computer infected : NEED HELPP !!!

[juelzgurl24]

Hi.

I keep getting these pop ups saying Windows Security Alert , application cannot be executed. The file (filename.exe) is infected. Do you want to activate your antivirus software now?

Infiltration alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan - dropper or similar.

details
attack from: 93.8.43.27, port 64063
attack port: 46704
threat: Win32/Nuqel.E

do you want block this attack?

It wont let me open anything at all except for the internet and some different folders.

I hope someone can help me 

[Allan]

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[juelzgurl24]

Im trying to follow these steps, I have download most of them, but my computer will not let me install or run any of them.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator
 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.
 
Now download and Run exeHelper.

Please download exeHelper from Raktor to your desktop.

• Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.
  
  Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
  *************************************
  SUPERAntiSpyware
  
  If you already have SUPERAntiSpyware be sure to check for updates before scanning!
  
  Download SuperAntispyware Free Edition (SAS)
  * Double-click the icon on your desktop to run the installer.
  * When asked to Update the program definitions, click Yes
  * If you encounter any problems while downloading the updates, manually download and unzip them from here
  * Next click the Preferences button.
  
  •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
  * Click the Scanning Control tab.
  * Under Scanner Options make sure only the following are checked:
  
  •Close browsers before scanning
  •Scan for tracking cookies
  •Terminate memory threats before quarantining
  •Please leave the others unchecked
  
  •Click the Close button to leave the control center screen.
  
  * On the main screen click Scan your computer
  * On the left check the box for the drive you are scanning.
  * On the right choose Perform Complete Scan
  * Click Next to start the scan. Please be patient while it scans your computer.
  * After the scan is complete a summary box will appear. Click OK
  * Make sure everything in the white box has a check next to it, then click Next
  * It will quarantine what it found and if it asks if you want to reboot, click Yes
  
  •To retrieve the removal information please do the following:
  •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
  •Click Preferences. Click the Statistics/Logs tab.
  
  •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  
  •It will open in your default text editor (preferably Notepad).
  •Save the notepad file to your desktop by clicking (in notepad) File > Save As...
  
  * Save the log somewhere you can easily find it. (normally the desktop)
  * Click close and close again to exit the program.
  *Copy and Paste the log in your post.
  ************************************
  Please download Malwarebytes Anti-Malware from here.
  
  Double Click mbam-setup.exe to install the application.
  
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
    
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
    
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
  Extra Note:
  
  If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  

[juelzgurl24]

The pop ups stopped so i was able to run everything ... here are the logs ...
_______

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/23/2010 at 03:07 AM

Application Version : 4.44.1000

Core Rules Database Version : 5610
Trace Rules Database Version: 3550

Scan type       : Complete Scan
Total Scan Time : 03:29:56

Memory items scanned      : 803
Memory threats detected   : 0
Registry items scanned    : 9248
Registry threats detected : 0
File items scanned        : 180089
File threats detected     : 3

Adware.Unknown Origin
   C:\PROGRAM FILES\HEWLETT-PACKARD\HP ADVISOR\COMPSHOP\TEMPLATES\AD.HTML

Adware.180solutions/Seekmo/Zango
   C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\PROGRAM FILES\HOTBAR\BIN\11.0.78.0\LAUNCHHELP.DLL

Adware.HotBar/ShopperReports (Low Risk)
   C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\USERS\HP USER\APPDATA\LOCAL\TEMP\SHOPPINGREPORT.DLL



__________

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

10/25/2010 5:25:45 PM
mbam-log-2010-10-25 (17-25-45).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 289399
Time elapsed: 2 hour(s), 22 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\HotbarSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\HotbarSADF.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\HotbarSAHook.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\HotbarUninstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\Srv.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\Toolbar.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\Weather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\WeSkin.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\firefox\extensions\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\HP User\Downloads\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

[SuperDave]

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[juelzgurl24]

i downloaded and ran combofix and it went through all the steps just fine until it got to the last thing .... it said something like combofix finished , please wait while it produces a log. and it stayed on that screen all night last night and half of today, until i restarted it.

[SuperDave]

Try going to your C: drive and look for folder called commy. You should find a log there. It will be a .txt document. If you can't find the log, please try running it again.

[juelzgurl24]

i found it ...
________

ComboFix 10-10-26.01 - HP User 10/27/2010  20:09:01.2.2 - x86
Running from: C:\Users\HP User\Desktop\Downloads\commy.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free Edition 2011 *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Mozilla Firefox\components\npclntax.xpt
C:\Users\HP User\AppData\Local\syssvc.exe

.
(((((((((((((((((((((((((   Files Created from 2010-09-28 to 2010-10-28  )))))))))))))))))))))))))))))))
.

2010-10-28 00:21:27 . 2010-10-28 00:21:27   --------   d-----w-   C:\Users\Default\AppData\Local\temp
2010-10-23 15:56:51 . 2010-10-23 15:56:51   --------   d-----w-   C:\$AVG
2010-10-23 02:58:58 . 2010-10-23 02:58:58   --------   d-----w-   C:\Users\HP User\AppData\Roaming\SUPERAntiSpyware.com
2010-10-23 02:58:58 . 2010-10-23 02:58:58   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2010-10-23 02:58:10 . 2010-10-23 02:59:14   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2010-10-22 22:52:59 . 2010-10-22 22:52:59   --------   d-----w-   C:\Users\HP User\AppData\Local\AVG Security Toolbar
2010-10-22 22:48:01 . 2010-10-22 22:48:01   --------   d-----w-   C:\Users\HP User\AppData\Roaming\AVG10
2010-10-22 22:41:12 . 2010-10-22 22:41:12   --------   d--h--w-   C:\ProgramData\Common Files
2010-10-22 22:40:37 . 2010-10-22 22:40:40   --------   d-----w-   C:\ProgramData\AVG Security Toolbar
2010-10-22 22:34:31 . 2010-10-24 17:21:13   --------   d-----w-   C:\Windows\system32\drivers\AVG
2010-10-22 22:34:31 . 2010-10-22 22:43:34   --------   d-----w-   C:\ProgramData\AVG10
2010-10-22 22:31:09 . 2010-10-22 22:31:09   --------   d-----w-   C:\Program Files\AVG
2010-10-20 04:22:46 . 2010-10-20 04:23:07   --------   d-----w-   C:\Program Files\CCleaner
2010-10-19 01:14:25 . 2010-10-19 01:14:25   --------   d-----w-   C:\ProgramData\Alwil Software
2010-10-19 01:14:25 . 2010-10-19 01:14:25   --------   d-----w-   C:\Program Files\Alwil Software
2010-10-18 18:35:59 . 2010-10-22 22:18:17   --------   d-----w-   C:\ProgramData\MFAData
2010-10-17 05:01:06 . 2010-10-17 05:01:06   --------   d-----w-   C:\Users\HP User\AppData\Roaming\Malwarebytes
2010-10-17 04:08:54 . 2010-04-29 19:39:38   38224   ----a-w-   C:\Windows\system32\drivers\mbamswissarmy.sys
2010-10-17 04:08:53 . 2010-10-17 04:08:53   --------   d-----w-   C:\ProgramData\Malwarebytes
2010-10-17 04:08:52 . 2010-10-17 05:00:23   --------   d-----w-   C:\Program Files\Malwarebytes' Anti-Malware
2010-10-17 04:08:52 . 2010-04-29 19:39:26   20952   ----a-w-   C:\Windows\system32\drivers\mbam.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41:44 . 2010-02-12 03:23:00   222080   ------w-   C:\Windows\system32\MpSigStub.exe
2010-09-13 20:27:40 . 2010-09-13 20:27:40   25680   ----a-w-   C:\Windows\system32\drivers\AVGIDSEH.sys
2010-09-07 07:49:00 . 2010-09-07 07:49:00   298448   ----a-w-   C:\Windows\system32\drivers\avgtdix.sys
2010-09-07 07:48:56 . 2010-09-07 07:48:56   34384   ----a-w-   C:\Windows\system32\drivers\avgmfx86.sys
2010-09-07 07:48:54 . 2010-09-07 07:48:54   249424   ----a-w-   C:\Windows\system32\drivers\avgldx86.sys
2010-09-07 07:48:50 . 2010-09-07 07:48:50   26064   ----a-w-   C:\Windows\system32\drivers\avgrkx86.sys
2010-09-02 02:43:59 . 2010-09-02 01:22:19   155487976   ----a-w-   C:\Users\HP User\HP-QuickPlay.exe
2010-08-20 01:42:38 . 2010-08-20 01:42:38   27216   ----a-w-   C:\Windows\system32\drivers\AVGIDSShim.sys
2010-08-20 01:42:38 . 2010-08-20 01:42:38   123472   ----a-w-   C:\Windows\system32\drivers\AVGIDSDriver.sys
2010-08-20 01:42:36 . 2010-08-20 01:42:36   30288   ----a-w-   C:\Windows\system32\drivers\AVGIDSFilter.sys
.

[SuperDave]

That was it. Unfortunately, the log is not complete. Please run ComboFix again and see we can get a full log.

[juelzgurl24]

okay ... i think this is the full one now ...

________


ComboFix 10-10-26.01 - HP User 10/31/2010   2:06.3.2 - x86
Running from: c:\users\HP User\Desktop\Downloads\commy.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free Edition 2011 *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Files Created from 2010-09-28 to 2010-10-31  )))))))))))))))))))))))))))))))
.

2010-10-31 06:17 . 2010-10-31 06:17   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-10-30 04:55 . 2008-04-17 16:12   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2010-10-30 04:55 . 2009-05-18 17:17   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-30 04:53 . 2010-10-30 04:53   --------   d-----w-   c:\program files\iPod
2010-10-30 04:53 . 2010-10-30 04:55   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-30 04:53 . 2010-10-30 04:55   --------   d-----w-   c:\program files\iTunes
2010-10-30 04:42 . 2010-10-30 04:42   --------   d-----w-   c:\program files\Apple Software Update
2010-10-30 04:35 . 2010-10-30 04:35   --------   d-----w-   c:\program files\Bonjour
2010-10-27 02:40 . 2010-10-07 23:21   6146896   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{873E7F01-48DC-4950-895C-9ADCCE1D90FE}\mpengine.dll
2010-10-23 15:56 . 2010-10-23 15:56   --------   d-----w-   C:\$AVG
2010-10-23 02:58 . 2010-10-23 02:58   --------   d-----w-   c:\users\HP User\AppData\Roaming\SUPERAntiSpyware.com
2010-10-23 02:58 . 2010-10-23 02:58   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-10-23 02:58 . 2010-10-23 02:59   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-10-22 22:52 . 2010-10-22 22:52   --------   d-----w-   c:\users\HP User\AppData\Local\AVG Security Toolbar
2010-10-22 22:48 . 2010-10-22 22:48   --------   d-----w-   c:\users\HP User\AppData\Roaming\AVG10
2010-10-22 22:41 . 2010-10-22 22:41   --------   d--h--w-   c:\programdata\Common Files
2010-10-22 22:40 . 2010-10-22 22:40   --------   d-----w-   c:\programdata\AVG Security Toolbar
2010-10-22 22:34 . 2010-10-24 17:21   --------   d-----w-   c:\windows\system32\drivers\AVG
2010-10-22 22:34 . 2010-10-22 22:43   --------   d-----w-   c:\programdata\AVG10
2010-10-22 22:31 . 2010-10-22 22:31   --------   d-----w-   c:\program files\AVG
2010-10-20 04:22 . 2010-10-20 04:23   --------   d-----w-   c:\program files\CCleaner
2010-10-19 01:14 . 2010-10-19 01:14   --------   d-----w-   c:\programdata\Alwil Software
2010-10-19 01:14 . 2010-10-19 01:14   --------   d-----w-   c:\program files\Alwil Software
2010-10-18 18:35 . 2010-10-22 22:18   --------   d-----w-   c:\programdata\MFAData
2010-10-17 05:01 . 2010-10-17 05:01   --------   d-----w-   c:\users\HP User\AppData\Roaming\Malwarebytes
2010-10-17 04:08 . 2010-04-29 19:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 04:08 . 2010-10-17 04:08   --------   d-----w-   c:\programdata\Malwarebytes
2010-10-17 04:08 . 2010-10-17 05:00   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-10-17 04:08 . 2010-04-29 19:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2010-02-12 03:23   222080   ------w-   c:\windows\system32\MpSigStub.exe
2010-09-13 20:27 . 2010-09-13 20:27   25680   ----a-w-   c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-08 15:17 . 2010-09-08 15:17   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-09-07 07:49 . 2010-09-07 07:49   298448   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-09-07 07:48 . 2010-09-07 07:48   34384   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 07:48 . 2010-09-07 07:48   249424   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-09-07 07:48 . 2010-09-07 07:48   26064   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
2010-09-02 02:43 . 2010-09-02 01:22   155487976   ----a-w-   c:\users\HP User\HP-QuickPlay.exe
2010-08-20 01:42 . 2010-08-20 01:42   27216   ----a-w-   c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-20 01:42 . 2010-08-20 01:42   123472   ----a-w-   c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-20 01:42 . 2010-08-20 01:42   30288   ----a-w-   c:\windows\system32\drivers\AVGIDSFilter.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{442AE524-EBA5-4b17-82F3-888D68BC999A}]
2009-11-24 19:27   252416   ----a-w-   c:\program files\oovootb\auxi\oovooAu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-11-24 21:35   87512   ----a-w-   c:\program files\oovootb\oovoodx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-10-06 15:31   2475336   ----a-w-   c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\oovoodx.dll" [2009-11-24 87512]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-01-12 1232896]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"CyberDefender Registry Cleaner"="c:\program files\cyberdefender\registry cleaner\Startcdrc.exe" [2009-05-14 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-07-25 1006264]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-08 159744]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-19 8462336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-19 81920]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-06-13 554552]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-16 71176]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-13 180269]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware2\mbam.exe" [2010-04-29 1090952]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\HP User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-7-25 53248]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-06 517448]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-09-03 6104144]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-20 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-20 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-20 27216]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
getPlusHelper   REG_MULTI_SZ      getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23   452136   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 01:14]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 01:14]

2010-10-28 c:\windows\Tasks\HPCeeScheduleForHP User.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-07-25 19:36]

2010-10-31 c:\windows\Tasks\User_Feed_Synchronization-{A313BD6C-8C90-4A06-BE7D-B43556B0857D}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mystart.com?pr=oovoo2_0
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\HP User\AppData\Roaming\Mozilla\Firefox\Profiles\5p7aor47.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\HP User\AppData\Roaming\Mozilla\Firefox\Profiles\5p7aor47.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\dtTransparency.dll
FF - component: c:\users\HP User\AppData\Roaming\Mozilla\Firefox\Profiles\5p7aor47.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\dtTransparency3.5.dll
FF - component: c:\users\HP User\AppData\Roaming\Mozilla\Firefox\Profiles\5p7aor47.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\dtTransparency3.6.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\HP User\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\HP User\AppData\Roaming\Mozilla\Firefox\Profiles\5p7aor47.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

BHO-{99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)
HKLM-Run-CyberDefender Registry Cleaner - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-31 02:18
Windows 6.0.6000  NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


c:\users\HPUSER~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-31  02:25:46
ComboFix-quarantined-files.txt  2010-10-31 06:25

Pre-Run: 79,486,631,936 bytes free
Post-Run: 79,456,133,120 bytes free

- - End Of File - - 5F37EEEF5BC7DAB1CA71A2004FE97177

[SuperDave]

How is your computer running now?

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
cyberdefender\registry cleaner
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
**************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
**************************************
Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  DDS::
  uInternet Settings,ProxyServer = http=127.0.0.1:29775
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• I do not need to see the log from this script.
  

***************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[juelzgurl24]

it's running much better

here's the log from the security check

do you need to see the log from the ESET Online Scanner ?

_______________________________________ _____
 

Results of screen317's Security Check version 0.99.6 
 Windows Vista  (UAC is enabled)
 Out of date service pack!![/b]
 Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 AVG 2011     
 Antivirus out of date! 
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 CCleaner     
 Java(TM) 6 Update 11 
 Java(TM) SE Runtime Environment 6
 Out of date Java installed!
 Adobe Flash Player 10.0.42.34 
Adobe Reader 8
Out of date Adobe Reader installed!
 Mozilla Firefox (3.0.19) Firefox Out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 AVG avgwdsvc.exe
 AVG avgtray.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

[SuperDave]

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
***************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************

The scan show that your AV program is out-of-date. Could you please update it. And, I will need to see the ESET log.

[blogbuilder]

Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.

[Allan]

You can obviously ignore the above post.

[juelzgurl24]

This is the log from ESETscan ...

I updated my java , and removed the old versions... but i was unable to download the newest version of Adobe Reader .

____________________________

C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\CoreSrv.dll   Win32/Adware.HotBar.E application   cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\HostIE.dll   Win32/Adware.HotBar.E application   cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\HostOL.dll   Win32/Adware.HotBar.E application   cleaned by deleting - quarantined
C:\Users\HP User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-51cdfff9   Java/TrojanDownloader.Agent.NBK trojan   deleted - quarantined
C:\Users\HP User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\475ee9f-2a566eb7   multiple threats   deleted - quarantined
C:\Users\HP User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\3c071b2a-51ca90db   multiple threats   deleted - quarantined
C:\Users\HP User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-4fb5b306   Java/TrojanDownloader.Agent.NBL trojan   deleted - quarantined
C:\Users\HP User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\42441975-57cca50e   Java/TrojanDownloader.Agent.NBM trojan   deleted - quarantined
C:\Users\HP User\Documents\LimeWire\Incomplete\T-5905209-incomplete jyshoun original studio version.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\3lw - ocean.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\about time cassie.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\be next to ya kryss ivory.mp3   WMA/TrojanDownloader.GetCodec.C trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\belly no banga.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\cassie about time.wma   WMA/TrojanDownloader.Wimad.N trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\Come with me - Sammie.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\Day 26 Favorite Girl.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\envy nicki minaj.wma   probably a variant of Win32/TrojanDownloader.Agent.IIYTTCE trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\feel like *censored* plies.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\frankee im leaving.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\incomplete jyshoun [club mix].mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\inessa mad in love with you - greatest hits.wma   WMA/TrojanDownloader.Wimad.N trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\inessa mad in love with you.mp3   WMA/TrojanDownloader.GetCodec.C trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\Isley Brothers feat Ronald Isley aka Mr Biggs - Contagious.mp3   WMA/TrojanDownloader.GetCodec.C trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\karina pasian the love we got - greatest hits.wma   WMA/TrojanDownloader.Wimad.N trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\karina pasian the love we got.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\Keyshia Cole - A Different Me - 04 - *censored*.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\kryss ivory next to ya (256k 44800).mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\kryss ivory next to ya.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\let go megan rochell.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\lil wayne colorful clothes [cd rip].mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\lol smiley face - ttrey songz new single.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\mad in love with you.mp3   WMA/TrojanDownloader.GetCodec.C trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\make a movie plies.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\mario - directions.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\mary j. blige- missing you.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\memories trina.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\next to ya kryss ivory.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\niki minaj click clack.wma   WMA/TrojanDownloader.Wimad.N trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\questions blaque original studio version.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\questions brandi willams [new album].au   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\street love plies.mp3   WMA/TrojanDownloader.GetCodec.C trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\that aint love myxx - high quality.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\that aint love myxx.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\tlc - greatest hits.wma   WMA/TrojanDownloader.Wimad.N trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\trina Patch.zip   Win32/Delf.NWU trojan   deleted - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\usher - simple things.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined

[juelzgurl24]

I was able to download the new version of Adobe Reader.

[SuperDave]

As you can see most of your infections came from downloading with Limewire. I hope that you uninstalled it from your computer.

How's your computer working now?

[juelzgurl24]

yes i did see that ... and i did uninstall it a long while ago ...

it's running fine now ... the internet is freezing up a little bit ... do you think it would help to update my browser ?

[SuperDave]

do you think it would help to update my browser

Any program that is out-of-date is susceptible to infections. Let's do some cleanup.

* Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box.
* Now type commy /uninstall in the runbox
* Make sure there's a space between commy and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
********************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
****************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[StelaR]

Edited.