New
#11
Thanks. Here are the logs:
Thanks for the logs, bonkers72. I'm going to paste them here as it is much easier to see what it going on.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Mat at 15:38:50.95 on Wed 05/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1623 [GMT -5:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mat\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Sfedulofos] rundll32.exe "c:\windows\iduvokoxaxeda.dll",Startup
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-10 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-8-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-10 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-10 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-10 56816]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 12872]
=============== Created Last 30 ================
2010-05-18 00:12:18 10752 ----a-w- c:\windows\DCEBoot.exe
2010-05-09 07:05:47 120 ----a-w- c:\windows\Hpenetogum.dat
2010-05-09 07:05:47 0 ----a-w- c:\windows\Wpokijumaf.bin
2010-05-09 07:04:55 755200 ----a-w- c:\windows\system32\drivers\evpqk.sys
2010-05-09 07:04:48 20864 -c--a-w- c:\windows\system32\dllcache\ipinip.sys
2010-05-09 07:04:48 20864 ----a-w- c:\windows\system32\drivers\ipinip.sys
2010-05-09 07:04:42 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-09 07:04:42 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-09 07:04:33 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-09 07:04:33 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-09 07:04:32 2944 -c--a-w- c:\windows\system32\dllcache\drmkaud.sys
2010-05-09 07:04:32 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-05-09 07:04:00 20 ----a-w- c:\docume~1\mat\applic~1\qvjsge.dat
==================== Find3M ====================
2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 09:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
============= FINISH: 15:39:08.18 ===============
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/10/2009 11:22:33 AM
System Uptime: 5/19/2010 3:33:52 PM (0 hours ago)
Motherboard: Gigabyte Technology Co., Ltd. | | G41M-ES2L
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3000/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 596 GiB total, 549.19 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP120: 2/17/2010 5:06:26 PM - System Checkpoint
RP121: 2/19/2010 1:44:49 PM - System Checkpoint
RP122: 2/20/2010 1:51:18 PM - System Checkpoint
RP123: 2/21/2010 2:47:22 PM - System Checkpoint
RP124: 2/22/2010 3:05:01 PM - System Checkpoint
RP125: 2/23/2010 3:27:16 PM - System Checkpoint
RP126: 2/23/2010 5:46:34 PM - Installed Windows Internet Explorer 8.
RP127: 2/23/2010 5:47:27 PM - Software Distribution Service 3.0
RP128: 2/24/2010 7:01:02 PM - System Checkpoint
RP129: 2/25/2010 12:10:53 AM - Software Distribution Service 3.0
RP130: 2/26/2010 11:06:49 AM - System Checkpoint
RP131: 2/27/2010 11:43:29 AM - System Checkpoint
RP132: 2/28/2010 1:51:26 PM - System Checkpoint
RP133: 3/1/2010 3:01:52 PM - System Checkpoint
RP134: 3/2/2010 3:40:53 PM - System Checkpoint
RP135: 3/3/2010 4:13:02 PM - System Checkpoint
RP136: 3/4/2010 4:39:18 PM - System Checkpoint
RP137: 3/5/2010 8:37:08 PM - System Checkpoint
RP138: 3/6/2010 8:49:39 PM - System Checkpoint
RP139: 3/7/2010 9:34:03 PM - System Checkpoint
RP140: 3/8/2010 10:21:39 PM - System Checkpoint
RP141: 3/9/2010 10:23:38 PM - System Checkpoint
RP142: 3/10/2010 4:46:31 PM - Software Distribution Service 3.0
RP143: 3/10/2010 5:06:38 PM - Software Distribution Service 3.0
RP144: 3/11/2010 5:28:37 PM - System Checkpoint
RP145: 3/12/2010 10:41:22 PM - System Checkpoint
RP146: 3/14/2010 12:24:02 PM - System Checkpoint
RP147: 3/15/2010 12:47:18 PM - System Checkpoint
RP148: 3/16/2010 2:38:19 PM - System Checkpoint
RP149: 3/17/2010 3:17:44 PM - System Checkpoint
RP150: 3/18/2010 3:59:10 PM - System Checkpoint
RP151: 3/19/2010 6:00:26 PM - System Checkpoint
RP152: 3/20/2010 7:37:06 PM - System Checkpoint
RP153: 3/21/2010 7:51:14 PM - System Checkpoint
RP154: 3/23/2010 2:48:25 PM - System Checkpoint
RP155: 3/24/2010 9:42:58 PM - System Checkpoint
RP156: 3/26/2010 12:25:11 PM - System Checkpoint
RP157: 3/27/2010 1:00:15 PM - System Checkpoint
RP158: 3/28/2010 1:37:35 PM - System Checkpoint
RP159: 3/29/2010 2:11:08 PM - System Checkpoint
RP160: 3/30/2010 4:29:59 PM - System Checkpoint
RP161: 3/31/2010 4:38:11 PM - System Checkpoint
RP162: 4/1/2010 4:58:28 PM - System Checkpoint
RP163: 4/3/2010 1:18:41 PM - System Checkpoint
RP164: 4/3/2010 4:11:15 PM - Software Distribution Service 3.0
RP165: 4/3/2010 4:38:11 PM - Installed Java(TM) 6 Update 19
RP166: 4/4/2010 4:42:23 PM - System Checkpoint
RP167: 4/5/2010 4:45:43 PM - System Checkpoint
RP168: 4/6/2010 4:49:53 PM - System Checkpoint
RP169: 4/7/2010 5:47:28 PM - System Checkpoint
RP170: 4/8/2010 6:03:40 PM - System Checkpoint
RP171: 4/9/2010 6:20:28 PM - System Checkpoint
RP172: 4/10/2010 9:03:02 PM - System Checkpoint
RP173: 4/11/2010 10:34:59 PM - System Checkpoint
RP174: 4/12/2010 10:37:50 PM - System Checkpoint
RP175: 4/13/2010 9:06:23 PM - Software Distribution Service 3.0
RP176: 4/15/2010 12:02:39 PM - System Checkpoint
RP177: 4/16/2010 1:08:27 PM - System Checkpoint
RP178: 4/17/2010 2:13:42 PM - System Checkpoint
RP179: 4/18/2010 2:30:00 PM - System Checkpoint
RP180: 4/19/2010 3:23:59 PM - System Checkpoint
RP181: 4/20/2010 3:30:38 PM - System Checkpoint
RP182: 4/21/2010 3:39:41 PM - System Checkpoint
RP183: 4/22/2010 4:04:29 PM - System Checkpoint
RP184: 4/23/2010 4:40:01 PM - System Checkpoint
RP185: 4/24/2010 5:47:39 PM - System Checkpoint
RP186: 4/25/2010 9:09:36 PM - System Checkpoint
RP187: 4/27/2010 12:50:04 PM - System Checkpoint
RP188: 4/28/2010 2:51:15 PM - System Checkpoint
RP189: 4/29/2010 3:50:36 PM - System Checkpoint
RP190: 4/30/2010 5:12:59 PM - System Checkpoint
RP191: 5/1/2010 6:31:55 PM - System Checkpoint
RP192: 5/2/2010 7:12:28 PM - System Checkpoint
RP193: 5/3/2010 7:55:23 PM - System Checkpoint
RP194: 5/5/2010 3:12:34 PM - System Checkpoint
RP195: 5/6/2010 4:41:07 PM - System Checkpoint
RP196: 5/7/2010 8:56:52 PM - System Checkpoint
RP197: 5/8/2010 9:12:28 PM - System Checkpoint
RP198: 5/10/2010 9:29:10 AM - System Checkpoint
RP199: 5/11/2010 12:50:49 PM - System Checkpoint
RP200: 5/12/2010 3:48:04 PM - System Checkpoint
RP201: 5/13/2010 4:10:59 PM - System Checkpoint
RP202: 5/14/2010 4:23:56 PM - System Checkpoint
RP203: 5/15/2010 4:42:44 PM - System Checkpoint
RP204: 5/16/2010 5:49:07 PM - System Checkpoint
RP205: 5/16/2010 10:07:30 PM - Software Distribution Service 3.0
RP206: 5/18/2010 2:09:33 PM - System Checkpoint
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Display Driver
Auslogics BoostSpeed
Avira AntiVir Personal - Free Antivirus
Bonjour
Browser Configuration Utility
CCleaner
CleanUp!
DirMS-S
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Ghosthunter release 5.3.0.5 Beta
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
iTunes
Java Auto Updater
Java(TM) 6 Update 19
LimeWire 5.3.6
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Nero PhotoShow Express
Nero Suite
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SpywareBlaster 4.3
SUPERAntiSpyware Free Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
WeatherBug
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinZip 12.0
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
5/17/2010 8:27:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip WS2IFSL
5/17/2010 8:27:33 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2010 8:27:33 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2010 8:27:33 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2010 8:27:33 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2010 8:27:33 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2010 8:27:33 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2010 8:26:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/17/2010 8:26:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
==== End Of File ===========================
Hi, bonkers72.
Although our recommendation was -- and remains -- a clean install of the Operating System, you indicated you wanted to avoid a reinstall.
P2P WARNING
Going over your logs I noticed that your son has Limewire installed.
- Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if he continues to use P2P programs, he will get infected again.
I would recommend that you uninstall Limewire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
Please follow these instructions carefully.
Download ComboFix from one of the following locations:
Link 1
Link 2
!!! IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. (Note: If you use AVG, you must also open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.
- Click on Tools.
- Select Advanced Settings.
- In the left hand pane, scroll down to "Resident Shield".
- In the main pane, deselect the option to "Enable Resident Shield."
- To re-enable AVG 8, please select "Enable Resident Shield" again.
- If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
- Double-click ComboFix.exe on your desktop and follow the prompts.
- As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
- When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
- After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click "Yes" to continue scanning for malware.
- When finished, a log will be produced. Please copy/paste a copy of C:\ComboFix.txt in your next reply.
Well I was actually deal with some one from Techsupportguy as well. He told me to do everything you did EXCEPT to run GMER ROOTKIT scanner. I ran it in safe mode. Ran ok. Now I tried to reboot in nomal mode and it won't boot. In safe OR normal mode. Gets to the screen Verifying DMI pool data..... then stays blank. Any help on this? Sorry. Thanks.
Hi, bonkers72.
You should have told us you were getting help from TSG. Getting/following instructions from multiple sources not only takes the time of multiple people it can also result in conflicting instructions.
As we already recommended a reinstall, I suggest you consider the instructions at Clark76 Blog Archive Saving files on a corrupt OS which will walk you through the steps necessary to save any files from your son's computer and then reinstall the OS.
That said, you should wait to see what RPMcMurphy advises in reply to your last post at Trojan.rootkit/gen.process - Tech Support Guy Forums .
bonkers 72, Corrine and I are both familiar with TSG, so if you started a topic there, you should stay with the advisor who is already helping you.
Edit >>> cross post
Ok........thank-you for the time and effort you have put fourth on this. B-72 :)