Virus... please help

[tryan21]

Posted by: polonus
Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I'm having a problem with Windows Updates. The download and instalation goes just fine, then I reboot and things don't work. My COMODO Firewall won't work, my Avast! scanner won't work, and when I try to go to a website it doesn't do anything. Also, a few folders and items off of the start menu don't work either. I will click things and they just don't ever open. I end up doing a system restore because I don't know what else to do. I re-tried a few times and the same thing happens.

Now here is the thing, I had like 50+ updates because the Automatic Updates was turned off. So my Windows hasn't been updated in almost a year. 

[Lisandro]

Isolate the problems...

I'm having a problem with Windows Updates. The download and instalation goes just fine, then I reboot and things don't work. My COMODO Firewall won't work, my Avast! scanner won't work, and when I try to go to a website it doesn't do anything.

What do you mean with don't work? Freeze, do not load, what?

Also, a few folders and items off of the start menu don't work either. I will click things and they just don't ever open.

Any of them?

I end up doing a system restore because I don't know what else to do. I re-tried a few times and the same thing happens.

Can you try full computer on-line scanning?
Kaspersky (very good detection rates)
BitDefender (free removal of the malware)

Now here is the thing, I had like 50+ updates because the Automatic Updates was turned off. So my Windows hasn't been updated in almost a year. 

Why did you turn off the updates?

[tryan21]

When I say "don't work" I mean I get an error message saying that Avast can't run properly and the same for COMODO. The folders, well, just what I said; I will click things and they just don't ever open.


As far as automatic updates being turned off I didn't turn them off and I'm not sure why they were off. Every time I started my computer I would get the security warning that they were turned off, I would then go turn them on, then when I would restart they would be off again. I guess after awhile I just got so used to the security warning and so sick of turning them on every time I just gave up. Honestly I didn't relize how important they were for my computer.

I will go do the scans right now.

[mauserme]

When you updated did you get just the critical updates, or did you install optional updates like drivers and programs too?

[Lisandro]

I get an error message saying that Avast can't run properly and the same for COMODO.

Can you post a screenshot? See how: http://forum.avast.com/index.php?topic=8982.0
You can use Gadwin PrintScreen to get a screenshot (http://www.gadwin.com/printscreen/) or the free version of WinSnap 1.1.10 (http://www.filehippo.com/download_winsnap/?2173).

The folders, well, just what I said; I will click things and they just don't ever open.

As far as automatic updates being turned off I didn't turn them off and I'm not sure why they were off.

Viruses can do that. A full scanning will be advisable.

[tryan21]

When you updated did you get just the critical updates, or did you install optional updates like drivers and programs too?

I just let Automatic Updates do it's thing and then when it told me they were ready to install I installed all of them. I don't really know how to tell the difference between the critical and optional. I'm not experianced with any of this.

Oh and by the way, Automatic Updates are not being turned off every time I start my computer now (since turning on after this last virus cleaning). It stays on and lets me know when they are ready to be installed.

Posted by: Tech
Can you post a screenshot? See how: http://forum.avast.com/index.php?topic=8982.0
You can use Gadwin PrintScreen to get a screenshot (http://www.gadwin.com/printscreen/) or the free version of WinSnap 1.1.10 (http://www.filehippo.com/download_winsnap/?2173).

I'm not sure how to go about doing this. Because when I install the updates I have no access to the internet. So I'm not sure how I would get the screen shot to you. I end up doing a system restore in order to get online and get things working again. Am I just overlooking the obvoius here? Probably, LOL!

Still haven't scanned but I will do that now I promise.
**I have a one year old so getting all this computer stuff done is hard.

[tryan21]

BitDefender Online Scanner
 
 
 
Scan report generated at: Wed, Oct 31, 2007 - 14:35:00
 
 
 
 
 
Scan path: A:\;C:\:\;E:\;
 
 
 
 
 
 
 
Statistics
 
Time
 01:42:28
 
Files
 127651
 
Folders
 3705
 
Boot Sectors
 2
 
Archives
 1892
 
Packed Files
 6425
 
 
 
 
Results
 
Identified Viruses
 1
 
Infected Files
 2
 
Suspect Files
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 2
 
 
 
 
Engines Info
 
Virus Definitions
 859582
 
Engine build
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Scan plugins
 14
 
Archive plugins
 38
 
Unpack plugins
 7
 
E-mail plugins
 6
 
System plugins
 1
 
 
 
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
 
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
 
 
 
  Scanned File
  Status
 
C:\Program Files\HijackThis\backups\backup-20071020-200212-540.dll
 Infected with: Generic.Virtumod.29FFB2FE
 
C:\Program Files\HijackThis\backups\backup-20071020-200212-540.dll
 Disinfection failed
 
C:\Program Files\HijackThis\backups\backup-20071020-200212-540.dll
 Deleted
 
C:\System Volume Information\_restore{079945FA-0F86-4538-9B5B-94B9C89AC71A}\RP24\A0013118.dll
 Infected with: Generic.Virtumod.29FFB2FE
 
C:\System Volume Information\_restore{079945FA-0F86-4538-9B5B-94B9C89AC71A}\RP24\A0013118.dll
 Disinfection failed
 
C:\System Volume Information\_restore{079945FA-0F86-4538-9B5B-94B9C89AC71A}\RP24\A0013118.dll
 Deleted
 
 
 
 
 
 
 
 
 
 
 

 

[Lisandro]

BitDefender Online Scanner

Very good. Can you do the same with Kaspersky on-line scanning?
Are you clean now?

[mauserme]

C:\Program Files\HijackThis\backups\backup-20071020-200212-540.dll
 Infected with: Generic.Virtumod.29FFB2FE
 
...

C:\System Volume Information\_restore{079945FA-0F86-4538-9B5B-94B9C89AC71A}\RP24\A0013118.dll
 Infected with: Generic.Virtumod.29FFB2FE
 
...

Well the HJT backups can't be causing any problems.  When we finished the earlier cleaing did you reset the restore points as I asked?

But still, there's no active infection in that log...


Tech is going to be better at this update problem than me - I do the cleaning thing.  But if it was my computer I would try manually downloading/installing 5 updates at a time until you find a group that causes a problem.  Back those out, then install each of those updates from the problem group  individually until you identify the one (hopefully just one) that's the culpret.  There might be an error code that could help diagnose this.  If not, at least we'll know which it is.

[tryan21]

When we finished the earlier cleaing did you reset the restore points as I asked?

Yes, I did. I did everything you told me to do. I also installed all the programs that were recommended to me. I am doing everything within my power to keep this darn computer clean and safe from viruses. I just don't get why this keeps happening. I will try doing the updates in groups of 5 like you recomended.

Tech below is my Kaspersky scan resaults:

KASPERSKY ONLINE SCANNER REPORT 
Wednesday, October 31, 2007 5:50:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2, v.2096 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/11/2007
Kaspersky Anti-Virus database records: 421850
 
 
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
 
Scan Target My Computer
A:\
C:\
D:\
E:\ 
 
Scan Statistics
Total number of scanned objects 43783
Number of viruses found 5
Number of infected objects 7
Number of suspicious objects 0
Duration of the scan process 02:56:00

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat  Object is locked  skipped 
 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat  Object is locked  skipped 
 
C:\Documents and Settings\LocalService\Cookies\index.dat  Object is locked  skipped 
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped 
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped 
 
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat  Object is locked  skipped 
 
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat  Object is locked  skipped 
 
C:\Documents and Settings\LocalService\ntuser.dat  Object is locked  skipped 
 
C:\Documents and Settings\LocalService\ntuser.dat.LOG  Object is locked  skipped 
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped 
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped 
 
C:\Documents and Settings\NetworkService\NTUSER.DAT  Object is locked  skipped 
 
C:\Documents and Settings\NetworkService\ntuser.dat.LOG  Object is locked  skipped 
 
C:\Documents and Settings\Tara & Paul\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG  Object is locked  skipped 
 
C:\Documents and Settings\Tara & Paul\Cookies\index.dat  Object is locked  skipped 
 
C:\Documents and Settings\Tara & Paul\Incomplete\T-872159-Microsoft Internet Explorer 7.0.zip/Setup.exe  Infected: Worm.Win32.VB.an  skipped 
 
C:\Documents and Settings\Tara & Paul\Incomplete\T-872159-Microsoft Internet Explorer 7.0.zip  ZIP: infected - 1  skipped 
 
C:\Documents and Settings\Tara & Paul\Local Settings\Application Data\Ahead\Nero Home\bl.db  Object is locked  skipped 
 
C:\Documents and Settings\Tara & Paul\Local Settings\Application Data\Ahead\Nero Home\is2.db  Object is locked  skipped 
 
C:\Documents and Settings\Tara & Paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped 
 
C:\Documents and Settings\Tara & Paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped 
 
C:\Documents and Settings\Tara & Paul\Local Settings\History\History.IE5\index.dat  Object is locked  skipped 
 
C:\Documents and Settings\Tara & Paul\Local Settings\History\History.IE5\MSHist012007103120071101\index.dat  Object is locked  skipped 
 
C:\Documents and Settings\Tara & Paul\Local Settings\Temp\~DF6E4C.tmp  Object is locked  skipped 
 
C:\Documents and Settings\Tara & Paul\Local Settings\Temp\~DFA497.tmp  Object is locked  skipped 
 
C:\Documents and Settings\Tara & Paul\Local Settings\Temporary Internet Files\Content.IE5\index.dat  Object is locked  skipped 
 
C:\Documents and Settings\Tara & Paul\ntuser.dat  Object is locked  skipped 
 
C:\Documents and Settings\Tara & Paul\ntuser.dat.LOG  Object is locked  skipped 
 
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat  Object is locked  skipped 
 
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db  Object is locked  skipped 
 
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws  Object is locked  skipped 
 
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log  Object is locked  skipped 
 
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log  Object is locked  skipped 
 
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt  Object is locked  skipped 
 
C:\Program Files\HijackThis\backups\backup-20071020-200213-403.dll  Infected: Trojan-PSW.Win32.Magania.aqw  skipped 
 
C:\Program Files\HijackThis\backups\backup-20071022-135718-301.dll  Infected: Trojan-PSW.Win32.Magania.aqw  skipped 
 
C:\System Volume Information\_restore{079945FA-0F86-4538-9B5B-94B9C89AC71A}\RP24\change.log  Object is locked  skipped 
 
C:\System Volume Information\_restore{079945FA-0F86-4538-9B5B-94B9C89AC71A}\RP9\A0006454.exe  Infected: Trojan-Downloader.Win32.Small.gdu  skipped 
 
C:\System Volume Information\_restore{079945FA-0F86-4538-9B5B-94B9C89AC71A}\RP9\A0006458.exe  Infected: Trojan-Downloader.Win32.BHO.al  skipped 
 
C:\System Volume Information\_restore{079945FA-0F86-4538-9B5B-94B9C89AC71A}\RP9\A0006459.exe  Infected: Trojan-Dropper.Win32.Agent.cgq  skipped 
 
C:\WINDOWS\CSC\00000001  Object is locked  skipped 
 
C:\WINDOWS\Debug\PASSWD.LOG  Object is locked  skipped 
 
C:\WINDOWS\SchedLgU.Txt  Object is locked  skipped 
 
C:\WINDOWS\SoftwareDistribution\EventCache\{19BA9DFB-BFE0-4416-91CA-47E87F976FCF}.bin  Object is locked  skipped 
 
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log  Object is locked  skipped 
 
C:\WINDOWS\Sti_Trace.log  Object is locked  skipped 
 
C:\WINDOWS\system32\config\Antivirus.Evt  Object is locked  skipped 
 
C:\WINDOWS\system32\config\AppEvent.Evt  Object is locked  skipped 
 
C:\WINDOWS\system32\config\default  Object is locked  skipped 
 
C:\WINDOWS\system32\config\default.LOG  Object is locked  skipped 
 
C:\WINDOWS\system32\config\SAM  Object is locked  skipped 
 
C:\WINDOWS\system32\config\SAM.LOG  Object is locked  skipped 
 
C:\WINDOWS\system32\config\SecEvent.Evt  Object is locked  skipped 
 
C:\WINDOWS\system32\config\SECURITY  Object is locked  skipped 
 
C:\WINDOWS\system32\config\SECURITY.LOG  Object is locked  skipped 
 
C:\WINDOWS\system32\config\software  Object is locked  skipped 
 
C:\WINDOWS\system32\config\software.LOG  Object is locked  skipped 
 
C:\WINDOWS\system32\config\SysEvent.Evt  Object is locked  skipped 
 
C:\WINDOWS\system32\config\system  Object is locked  skipped 
 
C:\WINDOWS\system32\config\system.LOG  Object is locked  skipped 
 
C:\WINDOWS\system32\h323log.txt  Object is locked  skipped 
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR  Object is locked  skipped 
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP  Object is locked  skipped 
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER  Object is locked  skipped 
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP  Object is locked  skipped 
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP  Object is locked  skipped 
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA  Object is locked  skipped 
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP  Object is locked  skipped 
 
C:\WINDOWS\TEMP\Perflib_Perfdata_628.dat  Object is locked  skipped 
 
C:\WINDOWS\TEMP\_avast4_\Webshlock.txt  Object is locked  skipped 
 
C:\WINDOWS\wiadebug.log  Object is locked  skipped 
 
C:\WINDOWS\wiaservc.log  Object is locked  skipped 
 
C:\WINDOWS\WindowsUpdate.log  Object is locked  skipped 
 
Scan process completed.

[Lisandro]

Number of viruses found 5
Number of infected objects 7
C:\Documents and Settings\Tara & Paul\Incomplete\T-872159-Microsoft Internet Explorer 7.0.zip  ZIP: infected - 1  skipped 
 
C:\System Volume Information\_restore{079945FA-0F86-4538-9B5B-94B9C89AC71A}\RP9\A0006454.exe  Infected: Trojan-Downloader.Win32.Small.gdu  skipped 
 
C:\System Volume Information\_restore{079945FA-0F86-4538-9B5B-94B9C89AC71A}\RP9\A0006458.exe  Infected: Trojan-Downloader.Win32.BHO.al  skipped 
 
C:\System Volume Information\_restore{079945FA-0F86-4538-9B5B-94B9C89AC71A}\RP9\A0006459.exe  Infected: Trojan-Dropper.Win32.Agent.cgq  skipped 

From which P2P program does the incomplete file belongs?

Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable it again.

[mauserme]

C:\Documents and Settings\Tara & Paul\Incomplete\T-872159-Microsoft Internet Explorer 7.0.zip/Setup.exe  Infected: Worm.Win32.VB.an  skipped 

Did you (or your brother) run this setup file?   

From which P2P program does the incomplete file belongs?

We spoke about a possibly P2P-related worm on pages 1-2 of this thread and now we're back to the same ...

Please post another HJT log.

[tryan21]

I had Limewire about a year ago and tried to download something that ended up being something entirely different. It was infected and I thought I had got rid of it and resolved this whole issue. Like I said this was about a year ago. After that incident I un-installed Limewire and decided I was through with P2P applications all together. That's why when I was asked about a P2P, I said I don't use them. I had mistakenly thought this infected file was taken care of and gone a long time ago.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:12 PM, on 11/1/2007
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\atievxx.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://mirs.peoplepc.com/?offername=PeoplePC Security Plus&userName=wettgremlin_91&firstName=Paul&qs=FHJBFDPGOIDNEHCKGLPAMFEOHAHECKGJLJLGBLNIBMDACKJIIDMFELKDOIDHHMMFCIBGIPPPFFKGBGKMOHJIIFIGHFPJEGAGPNMHLFBKINPKMLBBAEEEJJKDJALCPBCP|MMCNNMBFDGNMCNOPADEEAAGOBAFDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Tara & Paul\My Documents\P2kCommanderV330\P2kAutostart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://mirs.peoplepc.com/?offername=PeoplePC Security Plus&userName=wettgremlin_91&firstName=Paul&qs=FHJBFDPGOIDNEHCKGLPAMFEOHAHECKGJLJLGBLNIBMDACKJIIDMFELKDOIDHHMMFCIBGIPPPFFKGBGKMOHJIIFIGHFPJEGAGPNMHLFBKINPKMLBBAEEEJJKDJALCPBCP|MMCNNMBFDGNMCNOPADEEAAGOBAFDF
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193180590097
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187926666522
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 7849 bytes

[mauserme]

I had Limewire about a year ago and tried to download something that ended up being something entirely different. It was infected and I thought I had got rid of it and resolved this whole issue. Like I said this was about a year ago. After that incident I un-installed Limewire and decided I was through with P2P applications all together. That's why when I was asked about a P2P, I said I don't use them. I had mistakenly thought this infected file was taken care of and gone a long time ago.

No probs.  Limewire and Kazaa are 2 of the worst.

If you still have the file see what the date is.  It sounds like it will be old ...

Is there any indication of outgoing email?  The avast! email provider should warn you if there is, and you might see a general system slowdown.

Are any of the Windows Updates installing successfully?

**I have a one year old so getting all this computer stuff done is hard.

What?  You let your real life  get on the way of our computer work???   

[tryan21]

If you still have the file see what the date is.  It sounds like it will be old ...

Ok, this is weird because the date it was created was Monday, August 13, 2007, 10:32:03 AM. But I could have sworn this was the file that was downloaded with Limewire. And I haven't had Limewire in a very long time. Not sure what's going on there. How would I remove this file? Would I just delete it like a normal file?

Is there any indication of outgoing email?

No, not that I'm aware of

haven't tried the updates, but I will right now