1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

cid pop ups

Discussion in 'Virus & Other Malware Removal' started by sandmock, Sep 23, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. sandmock

    sandmock Thread Starter

    Joined:
    Sep 23, 2008
    Messages:
    19
    Hi could you please help me with the removal of cid pop ups, I have just started getting them. I tried to uninstall ad aware and reinstall a newer version but I get error 1720. problem with windows installer package message. I have tried some other scans and removed toolbars etc but still have the pop ups.

    Thanking you.

    My hijack this log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:51:08, on 23/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\program files\quicktime\QTTask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Date Army Wma Spam] C:\Documents and Settings\All Users\Application Data\Peak ooze date army\Meet Cake.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [HtmSecond] C:\DOCUME~1\janet\APPLIC~1\DEFAUL~1\Bike Style.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) -
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1117559368690
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
    O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147014740671
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - https://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} -
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
    --
    End of file - 11543 bytes
     
  2. jpshortstuff

    jpshortstuff

    Joined:
    Oct 19, 2007
    Messages:
    177
    Hi, and Welcome to TechSupprtGuy :)

    My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.

    Please download ATF Cleaner by Atribune.
    Download - ATF Cleaner»
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

    (If you use FireFox or the Opera browser
    To keep saved passwords, click No at the prompt.)

    It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.


    I need to see another log from HijackThis.
    • Run Hijackthis.
    • Click on Open the Misc Tools section.
    • Next click on Open uninstall manager.
    • Press the Save list button.
    • Save the file to your desktop, with the default name of uninstall_list
    • Copy & Paste the entire contents of that file in your in your next post.
    Thanks.
     
  3. sandmock

    sandmock Thread Starter

    Joined:
    Sep 23, 2008
    Messages:
    19
    Hi thank you for your reply, I have done the ATF cleaner and here is my updated hijackthis log.

    4oD
    7-Zip 4.57
    ABBYY FineReader 5.0 Sprint
    Acrobat.com
    Acrobat.com
    Ad-Aware 2007
    Adobe Flash Player ActiveX
    Ahead Nero Burning ROM
    Apple Mobile Device Support
    Apple Software Update
    AVer Teletext
    AVerTV
    AVG 7.5
    Bookworm Adventures Deluxe 1.0.1.100
    Bookworm Deluxe
    BookWorm Deluxe
    Bookworm Deluxe 1.13
    BroadJump Client Foundation
    Butterfly Escape
    Cake Mania® 3
    Coupon Printer
    Cyber 530/630 USB Driver
    Darwin the Monkey
    Digimax Master
    Disc2Phone
    DivX Codec
    Eyewitness Encyclopedia of Science 2.0
    Family Feud 2
    Google Earth
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Image Resizer Powertoy for Windows XP
    iTunes
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Jewel Quest Solitaire
    Keynote Connector
    Lexmark 1200 Series
    LimeWire 4.16.6
    Logitech Desktop Messenger
    Logitech Print Service
    Logitech QuickCam Software
    Logitech® Camera Driver
    Macromedia Fireworks MX 2004
    Messenger Plus! Live & Sponsor (CiD)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Office XP Standard
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Windows XP Video Decoder Checkup Utility
    Mozilla Firefox (2.0.0.15)
    MSN Winks Plus
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 6.0 Parser (KB933579)
    Musicmatch® Jukebox
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    NVIDIA Display Driver
    P.I.E. Patch
    Panda ActiveScan
    Power2Go 3.0
    PowerDVD
    PowerProducer
    QuickTime
    RealArcade
    RealPlayer
    Rude Roger
    SCRABBLE®
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Sherston Software - 123 CD
    SiL
    Solar System 3D Screensaver 1.2
    Sony Ericsson PC Suite
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920342)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB925876)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    V92 PCI Voice Faxmodem
    Varmintz
    VIA Audio Driver Setup Program
    VIA Rhine-Family Fast Ethernet Adapter
    Virtual Earth 3D (Beta)
    Winamp (remove only)
    Windows Defender
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live installer
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885626
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WinRAR archiver
    World Explorer
     
  4. jpshortstuff

    jpshortstuff

    Joined:
    Oct 19, 2007
    Messages:
    177
    Hi

    LimeWire
    You have LimeWire, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

    References for the risk of these programs can be found in these links:
    http://www.microsoft.com/windows/ie/community/columns/protection.mspx
    http://www.techweb.com/wire/160500554
    http://www.internetworldstats.com/articles/art053.htm
    See Clean/Infected P2P Programs here

    I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    If you wish to keep it, please do not use it until your computer is cleaned.

    There are some more programs that I suggest you uninstall:
    Messenger Plus! Live & Sponsor (CiD) (This program is part of the "CiD" popups you are getting)
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6



    We need to temporarily disable a couple of your security programs so they do not interfere with the fix.

    Open Windows Defender.

    Click on Tools, General Settings.
    Scroll down and uncheck Turn on real-time protection (recommended).
    After you uncheck this, click on the Save button and close Windows Defender.

    After all of the fixes are complete it is very important that you enable Real-time Protection again.

    Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: [​IMG]) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
    When you need to enable the AVG Resident Shield, ( I'll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.


    Download Lop S&D < here

    Double-click Lop S&D.exe
    Choose the language, then choose Option 1 (Search)
    Wait till the end of the scan
    Post the log which is created: (%SystemDrive%\lopR.txt).

    Thanks.
     
  5. sandmock

    sandmock Thread Starter

    Joined:
    Sep 23, 2008
    Messages:
    19
    Hi thanks for your reply. I have uninstalled the files you recommended apart from limewire but I wont use it. Also could you recommend anything else I could use for music in its place.
    ere is my new log.

    --------------------\\ Lop S&D 4.2.4-4 XP/Vista

    "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
    Option : [1] ( 25/09/2008|16:53 )

    --------------------\\ Listing folders in APPLIC~1
    [06/07/2004|20:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Cyberlink
    [05/07/2004|23:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [05/07/2004|23:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [24/01/2007|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [12/07/2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [12/07/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [01/02/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
    [24/09/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
    [20/07/2007|23:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bold Grey Spam Peak
    [16/07/2007|22:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
    [12/01/2008|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Channel4
    [06/07/2004|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [26/01/2007|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Genimo
    [25/03/2007|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [01/02/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [29/07/2006|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HMV
    [01/02/2008|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [11/07/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
    [20/07/2007|23:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [05/07/2004|23:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [31/05/2005|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
    [16/12/2006|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
    [22/09/2008|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
    [03/08/2007|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
    [01/06/2005|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [17/09/2005|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Media
    [29/03/2008|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Peak ooze date army
    [02/08/2006|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    [08/08/2005|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [13/10/2005|21:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
    [02/04/2008|00:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    [23/11/2006|18:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    [09/01/2008|00:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [23/09/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt
    [02/04/2008|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    [30/03/2008|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [22/09/2005|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [10/09/2006|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [08/11/2007|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [05/07/2004|23:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [01/02/2008|08:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
    [02/09/2007|20:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
    [17/08/2005|20:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
    [05/07/2004|23:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [11/07/2005|11:12] C:\DOCUME~1\janet\APPLIC~1\Adobe
    [11/07/2005|11:35] C:\DOCUME~1\janet\APPLIC~1\AdobeUM
    [10/08/2005|21:05] C:\DOCUME~1\janet\APPLIC~1\Ahead
    [12/07/2008|20:24] C:\DOCUME~1\janet\APPLIC~1\Apple Computer
    [01/02/2008|08:13] C:\DOCUME~1\janet\APPLIC~1\AVG7
    [06/07/2004|20:35] C:\DOCUME~1\janet\APPLIC~1\Cyberlink
    [12/08/2007|14:09] C:\DOCUME~1\janet\APPLIC~1\Darwin
    [29/03/2008|11:01] C:\DOCUME~1\janet\APPLIC~1\default global each
    [22/09/2008|12:53] C:\DOCUME~1\janet\APPLIC~1\GameHouse
    [14/08/2005|21:08] C:\DOCUME~1\janet\APPLIC~1\Google
    [19/07/2005|21:51] C:\DOCUME~1\janet\APPLIC~1\Help
    [05/07/2004|23:17] C:\DOCUME~1\janet\APPLIC~1\Identities
    [30/06/2005|21:46] C:\DOCUME~1\janet\APPLIC~1\Incredible Ink
    [17/08/2008|20:12] C:\DOCUME~1\janet\APPLIC~1\Keynote Systems
    [04/08/2007|00:21] C:\DOCUME~1\janet\APPLIC~1\Leadertech
    [21/02/2008|21:32] C:\DOCUME~1\janet\APPLIC~1\LimeWire
    [01/06/2005|13:22] C:\DOCUME~1\janet\APPLIC~1\Macromedia
    [23/11/2007|18:26] C:\DOCUME~1\janet\APPLIC~1\MagicBall3
    [05/07/2004|23:10] C:\DOCUME~1\janet\APPLIC~1\Microsoft
    [14/09/2005|14:53] C:\DOCUME~1\janet\APPLIC~1\Mind Control Software
    [14/11/2007|14:10] C:\DOCUME~1\janet\APPLIC~1\Mozilla
    [31/05/2005|17:55] C:\DOCUME~1\janet\APPLIC~1\MSN6
    [12/06/2005|17:19] C:\DOCUME~1\janet\APPLIC~1\Musicmatch
    [12/10/2005|20:38] C:\DOCUME~1\janet\APPLIC~1\Nokia
    [10/12/2007|20:25] C:\DOCUME~1\janet\APPLIC~1\Nokia 6630 (2)
    [12/10/2005|21:00] C:\DOCUME~1\janet\APPLIC~1\Nokia Multimedia Player
    [30/01/2006|14:15] C:\DOCUME~1\janet\APPLIC~1\Nology
    [22/05/2006|16:19] C:\DOCUME~1\janet\APPLIC~1\PlayFirst
    [22/04/2007|15:55] C:\DOCUME~1\janet\APPLIC~1\Real
    [15/08/2006|14:15] C:\DOCUME~1\janet\APPLIC~1\RealArcade
    [03/08/2007|13:52] C:\DOCUME~1\janet\APPLIC~1\Roxio
    [02/08/2007|22:16] C:\DOCUME~1\janet\APPLIC~1\Sandlot Games
    [21/07/2007|12:04] C:\DOCUME~1\janet\APPLIC~1\Snapfish
    [02/04/2008|00:58] C:\DOCUME~1\janet\APPLIC~1\Sony Ericsson
    [15/10/2005|22:26] C:\DOCUME~1\janet\APPLIC~1\Sun
    [23/09/2008|17:54] C:\DOCUME~1\janet\APPLIC~1\Sunbelt
    [31/05/2005|17:46] C:\DOCUME~1\janet\APPLIC~1\Symantec
    [02/04/2008|12:07] C:\DOCUME~1\janet\APPLIC~1\Teleca
    [20/07/2008|14:46] C:\DOCUME~1\janet\APPLIC~1\uTorrent
    [11/06/2005|10:42] C:\DOCUME~1\janet\APPLIC~1\Wildfire
    [05/03/2008|21:17] C:\DOCUME~1\janet\APPLIC~1\Windows Live Writer
    [31/12/2007|14:12] C:\DOCUME~1\janet\APPLIC~1\WinRAR
    [07/01/2008|01:55] C:\DOCUME~1\janet\APPLIC~1\Yahoo!
    [12/08/2005|21:39] C:\DOCUME~1\callum\APPLIC~1\Ahead
    [06/07/2004|20:35] C:\DOCUME~1\callum\APPLIC~1\Cyberlink
    [16/08/2005|16:01] C:\DOCUME~1\callum\APPLIC~1\Google
    [05/07/2004|23:17] C:\DOCUME~1\callum\APPLIC~1\Identities
    [31/05/2005|20:43] C:\DOCUME~1\callum\APPLIC~1\Macromedia
    [05/07/2004|23:10] C:\DOCUME~1\callum\APPLIC~1\Microsoft
    [31/05/2005|18:25] C:\DOCUME~1\callum\APPLIC~1\MSN6
    [13/12/2005|18:30] C:\DOCUME~1\callum\APPLIC~1\Sun
    [03/09/2006|14:57] C:\DOCUME~1\steven\APPLIC~1\Adobe
    [03/09/2006|14:57] C:\DOCUME~1\steven\APPLIC~1\AdobeUM
    [27/02/2008|17:32] C:\DOCUME~1\steven\APPLIC~1\AVG7
    [06/07/2004|20:35] C:\DOCUME~1\steven\APPLIC~1\Cyberlink
    [06/09/2005|20:44] C:\DOCUME~1\steven\APPLIC~1\Google
    [05/07/2004|23:17] C:\DOCUME~1\steven\APPLIC~1\Identities
    [31/05/2005|21:31] C:\DOCUME~1\steven\APPLIC~1\Macromedia
    [05/07/2004|23:10] C:\DOCUME~1\steven\APPLIC~1\Microsoft
    [31/05/2005|20:57] C:\DOCUME~1\steven\APPLIC~1\MSN6
    [07/09/2006|19:45] C:\DOCUME~1\steven\APPLIC~1\Nokia Multimedia Player
    [25/04/2007|00:45] C:\DOCUME~1\steven\APPLIC~1\Real
    [04/05/2008|12:24] C:\DOCUME~1\steven\APPLIC~1\Sony Ericsson
    [22/06/2006|16:44] C:\DOCUME~1\steven\APPLIC~1\Sun
    [31/05/2005|21:44] C:\DOCUME~1\steven\APPLIC~1\Symantec
    [04/05/2008|12:26] C:\DOCUME~1\steven\APPLIC~1\Teleca
    [12/01/2008|00:48] C:\DOCUME~1\steven\APPLIC~1\Yahoo!
    [02/04/2006|10:56] C:\DOCUME~1\TEMP\APPLIC~1\Adobe
    [02/04/2006|10:56] C:\DOCUME~1\TEMP\APPLIC~1\AdobeUM
    [01/02/2008|09:02] C:\DOCUME~1\TEMP\APPLIC~1\AVG7
    [06/07/2004|20:35] C:\DOCUME~1\TEMP\APPLIC~1\Cyberlink
    [07/05/2006|13:19] C:\DOCUME~1\TEMP\APPLIC~1\default global each
    [05/07/2004|23:17] C:\DOCUME~1\TEMP\APPLIC~1\Identities
    [17/02/2006|20:06] C:\DOCUME~1\TEMP\APPLIC~1\Macromedia
    [05/07/2004|23:10] C:\DOCUME~1\TEMP\APPLIC~1\Microsoft
    [09/04/2008|20:32] C:\DOCUME~1\TEMP\APPLIC~1\Mozilla
    [17/03/2006|17:45] C:\DOCUME~1\TEMP\APPLIC~1\MSN6
    [07/05/2006|13:20] C:\DOCUME~1\TEMP\APPLIC~1\onlineproxy
    [17/02/2006|20:03] C:\DOCUME~1\TEMP\APPLIC~1\PC Suite
    [25/05/2007|11:58] C:\DOCUME~1\TEMP\APPLIC~1\Real
    [09/04/2008|20:30] C:\DOCUME~1\TEMP\APPLIC~1\Sony Ericsson
    [16/05/2006|17:30] C:\DOCUME~1\TEMP\APPLIC~1\Sun
    [24/09/2008|09:57] C:\DOCUME~1\TEMP\APPLIC~1\Sunbelt
    [09/04/2008|20:31] C:\DOCUME~1\TEMP\APPLIC~1\Teleca
    [15/03/2006|17:30] C:\DOCUME~1\TEMP\APPLIC~1\WinPatrol
    [11/02/2008|21:05] C:\DOCUME~1\TEMP\APPLIC~1\WinRAR

    --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
    [25/09/2008 16:41][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
    [25/09/2008 14:00][--ah-----] C:\WINDOWS\tasks\A9B8A27D918F5A39.job
    [13/09/2008 11:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [25/09/2008 16:19][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [29/08/2002 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
    ( A9B8A27D918F5A39.job )=( c:\docume~1\janet\applic~1\defaul~1\cornthetrust.exe )
    --------------------\\ Listing Folders in C:\Program Files
    [31/05/2005|18:44] C:\Program Files\_ArcadeDownloadFolder
    [14/07/2005|00:25] C:\Program Files\5 Spots II
    [31/12/2007|14:11] C:\Program Files\7-Zip
    [05/08/2008|14:18] C:\Program Files\ABBYY FineReader 5.0 Sprint
    [16/07/2007|22:52] C:\Program Files\ABBYY FineReader 6.0
    [11/07/2005|11:08] C:\Program Files\Adobe
    [10/08/2005|20:59] C:\Program Files\Ahead
    [05/01/2006|21:01] C:\Program Files\Alien Stars
    [12/07/2008|20:21] C:\Program Files\Apple Software Update
    [06/07/2004|20:54] C:\Program Files\AVer Teletext
    [06/07/2004|20:53] C:\Program Files\AVerTV2K
    [03/11/2005|18:05] C:\Program Files\BFG
    [24/09/2008|23:55] C:\Program Files\bfgclient
    [14/03/2006|22:21] C:\Program Files\BillP Studios
    [04/01/2006|21:54] C:\Program Files\Bomberman vs Digger
    [24/09/2008|23:56] C:\Program Files\Bookworm Deluxe
    [01/06/2005|00:22] C:\Program Files\BroadJump
    [12/01/2008|21:15] C:\Program Files\Channel4
    [05/07/2004|23:11] C:\Program Files\Common Files
    [05/07/2004|23:14] C:\Program Files\ComPlus Applications
    [25/11/2007|13:08] C:\Program Files\Coupon Printer
    [06/07/2004|20:21] C:\Program Files\CyberLink
    [20/09/2008|17:55] C:\Program Files\default global each
    [25/12/2007|08:43] C:\Program Files\Disc2Phone
    [06/07/2004|20:26] C:\Program Files\DivX
    [13/08/2006|15:53] C:\Program Files\DK Interactive Learning
    [08/08/2005|20:04] C:\Program Files\DK Multimedia
    [23/07/2005|23:53] C:\Program Files\GameHouse
    [14/08/2005|21:08] C:\Program Files\Google
    [01/02/2008|08:11] C:\Program Files\Grisoft
    [05/01/2006|21:52] C:\Program Files\Heavy Weapon
    [23/09/2005|00:16] C:\Program Files\HurricaneSoftware.com
    [26/05/2006|19:39] C:\Program Files\IM Names
    [10/04/2008|01:18] C:\Program Files\IncrediGames
    [22/06/2005|23:37] C:\Program Files\IncrediMail
    [06/07/2004|20:21] C:\Program Files\InstallShield Installation Information
    [05/07/2004|23:15] C:\Program Files\Internet Explorer
    [12/07/2008|20:24] C:\Program Files\iPod
    [12/07/2008|20:24] C:\Program Files\iTunes
    [12/10/2005|21:14] C:\Program Files\Java
    [23/09/2008|16:32] C:\Program Files\Lavasoft
    [23/09/2008|16:00] C:\Program Files\Lavasoft(2)
    [16/07/2007|22:45] C:\Program Files\Lexmark 1200 Series
    [21/02/2008|21:31] C:\Program Files\LimeWire
    [03/06/2005|16:44] C:\Program Files\Logitech
    [27/07/2007|11:58] C:\Program Files\LucasArts
    [11/07/2008|23:06] C:\Program Files\Macromedia
    [07/08/2005|20:47] C:\Program Files\Mahjong Towers Eternity
    [23/09/2005|00:16] C:\Program Files\Mapper
    [05/07/2004|23:14] C:\Program Files\Messenger
    [06/07/2004|21:16] C:\Program Files\Microsoft ActiveSync
    [09/05/2007|17:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [05/07/2004|23:17] C:\Program Files\microsoft frontpage
    [06/07/2004|21:15] C:\Program Files\Microsoft Office
    [01/02/2008|08:26] C:\Program Files\Microsoft Silverlight
    [06/07/2004|21:15] C:\Program Files\Microsoft Visual Studio
    [06/07/2004|21:15] C:\Program Files\Microsoft Works
    [05/07/2004|23:15] C:\Program Files\Movie Maker
    [14/11/2007|14:09] C:\Program Files\Mozilla Firefox
    [01/02/2008|08:24] C:\Program Files\MSBuild
    [05/07/2004|23:14] C:\Program Files\MSN
    [04/06/2005|01:00] C:\Program Files\MSN Content Plus
    [12/06/2005|13:00] C:\Program Files\MSN Games
    [05/07/2004|23:14] C:\Program Files\MSN Gaming Zone
    [14/10/2006|15:02] C:\Program Files\MSXML 4.0
    [01/02/2008|08:17] C:\Program Files\MSXML 6.0
    [06/07/2004|20:32] C:\Program Files\MUSICMATCH
    [17/03/2007|21:54] C:\Program Files\MyABCD
    [05/07/2004|23:15] C:\Program Files\NetMeeting
    [12/10/2005|20:36] C:\Program Files\Nokia
    [23/06/2005|13:11] C:\Program Files\Oberon Media
    [05/07/2004|23:14] C:\Program Files\Online Services
    [05/07/2004|23:15] C:\Program Files\Outlook Express
    [06/07/2006|22:29] C:\Program Files\PIE Patch
    [27/07/2005|11:47] C:\Program Files\PlayFirst
    [07/01/2006|21:05] C:\Program Files\PopCap Games
    [23/09/2005|18:20] C:\Program Files\QuickTime
    [31/05/2005|18:45] C:\Program Files\Real
    [01/02/2008|08:19] C:\Program Files\Reference Assemblies
    [25/06/2005|16:05] C:\Program Files\ReflexiveArcade
    [26/08/2005|20:45] C:\Program Files\roxypalace
    [22/08/2006|10:34] C:\Program Files\Samsung
    [31/05/2005|19:18] C:\Program Files\Sherston Software
    [26/07/2005|18:35] C:\Program Files\Shockwave.com
    [06/09/2005|14:10] C:\Program Files\Solar System 3D Screensaver
    [02/04/2008|00:46] C:\Program Files\Sony Ericsson
    [06/01/2006|15:18] C:\Program Files\Star Defender 2
    [31/01/2007|23:36] C:\Program Files\Sunbelt Software
    [31/05/2005|17:46] C:\Program Files\Symantec
    [07/01/2008|01:38] C:\Program Files\Trend Micro
    [05/07/2004|23:20] C:\Program Files\Uninstall Information
    [20/07/2008|14:46] C:\Program Files\uTorrent
    [06/07/2004|04:37] C:\Program Files\VIA Technologies, Inc
    [14/08/2007|20:26] C:\Program Files\Virgin Media Games
    [16/12/2007|18:54] C:\Program Files\Virtual Earth 3D
    [21/11/2006|21:55] C:\Program Files\Winamp
    [01/02/2008|09:13] C:\Program Files\Windows Defender
    [20/07/2007|23:32] C:\Program Files\Windows Live
    [10/09/2006|18:01] C:\Program Files\Windows Live Toolbar
    [20/07/2005|22:41] C:\Program Files\Windows Media Components
    [11/12/2006|15:46] C:\Program Files\Windows Media Connect 2
    [05/07/2004|23:14] C:\Program Files\Windows Media Player
    [05/07/2004|23:14] C:\Program Files\Windows NT
    [05/07/2004|23:14] C:\Program Files\WindowsUpdate
    [31/12/2007|14:12] C:\Program Files\WinRAR
    [05/07/2004|23:17] C:\Program Files\xerox
    [10/06/2006|14:58] C:\Program Files\Yahoo!
    --------------------\\ Listing Folders in C:\Program Files\Common Files
    [23/09/2005|21:50] C:\Program Files\Common Files\Adobe
    [10/08/2005|20:59] C:\Program Files\Common Files\Ahead
    [12/07/2008|20:20] C:\Program Files\Common Files\Apple
    [06/07/2004|21:16] C:\Program Files\Common Files\DESIGNER
    [06/07/2004|05:16] C:\Program Files\Common Files\InstallShield
    [06/07/2004|21:16] C:\Program Files\Common Files\L&H
    [03/06/2005|16:45] C:\Program Files\Common Files\Logitech
    [11/07/2008|23:07] C:\Program Files\Common Files\Macromedia
    [11/07/2008|23:07] C:\Program Files\Common Files\Macromedia Shared
    [05/07/2004|23:11] C:\Program Files\Common Files\Microsoft Shared
    [02/08/2005|20:34] C:\Program Files\Common Files\MimarSinan
    [05/07/2004|23:15] C:\Program Files\Common Files\MSSoap
    [12/10/2005|20:36] C:\Program Files\Common Files\Nokia
    [31/03/2007|22:58] C:\Program Files\Common Files\Oberon Media
    [05/07/2004|23:11] C:\Program Files\Common Files\ODBC
    [31/05/2005|18:45] C:\Program Files\Common Files\Real
    [07/01/2008|18:51] C:\Program Files\Common Files\Scanner
    [05/07/2004|23:15] C:\Program Files\Common Files\Services
    [02/04/2008|00:46] C:\Program Files\Common Files\Sony Ericsson Shared
    [05/07/2004|23:11] C:\Program Files\Common Files\SpeechEngines
    [31/05/2005|17:46] C:\Program Files\Common Files\Symantec Shared
    [05/07/2004|23:15] C:\Program Files\Common Files\System
    [02/04/2008|00:46] C:\Program Files\Common Files\Teleca Shared
    [08/11/2007|18:14] C:\Program Files\Common Files\WindowsLiveInstaller
    [01/02/2008|09:09] C:\Program Files\Common Files\Wise Installation Wizard
    [31/10/2007|17:57] C:\Program Files\Common Files\xing shared
    --------------------\\ Process
    ( 58 Processes )
    IEXPLORE.EXE ~ [PID:2772]
    IEXPLORE.EXE ~ [PID:3348]
    iexplore.exe ~ [PID:2880]
    --------------------\\ Searching with S_Lop
    C:\DOCUME~1\janet\LOCALS~1\Temp\bis2.exe

    --------------------\\ Searching for Lop Files - Folders
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Peak ooze date army
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Peak ooze date army\Meet Cake.exe
    C:\DOCUME~1\janet\APPLIC~1\defaul~1
    C:\DOCUME~1\janet\APPLIC~1\defaul~1\Bike Style.exe
    C:\DOCUME~1\janet\APPLIC~1\defaul~1\rznoqmfe.exe
    C:\DOCUME~1\janet\APPLIC~1\defaul~1\32 Ante Balm Platform.exe
    C:\DOCUME~1\janet\APPLIC~1\defaul~1\cornthetrust.exe
    C:\DOCUME~1\TEMP\APPLIC~1\defaul~1
    C:\DOCUME~1\TEMP\APPLIC~1\defaul~1\Bike Style.exe
    C:\Program Files\defaul~1
    C:\DOCUME~1\janet\LOCALS~1\Temp\nsy35.tmp
    C:\DOCUME~1\janet\Cookies\[email protected][1].txt
    C:\DOCUME~1\janet\Cookies\[email protected][2].txt
    C:\DOCUME~1\janet\Cookies\[email protected][1].txt
    C:\WINDOWS\Tasks\A9B8A27D918F5A39.job

    --------------------\\ Searching within the Registry
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HtmSecond"="C:\\DOCUME~1\\janet\\APPLIC~1\\DEFAUL~1\\Bike Style.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Date Army Wma Spam"="C:\\Documents and Settings\\All Users\\Application Data\\Peak ooze date army\\Meet Cake.exe"
    --------------------\\ Checking the Hosts file
    Hosts file MODIFIED
    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD
    -> 7854 [ 70 ## added by CiD ]
    /!\ 5 Not 127.0.0.1 !!
    --------------------\\ Searching for hidden files with Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-25 16:56:00
    Windows 5.1.2600 Service Pack 2 FAT NTAPI
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Searching for other infections
    --------------------\\ Suspect ..
    C:\WINDOWS\photo album.zip
    C:\WINDOWS\photo album.zip
    --------------------\\ Cracks & Keygens ..
    C:\DOCUME~1\janet\My Documents\My Music\Oldies - Neil Diamond - Crackling Rose.mp3

    [F:2061][D:27]-> C:\DOCUME~1\janet\LOCALS~1\Temp
    [F:1110][D:0]-> C:\DOCUME~1\janet\Cookies
    [F:3153][D:21]-> C:\DOCUME~1\janet\LOCALS~1\TEMPOR~1\content.IE5
    [F:2][D:0]-> C:\Recycled
    1 - "C:\Lop SD\LopR_1.txt" - 25/09/2008|16:57 - Option : [1]
    --------------------\\ Scan completed at 16:57:30
     
  6. jpshortstuff

    jpshortstuff

    Joined:
    Oct 19, 2007
    Messages:
    177
    Hi

    Please disable Windows Defender and AVG as before.

    Double-click Lop S&D.exe
    Choose the language, then choose Option 2 (Fix + Hosts)
    Wait till the end of the scan
    Post the log which is created: (%SystemDrive%\lopR.txt)

    Thanks.
     
  7. sandmock

    sandmock Thread Starter

    Joined:
    Sep 23, 2008
    Messages:
    19
    Hi Here is the new log


    --------------------\\ Lop S&D 4.2.4-4 XP/Vista

    "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
    Option : [2] ( 25/09/2008|22:13 )

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX
    Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Peak ooze date army\Meet Cake.exe
    Deleted! - C:\DOCUME~1\janet\APPLIC~1\defaul~1\Bike Style.exe
    Deleted! - C:\DOCUME~1\janet\APPLIC~1\defaul~1\rznoqmfe.exe
    Deleted! - C:\DOCUME~1\janet\APPLIC~1\defaul~1\32 Ante Balm Platform.exe
    Deleted! - C:\DOCUME~1\janet\APPLIC~1\defaul~1\cornthetrust.exe
    Deleted! - C:\DOCUME~1\TEMP\APPLIC~1\defaul~1\Bike Style.exe
    Deleted! - C:\DOCUME~1\janet\LOCALS~1\Temp\nsy35.tmp
    Deleted! - C:\DOCUME~1\janet\Cookies\[email protected][1].txt
    Deleted! - C:\DOCUME~1\janet\Cookies\[email protected][2].txt
    Deleted! - C:\DOCUME~1\janet\Cookies\[email protected][1].txt
    Deleted! - C:\WINDOWS\Tasks\A9B8A27D918F5A39.job
    Deleted! - C:\DOCUME~1\janet\LOCALS~1\Temp\bis2.exe
    Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Peak ooze date army
    Deleted! - C:\DOCUME~1\janet\APPLIC~1\defaul~1
    Deleted! - C:\DOCUME~1\TEMP\APPLIC~1\defaul~1
    Deleted! - C:\Program Files\defaul~1
    -
    [ Hosts file ] .. Restored!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing folders in APPLIC~1
    [06/07/2004|20:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Cyberlink
    [05/07/2004|23:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [05/07/2004|23:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [24/01/2007|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [12/07/2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [12/07/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [01/02/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
    [24/09/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
    [20/07/2007|23:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bold Grey Spam Peak
    [16/07/2007|22:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
    [12/01/2008|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Channel4
    [06/07/2004|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [26/01/2007|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Genimo
    [25/03/2007|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [01/02/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [29/07/2006|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HMV
    [01/02/2008|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [11/07/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
    [20/07/2007|23:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [05/07/2004|23:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [31/05/2005|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
    [16/12/2006|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
    [22/09/2008|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
    [03/08/2007|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
    [01/06/2005|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [17/09/2005|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Media
    [02/08/2006|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    [08/08/2005|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [13/10/2005|21:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
    [02/04/2008|00:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    [23/11/2006|18:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    [09/01/2008|00:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [23/09/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt
    [02/04/2008|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    [30/03/2008|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [22/09/2005|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [10/09/2006|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [08/11/2007|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [05/07/2004|23:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [01/02/2008|08:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
    [02/09/2007|20:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
    [17/08/2005|20:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
    [05/07/2004|23:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [11/07/2005|11:12] C:\DOCUME~1\janet\APPLIC~1\Adobe
    [11/07/2005|11:35] C:\DOCUME~1\janet\APPLIC~1\AdobeUM
    [10/08/2005|21:05] C:\DOCUME~1\janet\APPLIC~1\Ahead
    [12/07/2008|20:24] C:\DOCUME~1\janet\APPLIC~1\Apple Computer
    [01/02/2008|08:13] C:\DOCUME~1\janet\APPLIC~1\AVG7
    [06/07/2004|20:35] C:\DOCUME~1\janet\APPLIC~1\Cyberlink
    [12/08/2007|14:09] C:\DOCUME~1\janet\APPLIC~1\Darwin
    [22/09/2008|12:53] C:\DOCUME~1\janet\APPLIC~1\GameHouse
    [14/08/2005|21:08] C:\DOCUME~1\janet\APPLIC~1\Google
    [19/07/2005|21:51] C:\DOCUME~1\janet\APPLIC~1\Help
    [05/07/2004|23:17] C:\DOCUME~1\janet\APPLIC~1\Identities
    [30/06/2005|21:46] C:\DOCUME~1\janet\APPLIC~1\Incredible Ink
    [17/08/2008|20:12] C:\DOCUME~1\janet\APPLIC~1\Keynote Systems
    [04/08/2007|00:21] C:\DOCUME~1\janet\APPLIC~1\Leadertech
    [21/02/2008|21:32] C:\DOCUME~1\janet\APPLIC~1\LimeWire
    [01/06/2005|13:22] C:\DOCUME~1\janet\APPLIC~1\Macromedia
    [23/11/2007|18:26] C:\DOCUME~1\janet\APPLIC~1\MagicBall3
    [05/07/2004|23:10] C:\DOCUME~1\janet\APPLIC~1\Microsoft
    [14/09/2005|14:53] C:\DOCUME~1\janet\APPLIC~1\Mind Control Software
    [14/11/2007|14:10] C:\DOCUME~1\janet\APPLIC~1\Mozilla
    [31/05/2005|17:55] C:\DOCUME~1\janet\APPLIC~1\MSN6
    [12/06/2005|17:19] C:\DOCUME~1\janet\APPLIC~1\Musicmatch
    [12/10/2005|20:38] C:\DOCUME~1\janet\APPLIC~1\Nokia
    [10/12/2007|20:25] C:\DOCUME~1\janet\APPLIC~1\Nokia 6630 (2)
    [12/10/2005|21:00] C:\DOCUME~1\janet\APPLIC~1\Nokia Multimedia Player
    [30/01/2006|14:15] C:\DOCUME~1\janet\APPLIC~1\Nology
    [22/05/2006|16:19] C:\DOCUME~1\janet\APPLIC~1\PlayFirst
    [22/04/2007|15:55] C:\DOCUME~1\janet\APPLIC~1\Real
    [15/08/2006|14:15] C:\DOCUME~1\janet\APPLIC~1\RealArcade
    [03/08/2007|13:52] C:\DOCUME~1\janet\APPLIC~1\Roxio
    [02/08/2007|22:16] C:\DOCUME~1\janet\APPLIC~1\Sandlot Games
    [21/07/2007|12:04] C:\DOCUME~1\janet\APPLIC~1\Snapfish
    [02/04/2008|00:58] C:\DOCUME~1\janet\APPLIC~1\Sony Ericsson
    [15/10/2005|22:26] C:\DOCUME~1\janet\APPLIC~1\Sun
    [23/09/2008|17:54] C:\DOCUME~1\janet\APPLIC~1\Sunbelt
    [31/05/2005|17:46] C:\DOCUME~1\janet\APPLIC~1\Symantec
    [02/04/2008|12:07] C:\DOCUME~1\janet\APPLIC~1\Teleca
    [20/07/2008|14:46] C:\DOCUME~1\janet\APPLIC~1\uTorrent
    [11/06/2005|10:42] C:\DOCUME~1\janet\APPLIC~1\Wildfire
    [05/03/2008|21:17] C:\DOCUME~1\janet\APPLIC~1\Windows Live Writer
    [31/12/2007|14:12] C:\DOCUME~1\janet\APPLIC~1\WinRAR
    [07/01/2008|01:55] C:\DOCUME~1\janet\APPLIC~1\Yahoo!
    [12/08/2005|21:39] C:\DOCUME~1\callum\APPLIC~1\Ahead
    [06/07/2004|20:35] C:\DOCUME~1\callum\APPLIC~1\Cyberlink
    [16/08/2005|16:01] C:\DOCUME~1\callum\APPLIC~1\Google
    [05/07/2004|23:17] C:\DOCUME~1\callum\APPLIC~1\Identities
    [31/05/2005|20:43] C:\DOCUME~1\callum\APPLIC~1\Macromedia
    [05/07/2004|23:10] C:\DOCUME~1\callum\APPLIC~1\Microsoft
    [31/05/2005|18:25] C:\DOCUME~1\callum\APPLIC~1\MSN6
    [13/12/2005|18:30] C:\DOCUME~1\callum\APPLIC~1\Sun
    [03/09/2006|14:57] C:\DOCUME~1\steven\APPLIC~1\Adobe
    [03/09/2006|14:57] C:\DOCUME~1\steven\APPLIC~1\AdobeUM
    [27/02/2008|17:32] C:\DOCUME~1\steven\APPLIC~1\AVG7
    [06/07/2004|20:35] C:\DOCUME~1\steven\APPLIC~1\Cyberlink
    [06/09/2005|20:44] C:\DOCUME~1\steven\APPLIC~1\Google
    [05/07/2004|23:17] C:\DOCUME~1\steven\APPLIC~1\Identities
    [31/05/2005|21:31] C:\DOCUME~1\steven\APPLIC~1\Macromedia
    [05/07/2004|23:10] C:\DOCUME~1\steven\APPLIC~1\Microsoft
    [31/05/2005|20:57] C:\DOCUME~1\steven\APPLIC~1\MSN6
    [07/09/2006|19:45] C:\DOCUME~1\steven\APPLIC~1\Nokia Multimedia Player
    [25/04/2007|00:45] C:\DOCUME~1\steven\APPLIC~1\Real
    [04/05/2008|12:24] C:\DOCUME~1\steven\APPLIC~1\Sony Ericsson
    [22/06/2006|16:44] C:\DOCUME~1\steven\APPLIC~1\Sun
    [31/05/2005|21:44] C:\DOCUME~1\steven\APPLIC~1\Symantec
    [04/05/2008|12:26] C:\DOCUME~1\steven\APPLIC~1\Teleca
    [12/01/2008|00:48] C:\DOCUME~1\steven\APPLIC~1\Yahoo!
    [02/04/2006|10:56] C:\DOCUME~1\TEMP\APPLIC~1\Adobe
    [02/04/2006|10:56] C:\DOCUME~1\TEMP\APPLIC~1\AdobeUM
    [01/02/2008|09:02] C:\DOCUME~1\TEMP\APPLIC~1\AVG7
    [06/07/2004|20:35] C:\DOCUME~1\TEMP\APPLIC~1\Cyberlink
    [05/07/2004|23:17] C:\DOCUME~1\TEMP\APPLIC~1\Identities
    [17/02/2006|20:06] C:\DOCUME~1\TEMP\APPLIC~1\Macromedia
    [05/07/2004|23:10] C:\DOCUME~1\TEMP\APPLIC~1\Microsoft
    [09/04/2008|20:32] C:\DOCUME~1\TEMP\APPLIC~1\Mozilla
    [17/03/2006|17:45] C:\DOCUME~1\TEMP\APPLIC~1\MSN6
    [07/05/2006|13:20] C:\DOCUME~1\TEMP\APPLIC~1\onlineproxy
    [17/02/2006|20:03] C:\DOCUME~1\TEMP\APPLIC~1\PC Suite
    [25/05/2007|11:58] C:\DOCUME~1\TEMP\APPLIC~1\Real
    [09/04/2008|20:30] C:\DOCUME~1\TEMP\APPLIC~1\Sony Ericsson
    [16/05/2006|17:30] C:\DOCUME~1\TEMP\APPLIC~1\Sun
    [24/09/2008|09:57] C:\DOCUME~1\TEMP\APPLIC~1\Sunbelt
    [09/04/2008|20:31] C:\DOCUME~1\TEMP\APPLIC~1\Teleca
    [15/03/2006|17:30] C:\DOCUME~1\TEMP\APPLIC~1\WinPatrol
    [11/02/2008|21:05] C:\DOCUME~1\TEMP\APPLIC~1\WinRAR

    --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
    [25/09/2008 22:06][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
    [13/09/2008 11:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [25/09/2008 21:45][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [29/08/2002 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
    --------------------\\ Listing Folders in C:\Program Files
    [31/05/2005|18:44] C:\Program Files\_ArcadeDownloadFolder
    [14/07/2005|00:25] C:\Program Files\5 Spots II
    [31/12/2007|14:11] C:\Program Files\7-Zip
    [05/08/2008|14:18] C:\Program Files\ABBYY FineReader 5.0 Sprint
    [16/07/2007|22:52] C:\Program Files\ABBYY FineReader 6.0
    [11/07/2005|11:08] C:\Program Files\Adobe
    [10/08/2005|20:59] C:\Program Files\Ahead
    [05/01/2006|21:01] C:\Program Files\Alien Stars
    [12/07/2008|20:21] C:\Program Files\Apple Software Update
    [06/07/2004|20:54] C:\Program Files\AVer Teletext
    [06/07/2004|20:53] C:\Program Files\AVerTV2K
    [03/11/2005|18:05] C:\Program Files\BFG
    [24/09/2008|23:55] C:\Program Files\bfgclient
    [14/03/2006|22:21] C:\Program Files\BillP Studios
    [04/01/2006|21:54] C:\Program Files\Bomberman vs Digger
    [24/09/2008|23:56] C:\Program Files\Bookworm Deluxe
    [01/06/2005|00:22] C:\Program Files\BroadJump
    [12/01/2008|21:15] C:\Program Files\Channel4
    [05/07/2004|23:11] C:\Program Files\Common Files
    [05/07/2004|23:14] C:\Program Files\ComPlus Applications
    [25/11/2007|13:08] C:\Program Files\Coupon Printer
    [06/07/2004|20:21] C:\Program Files\CyberLink
    [25/12/2007|08:43] C:\Program Files\Disc2Phone
    [06/07/2004|20:26] C:\Program Files\DivX
    [13/08/2006|15:53] C:\Program Files\DK Interactive Learning
    [08/08/2005|20:04] C:\Program Files\DK Multimedia
    [23/07/2005|23:53] C:\Program Files\GameHouse
    [14/08/2005|21:08] C:\Program Files\Google
    [01/02/2008|08:11] C:\Program Files\Grisoft
    [05/01/2006|21:52] C:\Program Files\Heavy Weapon
    [23/09/2005|00:16] C:\Program Files\HurricaneSoftware.com
    [26/05/2006|19:39] C:\Program Files\IM Names
    [10/04/2008|01:18] C:\Program Files\IncrediGames
    [22/06/2005|23:37] C:\Program Files\IncrediMail
    [06/07/2004|20:21] C:\Program Files\InstallShield Installation Information
    [05/07/2004|23:15] C:\Program Files\Internet Explorer
    [12/07/2008|20:24] C:\Program Files\iPod
    [12/07/2008|20:24] C:\Program Files\iTunes
    [12/10/2005|21:14] C:\Program Files\Java
    [23/09/2008|16:32] C:\Program Files\Lavasoft
    [23/09/2008|16:00] C:\Program Files\Lavasoft(2)
    [16/07/2007|22:45] C:\Program Files\Lexmark 1200 Series
    [21/02/2008|21:31] C:\Program Files\LimeWire
    [03/06/2005|16:44] C:\Program Files\Logitech
    [27/07/2007|11:58] C:\Program Files\LucasArts
    [11/07/2008|23:06] C:\Program Files\Macromedia
    [07/08/2005|20:47] C:\Program Files\Mahjong Towers Eternity
    [23/09/2005|00:16] C:\Program Files\Mapper
    [05/07/2004|23:14] C:\Program Files\Messenger
    [06/07/2004|21:16] C:\Program Files\Microsoft ActiveSync
    [09/05/2007|17:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [05/07/2004|23:17] C:\Program Files\microsoft frontpage
    [06/07/2004|21:15] C:\Program Files\Microsoft Office
    [01/02/2008|08:26] C:\Program Files\Microsoft Silverlight
    [06/07/2004|21:15] C:\Program Files\Microsoft Visual Studio
    [06/07/2004|21:15] C:\Program Files\Microsoft Works
    [05/07/2004|23:15] C:\Program Files\Movie Maker
    [14/11/2007|14:09] C:\Program Files\Mozilla Firefox
    [01/02/2008|08:24] C:\Program Files\MSBuild
    [05/07/2004|23:14] C:\Program Files\MSN
    [04/06/2005|01:00] C:\Program Files\MSN Content Plus
    [12/06/2005|13:00] C:\Program Files\MSN Games
    [05/07/2004|23:14] C:\Program Files\MSN Gaming Zone
    [14/10/2006|15:02] C:\Program Files\MSXML 4.0
    [01/02/2008|08:17] C:\Program Files\MSXML 6.0
    [06/07/2004|20:32] C:\Program Files\MUSICMATCH
    [17/03/2007|21:54] C:\Program Files\MyABCD
    [05/07/2004|23:15] C:\Program Files\NetMeeting
    [12/10/2005|20:36] C:\Program Files\Nokia
    [23/06/2005|13:11] C:\Program Files\Oberon Media
    [05/07/2004|23:14] C:\Program Files\Online Services
    [05/07/2004|23:15] C:\Program Files\Outlook Express
    [06/07/2006|22:29] C:\Program Files\PIE Patch
    [27/07/2005|11:47] C:\Program Files\PlayFirst
    [07/01/2006|21:05] C:\Program Files\PopCap Games
    [23/09/2005|18:20] C:\Program Files\QuickTime
    [31/05/2005|18:45] C:\Program Files\Real
    [01/02/2008|08:19] C:\Program Files\Reference Assemblies
    [25/06/2005|16:05] C:\Program Files\ReflexiveArcade
    [26/08/2005|20:45] C:\Program Files\roxypalace
    [22/08/2006|10:34] C:\Program Files\Samsung
    [31/05/2005|19:18] C:\Program Files\Sherston Software
    [26/07/2005|18:35] C:\Program Files\Shockwave.com
    [06/09/2005|14:10] C:\Program Files\Solar System 3D Screensaver
    [02/04/2008|00:46] C:\Program Files\Sony Ericsson
    [06/01/2006|15:18] C:\Program Files\Star Defender 2
    [31/01/2007|23:36] C:\Program Files\Sunbelt Software
    [31/05/2005|17:46] C:\Program Files\Symantec
    [07/01/2008|01:38] C:\Program Files\Trend Micro
    [05/07/2004|23:20] C:\Program Files\Uninstall Information
    [20/07/2008|14:46] C:\Program Files\uTorrent
    [06/07/2004|04:37] C:\Program Files\VIA Technologies, Inc
    [14/08/2007|20:26] C:\Program Files\Virgin Media Games
    [16/12/2007|18:54] C:\Program Files\Virtual Earth 3D
    [21/11/2006|21:55] C:\Program Files\Winamp
    [01/02/2008|09:13] C:\Program Files\Windows Defender
    [20/07/2007|23:32] C:\Program Files\Windows Live
    [10/09/2006|18:01] C:\Program Files\Windows Live Toolbar
    [20/07/2005|22:41] C:\Program Files\Windows Media Components
    [11/12/2006|15:46] C:\Program Files\Windows Media Connect 2
    [05/07/2004|23:14] C:\Program Files\Windows Media Player
    [05/07/2004|23:14] C:\Program Files\Windows NT
    [05/07/2004|23:14] C:\Program Files\WindowsUpdate
    [31/12/2007|14:12] C:\Program Files\WinRAR
    [05/07/2004|23:17] C:\Program Files\xerox
    [10/06/2006|14:58] C:\Program Files\Yahoo!
    --------------------\\ Listing Folders in C:\Program Files\Common Files
    [23/09/2005|21:50] C:\Program Files\Common Files\Adobe
    [10/08/2005|20:59] C:\Program Files\Common Files\Ahead
    [12/07/2008|20:20] C:\Program Files\Common Files\Apple
    [06/07/2004|21:16] C:\Program Files\Common Files\DESIGNER
    [06/07/2004|05:16] C:\Program Files\Common Files\InstallShield
    [06/07/2004|21:16] C:\Program Files\Common Files\L&H
    [03/06/2005|16:45] C:\Program Files\Common Files\Logitech
    [11/07/2008|23:07] C:\Program Files\Common Files\Macromedia
    [11/07/2008|23:07] C:\Program Files\Common Files\Macromedia Shared
    [05/07/2004|23:11] C:\Program Files\Common Files\Microsoft Shared
    [02/08/2005|20:34] C:\Program Files\Common Files\MimarSinan
    [05/07/2004|23:15] C:\Program Files\Common Files\MSSoap
    [12/10/2005|20:36] C:\Program Files\Common Files\Nokia
    [31/03/2007|22:58] C:\Program Files\Common Files\Oberon Media
    [05/07/2004|23:11] C:\Program Files\Common Files\ODBC
    [31/05/2005|18:45] C:\Program Files\Common Files\Real
    [07/01/2008|18:51] C:\Program Files\Common Files\Scanner
    [05/07/2004|23:15] C:\Program Files\Common Files\Services
    [02/04/2008|00:46] C:\Program Files\Common Files\Sony Ericsson Shared
    [05/07/2004|23:11] C:\Program Files\Common Files\SpeechEngines
    [31/05/2005|17:46] C:\Program Files\Common Files\Symantec Shared
    [05/07/2004|23:15] C:\Program Files\Common Files\System
    [02/04/2008|00:46] C:\Program Files\Common Files\Teleca Shared
    [08/11/2007|18:14] C:\Program Files\Common Files\WindowsLiveInstaller
    [01/02/2008|09:09] C:\Program Files\Common Files\Wise Installation Wizard
    [31/10/2007|17:57] C:\Program Files\Common Files\xing shared
    --------------------\\ Process
    ( 53 Processes )
    ... OK !
    --------------------\\ Searching with S_Lop
    No Lop folder found !

    --------------------\\ Searching for Lop Files - Folders
    C:\DOCUME~1\janet\Cookies\[email protected][3].txt

    --------------------\\ Searching within the Registry

    ..... OK !
    --------------------\\ Checking the Hosts file
    Hosts file CLEAN

    --------------------\\ Searching for hidden files with Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-25 22:15:06
    Windows 5.1.2600 Service Pack 2 FAT NTAPI
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Searching for other infections
    --------------------\\ Suspect ..
    C:\WINDOWS\photo album.zip
    C:\WINDOWS\photo album.zip
    --------------------\\ Cracks & Keygens ..
    C:\DOCUME~1\janet\My Documents\My Music\Oldies - Neil Diamond - Crackling Rose.mp3

    [F:2056][D:26]-> C:\DOCUME~1\janet\LOCALS~1\Temp
    [F:1119][D:0]-> C:\DOCUME~1\janet\Cookies
    [F:3833][D:21]-> C:\DOCUME~1\janet\LOCALS~1\TEMPOR~1\content.IE5
    [F:2][D:0]-> C:\Recycled
    1 - "C:\Lop SD\LopR_1.txt" - 25/09/2008|16:57 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 25/09/2008|22:16 - Option : [2]
    --------------------\\ Scan completed at 22:16:30


    Thanks
     
  8. jpshortstuff

    jpshortstuff

    Joined:
    Oct 19, 2007
    Messages:
    177
    Hi

    Select the entire area below, then right-click and choose Copy
    Restart Lop S&D
    Choose Option 4 (LopScript)
    A blank page will be opened, right-click it and choose Paste
    Close the page, you'll be asked to save it, click [Save]
    Don't close the windows during suppression!
    Post the log which is created: (%SystemDrive%\lopR.txt).


    Installing Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop.
    • Close any programs you may have running - especially any web browsers.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u7-windowsi586.exe to install the newest version.

    Please go to Kaspersky website and perform an online antivirus scan.
    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.

    Please also post a new HijackThis log in your next reply.

    Thanks.
     
  9. sandmock

    sandmock Thread Starter

    Joined:
    Sep 23, 2008
    Messages:
    19
    Hi I have done the scans you advised, here is the new logs.


    --------------------\\ Lop S&D 4.2.4-4 XP/Vista

    "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
    Option : [4] ( 26/09/2008|20:55 )
    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bold Grey Spam Peak
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX
    ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache -> does not exist !
    ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bold Grey Spam Peak -> does not exist !
    ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! -> does not exist !

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing folders in APPLIC~1
    [06/07/2004|20:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Cyberlink
    [05/07/2004|23:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [05/07/2004|23:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [24/01/2007|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [12/07/2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [12/07/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [01/02/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
    [16/07/2007|22:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
    [12/01/2008|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Channel4
    [06/07/2004|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [26/01/2007|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Genimo
    [25/03/2007|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [01/02/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [29/07/2006|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HMV
    [01/02/2008|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [11/07/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
    [05/07/2004|23:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [31/05/2005|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
    [16/12/2006|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
    [22/09/2008|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
    [03/08/2007|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
    [01/06/2005|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [17/09/2005|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Media
    [02/08/2006|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    [08/08/2005|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [13/10/2005|21:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
    [02/04/2008|00:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    [23/11/2006|18:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    [09/01/2008|00:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [23/09/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt
    [02/04/2008|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    [30/03/2008|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [22/09/2005|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [10/09/2006|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [08/11/2007|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [05/07/2004|23:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [01/02/2008|08:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
    [02/09/2007|20:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
    [17/08/2005|20:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
    [05/07/2004|23:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [11/07/2005|11:12] C:\DOCUME~1\janet\APPLIC~1\Adobe
    [11/07/2005|11:35] C:\DOCUME~1\janet\APPLIC~1\AdobeUM
    [10/08/2005|21:05] C:\DOCUME~1\janet\APPLIC~1\Ahead
    [12/07/2008|20:24] C:\DOCUME~1\janet\APPLIC~1\Apple Computer
    [01/02/2008|08:13] C:\DOCUME~1\janet\APPLIC~1\AVG7
    [06/07/2004|20:35] C:\DOCUME~1\janet\APPLIC~1\Cyberlink
    [12/08/2007|14:09] C:\DOCUME~1\janet\APPLIC~1\Darwin
    [22/09/2008|12:53] C:\DOCUME~1\janet\APPLIC~1\GameHouse
    [14/08/2005|21:08] C:\DOCUME~1\janet\APPLIC~1\Google
    [19/07/2005|21:51] C:\DOCUME~1\janet\APPLIC~1\Help
    [05/07/2004|23:17] C:\DOCUME~1\janet\APPLIC~1\Identities
    [30/06/2005|21:46] C:\DOCUME~1\janet\APPLIC~1\Incredible Ink
    [17/08/2008|20:12] C:\DOCUME~1\janet\APPLIC~1\Keynote Systems
    [04/08/2007|00:21] C:\DOCUME~1\janet\APPLIC~1\Leadertech
    [21/02/2008|21:32] C:\DOCUME~1\janet\APPLIC~1\LimeWire
    [01/06/2005|13:22] C:\DOCUME~1\janet\APPLIC~1\Macromedia
    [23/11/2007|18:26] C:\DOCUME~1\janet\APPLIC~1\MagicBall3
    [05/07/2004|23:10] C:\DOCUME~1\janet\APPLIC~1\Microsoft
    [14/09/2005|14:53] C:\DOCUME~1\janet\APPLIC~1\Mind Control Software
    [14/11/2007|14:10] C:\DOCUME~1\janet\APPLIC~1\Mozilla
    [31/05/2005|17:55] C:\DOCUME~1\janet\APPLIC~1\MSN6
    [12/06/2005|17:19] C:\DOCUME~1\janet\APPLIC~1\Musicmatch
    [12/10/2005|20:38] C:\DOCUME~1\janet\APPLIC~1\Nokia
    [10/12/2007|20:25] C:\DOCUME~1\janet\APPLIC~1\Nokia 6630 (2)
    [12/10/2005|21:00] C:\DOCUME~1\janet\APPLIC~1\Nokia Multimedia Player
    [30/01/2006|14:15] C:\DOCUME~1\janet\APPLIC~1\Nology
    [22/05/2006|16:19] C:\DOCUME~1\janet\APPLIC~1\PlayFirst
    [22/04/2007|15:55] C:\DOCUME~1\janet\APPLIC~1\Real
    [15/08/2006|14:15] C:\DOCUME~1\janet\APPLIC~1\RealArcade
    [03/08/2007|13:52] C:\DOCUME~1\janet\APPLIC~1\Roxio
    [02/08/2007|22:16] C:\DOCUME~1\janet\APPLIC~1\Sandlot Games
    [21/07/2007|12:04] C:\DOCUME~1\janet\APPLIC~1\Snapfish
    [02/04/2008|00:58] C:\DOCUME~1\janet\APPLIC~1\Sony Ericsson
    [15/10/2005|22:26] C:\DOCUME~1\janet\APPLIC~1\Sun
    [23/09/2008|17:54] C:\DOCUME~1\janet\APPLIC~1\Sunbelt
    [31/05/2005|17:46] C:\DOCUME~1\janet\APPLIC~1\Symantec
    [02/04/2008|12:07] C:\DOCUME~1\janet\APPLIC~1\Teleca
    [20/07/2008|14:46] C:\DOCUME~1\janet\APPLIC~1\uTorrent
    [11/06/2005|10:42] C:\DOCUME~1\janet\APPLIC~1\Wildfire
    [05/03/2008|21:17] C:\DOCUME~1\janet\APPLIC~1\Windows Live Writer
    [31/12/2007|14:12] C:\DOCUME~1\janet\APPLIC~1\WinRAR
    [07/01/2008|01:55] C:\DOCUME~1\janet\APPLIC~1\Yahoo!
    [12/08/2005|21:39] C:\DOCUME~1\callum\APPLIC~1\Ahead
    [06/07/2004|20:35] C:\DOCUME~1\callum\APPLIC~1\Cyberlink
    [16/08/2005|16:01] C:\DOCUME~1\callum\APPLIC~1\Google
    [05/07/2004|23:17] C:\DOCUME~1\callum\APPLIC~1\Identities
    [31/05/2005|20:43] C:\DOCUME~1\callum\APPLIC~1\Macromedia
    [05/07/2004|23:10] C:\DOCUME~1\callum\APPLIC~1\Microsoft
    [31/05/2005|18:25] C:\DOCUME~1\callum\APPLIC~1\MSN6
    [13/12/2005|18:30] C:\DOCUME~1\callum\APPLIC~1\Sun
    [03/09/2006|14:57] C:\DOCUME~1\steven\APPLIC~1\Adobe
    [03/09/2006|14:57] C:\DOCUME~1\steven\APPLIC~1\AdobeUM
    [27/02/2008|17:32] C:\DOCUME~1\steven\APPLIC~1\AVG7
    [06/07/2004|20:35] C:\DOCUME~1\steven\APPLIC~1\Cyberlink
    [06/09/2005|20:44] C:\DOCUME~1\steven\APPLIC~1\Google
    [05/07/2004|23:17] C:\DOCUME~1\steven\APPLIC~1\Identities
    [31/05/2005|21:31] C:\DOCUME~1\steven\APPLIC~1\Macromedia
    [05/07/2004|23:10] C:\DOCUME~1\steven\APPLIC~1\Microsoft
    [31/05/2005|20:57] C:\DOCUME~1\steven\APPLIC~1\MSN6
    [07/09/2006|19:45] C:\DOCUME~1\steven\APPLIC~1\Nokia Multimedia Player
    [25/04/2007|00:45] C:\DOCUME~1\steven\APPLIC~1\Real
    [04/05/2008|12:24] C:\DOCUME~1\steven\APPLIC~1\Sony Ericsson
    [22/06/2006|16:44] C:\DOCUME~1\steven\APPLIC~1\Sun
    [31/05/2005|21:44] C:\DOCUME~1\steven\APPLIC~1\Symantec
    [04/05/2008|12:26] C:\DOCUME~1\steven\APPLIC~1\Teleca
    [12/01/2008|00:48] C:\DOCUME~1\steven\APPLIC~1\Yahoo!
    [02/04/2006|10:56] C:\DOCUME~1\TEMP\APPLIC~1\Adobe
    [02/04/2006|10:56] C:\DOCUME~1\TEMP\APPLIC~1\AdobeUM
    [01/02/2008|09:02] C:\DOCUME~1\TEMP\APPLIC~1\AVG7
    [06/07/2004|20:35] C:\DOCUME~1\TEMP\APPLIC~1\Cyberlink
    [05/07/2004|23:17] C:\DOCUME~1\TEMP\APPLIC~1\Identities
    [17/02/2006|20:06] C:\DOCUME~1\TEMP\APPLIC~1\Macromedia
    [05/07/2004|23:10] C:\DOCUME~1\TEMP\APPLIC~1\Microsoft
    [09/04/2008|20:32] C:\DOCUME~1\TEMP\APPLIC~1\Mozilla
    [17/03/2006|17:45] C:\DOCUME~1\TEMP\APPLIC~1\MSN6
    [07/05/2006|13:20] C:\DOCUME~1\TEMP\APPLIC~1\onlineproxy
    [17/02/2006|20:03] C:\DOCUME~1\TEMP\APPLIC~1\PC Suite
    [25/05/2007|11:58] C:\DOCUME~1\TEMP\APPLIC~1\Real
    [09/04/2008|20:30] C:\DOCUME~1\TEMP\APPLIC~1\Sony Ericsson
    [16/05/2006|17:30] C:\DOCUME~1\TEMP\APPLIC~1\Sun
    [24/09/2008|09:57] C:\DOCUME~1\TEMP\APPLIC~1\Sunbelt
    [09/04/2008|20:31] C:\DOCUME~1\TEMP\APPLIC~1\Teleca
    [15/03/2006|17:30] C:\DOCUME~1\TEMP\APPLIC~1\WinPatrol
    [11/02/2008|21:05] C:\DOCUME~1\TEMP\APPLIC~1\WinRAR

    --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
    [26/09/2008 14:19][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
    [13/09/2008 11:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [26/09/2008 13:58][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [29/08/2002 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
    --------------------\\ Listing Folders in C:\Program Files
    [31/05/2005|18:44] C:\Program Files\_ArcadeDownloadFolder
    [14/07/2005|00:25] C:\Program Files\5 Spots II
    [31/12/2007|14:11] C:\Program Files\7-Zip
    [05/08/2008|14:18] C:\Program Files\ABBYY FineReader 5.0 Sprint
    [16/07/2007|22:52] C:\Program Files\ABBYY FineReader 6.0
    [11/07/2005|11:08] C:\Program Files\Adobe
    [10/08/2005|20:59] C:\Program Files\Ahead
    [05/01/2006|21:01] C:\Program Files\Alien Stars
    [12/07/2008|20:21] C:\Program Files\Apple Software Update
    [06/07/2004|20:54] C:\Program Files\AVer Teletext
    [06/07/2004|20:53] C:\Program Files\AVerTV2K
    [03/11/2005|18:05] C:\Program Files\BFG
    [24/09/2008|23:55] C:\Program Files\bfgclient
    [14/03/2006|22:21] C:\Program Files\BillP Studios
    [04/01/2006|21:54] C:\Program Files\Bomberman vs Digger
    [24/09/2008|23:56] C:\Program Files\Bookworm Deluxe
    [01/06/2005|00:22] C:\Program Files\BroadJump
    [12/01/2008|21:15] C:\Program Files\Channel4
    [05/07/2004|23:11] C:\Program Files\Common Files
    [05/07/2004|23:14] C:\Program Files\ComPlus Applications
    [25/11/2007|13:08] C:\Program Files\Coupon Printer
    [06/07/2004|20:21] C:\Program Files\CyberLink
    [25/12/2007|08:43] C:\Program Files\Disc2Phone
    [06/07/2004|20:26] C:\Program Files\DivX
    [13/08/2006|15:53] C:\Program Files\DK Interactive Learning
    [08/08/2005|20:04] C:\Program Files\DK Multimedia
    [23/07/2005|23:53] C:\Program Files\GameHouse
    [14/08/2005|21:08] C:\Program Files\Google
    [01/02/2008|08:11] C:\Program Files\Grisoft
    [05/01/2006|21:52] C:\Program Files\Heavy Weapon
    [23/09/2005|00:16] C:\Program Files\HurricaneSoftware.com
    [26/05/2006|19:39] C:\Program Files\IM Names
    [10/04/2008|01:18] C:\Program Files\IncrediGames
    [22/06/2005|23:37] C:\Program Files\IncrediMail
    [06/07/2004|20:21] C:\Program Files\InstallShield Installation Information
    [05/07/2004|23:15] C:\Program Files\Internet Explorer
    [12/07/2008|20:24] C:\Program Files\iPod
    [12/07/2008|20:24] C:\Program Files\iTunes
    [12/10/2005|21:14] C:\Program Files\Java
    [23/09/2008|16:32] C:\Program Files\Lavasoft
    [23/09/2008|16:00] C:\Program Files\Lavasoft(2)
    [16/07/2007|22:45] C:\Program Files\Lexmark 1200 Series
    [21/02/2008|21:31] C:\Program Files\LimeWire
    [03/06/2005|16:44] C:\Program Files\Logitech
    [27/07/2007|11:58] C:\Program Files\LucasArts
    [11/07/2008|23:06] C:\Program Files\Macromedia
    [07/08/2005|20:47] C:\Program Files\Mahjong Towers Eternity
    [23/09/2005|00:16] C:\Program Files\Mapper
    [05/07/2004|23:14] C:\Program Files\Messenger
    [06/07/2004|21:16] C:\Program Files\Microsoft ActiveSync
    [09/05/2007|17:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [05/07/2004|23:17] C:\Program Files\microsoft frontpage
    [06/07/2004|21:15] C:\Program Files\Microsoft Office
    [01/02/2008|08:26] C:\Program Files\Microsoft Silverlight
    [06/07/2004|21:15] C:\Program Files\Microsoft Visual Studio
    [06/07/2004|21:15] C:\Program Files\Microsoft Works
    [05/07/2004|23:15] C:\Program Files\Movie Maker
    [14/11/2007|14:09] C:\Program Files\Mozilla Firefox
    [01/02/2008|08:24] C:\Program Files\MSBuild
    [05/07/2004|23:14] C:\Program Files\MSN
    [04/06/2005|01:00] C:\Program Files\MSN Content Plus
    [12/06/2005|13:00] C:\Program Files\MSN Games
    [05/07/2004|23:14] C:\Program Files\MSN Gaming Zone
    [14/10/2006|15:02] C:\Program Files\MSXML 4.0
    [01/02/2008|08:17] C:\Program Files\MSXML 6.0
    [06/07/2004|20:32] C:\Program Files\MUSICMATCH
    [17/03/2007|21:54] C:\Program Files\MyABCD
    [05/07/2004|23:15] C:\Program Files\NetMeeting
    [12/10/2005|20:36] C:\Program Files\Nokia
    [23/06/2005|13:11] C:\Program Files\Oberon Media
    [05/07/2004|23:14] C:\Program Files\Online Services
    [05/07/2004|23:15] C:\Program Files\Outlook Express
    [06/07/2006|22:29] C:\Program Files\PIE Patch
    [27/07/2005|11:47] C:\Program Files\PlayFirst
    [07/01/2006|21:05] C:\Program Files\PopCap Games
    [23/09/2005|18:20] C:\Program Files\QuickTime
    [31/05/2005|18:45] C:\Program Files\Real
    [01/02/2008|08:19] C:\Program Files\Reference Assemblies
    [25/06/2005|16:05] C:\Program Files\ReflexiveArcade
    [26/08/2005|20:45] C:\Program Files\roxypalace
    [22/08/2006|10:34] C:\Program Files\Samsung
    [31/05/2005|19:18] C:\Program Files\Sherston Software
    [26/07/2005|18:35] C:\Program Files\Shockwave.com
    [06/09/2005|14:10] C:\Program Files\Solar System 3D Screensaver
    [02/04/2008|00:46] C:\Program Files\Sony Ericsson
    [06/01/2006|15:18] C:\Program Files\Star Defender 2
    [31/01/2007|23:36] C:\Program Files\Sunbelt Software
    [31/05/2005|17:46] C:\Program Files\Symantec
    [07/01/2008|01:38] C:\Program Files\Trend Micro
    [05/07/2004|23:20] C:\Program Files\Uninstall Information
    [20/07/2008|14:46] C:\Program Files\uTorrent
    [06/07/2004|04:37] C:\Program Files\VIA Technologies, Inc
    [14/08/2007|20:26] C:\Program Files\Virgin Media Games
    [16/12/2007|18:54] C:\Program Files\Virtual Earth 3D
    [21/11/2006|21:55] C:\Program Files\Winamp
    [01/02/2008|09:13] C:\Program Files\Windows Defender
    [20/07/2007|23:32] C:\Program Files\Windows Live
    [10/09/2006|18:01] C:\Program Files\Windows Live Toolbar
    [20/07/2005|22:41] C:\Program Files\Windows Media Components
    [11/12/2006|15:46] C:\Program Files\Windows Media Connect 2
    [05/07/2004|23:14] C:\Program Files\Windows Media Player
    [05/07/2004|23:14] C:\Program Files\Windows NT
    [05/07/2004|23:14] C:\Program Files\WindowsUpdate
    [31/12/2007|14:12] C:\Program Files\WinRAR
    [05/07/2004|23:17] C:\Program Files\xerox
    [10/06/2006|14:58] C:\Program Files\Yahoo!
    --------------------\\ Listing Folders in C:\Program Files\Common Files
    [23/09/2005|21:50] C:\Program Files\Common Files\Adobe
    [10/08/2005|20:59] C:\Program Files\Common Files\Ahead
    [12/07/2008|20:20] C:\Program Files\Common Files\Apple
    [06/07/2004|21:16] C:\Program Files\Common Files\DESIGNER
    [06/07/2004|05:16] C:\Program Files\Common Files\InstallShield
    [26/09/2008|14:12] C:\Program Files\Common Files\Java
    [06/07/2004|21:16] C:\Program Files\Common Files\L&H
    [03/06/2005|16:45] C:\Program Files\Common Files\Logitech
    [11/07/2008|23:07] C:\Program Files\Common Files\Macromedia
    [11/07/2008|23:07] C:\Program Files\Common Files\Macromedia Shared
    [05/07/2004|23:11] C:\Program Files\Common Files\Microsoft Shared
    [02/08/2005|20:34] C:\Program Files\Common Files\MimarSinan
    [05/07/2004|23:15] C:\Program Files\Common Files\MSSoap
    [12/10/2005|20:36] C:\Program Files\Common Files\Nokia
    [31/03/2007|22:58] C:\Program Files\Common Files\Oberon Media
    [05/07/2004|23:11] C:\Program Files\Common Files\ODBC
    [31/05/2005|18:45] C:\Program Files\Common Files\Real
    [07/01/2008|18:51] C:\Program Files\Common Files\Scanner
    [05/07/2004|23:15] C:\Program Files\Common Files\Services
    [02/04/2008|00:46] C:\Program Files\Common Files\Sony Ericsson Shared
    [05/07/2004|23:11] C:\Program Files\Common Files\SpeechEngines
    [31/05/2005|17:46] C:\Program Files\Common Files\Symantec Shared
    [05/07/2004|23:15] C:\Program Files\Common Files\System
    [02/04/2008|00:46] C:\Program Files\Common Files\Teleca Shared
    [08/11/2007|18:14] C:\Program Files\Common Files\WindowsLiveInstaller
    [01/02/2008|09:09] C:\Program Files\Common Files\Wise Installation Wizard
    [31/10/2007|17:57] C:\Program Files\Common Files\xing shared
    --------------------\\ Process
    ( 54 Processes )
    ... OK !
    --------------------\\ Searching with S_Lop
    No Lop folder found !

    --------------------\\ Searching for Lop Files - Folders
    No Lop folder found !

    --------------------\\ Searching within the Registry

    ..... OK !
    --------------------\\ Checking the Hosts file
    Hosts file CLEAN

    --------------------\\ Searching for hidden files with Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-26 20:57:50
    Windows 5.1.2600 Service Pack 2 FAT NTAPI
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Searching for other infections
    --------------------\\ Suspect ..
    C:\WINDOWS\photo album.zip
    C:\WINDOWS\photo album.zip
    --------------------\\ Cracks & Keygens ..
    C:\DOCUME~1\janet\My Documents\My Music\Oldies - Neil Diamond - Crackling Rose.mp3

    [F:2881][D:36]-> C:\DOCUME~1\janet\LOCALS~1\Temp
    [F:1141][D:0]-> C:\DOCUME~1\janet\Cookies
    [F:5035][D:21]-> C:\DOCUME~1\janet\LOCALS~1\TEMPOR~1\content.IE5
    [F:2][D:0]-> C:\Recycled
    1 - "C:\Lop SD\LopR_1.txt" - 25/09/2008|16:57 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 25/09/2008|22:16 - Option : [2]
    3 - "C:\Lop SD\LopR_3.txt" - 26/09/2008|13:26 - Option : [4]
    4 - "C:\Lop SD\LopR_4.txt" - 26/09/2008|20:59 - Option : [4]
    --------------------\\ Scan completed at 20:59:10




    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Friday, September 26, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Friday, September 26, 2008 12:56:05
    Records in database: 1263204
    --------------------------------------------------------------------------------
    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes
    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    Scan statistics:
    Files scanned: 185111
    Threat name: 9
    Infected objects: 60
    Suspicious objects: 0
    Duration of the scan: 06:02:18

    File name / Threat name / Threats count
    C:\WINDOWS\Downloaded Program Files\imloader.exe Infected: not-a-virus:Downloader.Win32.ImLoader.g 1
    C:\Documents and Settings\janet\My Documents\My Music\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.k 1
    C:\Documents and Settings\janet\My Documents\My Music\Top of Charts - 2005.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
    C:\Documents and Settings\janet\My Documents\My Music\Wicked Remix.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
    C:\Documents and Settings\janet\My Documents\My Music\TOTALLY HIP TRACK.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
    C:\Documents and Settings\janet\My Documents\My Music\Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\scouting for girls elvis aint.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\sally cinamon stone rose.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\your pretty good looking white.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\mad indian dance music.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\Hollywood Blvd - Japanese Boy 2000.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\aggro enemy.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\Zutons - Always Right Behind You.wma Infected: Trojan-Downloader.WMA.GetCodec.b 1
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\local boy in photograph.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\ghetto gosbel 2pac(1).mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\ghetto gosbel 2pac.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\kendoon diss part 3.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\David Bowie - Hunky Dory.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1
    C:\Documents and Settings\janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-6b000e3a.zip Infected: Exploit.Java.Gimsh.a 1
    C:\Documents and Settings\janet\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-54b85417 Infected: Exploit.Java.Gimsh.a 1
    C:\Documents and Settings\janet\Shared\nirvarna.wm Infected: Trojan-Downloader.WMA.Wimad.m 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP317\A0045972.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP318\A0045981.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP318\A0045989.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP319\A0046004.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP319\A0046009.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP319\A0046034.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP320\A0047034.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP322\A0047052.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP327\A0047380.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP328\A0047401.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP328\A0048401.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP330\A0048405.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP330\A0048414.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP330\A0048438.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP331\A0048459.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP331\A0048470.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP332\A0048474.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP332\A0048501.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP333\A0048505.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP333\A0048518.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP333\A0048528.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP333\A0048540.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP334\A0048550.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP334\A0048566.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP334\A0048575.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP337\A0048887.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP337\A0048898.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP337\A0048902.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP337\A0048903.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP337\A0048904.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP337\A0048905.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP337\A0048906.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\Peak ooze date army\Meet Cake.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\Lop SD\Backup-Lop\DOCUME~1\janet\APPLIC~1\DEFAUL~1\Bike Style.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\Lop SD\Backup-Lop\DOCUME~1\janet\APPLIC~1\DEFAUL~1\rznoqmfe.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\Lop SD\Backup-Lop\DOCUME~1\janet\APPLIC~1\DEFAUL~1\32 Ante Balm Platform.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\Lop SD\Backup-Lop\DOCUME~1\janet\APPLIC~1\DEFAUL~1\cornthetrust.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\Lop SD\Backup-Lop\DOCUME~1\janet\LOCALS~1\Temp\bis2.exe Infected: Trojan.Win32.Obfuscated.gen 1
    C:\Lop SD\Backup-Lop\DOCUME~1\TEMP\APPLIC~1\DEFAUL~1\Bike Style.exe Infected: Trojan.Win32.Obfuscated.gen 1
    The selected area was scanned.

    Hijackthis log on next page
     
  10. sandmock

    sandmock Thread Starter

    Joined:
    Sep 23, 2008
    Messages:
    19
    Hijackthis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:05:05, on 26/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\program files\quicktime\QTTask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\System32\LVComsX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\Notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) -
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1117559368690
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
    O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147014740671
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - https://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} -
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
    --
    End of file - 11444 bytes


    Thanks
     
  11. jpshortstuff

    jpshortstuff

    Joined:
    Oct 19, 2007
    Messages:
    177
    Hi

    As you can see from the Kaspersky scan, some of the music that you have downloaded contains infections. Again, since you use Limewire, this isn't surprising. Since you don't want to get rid of Limewire, I urge you to scan everything you download with AVG and/or an AntiSpyware program.


    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      C:\WINDOWS\photo album.zip
      C:\WINDOWS\Downloaded Program Files\imloader.exe
      C:\Documents and Settings\janet\My Documents\My Music\03 Track 3.wma
      C:\Documents and Settings\janet\My Documents\My Music\Top of Charts - 2005.wma
      C:\Documents and Settings\janet\My Documents\My Music\Wicked Remix.wma
      C:\Documents and Settings\janet\My Documents\My Music\TOTALLY HIP TRACK.wma
      C:\Documents and Settings\janet\My Documents\My Music\Rare Recording.wma
      C:\Documents and Settings\janet\My Documents\LimeWire\Saved\scouting for girls elvis aint.mp3
      C:\Documents and Settings\janet\My Documents\LimeWire\Saved\sally cinamon stone rose.mp3
      C:\Documents and Settings\janet\My Documents\LimeWire\Saved\your pretty good looking white.mp3
      C:\Documents and Settings\janet\My Documents\LimeWire\Saved\mad indian dance music.mp3
      C:\Documents and Settings\janet\My Documents\LimeWire\Saved\Hollywood Blvd - Japanese Boy 2000.mp3
      C:\Documents and Settings\janet\My Documents\LimeWire\Saved\aggro enemy.mp3
      C:\Documents and Settings\janet\My Documents\LimeWire\Saved\Zutons - Always Right Behind You.wma
      C:\Documents and Settings\janet\My Documents\LimeWire\Saved\local boy in photograph.mp3
      C:\Documents and Settings\janet\My Documents\LimeWire\Saved\ghetto gosbel 2pac(1).mp3
      C:\Documents and Settings\janet\My Documents\LimeWire\Saved\ghetto gosbel 2pac.mp3
      C:\Documents and Settings\janet\My Documents\LimeWire\Saved\kendoon diss part 3.mp3
      C:\Documents and Settings\janet\My Documents\LimeWire\Saved\David Bowie - Hunky Dory.mp3
    • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt2

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


    Open HijackThis. Hit Do A System Scan Only. Place a check next to the following items (if present):
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
    O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} -


    Close all browsers and windows except for HijackThis and click Fix Checked.

    Please run ATFCleaner again, as before. Reboot your computer and then post a new HijackThis log. Also, please give a detailed description of how your computer is running and behaving at the moment, listing any remaining problems.

    Another question: are you connecting to the internet via an Router or similar?

    Thanks.
     
  12. sandmock

    sandmock Thread Starter

    Joined:
    Sep 23, 2008
    Messages:
    19
    Hi 02moveit log

    C:\WINDOWS\photo album.zip moved successfully.
    C:\WINDOWS\Downloaded Program Files\imloader.exe moved successfully.
    C:\Documents and Settings\janet\My Documents\My Music\03 Track 3.wma moved successfully.
    C:\Documents and Settings\janet\My Documents\My Music\Top of Charts - 2005.wma moved successfully.
    C:\Documents and Settings\janet\My Documents\My Music\Wicked Remix.wma moved successfully.
    C:\Documents and Settings\janet\My Documents\My Music\TOTALLY HIP TRACK.wma moved successfully.
    C:\Documents and Settings\janet\My Documents\My Music\Rare Recording.wma moved successfully.
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\scouting for girls elvis aint.mp3 moved successfully.
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\sally cinamon stone rose.mp3 moved successfully.
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\your pretty good looking white.mp3 moved successfully.
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\mad indian dance music.mp3 moved successfully.
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\Hollywood Blvd - Japanese Boy 2000.mp3 moved successfully.
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\aggro enemy.mp3 moved successfully.
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\Zutons - Always Right Behind You.wma moved successfully.
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\local boy in photograph.mp3 moved successfully.
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\ghetto gosbel 2pac(1).mp3 moved successfully.
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\ghetto gosbel 2pac.mp3 moved successfully.
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\kendoon diss part 3.mp3 moved successfully.
    C:\Documents and Settings\janet\My Documents\LimeWire\Saved\David Bowie - Hunky Dory.mp3 moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09272008_134610


    Hijackthis log in next post

    Thanks
     
  13. sandmock

    sandmock Thread Starter

    Joined:
    Sep 23, 2008
    Messages:
    19
    Hi I have done the ATF cleaner and have a new hijackthis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:08:36, on 27/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\program files\quicktime\QTTask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) -
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1117559368690
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147014740671
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - https://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} -
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
    --
    End of file - 11124 bytes


    Since I rebooted after the ATF cleaner the computer has been going really fast (compared to how it was running previously) I have not noticed any other problems.
    I connect to the internet via a modem

    Thanks.
     
  14. sandmock

    sandmock Thread Starter

    Joined:
    Sep 23, 2008
    Messages:
    19
    Sorry I forgot to add in the last post another problem I still have, when I tried to remove adaware 2007 to update it I get an error message and cant remove it. I have had this problem with some programmes in the past.

    Thanks.
     
  15. jpshortstuff

    jpshortstuff

    Joined:
    Oct 19, 2007
    Messages:
    177
    Hi

    Are you an Administrator? If so, what is the exact error message you get when you try to uninstall Ad-Aware?

    The best procedure for uninstalling is to log in as an Administrator, then go to Start >> Control Panel >> Add/Remove Programs and then click Remove next to Ad-Aware 2007. If this doesn't work, try again in safe mode. If still no luck let me know what the error message is and I'll see if I can find a solution.


    You don't appear to be running any third party Firewall software

    Install a firewall! Without a firewall you are very susceptible to being hacked, and people could gain access to your computer. If you don't have a firewall I strongly recommend you download ONE of the following:

    1) Comodo
    2) Agnitum
    3) Sunbelt/Kerio


    You can fix these items in HijackThis:
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} -
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -



    You need to upgrade to Windows XP Service Pack 3. Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install Windows XP - Service Pack 3.

    Any other problems, apart from the Ad-Aware problem? Please post a new HijackThis log as well, to make sure there is no more malware.

    Thanks.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/752717

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice