WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Spyware Protect 2009 Alert

2 posters

descriptionSpyware Protect 2009 Alert EmptySpyware Protect 2009 Alert9th April 2009, 8:11 pm

more_horiz
I have this on my computer and I have tried everything to get it off. Can someone please help me with this? I am not able to us my interent explorer but I can use my AOL.

Thanks,

descriptionSpyware Protect 2009 Alert EmptyRe: Spyware Protect 2009 Alert9th April 2009, 8:20 pm

more_horiz

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Spyware Protect 2009 Alert DXwU4
Spyware Protect 2009 Alert VvYDg

descriptionSpyware Protect 2009 Alert EmptyRe: Spyware Protect 2009 Alert9th April 2009, 8:33 pm

more_horiz
it is saying my post is to large to post

descriptionSpyware Protect 2009 Alert EmptyRe: Spyware Protect 2009 Alert9th April 2009, 8:33 pm

more_horiz
Split it up, use more than one post if needed.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Spyware Protect 2009 Alert DXwU4
Spyware Protect 2009 Alert VvYDg

descriptionSpyware Protect 2009 Alert EmptyRe: Spyware Protect 2009 Alert9th April 2009, 8:36 pm

more_horiz
DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Administrator at 16:27:00.07 on Thu 04/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.88 [GMT -4:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1237928174\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AOL 9.5\waol.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AOL 9.5\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\EKPE513S\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: InstaFinder_K: {4e7bd74f-2b8d-469e-90f0-f66ab581a933} - c:\progra~1\instaf~1\INSTAF~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [AOL Fast Start] "c:\program files\aol 9.5\AOL.EXE" -b
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; IEMB3; .NET CLR 2.0.50727; IEMB3)
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [SemanticInsight] c:\program files\rxtoolbar\semantic insight\SemanticInsight.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HostManager] c:\program files\common files\aol\1237928174\ee\AOLSoftware.exe
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: doginhispen.com
Trusted Zone: whataboutadog.com
Trusted Zone: trymedia.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Sally's%20Salon/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141184905078
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://72.9.55.135/cab/OCXChecker_8000.cab
DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} - hxxp://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.33.7/ttinst.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Sally's%20Salon/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://p.playfirst.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2009-4-8 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2009-4-8 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2009-4-8 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2009-4-8 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2009-4-8 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2009-4-8 49664]
R2 iWinGamesInstaller;iWinGamesInstaller;c:\program files\iwin games\iWinGamesInstaller.exe [2008-9-9 78104]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2008-12-19 78104]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2008-5-13 69120]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-10-4 167808]

descriptionSpyware Protect 2009 Alert Empty2nd half9th April 2009, 8:37 pm

more_horiz
=============== Created Last 30 ================

2009-04-09 16:14 --d----- c:\program files\Trend Micro
2009-04-09 15:51 --d----- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-04-09 15:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-09 15:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 15:51 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-09 15:51 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-09 15:32 --d----- C:\SpywareRemovalBin
2009-04-09 15:30 --d----- c:\program files\ESpywareRemoval
2009-04-09 15:10 14,336 a------- c:\windows\syssvc.exe
2009-04-09 10:27 -cd-h--- c:\windows\ie8
2009-04-08 17:49 --d-hr-- C:\$VAULT$.AVG
2009-04-08 15:44 --d----- c:\docume~1\hp_adm~1\applic~1\AVG7
2009-04-08 15:43 --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2009-04-08 15:35 --dsh--- c:\documents and settings\hp_administrator\IECompatCache
2009-04-07 13:25 --d----- c:\program files\Westward III
2009-04-06 08:18 --d----- c:\documents and settings\hp_administrator\uspy
2009-03-30 09:10 --d----- c:\docume~1\hp_adm~1\applic~1\Ubisoft
2009-03-30 08:41 --d----- c:\program files\CSI - NY
2009-03-25 17:55 --d----- c:\docume~1\alluse~1\applic~1\Kristanix Games
2009-03-25 13:02 --d----- c:\docume~1\hp_adm~1\applic~1\Anabel
2009-03-25 06:55 --d----- c:\docume~1\alluse~1\applic~1\Intenium
2009-03-24 17:26 61,661 a------- C:\VETlog.dmp
2009-03-24 16:57 33,588 a----r-- c:\windows\system32\drivers\wanatw4.sys
2009-03-24 16:56 --d----- c:\program files\common files\aolshare
2009-03-24 16:56 --d----- c:\program files\AOL 9.5
2009-03-24 15:07 4 a------- c:\windows\msoffice.ini
2009-03-24 14:42 --d----- c:\program files\common files\Software Update Utility
2009-03-23 16:34 --d----- c:\program files\Clueless
2009-03-21 17:12 --d----- c:\docume~1\hp_adm~1\applic~1\Flock
2009-03-21 17:11 --d----- c:\program files\Flock
2009-03-20 08:53 --dsh--- c:\documents and settings\hp_administrator\PrivacIE
2009-03-20 08:49 --dsh--- c:\documents and settings\hp_administrator\IETldCache
2009-03-20 08:38 --d----- c:\windows\ie8updates
2009-03-20 08:29 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-03-16 09:30 --d----- c:\docume~1\hp_adm~1\applic~1\Lost in the City
2009-03-16 08:28 --d----- c:\docume~1\hp_adm~1\applic~1\Boolat Games

==================== Find3M ====================

2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-11 12:25 499,712 a------- c:\windows\system32\msvcp71.dll
2009-02-11 12:25 348,160 a------- c:\windows\system32\msvcr71.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2008-03-20 16:29 0 a------- c:\program files\temp01
2007-12-19 19:09 0 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2006-05-03 23:30 774,144 a------- c:\program files\RngInterstitial.dll

============= FINISH: 16:28:05.51 ===============

descriptionSpyware Protect 2009 Alert EmptyRe: Spyware Protect 2009 Alert9th April 2009, 8:40 pm

more_horiz
Hello.
There is an AWF infection present, but some things need to be uninstalled before doing any rmeoval.

Do you already have Hijack This installed? becuse I see the Trend Micro folder in Program Files? If so, then we can use Hijack This to generate an uninstall list log.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Spyware Protect 2009 Alert DXwU4
Spyware Protect 2009 Alert VvYDg

descriptionSpyware Protect 2009 Alert EmptyRe: Spyware Protect 2009 Alert9th April 2009, 8:44 pm

more_horiz
1000 Solitaire Games
5 Card Slingo Deluxe
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0
Adobe Shockwave Player
Agatha Christie Murder on the Orient Express (remove only)
Agatha Christie Peril at End House (remove only)
Agere Systems PCI-SV92PP Soft Modem
Aloha Solitaire
Aloha TriPeaks
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AVG 7.5
Barbie Cool Looks Fashion Designer
Belkin 54g USB Network Adapter
Belles Beauty Boutique (remove only)
Big Fish Games Client
Cake Mania
CCScore
Cinema Tycoon 2 Movie Mania
Collector's Edition 251
Critical Update for Windows Media Player 11 (KB959772)
Customer Experience Enhancement
Diner Dash Family Style
Direct Show Ogg Vorbis Filter (remove only)
DISCover
Disney's Toontown Online
DivX
DivX Player
DivX Web Player
Download Updater (AOL LLC)
ebgcInfra
ebgcRes
ebgcSDK
eGames Master's Edition 151
Enhanced Multimedia Keyboard Solution
Escape The Museum (remove only)
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
ESSvpaht
ESSvpot
Fairway Solitaire (remove only)
Fish Tycoon
Galaxy of Games 201
GdiplusUpgrade
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HLPIndex
HLPRFO
Hotel Solitaire Deluxe
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 7.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Cameras 5.0
HP Photosmart Essential
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center 7.0
Ice Cream Craze Tycoon Takeover (remove only)
InstaFinder_K
InterActual Player
InterVideo WinDVD Player
iTunes
iWin Games (remove only)
Java(TM) 6 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Kodak EasyShare software
KSU
LimeWire 4.18.8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MostFun.com Games - Oasis (remove only)
MostFun.com Games - Party Down (remove only)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
My Tribe
Mystery of Unicorn Castle
Mystery Stories Berlin Nights (remove only)
Notifier
Oasis
OTOY
OTtBPSDK
Paradise Pet Salon (remove only)
Party Down
PCDADDIN
PCDHELP
Pet Show Craze
PS2
Real Backgammon
Real Dominoes
RealPlayer
Remove IntelliMover Demo
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SFR
SHASTA
SKIN0001
SKINXSDK
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
The Weather Channel Desktop 6
Uninstall AOL Emergency Connect Utility 1.0
Unity Web Player
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
Virtools 3D Life Player
Virtual Villagers
Virtual Villagers: The Secret City
VPRINTOL
Waterscape Solitaire: American Falls (remove only)
Westward III: Gold Rush
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB925766
WIRELESS

descriptionSpyware Protect 2009 Alert EmptyRe: Spyware Protect 2009 Alert9th April 2009, 8:48 pm

more_horiz
I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • LimeWire 4.18.8
  • InstaFinder_K
  • iWin Games (remove only)
  • Java(TM) 6 Update 11
  • Java(TM) SE Runtime Environment 6 Update 1
  • LimeWire 4.18.8
  • Viewpoint Media Player

Now lets start removing the malware.

  • Download combofix from here
    Link 1
    Link 2
  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV. (AVG7)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Spyware Protect 2009 Alert Rcauto10

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Spyware Protect 2009 Alert Whatne10

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Spyware Protect 2009 Alert DXwU4
Spyware Protect 2009 Alert VvYDg

descriptionSpyware Protect 2009 Alert EmptyRe: Spyware Protect 2009 Alert9th April 2009, 10:01 pm

more_horiz
ComboFix 09-04-04.01 - HP_Administrator 2009-04-09 17:22:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.160 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix3.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\.#
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@AD8@A14170.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@AD8@A141A0.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@AD8@A141D0.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@C50@A14170.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@C50@A141A0.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@C50@A141D0.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@D48@A14170.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@D48@A141A0.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@D48@A141D0.###
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\IE4 Error Log.txt
c:\windows\syssvc.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_IWINGAMESINSTALLER
-------\Service_Boonty Games
-------\Service_iWinGamesInstaller


((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.

2009-04-09 17:12 . 2009-04-09 17:12 d-------- c:\documents and settings\All Users\Application Data\Avg7
2009-04-09 16:14 . 2009-04-09 16:14 d-------- c:\program files\Trend Micro
2009-04-09 15:51 . 2009-04-09 15:51 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-09 15:51 . 2009-04-09 15:51 d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-04-09 15:51 . 2009-04-09 15:51 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 15:51 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 15:51 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-09 15:32 . 2009-04-09 15:32 d-------- C:\SpywareRemovalBin
2009-04-09 15:30 . 2009-04-09 15:41 d-------- c:\program files\ESpywareRemoval
2009-04-09 10:27 . 2009-04-09 15:03 d--h-c--- c:\windows\ie8
2009-04-08 15:35 . 2009-04-08 15:35 d--hs---- c:\documents and settings\HP_Administrator\IECompatCache
2009-04-07 13:25 . 2009-04-07 13:25 d-------- c:\program files\Westward III
2009-04-06 08:18 . 2009-04-06 08:19 d-------- c:\documents and settings\HP_Administrator\uspy
2009-03-30 09:10 . 2009-03-30 09:10 d-------- c:\documents and settings\HP_Administrator\Application Data\Ubisoft
2009-03-30 08:41 . 2009-03-30 10:11 d-------- c:\program files\CSI - NY
2009-03-25 17:55 . 2009-03-25 17:55 d-------- c:\documents and settings\All Users\Application Data\Kristanix Games
2009-03-25 13:02 . 2009-03-25 13:02 d-------- c:\documents and settings\HP_Administrator\Application Data\Anabel
2009-03-25 06:55 . 2009-03-25 06:55 d-------- c:\documents and settings\All Users\Application Data\Intenium
2009-03-24 17:26 . 2009-04-09 16:22 61,661 --a------ C:\VETlog.dmp
2009-03-24 16:57 . 2003-01-10 17:13 33,588 -ra------ c:\windows\system32\drivers\wanatw4.sys
2009-03-24 16:56 . 2009-03-24 17:00 d-------- c:\program files\Common Files\aolshare
2009-03-24 16:56 . 2009-03-24 17:05 d-------- c:\program files\AOL 9.5
2009-03-24 15:07 . 2009-03-24 15:08 4 --a------ c:\windows\msoffice.ini
2009-03-24 14:42 . 2009-03-24 14:42 d-------- c:\program files\Common Files\Software Update Utility
2009-03-23 16:34 . 2009-03-23 17:08 d-------- c:\program files\Clueless
2009-03-21 17:12 . 2009-04-08 15:17 d-------- c:\documents and settings\HP_Administrator\Application Data\Flock
2009-03-21 17:11 . 2009-04-08 15:17 d-------- c:\program files\Flock
2009-03-20 08:53 . 2009-03-20 08:53 d--hs---- c:\documents and settings\HP_Administrator\PrivacIE
2009-03-20 08:49 . 2009-03-20 08:49 d--hs---- c:\documents and settings\HP_Administrator\IETldCache
2009-03-20 08:38 . 2009-04-09 15:03 d-------- c:\windows\ie8updates
2009-03-20 08:29 . 2009-02-28 00:55 105,984 --------- c:\windows\system32\dllcache\iecompat.dll
2009-03-16 09:30 . 2009-03-16 09:30 d-------- c:\documents and settings\HP_Administrator\Application Data\Lost in the City
2009-03-16 08:28 . 2009-03-16 08:28 d-------- c:\documents and settings\HP_Administrator\Application Data\Boolat Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 21:05 --------- d-----w c:\program files\Java
2009-04-09 21:05 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-09 20:17 --------- d-----w c:\program files\iWin Games
2009-04-09 19:02 --------- d-----w c:\program files\Yahoo!
2009-04-09 19:02 --------- d-----w c:\program files\Oberon Media
2009-04-09 19:02 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Yahoo!
2009-04-09 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-09 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-04-09 12:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-09 12:26 --------- d-----w c:\program files\iWin.com
2009-04-08 19:33 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-04-04 03:30 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-03-31 18:39 --------- d-----w c:\documents and settings\All Users\Application Data\NeoEdge Networks
2009-03-31 18:38 --------- d-----w c:\program files\MostFun
2009-03-31 12:59 --------- d-----w c:\program files\Shockwave.com
2009-03-29 21:48 --------- d-----w c:\program files\My Tribe
2009-03-24 21:08 --------- d-----w c:\program files\Common Files\AOL
2009-03-24 19:10 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\AOL
2009-03-24 18:43 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2009-03-20 14:07 --------- d-----w c:\program files\Paradise Pet Salon
2009-03-19 13:10 --------- d-----w c:\program files\GameHouse
2009-03-19 12:50 --------- d-----w c:\program files\eGames
2009-03-19 12:49 --------- d-----w c:\program files\Yahoo! Games
2009-03-11 12:28 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Flood Light Games
2009-03-11 12:28 --------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games
2009-03-10 19:02 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\PlayFirst
2009-03-10 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-03-06 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\EscapeTheMuseum
2009-03-05 18:19 --------- d-----w c:\program files\Virtual Villagers - The Secret City
2009-03-05 18:01 --------- d-----w c:\program files\PlayFirst
2009-03-03 18:21 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\GOL_byHasbro
2009-03-03 12:51 --------- d-----w c:\documents and settings\All Users\Application Data\Crenetic
2009-03-02 21:33 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\BrandX Games
2009-03-02 19:04 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\EleFun Games
2009-03-02 01:00 --------- d-----w c:\program files\Kodak
2009-02-26 22:05 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\iWin_DressUpRush
2009-02-26 20:52 --------- d-----w c:\documents and settings\All Users\Application Data\Gogii
2009-02-26 18:53 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Pogo Games
2009-02-24 13:06 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\blg
2009-02-24 13:06 --------- d-----w c:\documents and settings\All Users\Application Data\blg
2009-02-16 19:55 --------- d-----w c:\program files\Elizabeth Find MD - Diagnosis Mystery
2009-02-12 17:37 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Righteous Kill
2009-02-09 13:49 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Artogon
2009-02-09 13:48 --------- d-----w c:\documents and settings\All Users\Application Data\Mandragora
2008-03-20 20:29 0 ----a-w c:\program files\temp01
2007-12-19 23:09 0 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2006-05-04 03:30 774,144 ----a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 61,440 2005-02-02 21:44:24 c:\hp\KBD\bak\KBD.EXE

----a-w 180,269 2005-12-03 05:21:55 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 1,073,152 2006-04-11 21:46:23 c:\program files\DISC\bak\DISCover.exe

----a-w 61,440 2005-09-27 07:42:26 c:\program files\DISC\bak\DiscUpdateMgr.exe

----a-w 421,888 2007-09-14 12:18:03 c:\program files\Grisoft\AVG7\bak\avgcc.exe

----a-w 1,605,740 2005-09-21 17:41:10 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe

----a-w 49,152 2005-06-02 06:35:56 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe

----a-w 49,152 2006-02-19 07:41:10 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe

----a-w 132,496 2007-07-12 08:00:36 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

----a-w 98,304 2006-06-23 00:17:19 c:\program files\QuickTime\bak\qttask.exe

----a-w 3,096,576 2005-12-08 18:55:10 c:\program files\Yahoo!\Messenger\bak\ypager.exe

----a-w 64,512 2005-08-06 04:56:34 c:\windows\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-06 04:56:34 c:\windows\ehome\ehtray.exe

----a-w 15,360 2004-08-10 12:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-10 12:00:00 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2009-02-11 50472]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; IEMB3; .NET" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HostManager"="c:\program files\Common Files\AOL\1237928174\ee\AOLSoftware.exe" [2008-11-06 41264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-03 27136]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2006-03-05 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.GEOX"= c:\windows\system32\GeoCodec.dll
"vidc.GEOV"= c:\windows\system32\GeoCodec.dll
"vidc.GMP4"= c:\windows\system32\GXAMP4.dll
"vidc.GM40"= c:\windows\system32\GXAMP4.dll
"msacm.geoadpcm"= c:\windows\system32\GeoADPCM.acm
"vidc.G264"= c:\windows\system32\GX264.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

descriptionSpyware Protect 2009 Alert EmptyRe: Spyware Protect 2009 Alert9th April 2009, 10:02 pm

more_horiz
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: doginhispen.com
Trusted Zone: whataboutadog.com
Trusted Zone: trymedia.com
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://72.9.55.135/cab/OCXChecker_8000.cab
DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} - hxxp://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://p.playfirst.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 17:34:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\iWin Games\iWinTrusted.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AOL 9.5\waol.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\AOL 9.5\shellmon.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-04-09 17:49:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-09 21:49:03

Pre-Run: 37,567,725,568 bytes free
Post-Run: 40,415,354,880 bytes free

343 --- E O F --- 2009-03-17 07:03:47

descriptionSpyware Protect 2009 Alert EmptyRe: Spyware Protect 2009 Alert9th April 2009, 10:02 pm

more_horiz
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1237928174\\ee\\aolsoftware.exe"=

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-10-04 167808]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - AOL ACS
*Deregistered* - Apple Mobile Device
*Deregistered* - ARSVC
*Deregistered* - Ati HotKey Poller
*Deregistered* - AudioSrv
*Deregistered* - Belkin Wireless USB Network Adapter Service
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - COMSysApp
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ehRecvr
*Deregistered* - ehSched
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - iPod Service
*Deregistered* - iWinTrusted
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - McrdSvc
*Deregistered* - MDM
*Deregistered* - MSIServer
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasAuto
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-09 c:\windows\Tasks\User_Feed_Synchronization-{8B04D6DA-D72F-47E4-8D00-0177926AC25C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.

descriptionSpyware Protect 2009 Alert EmptyRe: Spyware Protect 2009 Alert9th April 2009, 10:11 pm

more_horiz
Now open a new notepad file.
Input this into the notepad file:

KILLALL::

DirLook::
C:\SpywareRemovalBin
c:\program files\ESpywareRemoval

Folder::
c:\program files\iWin Games
c:\documents and settings\All Users\Application Data\Viewpoint
c:\program files\iWin.com
c:\documents and settings\HP_Administrator\Application Data\LimeWire

AWF::
c:\hp\KBD\bak\KBD.EXE
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\DISC\bak\DISCover.exe
c:\program files\DISC\bak\DiscUpdateMgr.exe
c:\program files\Grisoft\AVG7\bak\avgcc.exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe
c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe
c:\program files\QuickTime\bak\qttask.exe
c:\program files\Yahoo!\Messenger\bak\ypager.exe
c:\windows\ehome\bak\ehtray.exe
c:\windows\system32\bak\ctfmon.exe

File::
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\PowerReg Scheduler.exe

Domains::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iWin Games\\iWinGames.exe"=-
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Spyware Protect 2009 Alert Sfxdaw

This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Spyware Protect 2009 Alert DXwU4
Spyware Protect 2009 Alert VvYDg

descriptionSpyware Protect 2009 Alert Emptyi have the 3 parts but can't find the rest9th April 2009, 11:21 pm

more_horiz
ComboFix 09-04-04.01 - HP_Administrator 2009-04-09 18:31:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.151 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix3.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\PowerReg Scheduler.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
c:\documents and settings\HP_Administrator\Application Data\LimeWire
c:\documents and settings\HP_Administrator\Application Data\LimeWire\bugs.data
c:\documents and settings\HP_Administrator\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\HP_Administrator\Application Data\LimeWire\createtimes.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\downloads.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\fileurns.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\fileurns.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\filters.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\gnutella.net
c:\documents and settings\HP_Administrator\Application Data\LimeWire\installation.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\library.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\limewire.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mojito.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\HP_Administrator\Application Data\LimeWire\questions.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\responses.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\simpp.xml
c:\documents and settings\HP_Administrator\Application Data\LimeWire\spam.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\tables.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\ttrees.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\ttroot.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\version.xml
c:\documents and settings\HP_Administrator\Application Data\LimeWire\versions.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\xml\data\application.sxml2
c:\documents and settings\HP_Administrator\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\HP_Administrator\Application Data\LimeWire\xml\data\video.sxml2
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\PowerReg Scheduler.exe
c:\program files\iWin Games
c:\program files\iWin Games\AdminWorker.exe
c:\program files\iWin Games\firefox\chrome.manifest
c:\program files\iWin Games\firefox\chrome\iwinarcade.jar
c:\program files\iWin Games\firefox\install.rdf
c:\program files\iWin Games\firefox\iWinArcadeLauncher.exe
c:\program files\iWin Games\firefox\version
c:\program files\iWin Games\ftdownload.dat
c:\program files\iWin Games\host.cfg
c:\program files\iWin Games\iWinGames.exe
c:\program files\iWin Games\iWinGamesInstaller.exe
c:\program files\iWin Games\iWinInfo.dll
c:\program files\iWin Games\iWinTrusted.exe
c:\program files\iWin Games\pages\alert32x32.gif
c:\program files\iWin Games\pages\arcadeCheck.js
c:\program files\iWin Games\pages\blank.html
c:\program files\iWin Games\pages\blank2.html
c:\program files\iWin Games\pages\error.html
c:\program files\iWin Games\pages\error404.css
c:\program files\iWin Games\pages\iwin_logo.gif
c:\program files\iWin Games\pages\login.html
c:\program files\iWin Games\pages\maintenance.html
c:\program files\iWin Games\pages\offline.css
c:\program files\iWin Games\pages\offline.html
c:\program files\iWin Games\pages\offline.jpg
c:\program files\iWin Games\pages\offline_tag.gif
c:\program files\iWin Games\pages\offlineBg.gif
c:\program files\iWin Games\pages\orange-im-connected-60.gif
c:\program files\iWin Games\pages\terrie404.gif
c:\program files\iWin Games\pages\test.html
c:\program files\iWin Games\sounds\animation.wav

descriptionSpyware Protect 2009 Alert EmptyRe: Spyware Protect 2009 Alert9th April 2009, 11:26 pm

more_horiz
Please post the reg of the log.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Spyware Protect 2009 Alert DXwU4
Spyware Protect 2009 Alert VvYDg

descriptionSpyware Protect 2009 Alert EmptyRe: Spyware Protect 2009 Alert

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum