Need Help Removing Project1/Limewire malware[inactive]

Unknown · September 2006

I picked up the Project1 virus at Limewire - what a mess. System keeps starting LimeWire - lovely. Anyway, I could use some help removing it. I've run QooFix9x log.txt (attached), run Ad-Aware and below is the HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 3:08:40 AM, on 9/7/06
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
C:\WINDOWS\POWERS.EXE
C:\PROGRAM FILES\HP CD-DVD\UMBRELLA\DVDTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\OUTLOOK\OUTLOOK.EXE
C:\NWNMFF_16.EXE
C:\DFNDRFF_16.EXE
C:\KYBRDFF_16.EXE
C:\PROGRAM FILES\COMMON FILES\{046E2512-03E4-1033--0001}\UPDATE.EXE
C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE
C:\WINDOWS\ALL USERS\START MENU\PROGRAMS\STARTUP\SVCHOST.EXE
C:\PROGRAM FILES\CALLWAVE\IAM.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\SOUTHWEST AIRLINES\DING\DING.EXE
C:\PROGRAM FILES\WLAN\802.11B+G USB WLAN\ZDWLAN.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE
C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBMSGMGR.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\PROGRAM FILES\DESKBAR\DESKBAR.DLL
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\PROGRAM FILES\DESKBAR\DESKBAR.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl /init
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [PowerS] "C:\WINDOWS\PowerS.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [SpywareBot] C:\PROGRAM FILES\SPYWAREBOT\SpywareBot.exe -boot
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] WINLOG.EXE
O4 - HKLM\..\Run: [newname] C:\\NWNMFF_16.exe
O4 - HKLM\..\Run: [defender] C:\\DFNDRFF_16.exe
O4 - HKLM\..\Run: [keyboard] C:\\KYBRDFF_16.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [winlog] WINLOG.EXE
O4 - HKCU\..\Run: [uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: 802.11b+g USB Wireless LAN Utility.lnk = C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.fnismls.com
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://nnrmls2.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://inc.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://inc.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://inc.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://dem.mlxchange.com/Control/FileCruiser.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://dem.mlxchange.com/Control/Specfile.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://dem.mlxchange.com/Control/AspCustomCtrls.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://dem.mlxchange.com/Control/LiteGrid.cab

Your help is greatly appreciated.

jmoney3457 · September 2006

Hi reno, good job on the qoofix removal, are you saying you want to remove (uninstall) limewire or just get rid of the virus itself? just making sure I'm clear on what you were asking also please do the following-->First download ewido anti-spyware from HERE and save that file to your desktop.

Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need to run ewido and update the definition files.
On the main screen select the "Update" icon then click "Start Update". The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

Close ewido anti-spyware and reboot your computer into Safe Mode.

Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
Ewido will now begin the scanning process, be patient this may take a little time.
Ewido will list any infections found on the left hand side. When the scan has finished, it should automatically set the recommended action to Quarantine--if not click on Recommended Action and set it there. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Close ewido & post that report in your next reply

Reno8451 · September 2006

Hi jmoney, thanks so much for your reply. Since posting, I ran Spybot S&D and Ad-aware each a few times in Safe mode. And both were clean at least earlier today and the "Project1" error does not now appear when I reboot. However...
As before, when I reboot, my system repeatedly tries to connect to Limewire netork. I've removed the software so it halts when it can't find it, but if I close the error window, it just tries again. Also, I'm getting IE popup windows of unknow origin.
I'd be glad to run the Ewido software but I'm running Windows ME (I know its older than Moses), and that's not gonna work. How about Panda ActiveScan?

jmoney3457 · September 2006

oops my bad sorry reno completely overlooked you had ME

(but yes ME is quite outdated i'd recommend upgrading to XP if possible) but for now yes please do this:Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Reno8451 · September 2006

Hi jmoney. Sorry, I'm replying so late, but somehow my reply wasn't posted or lost. Anyway, here is the Panda Activescan.txt (also attached). "Project1" is back. Sincerely, appreciate your help. :

Incident Status Location

Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{046E2512-03E4-1033--0001}\Update.exe
Adware:Adware/Qoologic Not disinfected C:\WINDOWS\unwn.exe.tcf
Spyware:Cookie/Overture Not disinfected C:\WINDOWS\Cookies\larry@perf.overture[1].txt
Spyware:Cookie/GoClick Not disinfected C:\WINDOWS\Cookies\larry@c.goclick[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\WINDOWS\Cookies\larry@stats1.reliablestats[2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\larry@belnk[1].txt
Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\Cookies\larry@as-us.falkag[1].txt
Spyware:Cookie/WebPower Not disinfected C:\WINDOWS\Cookies\larry@webpower[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Cookies\larry@drivecleaner[2].txt
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\larry@2o7[1].txt
Spyware:Cookie/did-it Not disinfected C:\WINDOWS\Cookies\larry@did-it[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\WINDOWS\Cookies\larry@ccbill[2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\larry@com[1].txt
Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\Cookies\larry@as-eu.falkag[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\larry@burstnet[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\WINDOWS\Cookies\larry@adopt.hbmediapro[1].txt
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\larry@microsofteup.112.2o7[1].txt
Spyware:Cookie/Seeq Not disinfected C:\WINDOWS\Cookies\larry@www48.seeq[1].txt
Spyware:Cookie/Buydomains Not disinfected C:\WINDOWS\Cookies\larry@www47.buydomains[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\WINDOWS\Cookies\larry@searchportal.information[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\WINDOWS\Cookies\larry@i.screensavers[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\WINDOWS\Cookies\larry@ads.addynamix[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\WINDOWS\Cookies\larry@adultfriendfinder[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\WINDOWS\Cookies\larry@trafficmp[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\WINDOWS\Cookies\larry@adrevolver[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\WINDOWS\Cookies\larry@apmebf[2].txt
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\larry@atwola[2].txt
Spyware:Cookie/QkSrv Not disinfected C:\WINDOWS\Cookies\larry@qksrv[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\WINDOWS\Cookies\larry@adrevolver[2].txt
Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Cookies\larry@zedo[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Cookies\larry@stats.drivecleaner[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\larry@www.myaffiliateprogram[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\WINDOWS\Cookies\larry@bluestreak[2].txt
Adware:Adware/Mytoolbar Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\K1EJ8TA3\image01[1].jpg
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\PZ7CYQNH\loader[1].exe
Adware:Adware/ActiveSearch Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\CE4R2GZJ\deskbar[1].exe
Adware:Adware/ISearch Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\OLMT4LQB\installer_9x[1].exe
Potentially unwanted tool:Application/Zango Not disinfected C:\WINDOWS\TEMP\ZangoTBInstaller.exe
Adware:Adware/ISearch Not disinfected C:\WINDOWS\TEMP\cmdinst.exe
Adware:Adware/Mirar Not disinfected C:\WINDOWS\SYSTEM\WinNB57.dll.tcf
Adware:Adware/Qoologic Not disinfected C:\WINDOWS\vxdek.dat
Adware:Adware/Mirar Not disinfected C:\WINDOWS\876056.exe.tcf
Adware:Adware/CommAd Not disinfected C:\WINDOWS\cmd\Ap3vxk3qH.vbs
Adware:Adware/CommAd Not disinfected C:\WINDOWS\cmd\pcQoKdmrZGVZ8.vbs
Adware:Adware/DollarRevenue Not disinfected C:\kybrdff_16.exe
Adware:Adware/DollarRevenue Not disinfected C:\dfndrff_16.exe

jmoney3457 · September 2006

Please run the BitDefender online scan from here; http://www.bitdefender.com/scan8/ie.html
You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Please attach the bdscan.html file to your next post along with a new hijackthis log.

No problem on the late reply we all have real lifes:D

Reno8451 · September 2006

Hi jmoney,
Attached is the bdscan.txt and new hijackthis.txt files.
Thanks. Reno

jmoney3457 · September 2006

whoa! 61 viruses...glad BD deleted them all tho:) next Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove the following...
- J2SE Runtime Environment 5.0 Update 1
- J2SE Runtime Environment 5.0 Update 6 and any other versions of Java you have not listed above
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.

Updating Java and Clearing Cache

1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
2. It will say "Java Plug-in" under the icon.
....Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
3. If you are unable to update you can manually update by going here:
............http://www.java.com/en/download/manual.jsp
4. After the reboot, go back into the Control Panel and double-click the Java Icon.
5. Under Temporary Internet Files, click the Delete Files button.
6. There are three options in the window to clear the cache - Leave ALL 3 Checked
............Downloaded Applets
............Downloaded Applications
............Other Files
7. Click OK on Delete Temporary Files Window
....Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
8. Click OK to leave the Java Control Panel.

Update your Java.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

Close any programmes you may have running, ESPECIALLY your web browser
Click Start > Control Panel.
Click Add/Remove Programs.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.

Then download the latest version of Java Runtime Environment, and install it to your computer.

jmoney3457 · December 2006

While we appreciate that you may be busy, it has been 7 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Spyware & Virus Removal Forum

If you wish this topic reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead

Need Help Removing Project1/Limewire malware[inactive]

Comments