antispyware soft sorry to add this issue again

Hi there i am really sorry to bother anyone but i have this annoying virus thing on my computer which is really bugging me. I Have read all the options for the removal of this and downloaded the malwarebyte's Anti-Malware program, but the bloody virus thing is stopping me open the program and letting me run the anti-malware program. i also saw on the last link about this from your site to down load rkill i think its called but now i am very lost and really could do with someones help!! i am running windows vista home premium on a sony vaio!!

i have backed up all my documents onto disk and brought nortan anti virus but i can not open any programs or task manager


thanks for your help

i should be back on here GeekPolice website time: 8:30am saturday 24th april as im am in australia and have to go to work thanks again

liam

Hi banana_man14 And Welcome to GeekPolice!

Or should I say G'day.... I have a very good friend he lives in Australia.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

To download DDS:

Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  
  
  • DDS.scr
    
  • DDS.pif
    
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explanation about the tool.
  
• When done, DDS will open two (2) logs
  1. DDS.txt
  2. Attach.txt
  
• Save both reports to your desktop.
  
• The instructions here ask you to attach the Attach.txt.
  
  
  
• Instead of attaching, please copy/past both logs into your Thread
  
  
• Close the program window, and delete the program from your desktop.
  

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

hi there

it will not let me open the DDs.scr. i have saved it to my desktop by moving it from my downloaded files but it pops up saying that windows secrity says it is infected and wont open it!!??!!
all that comes up is a box and a black background then closes it self

also my computer will not let me turn off my windows defender or firewall not sure if this is to do with the virus or not?

Use rkill before you run Combofix. I know you ran it before.


If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

1. WiNlOgOn.exe
   
2. uSeRiNiT.exe
   

Once you've gotten one of them to run then try to immediately run the following:


Please download ComboFix from
Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   
   
   • Tools->Options->Main tab
     
   • Set to Always ask me where to Save the files.
     

During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.

Please do not rename Combofix to other names, but only to the one indicated.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------

• Close any open browsers.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  

-----------------------------------------------------------

Double click on combo-Fix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

i am having real problems turning off my windows defender as the virus will not let me open it to turn it off do you know of any long winded way of turning it off?

sorry to put you through all this

Hi

I posted a link for this:

http://www.bleepingcomputer.com/forums/topic114351.html

WINDOWS DEFENDER
•Click Start > Programs > Windows Defender or launch from the system tray icon.
•Click on Tools & Settings > Options.
•Under Real-time protection options, uncheck the "Real-time protection" check box.
•Click Save.
•Go to Start > Control Panel > Security > Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.
•(When we are done, you can re-enable Defender using the same steps but this time place a check next to "Turn on real-time protection" check box.)

when i tryed this it opens windows defender for 2 seconds then shuts down and again and says that it is infected, and wont let me get to the settings part or launch windows defender.

not sure if it helps but i have been able to get to the properties of windows defender

thanks

p.s i was just wondering can i delete the contaianing folder/file location? will that turn it off as it would have been deleted then i can upload it again from microsoft after all this is gone?

Last edited by banana_man14 on 24th April 2010, 4:57 pm; edited 1 time in total (Reason for editing : forgot to add the deleting part)

You need to download Combofix and run this program as instructed. Are you saying windows defender is blocking Combofix?

it is not lettin me download combofix, i dont think windows defender is stopping that but it is stopping all the other programs you have asked me to download

. i clicked save to desktop and re-named it but now is sayin that the link doesnt work and that it has failed to download it!

it is saying that the the source file could not be read, when i try and download combofix.

*****************

i have now tryed the other site and downloaded it all the way to the end it then told me that i could not change the folder i.e the name

i clicked save to desktop and re-named it but now is sayin that the link doesnt work and that it has failed to download it!

You need to rename Combofix to Combo-Fix.
during the download, but not after you download it to your Desktop.

Remove Combofix from your Desktop. And download it again as in my instructions please.

By the way, do you have access to another PC?

no sorry no access to another PC

sorry i'll try get it right this time

i changed the name DURING the download and this is what it told me when it got to the end of the download

C:\Users\Jess\Desktop\ComboFix.exe could not be saved, because you cannot change the contents of that folder.

Change the folder properties and try again, or try saving in a different location.


***************

when i try and open the Combo-fix on my desktop it says it is not a valid Win.32 application

go to Start ---> Run ---> Type

"%userprofile%\desktop\ComboFix.exe" /killall followed by enter.

If you still cannot get this to run, try booting into Safe Mode, and run it there.

To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode."
And be sure to save the log and post it here

hey kenny sorry about all this im not the best on computer stuff as you can see lol

any way i got WinLogon.exe to work and also got the malware to work do you want to see the log of them both or just the one????

o and i have restarted the computer as malwarebytes wanted me too!! the pop ups and little icon in the corner have gone as well

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Jess on 24/04/2010 at 20:00:14.


Processes terminated by Rkill or while it was running:


C:\Users\Jess\AppData\Local\ffvutrpos\mumxhgutssd.exe
C:\Users\Jess\AppData\Local\asam.exe
C:\Windows\System32\regsvr32.exe
C:\Users\Jess\Desktop\WiNlOgOn.exe


Rkill completed on 24/04/2010 at 20:00:22.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

24/04/2010 19:41:37
mbam-log-2010-04-24 (19-41-37).txt

Scan type: Quick scan
Objects scanned: 105927
Time elapsed: 12 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\LEO0WTUNO7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\J8RPLTROBQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jess\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Users\Jess\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Please post both logs..... And Nice Job!

Delete ComboFix off your Desktop. Lets try it again. And take your time....


Please download ComboFix from
Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   
   
   • Tools->Options->Main tab
     
   • Set to Always ask me where to Save the files.
     

During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.

Please do not rename Combofix to other names, but only to the one indicated.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------

• Close any open browsers.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  

-----------------------------------------------------------

Double click on combo-Fix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

i have tryed a few times to download the combofix and taken time over it, but at the end of the download this message appers :

C:\Users\Jess\Downloads\ComboFix.exe could not be saved, because you cannot change the contents of that folder.

Change the folder properties and try again, or try saving in a different location.


when click on your link to download combofix i have noticed that it says:

Which is a:BINARY FILE

not

Which is a:APPLICATION.

would this matter to the download at all :sad:

combofix is giving you a hard time I know. DDS Should download now:

Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  
  
  • DDS.scr
    
  • DDS.pif
    
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explanation about the tool.
  
• When done, DDS will open two (2) logs
  1. DDS.txt
  2. Attach.txt
  
• Save both reports to your desktop.
  
• The instructions here ask you to attach the Attach.txt.
  
  
  
• Instead of attaching, please copy/past both logs into your Thread
  
  
• Close the program window, and delete the program from your desktop.
  

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by Jess at 17:23:21.75 on 25/04/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3068.1519 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\SupportAppXL\AutoDect.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jess\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.club-vaio.com
mDefault_Page_URL = hxxp://www.club-vaio.com
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: []
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
mRun: [autodetect] c:\windows\system32\supportappxl\AutoDect.exe
mRun: [Skytel] Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SymLnch] "c:\program files\common files\symantec shared\symsetup\{2d617065-1c52-4240-b5bc-c0ae12157777}_2_2_0_2\support\symlnch\symlnch.exe" "c:\progra~1\common~1\symant~1\symsetup\{2d617~1\Setup.exe" " /X"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jess\appdata\roaming\mozilla\firefox\profiles\r1tzwlqt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jess\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-8-25 201320]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-23 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-23 125160]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-8-25 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-8-25 35240]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-8-11 9344]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-8-11 29736]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-9 54632]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-9-10 13224]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-10 7168]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-25 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-25 40488]

=============== Created Last 30 ================

2010-04-24 08:29:17 0 d-----w- c:\users\jess\appdata\roaming\Malwarebytes
2010-04-24 08:29:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-24 08:29:05 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 08:29:05 0 d-----w- c:\programdata\Malwarebytes
2010-04-24 08:29:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-24 08:13:45 0 d-----w- c:\program files\NortonInstaller
2010-04-23 05:03:27 0 d-----w- c:\programdata\PCSettings
2010-04-23 05:02:53 0 d-----w- c:\programdata\Norton
2010-04-23 04:51:24 0 d-----w- c:\programdata\NortonInstaller
2010-04-15 06:40:31 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 06:40:31 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 06:40:31 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 06:40:25 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 06:40:24 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 06:40:21 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 06:40:01 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-15 06:40:01 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-15 06:39:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 06:39:55 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 06:39:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 06:36:09 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-15 06:35:54 98304 ----a-w- c:\windows\system32\cabview.dll
2010-03-31 15:26:54 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-31 15:26:48 78336 ----a-w- c:\windows\system32\ieencode.dll

==================== Find3M ====================

2010-04-23 05:06:50 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-23 05:06:50 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-23 05:06:50 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-24 09:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-25 13:43:23 292 --sha-w- c:\program files\desktop.ini
2009-11-17 03:24:45 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:25:53.16 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows Vista Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 30/12/2008 20:39:20
System Uptime: 25/04/2010 17:22:00 (0 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | N/A | 800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 105.734 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================


7-Zip 4.65
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 8 Standard - English, Français, Deutsch
Adobe Acrobat 8.1.4 Standard
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 2
ATI Catalyst Install Manager
AutoUpdate
Bonjour
Browser Address Error Redirector
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Click to Disc
Click to Disc Editor
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Converter
DivX Player
Dolby Control Center
Facebook Plug-In
GearDrvs
Google Desktop
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 1.65
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 6
Junk Mail filter update
LimeWire 5.4.6
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
McAfee SecurityCenter
MediaBar
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.9)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
OGA Notifier 2.0.0048.0
OpenMG Secure Module 5.1.00
Picasa 2
Primo
QuickTime
Rapport
RarZilla Free Unrar
Realtek High Definition Audio Driver
Roll
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Setting Utility Series
Skins
Skype web features
Skype 4.1
Smart Menus (Windows Live Toolbar)
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Picture Utility
Sony Video Shared Library
SoulSeek Client 156c
Telstra Turbo Connection Manager
The Sims 2
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Service
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Edit Components 6.4
VAIO Entertainment Platform
VAIO Event Service
VAIO Guide 
VAIO Launcher
VAIO Marketing Tools
VAIO Media plus
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Original Function Setting
VAIO Power Management
VAIO Presentation Support
VAIO Smart Network
VAIO Update 5
VAIO Wallpaper Contents
VideoLAN VLC media player 0.8.6d
WIDCOMM Bluetooth Software 6.2.0.4100
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinDVD BD for VAIO

==== End Of File ===========================

Note: You should remove LimeWire. P2P (peer-to-peer) using P2P software is very risky, because it makes you very susceptible to infection, attack, exposure of personal or company information. But this is up to you to remove LimeWire and MediaBar. That why you are here with infections.

Please remove these entries from Add/Remove Programs in the Control Panel

LimeWire 5.4.6
MediaBar

I don't use superantispyware a lot with users, but with bearshare.... it does well with bearshare and their bad friends that I see in your log.

TFC(Temp File Cleaner

Generally tools like TFC are created to assist us with malware removal by removing a lot of junk files, so our security tools will have less to scan, thus speed things up. It may also help to remove some types of malware which may be lurking in temp/user account folders.


TFC(Temp File Cleaner):

• Please download TFC to your desktop,
  
• Save any unsaved work. TFC will close all open application windows.
  
• Double-click TFC.exe to run the program.
  
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Next

Please download SUPERAntiSpyware Home Edition (free version)

• Install it and double-click the icon on your desktop to run it.
  
• It will ask if you want to update the program definitions, click Yes.
  
• Under Configuration and Preferences, click the Preferences button.
  
• Click the Scanning Control tab.
  
• Under Scanner Options make sure the following are checked:
  
  
  • Close browsers before scanning
    
  • Scan for tracking cookies
    
  • Terminate memory threats before quarantining.
    
  • Please leave the others unchecked.
    
  • Click the Close button to leave the control center screen.
    
  
  
• On the main screen, under Scan for Harmful Software click Scan your computer.
  
• On the left check C:\Fixed Drive.
  
• On the right, under Complete Scan, choose Perform Complete Scan.
  
• Click Next to start the scan. Please be patient while it scans your computer.
  
• After the scan is complete a summary box will appear. Click OK.
  
• Make sure everything in the white box has a check next to it, then click Next.
  
• It will quarantine what it found and if it asks if you want to reboot, click Yes.
  
• To retrieve the removal information for me please do the following:
  
  
  • After reboot, double-click the SUPERAntispyware icon on your desktop.
    
  • Click Preferences. Click the Statistics/Logs tab.
    
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    
  • It will open in your default text editor (such as Notepad/Wordpad).
    
  • Please highlight everything in the notepad, then right-click and choose copy.
    
  
  
• Click close and close again to exit the program.
  
• Save the log information. And paste this info.....
  

i really wnat to get rid of bearshare as well. the only thing that i can find to do with bear share is when i search for something using trhe part where you type websites on firefox.
i have also deleted mediabar, which i didnt even know i had. but my girlfriend would like to keep limewire......women hahaha Joking


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/26/2010 at 08:04 AM

Application Version : 4.35.1002

Core Rules Database Version : 4744
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 03:07:46

Memory items scanned : 868
Memory threats detected : 0
Registry items scanned : 7965
Registry threats detected : 0
File items scanned : 148692
File threats detected : 18

Adware.Tracking Cookie
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\jess@bs.serving-sys[1].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\jess@serving-sys[2].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\jess@msnportal.112.2o7[1].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\jess@ads.gamersmedia[2].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\jess@mmedia.t134[1].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\jess@atdmt[1].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\jess@247realmedia[1].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\jess@doubleclick[2].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\jess@ad.yieldmanager[2].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\jess@questionmarket[1].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\jess@pointroll[2].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\jess@ads.pointroll[2].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\jess@advertising[1].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\Low\jess@ads.basrv[2].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\Low\jess@adtech[1].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\Low\jess@atdmt[2].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\Low\jess@doubleclick[1].txt
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\Low\jess@naked[2].txt

Smile we are getting closer. Good job you done there banana_man14.......


As for Mozilla Firefox:

1.From the Tools menu, select Clear Recent History.

2.From the Time range to clear: drop-down menu, select the desired range; to clear your entire cache, select Everything.

3.Click the down arrow next to "Details" to choose what history elements to clear. Click Clear Now.

If you need help. Here's a good site at:

http://www.groovypost.com/howto/firefox/clear-firefox-browsing-history-and-private-data/


We need to restore the google reference under the appinit_dlls, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL"

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Next

There are some older versions of Java on your computer. These can be a source of infection.

[
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  
• Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 20 -
  
• Click the Download button to the right.
  
• Select the Windows platform from the dropdown menu.
  
• Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u120 -windows-i586-p.exe to install the newest version.
  

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  
  
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    Applications and Applets
    Trace and Log Files
    
    
    
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    
  • Click OK to leave the Temporary Files Window
    
  • Click OK to leave the Java Control Panel.
    
  
  

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml
When all is well, you should see Java Version: 1.6.0_20 from Sun Microsystems Inc.

Next
I see some left overs from mcafee. Lets use there tool.

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

• Download the removal tool.
  
• Click Save and save the file to any folder on the computer.
  
• Navigate to the folder where the file is saved.
  
• Make sure all McAfee application windows are closed.
  
• Double-click MCPR.exe and the removal tool will start automatically.
  Note: Windows Vista users must right-click and select Run as Administrator.
  
• Once the removal tool is finished, you will be prompted to restart your computer.
  
• Wait for the computer to restart.

And let me know how your PC is doing? Also. when does Norton (your virus program) expire?

pc is running fine now with no fake pop ups for a virus!
what do i do with all the programs i downloaded?
i have just brought the new version of Nortan internet security 2010 as the Nortan 360 has expired, have i done the right thing buying this as i have now read on this website that alot of people think Nortan is rubbish!!!
Basically what im trying to ask is how do i keep my computer safe from malaware etc!
plus do i turn my windows secrity back on. firewall, windows defender etc?

thanks so much for your help. couldnt and wouldnt of done it with out you

Norton Internet security 2010 is good. And you can enable everything now.


Your Computer is Clean


Some final items:

It's a good idea to Flush your System Restore after removing malware and create a new restore point.

For help with Vista visit: http://www.bleepingcomputer.com/tutorials/tutorial143.html
Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  
• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  
• Next press the Apply button and then the OK to exit the Internet Properties page.
  

Additional Security Measures


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Secunia software inspector & update checker

My Blog Malware And Spyware Tips

Also, see here for system improvement: Help! My computer is slow!


It was a pleasure working with you banana_man14

ok i will do all of that!!!

i have tryed to update my windows, and i have a full internet connection but it will not update and my windows internet explorer will not work would this have anything to do with the virus i had? i have tryed everything they say to do on the windows website but had no luck??!!

Thank you very much for your help.
Have a bonza day

It was good working with you too, you have been very helpful.

Hi bonza day

Malware can do some damage...So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

Please visit the links HERE and HERE first to read about this new Microsoft tool!

Then you can download and use: Microsoft Fix it Center Online
Microsoft Fix it Center Client contains troubleshooters that help detect issues on target PCs and solve them on demand or proactively before you even know they exist!
It finds and fixes many common PC and device problems automatically. It also helps prevent new problems by proactively checking for known issues and installing updates. Fix it Center helps to consolidate the many steps of diagnosing and repairing a problem into an automated tool that does the work for you.

Microsoft Fix it Center makes getting support easier than ever, with tools that help solve the issues you have now and prevent new ones.

• Easy to Install and Run: Easy-to-use wizards will guide you through the set-up process and help you anytime you need support.
  
  
• Automated: With automated troubleshooters, Fix it Center helps solve issues with your PC, even if you're not sure what the exact problem is. Fix It Center scans your device to diagnose and repair problems, then gives you the option to "Find and fix" or to "Find and report.
  
  
• Preventive Care: By helping you find and fix issues before they become real problems, Fix it Center helps keep your PC running smoothly and automatically downloading the latest solutions.
  

Let me know after you had run all the troubleshooters on your pc if it corrected your problem.

it is not letting me add microsoft fix it center, i have downloaded it but then this message appers when it starts to load:



not sure if youcan see it but it says

error: No connection could be made because the target machine actively refused it 127.0.0.1:5555.

Also windows MSN said that it could not sign in. I toubleshooted this problem and it can back saying that the proxy server and key ports failed!

let's do the following:

Remove the Proxy setting in Internet Explorer and/or in FireFox.
In Internet Explorer

1.Tools Menu -> Internet Options -> Connections Tab -> Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.


In Firefox

1.Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"

2.Click the apply button and restart that computer in normal mode.

Next

We need to repair some of windows' internal registration settings

Please read through this guide first

1. Please download Dial-A-Fix
   
2. Extract the zip file to your desktop.
   
3. Double click Dial-a-Fix.exe to start the program.
   
4. Press the green double checkmark box (Looks like this: )
   
5. UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
   
   
6. When the window looks like this, press the GO button in the bottom of the window.
   
   
7. Exit/Close Dial-A-Fix
   
8. Reboot your computer and let me know if that helped.
   

i have UNchecked 'use a proxy server for your LAN' in internet options and it has let me view the internet on internet explorer and abled me to download and run microsoft FIX IT.

please could you advise me if i still have to download dial-A-Fix? As my computer seems to be running with no problems now.

If not then, thank you very much for your help, even after the virus had gone!!

Nope no need to use Dial-A-Fix....