc
c:\program files\LimeWire\Shared Files\workout4.doc
c:\windows\Fmevamikumipober.dat
c:\windows\Hpeyihepalam.bin
.
((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.
2010-08-28 16:57 . 2010-08-28 16:57 -------- d-----w- c:\documents and settings\Judan\Application Data\AVG9
2010-08-26 16:51 . 2010-09-02 02:36 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-26 16:49 . 2010-08-26 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-26 16:49 . 2010-08-26 16:49 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-26 16:42 . 2010-08-26 16:42 5376 ----a-w- c:\windows\system32\drivers\VIAIDE.SYS
2010-08-26 06:22 . 2010-08-26 16:43 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-25 18:28 . 2010-08-25 18:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-25 18:25 . 2010-08-25 18:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-25 17:09 . 2010-08-25 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-25 17:09 . 2010-08-25 17:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-23 00:57 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-23 00:57 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-23 00:57 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-23 00:57 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-08-23 00:57 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-23 00:57 . 2010-08-23 00:57 -------- d-----w- c:\documents and settings\Judan\Application Data\Simply Super Software
2010-08-23 00:57 . 2010-08-23 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-08-23 00:32 . 2010-08-23 00:32 -------- d-----w- c:\documents and settings\Judan\Application Data\Uniblue
2010-08-22 18:28 . 2010-08-22 18:28 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-22 18:08 . 2010-08-22 18:08 -------- d-----w- c:\documents and settings\Judan\Local Settings\Application Data\Sunbelt Software
2010-08-22 18:08 . 2010-08-22 18:08 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-22 18:08 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-22 16:45 . 2010-08-22 16:45 -------- d-----w- c:\documents and settings\Judan\Application Data\Malwarebytes
2010-08-22 16:45 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 16:45 . 2010-08-22 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-22 16:45 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 16:45 . 2010-08-22 17:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-21 02:52 . 2010-08-21 02:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-17 23:05 . 2010-08-18 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-08-17 22:45 . 2010-08-18 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-17 22:38 . 2010-08-17 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-08-05 17:52 . 2010-08-05 17:52 90264 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 02:25 . 2005-06-23 02:08 -------- d-----w- c:\program files\Java
2010-08-30 20:00 . 2010-08-30 20:00 -------- d-----w- c:\program files\Security Task Manager
2010-08-30 18:04 . 2010-08-30 17:21 -------- d-----w- c:\program files\Opera
2010-08-30 04:28 . 2010-08-30 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-08-29 01:54 . 2009-08-26 19:22 -------- d-----w- c:\program files\YouTube Downloader
2010-08-28 17:52 . 2010-08-28 17:51 -------- d-----w- c:\documents and settings\Judan\Application Data\PeaZip
2010-08-28 17:51 . 2010-08-28 17:51 -------- d-----w- c:\program files\PeaZip
2010-08-26 16:41 . 2006-02-26 19:38 -------- d-----w- c:\program files\Guitar Pro
2010-08-18 18:15 . 2008-08-29 15:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-18 04:14 . 2010-01-10 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-18 03:11 . 2008-01-29 19:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-18 03:11 . 2008-01-29 19:02 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-08-17 22:45 . 2008-08-29 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-12 12:15 . 2009-03-17 09:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 12:15 . 2009-03-17 09:26 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-01 05:44 . 2009-09-07 04:04 -------- d-----w- c:\documents and settings\Judy\Application Data\ZoomBrowser EX
2010-08-01 05:43 . 2008-08-16 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-07-29 17:19 . 2006-01-04 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-07-19 20:20 . 2010-07-19 20:20 -------- d-----w- c:\documents and settings\Judan\Application Data\EPSON
2010-07-19 20:10 . 2010-07-19 04:34 -------- d-----w- c:\program files\USBDiskEjector
2010-07-15 16:51 . 2010-01-10 19:23 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 16:51 . 2010-07-15 16:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 16:50 . 2010-01-10 19:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-10 20:05 . 2010-01-10 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-30 12:31 . 2008-07-03 20:57 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2005-04-27 17:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2008-07-03 20:57 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-07-03 20:57 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-07-03 20:58 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-07-03 20:58 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2008-07-03 20:57 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-02_03.15.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-02 04:04 . 2010-09-02 04:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-06-22 09:52 . 2010-09-02 04:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-06-22 09:52 . 2010-08-31 13:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-02 04:04 . 2010-09-02 04:04 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-08-30 20:30 . 2010-08-31 13:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"IPInSightLAN 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"IPInSightMonitor 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"RegKillElbyCheck"="c:\program files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2001-12-06 45056]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-15 257088]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-08-12 864624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-03-27 181544]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"DyanPointMouseDriverHelper"="c:\program files\Sakar\Mouse Driver\MouseDriver.exe" [2006-02-10 53248]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-09-02 6300480]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-22 110592]
Color Calibration.lnk - c:\program files\SEC\MagicTune 2.5\GammaTray.exe [2005-6-22 36864]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2005-6-22 155715]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 16:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/17/2009 2:26 AM 64288]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [9/26/2008 2:40 AM 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/10/2010 12:23 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/10/2010 12:23 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:50 AM 308136]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 3:54 PM 165160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 5:15 AM 1355416]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [3/9/2002 8:37 PM 6144]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2010 8:29 PM 136176]
S3 Aox402Camera;Eye-Q Mini (Video);c:\windows\system32\drivers\aox402vc.sys [6/24/2005 9:41 PM 129084]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 5:15 AM 15008]
S3 SE402RefCameraStill;Eye-Q Mini (WDM);c:\windows\system32\drivers\aox402sc.sys [6/24/2005 9:42 PM 67332]
--- Other Services/Drivers In Memory ---
*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder
2010-09-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
2010-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]
2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 03:29]
2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 03:29]
2010-09-02 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2010-05-30 13:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Judan\Application Data\Mozilla\Firefox\Profiles\qscgrd9z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-02 08:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DyanPointMouseDriverHelper = c:\program files\Sakar\Mouse Driver\MouseDriver.exe????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ?
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = c:\program files\Creative\MediaSource\Detector\CTDetect.exe /R??o?u?r?c?e?\?D?e?t?e?c?t?o?r?\?C?T?D?e?t?e?c?t?.?e?x?e??????????????????? ??????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-09-02 08:51:11
ComboFix-quarantined-files.txt 2010-09-02 15:51
ComboFix2.txt 2010-09-02 03:18
ComboFix3.txt 2010-08-28 17:30
Pre-Run: 72,955,527,168 bytes free
Post-Run: 72,936,853,504 bytes free
- - End Of File - - 7F604B459444F2723C6C2663DE4D139D
Upload was successful
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
02-Sep-2010, 08:06 PM #9
Hi

No problem

One more scan just to make sure we got everything.

Kaspersky Online Scan
Please make sure that all programs are closed when installing Java.
  • Click here to visit Java's website
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select Windows from the drop-down list for Platform
  • Select Multi-language from the drop-down list for Language
  • Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue
  • Click on jre-6u21-windows-i586.exe link to download it and save this to a convenient location
  • Double click on jre-6u21-windows-i586.exe to install Java
  • After the Java installation has finished, go to Kaspersky website and perform an online antivirus scan
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply
Pictured tutorial if required.
This scan will take quite some time to update & scan, so be patient with it.
__________________
Teacher, Malware Removal University - You too could train to help others
Member - UNITE, Alliance of Security Analysis Professionals
Topics not replied to within 3 days will be removed from my Subscribed Threads List
JudeG's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Aug 2010
Experience: Intermediate
04-Sep-2010, 12:17 PM #10
Hi! jmw3, finally! the scan took forever. Anyway, No threats was found. Below is the Kaspersky Log. Thanks you for all you time and effort.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, September 4, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 03, 2010 01:40:56
Records in database: 4182513
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics:
Objects scanned: 156397
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 31:45:54
No threats found. Scanned area is clean.
Selected area has been scanned.
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
04-Sep-2010, 11:21 PM #11
WOW!! I've seen that scan take a while, but 31 hours, that's a record. Doesn't surprise me though with all those drives attached. That's a lot of data to scan.

OK, I think your good to go.
Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
Remove ComboFix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run then copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
OTC
Download OTC by Old Timer here & save it to your desktop.
Double click on OTC.exe. Click on CleanUp!.
You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
You can delete the following from your desktop:
TFC.exe
The Gmer.exe file (it will be randomly named .exe file)
Any logs that may have been saved to your desktop
If you haven't already done so, open Malwarebytes' Anti-Malware, click Quarantine then Delete All. Close the program.
You should also remove HijackThis. You can do this by going to C:\Program Files\Trend Micro\HijackThis
  • Double click HijackThis.exe
  • From the Main menu click Open the Misc Tools section
  • Using the scroll bar, scroll down to Uninstall HijackThis
  • Click Uninstall HijackThis & exit then click Yes at the prompt

All Clean
Now that your system is safe we would like you to keep it that way.
Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Create a Clean System Restore Point
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and click OK
Ensure the boxes for Temporary Files & Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore click Clean up... and click Yes to the prompt
Click OK and Yes to confirm.

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

SpywareBlaster
Download and install Javacools SpywareBlaster from here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Web of Trust
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and Internet Explorer.

Install WinPatrol
Download it here
You can find information about how WinPatrol works here

Read some information here on how to prevent Malware.

Hopefully these steps will help keep your computer clean.
__________________
Teacher, Malware Removal University - You too could train to help others
Member - UNITE, Alliance of Security Analysis Professionals
Topics not replied to within 3 days will be removed from my Subscribed Threads List
JudeG's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Aug 2010
Experience: Intermediate
05-Sep-2010, 04:55 PM #12
Hi! jmw3, Thank you sooooo Muchhhhh! for your expertise, time and effort. This organization is soooo great for people like me. It is so nice to know that there are still good people like you guys, ready to help people in desperate situations. I'm really so glad that I came across Tech Support Guy Forum, otherwise, I would have junked my PC.
Btw, One more concern/Question, I have a laptop that I use that is networked with this Desktop PC that i share files/folders and printer, however, after clean up I cannot access my files or folders now. I don't know if I should make network again from the scratch or is there a way to fix or do it easily to be able to access my Desktop PC with my Laptop again. Thanks soooo Muuuuch! - JudeG
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
06-Sep-2010, 07:59 AM #13
Hi

Apologies for the late reply. When you say no network access after the clean up, at what point after the clean up did this occur? Was the network OK while we were doing the actual cleaning?
JudeG's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Aug 2010
Experience: Intermediate
06-Sep-2010, 02:14 PM #14
Hi! jmw3, everything is oK now. it was just a change in the sharing switch for folders. my desktop computer is working fine now, thanks to you. I really appreciate all the time and effort you have put into this in helping me. thanks also for the people that had put up this org to help out people like me. Good karma to you, jmw3.
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
06-Sep-2010, 07:51 PM #15
No problem at all.... Glad I could help

Good Luck & Surf Safe
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
I think my computer is infected with something. toxinsnake General Security 1 02-Oct-2009 11:51 PM
Your computer is infected! (white x in red box) deafleopard Virus & Other Malware Removal 10 11-Nov-2008 01:34 PM
Solved: &quot;Your Computer is Infected&quot; virus aprilandmichael Virus & Other Malware Removal 1 09-May-2008 06:03 PM
Solved: I think my computer is infected with a virus k_black Virus & Other Malware Removal 13 14-Jan-2008 11:20 PM
Help! I think my computer is infected! staticpallor Virus & Other Malware Removal 7 17-Nov-2004 11:38 PM


Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 02:28 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.