cid pop ups

sandmock · Sep 23, 2008

Hi could you please help me with the removal of cid pop ups, I have just started getting them. I tried to uninstall ad aware and reinstall a newer version but I get error 1720. problem with windows installer package message. I have tried some other scans and removed toolbars etc but still have the pop ups.

Thanking you.

My hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:08, on 23/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\program files\quicktime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Date Army Wma Spam] C:\Documents and Settings\All Users\Application Data\Peak ooze date army\Meet Cake.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [HtmSecond] C:\DOCUME~1\janet\APPLIC~1\DEFAUL~1\Bike Style.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1117559368690
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147014740671
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - https://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
--
End of file - 11543 bytes

jpshortstuff · Sep 24, 2008

Hi, and Welcome to TechSupprtGuy

My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

The fixes are specific to your problem and should only be used for the issues on this machine.

Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

It's often worth reading through these instructions and printing them for ease of reference.

If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

Please reply to this thread. Do not start a new topic.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

I need to see another log from HijackThis.

Run Hijackthis.

Click on Open the Misc Tools section.

Next click on Open uninstall manager.

Press the Save list button.

Save the file to your desktop, with the default name of uninstall_list

Copy & Paste the entire contents of that file in your in your next post.

Thanks.

sandmock · Sep 24, 2008

Hi thank you for your reply, I have done the ATF cleaner and here is my updated hijackthis log.

4oD
7-Zip 4.57
ABBYY FineReader 5.0 Sprint
Acrobat.com
Acrobat.com
Ad-Aware 2007
Adobe Flash Player ActiveX
Ahead Nero Burning ROM
Apple Mobile Device Support
Apple Software Update
AVer Teletext
AVerTV
AVG 7.5
Bookworm Adventures Deluxe 1.0.1.100
Bookworm Deluxe
BookWorm Deluxe
Bookworm Deluxe 1.13
BroadJump Client Foundation
Butterfly Escape
Cake Mania® 3
Coupon Printer
Cyber 530/630 USB Driver
Darwin the Monkey
Digimax Master
Disc2Phone
DivX Codec
Eyewitness Encyclopedia of Science 2.0
Family Feud 2
Google Earth
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Image Resizer Powertoy for Windows XP
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Jewel Quest Solitaire
Keynote Connector
Lexmark 1200 Series
LimeWire 4.16.6
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Fireworks MX 2004
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office XP Standard
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows XP Video Decoder Checkup Utility
Mozilla Firefox (2.0.0.15)
MSN Winks Plus
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Display Driver
P.I.E. Patch
Panda ActiveScan
Power2Go 3.0
PowerDVD
PowerProducer
QuickTime
RealArcade
RealPlayer
Rude Roger
SCRABBLE®
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Sherston Software - 123 CD
SiL
Solar System 3D Screensaver 1.2
Sony Ericsson PC Suite
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
V92 PCI Voice Faxmodem
Varmintz
VIA Audio Driver Setup Program
VIA Rhine-Family Fast Ethernet Adapter
Virtual Earth 3D (Beta)
Winamp (remove only)
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
World Explorer

jpshortstuff · Sep 25, 2008

Hi

LimeWire
You have LimeWire, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs here

I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

There are some more programs that I suggest you uninstall:
Messenger Plus! Live & Sponsor (CiD) (This program is part of the "CiD" popups you are getting)
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6

We need to temporarily disable a couple of your security programs so they do not interfere with the fix.

Open Windows Defender.

Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

After all of the fixes are complete it is very important that you enable Real-time Protection again.

Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, ( I'll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt).

Thanks.

sandmock · Sep 25, 2008

Hi thanks for your reply. I have uninstalled the files you recommended apart from limewire but I wont use it. Also could you recommend anything else I could use for music in its place.
ere is my new log.

--------------------\\ Lop S&D 4.2.4-4 XP/Vista

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( 25/09/2008|16:53 )

--------------------\\ Listing folders in APPLIC~1
[06/07/2004|20:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Cyberlink
[05/07/2004|23:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[05/07/2004|23:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[24/01/2007|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/07/2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[12/07/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/02/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[24/09/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
[20/07/2007|23:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bold Grey Spam Peak
[16/07/2007|22:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[12/01/2008|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Channel4
[06/07/2004|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[26/01/2007|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Genimo
[25/03/2007|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/02/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[29/07/2006|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HMV
[01/02/2008|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[11/07/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[20/07/2007|23:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[05/07/2004|23:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31/05/2005|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[16/12/2006|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[22/09/2008|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
[03/08/2007|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
[01/06/2005|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[17/09/2005|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Media
[29/03/2008|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Peak ooze date army
[02/08/2006|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[08/08/2005|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[13/10/2005|21:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[02/04/2008|00:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[23/11/2006|18:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
[09/01/2008|00:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[23/09/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt
[02/04/2008|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[30/03/2008|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[22/09/2005|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[10/09/2006|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[08/11/2007|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[05/07/2004|23:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[01/02/2008|08:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[02/09/2007|20:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[17/08/2005|20:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[05/07/2004|23:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[11/07/2005|11:12] C:\DOCUME~1\janet\APPLIC~1\Adobe
[11/07/2005|11:35] C:\DOCUME~1\janet\APPLIC~1\AdobeUM
[10/08/2005|21:05] C:\DOCUME~1\janet\APPLIC~1\Ahead
[12/07/2008|20:24] C:\DOCUME~1\janet\APPLIC~1\Apple Computer
[01/02/2008|08:13] C:\DOCUME~1\janet\APPLIC~1\AVG7
[06/07/2004|20:35] C:\DOCUME~1\janet\APPLIC~1\Cyberlink
[12/08/2007|14:09] C:\DOCUME~1\janet\APPLIC~1\Darwin
[29/03/2008|11:01] C:\DOCUME~1\janet\APPLIC~1\default global each
[22/09/2008|12:53] C:\DOCUME~1\janet\APPLIC~1\GameHouse
[14/08/2005|21:08] C:\DOCUME~1\janet\APPLIC~1\Google
[19/07/2005|21:51] C:\DOCUME~1\janet\APPLIC~1\Help
[05/07/2004|23:17] C:\DOCUME~1\janet\APPLIC~1\Identities
[30/06/2005|21:46] C:\DOCUME~1\janet\APPLIC~1\Incredible Ink
[17/08/2008|20:12] C:\DOCUME~1\janet\APPLIC~1\Keynote Systems
[04/08/2007|00:21] C:\DOCUME~1\janet\APPLIC~1\Leadertech
[21/02/2008|21:32] C:\DOCUME~1\janet\APPLIC~1\LimeWire
[01/06/2005|13:22] C:\DOCUME~1\janet\APPLIC~1\Macromedia
[23/11/2007|18:26] C:\DOCUME~1\janet\APPLIC~1\MagicBall3
[05/07/2004|23:10] C:\DOCUME~1\janet\APPLIC~1\Microsoft
[14/09/2005|14:53] C:\DOCUME~1\janet\APPLIC~1\Mind Control Software
[14/11/2007|14:10] C:\DOCUME~1\janet\APPLIC~1\Mozilla
[31/05/2005|17:55] C:\DOCUME~1\janet\APPLIC~1\MSN6
[12/06/2005|17:19] C:\DOCUME~1\janet\APPLIC~1\Musicmatch
[12/10/2005|20:38] C:\DOCUME~1\janet\APPLIC~1\Nokia
[10/12/2007|20:25] C:\DOCUME~1\janet\APPLIC~1\Nokia 6630 (2)
[12/10/2005|21:00] C:\DOCUME~1\janet\APPLIC~1\Nokia Multimedia Player
[30/01/2006|14:15] C:\DOCUME~1\janet\APPLIC~1\Nology
[22/05/2006|16:19] C:\DOCUME~1\janet\APPLIC~1\PlayFirst
[22/04/2007|15:55] C:\DOCUME~1\janet\APPLIC~1\Real
[15/08/2006|14:15] C:\DOCUME~1\janet\APPLIC~1\RealArcade
[03/08/2007|13:52] C:\DOCUME~1\janet\APPLIC~1\Roxio
[02/08/2007|22:16] C:\DOCUME~1\janet\APPLIC~1\Sandlot Games
[21/07/2007|12:04] C:\DOCUME~1\janet\APPLIC~1\Snapfish
[02/04/2008|00:58] C:\DOCUME~1\janet\APPLIC~1\Sony Ericsson
[15/10/2005|22:26] C:\DOCUME~1\janet\APPLIC~1\Sun
[23/09/2008|17:54] C:\DOCUME~1\janet\APPLIC~1\Sunbelt
[31/05/2005|17:46] C:\DOCUME~1\janet\APPLIC~1\Symantec
[02/04/2008|12:07] C:\DOCUME~1\janet\APPLIC~1\Teleca
[20/07/2008|14:46] C:\DOCUME~1\janet\APPLIC~1\uTorrent
[11/06/2005|10:42] C:\DOCUME~1\janet\APPLIC~1\Wildfire
[05/03/2008|21:17] C:\DOCUME~1\janet\APPLIC~1\Windows Live Writer
[31/12/2007|14:12] C:\DOCUME~1\janet\APPLIC~1\WinRAR
[07/01/2008|01:55] C:\DOCUME~1\janet\APPLIC~1\Yahoo!
[12/08/2005|21:39] C:\DOCUME~1\callum\APPLIC~1\Ahead
[06/07/2004|20:35] C:\DOCUME~1\callum\APPLIC~1\Cyberlink
[16/08/2005|16:01] C:\DOCUME~1\callum\APPLIC~1\Google
[05/07/2004|23:17] C:\DOCUME~1\callum\APPLIC~1\Identities
[31/05/2005|20:43] C:\DOCUME~1\callum\APPLIC~1\Macromedia
[05/07/2004|23:10] C:\DOCUME~1\callum\APPLIC~1\Microsoft
[31/05/2005|18:25] C:\DOCUME~1\callum\APPLIC~1\MSN6
[13/12/2005|18:30] C:\DOCUME~1\callum\APPLIC~1\Sun
[03/09/2006|14:57] C:\DOCUME~1\steven\APPLIC~1\Adobe
[03/09/2006|14:57] C:\DOCUME~1\steven\APPLIC~1\AdobeUM
[27/02/2008|17:32] C:\DOCUME~1\steven\APPLIC~1\AVG7
[06/07/2004|20:35] C:\DOCUME~1\steven\APPLIC~1\Cyberlink
[06/09/2005|20:44] C:\DOCUME~1\steven\APPLIC~1\Google
[05/07/2004|23:17] C:\DOCUME~1\steven\APPLIC~1\Identities
[31/05/2005|21:31] C:\DOCUME~1\steven\APPLIC~1\Macromedia
[05/07/2004|23:10] C:\DOCUME~1\steven\APPLIC~1\Microsoft
[31/05/2005|20:57] C:\DOCUME~1\steven\APPLIC~1\MSN6
[07/09/2006|19:45] C:\DOCUME~1\steven\APPLIC~1\Nokia Multimedia Player
[25/04/2007|00:45] C:\DOCUME~1\steven\APPLIC~1\Real
[04/05/2008|12:24] C:\DOCUME~1\steven\APPLIC~1\Sony Ericsson
[22/06/2006|16:44] C:\DOCUME~1\steven\APPLIC~1\Sun
[31/05/2005|21:44] C:\DOCUME~1\steven\APPLIC~1\Symantec
[04/05/2008|12:26] C:\DOCUME~1\steven\APPLIC~1\Teleca
[12/01/2008|00:48] C:\DOCUME~1\steven\APPLIC~1\Yahoo!
[02/04/2006|10:56] C:\DOCUME~1\TEMP\APPLIC~1\Adobe
[02/04/2006|10:56] C:\DOCUME~1\TEMP\APPLIC~1\AdobeUM
[01/02/2008|09:02] C:\DOCUME~1\TEMP\APPLIC~1\AVG7
[06/07/2004|20:35] C:\DOCUME~1\TEMP\APPLIC~1\Cyberlink
[07/05/2006|13:19] C:\DOCUME~1\TEMP\APPLIC~1\default global each
[05/07/2004|23:17] C:\DOCUME~1\TEMP\APPLIC~1\Identities
[17/02/2006|20:06] C:\DOCUME~1\TEMP\APPLIC~1\Macromedia
[05/07/2004|23:10] C:\DOCUME~1\TEMP\APPLIC~1\Microsoft
[09/04/2008|20:32] C:\DOCUME~1\TEMP\APPLIC~1\Mozilla
[17/03/2006|17:45] C:\DOCUME~1\TEMP\APPLIC~1\MSN6
[07/05/2006|13:20] C:\DOCUME~1\TEMP\APPLIC~1\onlineproxy
[17/02/2006|20:03] C:\DOCUME~1\TEMP\APPLIC~1\PC Suite
[25/05/2007|11:58] C:\DOCUME~1\TEMP\APPLIC~1\Real
[09/04/2008|20:30] C:\DOCUME~1\TEMP\APPLIC~1\Sony Ericsson
[16/05/2006|17:30] C:\DOCUME~1\TEMP\APPLIC~1\Sun
[24/09/2008|09:57] C:\DOCUME~1\TEMP\APPLIC~1\Sunbelt
[09/04/2008|20:31] C:\DOCUME~1\TEMP\APPLIC~1\Teleca
[15/03/2006|17:30] C:\DOCUME~1\TEMP\APPLIC~1\WinPatrol
[11/02/2008|21:05] C:\DOCUME~1\TEMP\APPLIC~1\WinRAR

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[25/09/2008 16:41][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[25/09/2008 14:00][--ah-----] C:\WINDOWS\tasks\A9B8A27D918F5A39.job
[13/09/2008 11:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[25/09/2008 16:19][--ah-----] C:\WINDOWS\tasks\SA.DAT
[29/08/2002 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
( A9B8A27D918F5A39.job )=( c:\docume~1\janet\applic~1\defaul~1\cornthetrust.exe )
--------------------\\ Listing Folders in C:\Program Files
[31/05/2005|18:44] C:\Program Files\_ArcadeDownloadFolder
[14/07/2005|00:25] C:\Program Files\5 Spots II
[31/12/2007|14:11] C:\Program Files\7-Zip
[05/08/2008|14:18] C:\Program Files\ABBYY FineReader 5.0 Sprint
[16/07/2007|22:52] C:\Program Files\ABBYY FineReader 6.0
[11/07/2005|11:08] C:\Program Files\Adobe
[10/08/2005|20:59] C:\Program Files\Ahead
[05/01/2006|21:01] C:\Program Files\Alien Stars
[12/07/2008|20:21] C:\Program Files\Apple Software Update
[06/07/2004|20:54] C:\Program Files\AVer Teletext
[06/07/2004|20:53] C:\Program Files\AVerTV2K
[03/11/2005|18:05] C:\Program Files\BFG
[24/09/2008|23:55] C:\Program Files\bfgclient
[14/03/2006|22:21] C:\Program Files\BillP Studios
[04/01/2006|21:54] C:\Program Files\Bomberman vs Digger
[24/09/2008|23:56] C:\Program Files\Bookworm Deluxe
[01/06/2005|00:22] C:\Program Files\BroadJump
[12/01/2008|21:15] C:\Program Files\Channel4
[05/07/2004|23:11] C:\Program Files\Common Files
[05/07/2004|23:14] C:\Program Files\ComPlus Applications
[25/11/2007|13:08] C:\Program Files\Coupon Printer
[06/07/2004|20:21] C:\Program Files\CyberLink
[20/09/2008|17:55] C:\Program Files\default global each
[25/12/2007|08:43] C:\Program Files\Disc2Phone
[06/07/2004|20:26] C:\Program Files\DivX
[13/08/2006|15:53] C:\Program Files\DK Interactive Learning
[08/08/2005|20:04] C:\Program Files\DK Multimedia
[23/07/2005|23:53] C:\Program Files\GameHouse
[14/08/2005|21:08] C:\Program Files\Google
[01/02/2008|08:11] C:\Program Files\Grisoft
[05/01/2006|21:52] C:\Program Files\Heavy Weapon
[23/09/2005|00:16] C:\Program Files\HurricaneSoftware.com
[26/05/2006|19:39] C:\Program Files\IM Names
[10/04/2008|01:18] C:\Program Files\IncrediGames
[22/06/2005|23:37] C:\Program Files\IncrediMail
[06/07/2004|20:21] C:\Program Files\InstallShield Installation Information
[05/07/2004|23:15] C:\Program Files\Internet Explorer
[12/07/2008|20:24] C:\Program Files\iPod
[12/07/2008|20:24] C:\Program Files\iTunes
[12/10/2005|21:14] C:\Program Files\Java
[23/09/2008|16:32] C:\Program Files\Lavasoft
[23/09/2008|16:00] C:\Program Files\Lavasoft(2)
[16/07/2007|22:45] C:\Program Files\Lexmark 1200 Series
[21/02/2008|21:31] C:\Program Files\LimeWire
[03/06/2005|16:44] C:\Program Files\Logitech
[27/07/2007|11:58] C:\Program Files\LucasArts
[11/07/2008|23:06] C:\Program Files\Macromedia
[07/08/2005|20:47] C:\Program Files\Mahjong Towers Eternity
[23/09/2005|00:16] C:\Program Files\Mapper
[05/07/2004|23:14] C:\Program Files\Messenger
[06/07/2004|21:16] C:\Program Files\Microsoft ActiveSync
[09/05/2007|17:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[05/07/2004|23:17] C:\Program Files\microsoft frontpage
[06/07/2004|21:15] C:\Program Files\Microsoft Office
[01/02/2008|08:26] C:\Program Files\Microsoft Silverlight
[06/07/2004|21:15] C:\Program Files\Microsoft Visual Studio
[06/07/2004|21:15] C:\Program Files\Microsoft Works
[05/07/2004|23:15] C:\Program Files\Movie Maker
[14/11/2007|14:09] C:\Program Files\Mozilla Firefox
[01/02/2008|08:24] C:\Program Files\MSBuild
[05/07/2004|23:14] C:\Program Files\MSN
[04/06/2005|01:00] C:\Program Files\MSN Content Plus
[12/06/2005|13:00] C:\Program Files\MSN Games
[05/07/2004|23:14] C:\Program Files\MSN Gaming Zone
[14/10/2006|15:02] C:\Program Files\MSXML 4.0
[01/02/2008|08:17] C:\Program Files\MSXML 6.0
[06/07/2004|20:32] C:\Program Files\MUSICMATCH
[17/03/2007|21:54] C:\Program Files\MyABCD
[05/07/2004|23:15] C:\Program Files\NetMeeting
[12/10/2005|20:36] C:\Program Files\Nokia
[23/06/2005|13:11] C:\Program Files\Oberon Media
[05/07/2004|23:14] C:\Program Files\Online Services
[05/07/2004|23:15] C:\Program Files\Outlook Express
[06/07/2006|22:29] C:\Program Files\PIE Patch
[27/07/2005|11:47] C:\Program Files\PlayFirst
[07/01/2006|21:05] C:\Program Files\PopCap Games
[23/09/2005|18:20] C:\Program Files\QuickTime
[31/05/2005|18:45] C:\Program Files\Real
[01/02/2008|08:19] C:\Program Files\Reference Assemblies
[25/06/2005|16:05] C:\Program Files\ReflexiveArcade
[26/08/2005|20:45] C:\Program Files\roxypalace
[22/08/2006|10:34] C:\Program Files\Samsung
[31/05/2005|19:18] C:\Program Files\Sherston Software
[26/07/2005|18:35] C:\Program Files\Shockwave.com
[06/09/2005|14:10] C:\Program Files\Solar System 3D Screensaver
[02/04/2008|00:46] C:\Program Files\Sony Ericsson
[06/01/2006|15:18] C:\Program Files\Star Defender 2
[31/01/2007|23:36] C:\Program Files\Sunbelt Software
[31/05/2005|17:46] C:\Program Files\Symantec
[07/01/2008|01:38] C:\Program Files\Trend Micro
[05/07/2004|23:20] C:\Program Files\Uninstall Information
[20/07/2008|14:46] C:\Program Files\uTorrent
[06/07/2004|04:37] C:\Program Files\VIA Technologies, Inc
[14/08/2007|20:26] C:\Program Files\Virgin Media Games
[16/12/2007|18:54] C:\Program Files\Virtual Earth 3D
[21/11/2006|21:55] C:\Program Files\Winamp
[01/02/2008|09:13] C:\Program Files\Windows Defender
[20/07/2007|23:32] C:\Program Files\Windows Live
[10/09/2006|18:01] C:\Program Files\Windows Live Toolbar
[20/07/2005|22:41] C:\Program Files\Windows Media Components
[11/12/2006|15:46] C:\Program Files\Windows Media Connect 2
[05/07/2004|23:14] C:\Program Files\Windows Media Player
[05/07/2004|23:14] C:\Program Files\Windows NT
[05/07/2004|23:14] C:\Program Files\WindowsUpdate
[31/12/2007|14:12] C:\Program Files\WinRAR
[05/07/2004|23:17] C:\Program Files\xerox
[10/06/2006|14:58] C:\Program Files\Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[23/09/2005|21:50] C:\Program Files\Common Files\Adobe
[10/08/2005|20:59] C:\Program Files\Common Files\Ahead
[12/07/2008|20:20] C:\Program Files\Common Files\Apple
[06/07/2004|21:16] C:\Program Files\Common Files\DESIGNER
[06/07/2004|05:16] C:\Program Files\Common Files\InstallShield
[06/07/2004|21:16] C:\Program Files\Common Files\L&H
[03/06/2005|16:45] C:\Program Files\Common Files\Logitech
[11/07/2008|23:07] C:\Program Files\Common Files\Macromedia
[11/07/2008|23:07] C:\Program Files\Common Files\Macromedia Shared
[05/07/2004|23:11] C:\Program Files\Common Files\Microsoft Shared
[02/08/2005|20:34] C:\Program Files\Common Files\MimarSinan
[05/07/2004|23:15] C:\Program Files\Common Files\MSSoap
[12/10/2005|20:36] C:\Program Files\Common Files\Nokia
[31/03/2007|22:58] C:\Program Files\Common Files\Oberon Media
[05/07/2004|23:11] C:\Program Files\Common Files\ODBC
[31/05/2005|18:45] C:\Program Files\Common Files\Real
[07/01/2008|18:51] C:\Program Files\Common Files\Scanner
[05/07/2004|23:15] C:\Program Files\Common Files\Services
[02/04/2008|00:46] C:\Program Files\Common Files\Sony Ericsson Shared
[05/07/2004|23:11] C:\Program Files\Common Files\SpeechEngines
[31/05/2005|17:46] C:\Program Files\Common Files\Symantec Shared
[05/07/2004|23:15] C:\Program Files\Common Files\System
[02/04/2008|00:46] C:\Program Files\Common Files\Teleca Shared
[08/11/2007|18:14] C:\Program Files\Common Files\WindowsLiveInstaller
[01/02/2008|09:09] C:\Program Files\Common Files\Wise Installation Wizard
[31/10/2007|17:57] C:\Program Files\Common Files\xing shared
--------------------\\ Process
( 58 Processes )
IEXPLORE.EXE ~ [PID:2772]
IEXPLORE.EXE ~ [PID:3348]
iexplore.exe ~ [PID:2880]
--------------------\\ Searching with S_Lop
C:\DOCUME~1\janet\LOCALS~1\Temp\bis2.exe

--------------------\\ Searching for Lop Files - Folders
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Peak ooze date army
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Peak ooze date army\Meet Cake.exe
C:\DOCUME~1\janet\APPLIC~1\defaul~1
C:\DOCUME~1\janet\APPLIC~1\defaul~1\Bike Style.exe
C:\DOCUME~1\janet\APPLIC~1\defaul~1\rznoqmfe.exe
C:\DOCUME~1\janet\APPLIC~1\defaul~1\32 Ante Balm Platform.exe
C:\DOCUME~1\janet\APPLIC~1\defaul~1\cornthetrust.exe
C:\DOCUME~1\TEMP\APPLIC~1\defaul~1
C:\DOCUME~1\TEMP\APPLIC~1\defaul~1\Bike Style.exe
C:\Program Files\defaul~1
C:\DOCUME~1\janet\LOCALS~1\Temp\nsy35.tmp
C:\DOCUME~1\janet\Cookies\[email protected][1].txt
C:\DOCUME~1\janet\Cookies\[email protected][2].txt
C:\DOCUME~1\janet\Cookies\[email protected][1].txt
C:\WINDOWS\Tasks\A9B8A27D918F5A39.job

--------------------\\ Searching within the Registry
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HtmSecond"="C:\\DOCUME~1\\janet\\APPLIC~1\\DEFAUL~1\\Bike Style.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Date Army Wma Spam"="C:\\Documents and Settings\\All Users\\Application Data\\Peak ooze date army\\Meet Cake.exe"
--------------------\\ Checking the Hosts file
Hosts file MODIFIED
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
-> 7854 [ 70 ## added by CiD ]
/!\ 5 Not 127.0.0.1 !!
--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 16:56:00
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections
--------------------\\ Suspect ..
C:\WINDOWS\photo album.zip
C:\WINDOWS\photo album.zip
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\janet\My Documents\My Music\Oldies - Neil Diamond - Crackling Rose.mp3

[F:2061][D:27]-> C:\DOCUME~1\janet\LOCALS~1\Temp
[F:1110][D:0]-> C:\DOCUME~1\janet\Cookies
[F:3153][D:21]-> C:\DOCUME~1\janet\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 25/09/2008|16:57 - Option : [1]
--------------------\\ Scan completed at 16:57:30

jpshortstuff · Sep 25, 2008

Hi

Please disable Windows Defender and AVG as before.

Double-click Lop S&D.exe
Choose the language, then choose Option 2 (Fix + Hosts)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Thanks.

sandmock · Sep 25, 2008

Hi Here is the new log

--------------------\\ Lop S&D 4.2.4-4 XP/Vista

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [2] ( 25/09/2008|22:13 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Peak ooze date army\Meet Cake.exe
Deleted! - C:\DOCUME~1\janet\APPLIC~1\defaul~1\Bike Style.exe
Deleted! - C:\DOCUME~1\janet\APPLIC~1\defaul~1\rznoqmfe.exe
Deleted! - C:\DOCUME~1\janet\APPLIC~1\defaul~1\32 Ante Balm Platform.exe
Deleted! - C:\DOCUME~1\janet\APPLIC~1\defaul~1\cornthetrust.exe
Deleted! - C:\DOCUME~1\TEMP\APPLIC~1\defaul~1\Bike Style.exe
Deleted! - C:\DOCUME~1\janet\LOCALS~1\Temp\nsy35.tmp
Deleted! - C:\DOCUME~1\janet\Cookies\[email protected][1].txt
Deleted! - C:\DOCUME~1\janet\Cookies\[email protected][2].txt
Deleted! - C:\DOCUME~1\janet\Cookies\[email protected][1].txt
Deleted! - C:\WINDOWS\Tasks\A9B8A27D918F5A39.job
Deleted! - C:\DOCUME~1\janet\LOCALS~1\Temp\bis2.exe
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Peak ooze date army
Deleted! - C:\DOCUME~1\janet\APPLIC~1\defaul~1
Deleted! - C:\DOCUME~1\TEMP\APPLIC~1\defaul~1
Deleted! - C:\Program Files\defaul~1
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in APPLIC~1
[06/07/2004|20:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Cyberlink
[05/07/2004|23:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[05/07/2004|23:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[24/01/2007|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/07/2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[12/07/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/02/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[24/09/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
[20/07/2007|23:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bold Grey Spam Peak
[16/07/2007|22:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[12/01/2008|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Channel4
[06/07/2004|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[26/01/2007|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Genimo
[25/03/2007|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/02/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[29/07/2006|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HMV
[01/02/2008|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[11/07/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[20/07/2007|23:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[05/07/2004|23:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31/05/2005|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[16/12/2006|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[22/09/2008|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
[03/08/2007|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
[01/06/2005|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[17/09/2005|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Media
[02/08/2006|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[08/08/2005|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[13/10/2005|21:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[02/04/2008|00:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[23/11/2006|18:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
[09/01/2008|00:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[23/09/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt
[02/04/2008|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[30/03/2008|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[22/09/2005|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[10/09/2006|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[08/11/2007|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[05/07/2004|23:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[01/02/2008|08:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[02/09/2007|20:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[17/08/2005|20:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[05/07/2004|23:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[11/07/2005|11:12] C:\DOCUME~1\janet\APPLIC~1\Adobe
[11/07/2005|11:35] C:\DOCUME~1\janet\APPLIC~1\AdobeUM
[10/08/2005|21:05] C:\DOCUME~1\janet\APPLIC~1\Ahead
[12/07/2008|20:24] C:\DOCUME~1\janet\APPLIC~1\Apple Computer
[01/02/2008|08:13] C:\DOCUME~1\janet\APPLIC~1\AVG7
[06/07/2004|20:35] C:\DOCUME~1\janet\APPLIC~1\Cyberlink
[12/08/2007|14:09] C:\DOCUME~1\janet\APPLIC~1\Darwin
[22/09/2008|12:53] C:\DOCUME~1\janet\APPLIC~1\GameHouse
[14/08/2005|21:08] C:\DOCUME~1\janet\APPLIC~1\Google
[19/07/2005|21:51] C:\DOCUME~1\janet\APPLIC~1\Help
[05/07/2004|23:17] C:\DOCUME~1\janet\APPLIC~1\Identities
[30/06/2005|21:46] C:\DOCUME~1\janet\APPLIC~1\Incredible Ink
[17/08/2008|20:12] C:\DOCUME~1\janet\APPLIC~1\Keynote Systems
[04/08/2007|00:21] C:\DOCUME~1\janet\APPLIC~1\Leadertech
[21/02/2008|21:32] C:\DOCUME~1\janet\APPLIC~1\LimeWire
[01/06/2005|13:22] C:\DOCUME~1\janet\APPLIC~1\Macromedia
[23/11/2007|18:26] C:\DOCUME~1\janet\APPLIC~1\MagicBall3
[05/07/2004|23:10] C:\DOCUME~1\janet\APPLIC~1\Microsoft
[14/09/2005|14:53] C:\DOCUME~1\janet\APPLIC~1\Mind Control Software
[14/11/2007|14:10] C:\DOCUME~1\janet\APPLIC~1\Mozilla
[31/05/2005|17:55] C:\DOCUME~1\janet\APPLIC~1\MSN6
[12/06/2005|17:19] C:\DOCUME~1\janet\APPLIC~1\Musicmatch
[12/10/2005|20:38] C:\DOCUME~1\janet\APPLIC~1\Nokia
[10/12/2007|20:25] C:\DOCUME~1\janet\APPLIC~1\Nokia 6630 (2)
[12/10/2005|21:00] C:\DOCUME~1\janet\APPLIC~1\Nokia Multimedia Player
[30/01/2006|14:15] C:\DOCUME~1\janet\APPLIC~1\Nology
[22/05/2006|16:19] C:\DOCUME~1\janet\APPLIC~1\PlayFirst
[22/04/2007|15:55] C:\DOCUME~1\janet\APPLIC~1\Real
[15/08/2006|14:15] C:\DOCUME~1\janet\APPLIC~1\RealArcade
[03/08/2007|13:52] C:\DOCUME~1\janet\APPLIC~1\Roxio
[02/08/2007|22:16] C:\DOCUME~1\janet\APPLIC~1\Sandlot Games
[21/07/2007|12:04] C:\DOCUME~1\janet\APPLIC~1\Snapfish
[02/04/2008|00:58] C:\DOCUME~1\janet\APPLIC~1\Sony Ericsson
[15/10/2005|22:26] C:\DOCUME~1\janet\APPLIC~1\Sun
[23/09/2008|17:54] C:\DOCUME~1\janet\APPLIC~1\Sunbelt
[31/05/2005|17:46] C:\DOCUME~1\janet\APPLIC~1\Symantec
[02/04/2008|12:07] C:\DOCUME~1\janet\APPLIC~1\Teleca
[20/07/2008|14:46] C:\DOCUME~1\janet\APPLIC~1\uTorrent
[11/06/2005|10:42] C:\DOCUME~1\janet\APPLIC~1\Wildfire
[05/03/2008|21:17] C:\DOCUME~1\janet\APPLIC~1\Windows Live Writer
[31/12/2007|14:12] C:\DOCUME~1\janet\APPLIC~1\WinRAR
[07/01/2008|01:55] C:\DOCUME~1\janet\APPLIC~1\Yahoo!
[12/08/2005|21:39] C:\DOCUME~1\callum\APPLIC~1\Ahead
[06/07/2004|20:35] C:\DOCUME~1\callum\APPLIC~1\Cyberlink
[16/08/2005|16:01] C:\DOCUME~1\callum\APPLIC~1\Google
[05/07/2004|23:17] C:\DOCUME~1\callum\APPLIC~1\Identities
[31/05/2005|20:43] C:\DOCUME~1\callum\APPLIC~1\Macromedia
[05/07/2004|23:10] C:\DOCUME~1\callum\APPLIC~1\Microsoft
[31/05/2005|18:25] C:\DOCUME~1\callum\APPLIC~1\MSN6
[13/12/2005|18:30] C:\DOCUME~1\callum\APPLIC~1\Sun
[03/09/2006|14:57] C:\DOCUME~1\steven\APPLIC~1\Adobe
[03/09/2006|14:57] C:\DOCUME~1\steven\APPLIC~1\AdobeUM
[27/02/2008|17:32] C:\DOCUME~1\steven\APPLIC~1\AVG7
[06/07/2004|20:35] C:\DOCUME~1\steven\APPLIC~1\Cyberlink
[06/09/2005|20:44] C:\DOCUME~1\steven\APPLIC~1\Google
[05/07/2004|23:17] C:\DOCUME~1\steven\APPLIC~1\Identities
[31/05/2005|21:31] C:\DOCUME~1\steven\APPLIC~1\Macromedia
[05/07/2004|23:10] C:\DOCUME~1\steven\APPLIC~1\Microsoft
[31/05/2005|20:57] C:\DOCUME~1\steven\APPLIC~1\MSN6
[07/09/2006|19:45] C:\DOCUME~1\steven\APPLIC~1\Nokia Multimedia Player
[25/04/2007|00:45] C:\DOCUME~1\steven\APPLIC~1\Real
[04/05/2008|12:24] C:\DOCUME~1\steven\APPLIC~1\Sony Ericsson
[22/06/2006|16:44] C:\DOCUME~1\steven\APPLIC~1\Sun
[31/05/2005|21:44] C:\DOCUME~1\steven\APPLIC~1\Symantec
[04/05/2008|12:26] C:\DOCUME~1\steven\APPLIC~1\Teleca
[12/01/2008|00:48] C:\DOCUME~1\steven\APPLIC~1\Yahoo!
[02/04/2006|10:56] C:\DOCUME~1\TEMP\APPLIC~1\Adobe
[02/04/2006|10:56] C:\DOCUME~1\TEMP\APPLIC~1\AdobeUM
[01/02/2008|09:02] C:\DOCUME~1\TEMP\APPLIC~1\AVG7
[06/07/2004|20:35] C:\DOCUME~1\TEMP\APPLIC~1\Cyberlink
[05/07/2004|23:17] C:\DOCUME~1\TEMP\APPLIC~1\Identities
[17/02/2006|20:06] C:\DOCUME~1\TEMP\APPLIC~1\Macromedia
[05/07/2004|23:10] C:\DOCUME~1\TEMP\APPLIC~1\Microsoft
[09/04/2008|20:32] C:\DOCUME~1\TEMP\APPLIC~1\Mozilla
[17/03/2006|17:45] C:\DOCUME~1\TEMP\APPLIC~1\MSN6
[07/05/2006|13:20] C:\DOCUME~1\TEMP\APPLIC~1\onlineproxy
[17/02/2006|20:03] C:\DOCUME~1\TEMP\APPLIC~1\PC Suite
[25/05/2007|11:58] C:\DOCUME~1\TEMP\APPLIC~1\Real
[09/04/2008|20:30] C:\DOCUME~1\TEMP\APPLIC~1\Sony Ericsson
[16/05/2006|17:30] C:\DOCUME~1\TEMP\APPLIC~1\Sun
[24/09/2008|09:57] C:\DOCUME~1\TEMP\APPLIC~1\Sunbelt
[09/04/2008|20:31] C:\DOCUME~1\TEMP\APPLIC~1\Teleca
[15/03/2006|17:30] C:\DOCUME~1\TEMP\APPLIC~1\WinPatrol
[11/02/2008|21:05] C:\DOCUME~1\TEMP\APPLIC~1\WinRAR

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[25/09/2008 22:06][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[13/09/2008 11:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[25/09/2008 21:45][--ah-----] C:\WINDOWS\tasks\SA.DAT
[29/08/2002 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[31/05/2005|18:44] C:\Program Files\_ArcadeDownloadFolder
[14/07/2005|00:25] C:\Program Files\5 Spots II
[31/12/2007|14:11] C:\Program Files\7-Zip
[05/08/2008|14:18] C:\Program Files\ABBYY FineReader 5.0 Sprint
[16/07/2007|22:52] C:\Program Files\ABBYY FineReader 6.0
[11/07/2005|11:08] C:\Program Files\Adobe
[10/08/2005|20:59] C:\Program Files\Ahead
[05/01/2006|21:01] C:\Program Files\Alien Stars
[12/07/2008|20:21] C:\Program Files\Apple Software Update
[06/07/2004|20:54] C:\Program Files\AVer Teletext
[06/07/2004|20:53] C:\Program Files\AVerTV2K
[03/11/2005|18:05] C:\Program Files\BFG
[24/09/2008|23:55] C:\Program Files\bfgclient
[14/03/2006|22:21] C:\Program Files\BillP Studios
[04/01/2006|21:54] C:\Program Files\Bomberman vs Digger
[24/09/2008|23:56] C:\Program Files\Bookworm Deluxe
[01/06/2005|00:22] C:\Program Files\BroadJump
[12/01/2008|21:15] C:\Program Files\Channel4
[05/07/2004|23:11] C:\Program Files\Common Files
[05/07/2004|23:14] C:\Program Files\ComPlus Applications
[25/11/2007|13:08] C:\Program Files\Coupon Printer
[06/07/2004|20:21] C:\Program Files\CyberLink
[25/12/2007|08:43] C:\Program Files\Disc2Phone
[06/07/2004|20:26] C:\Program Files\DivX
[13/08/2006|15:53] C:\Program Files\DK Interactive Learning
[08/08/2005|20:04] C:\Program Files\DK Multimedia
[23/07/2005|23:53] C:\Program Files\GameHouse
[14/08/2005|21:08] C:\Program Files\Google
[01/02/2008|08:11] C:\Program Files\Grisoft
[05/01/2006|21:52] C:\Program Files\Heavy Weapon
[23/09/2005|00:16] C:\Program Files\HurricaneSoftware.com
[26/05/2006|19:39] C:\Program Files\IM Names
[10/04/2008|01:18] C:\Program Files\IncrediGames
[22/06/2005|23:37] C:\Program Files\IncrediMail
[06/07/2004|20:21] C:\Program Files\InstallShield Installation Information
[05/07/2004|23:15] C:\Program Files\Internet Explorer
[12/07/2008|20:24] C:\Program Files\iPod
[12/07/2008|20:24] C:\Program Files\iTunes
[12/10/2005|21:14] C:\Program Files\Java
[23/09/2008|16:32] C:\Program Files\Lavasoft
[23/09/2008|16:00] C:\Program Files\Lavasoft(2)
[16/07/2007|22:45] C:\Program Files\Lexmark 1200 Series
[21/02/2008|21:31] C:\Program Files\LimeWire
[03/06/2005|16:44] C:\Program Files\Logitech
[27/07/2007|11:58] C:\Program Files\LucasArts
[11/07/2008|23:06] C:\Program Files\Macromedia
[07/08/2005|20:47] C:\Program Files\Mahjong Towers Eternity
[23/09/2005|00:16] C:\Program Files\Mapper
[05/07/2004|23:14] C:\Program Files\Messenger
[06/07/2004|21:16] C:\Program Files\Microsoft ActiveSync
[09/05/2007|17:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[05/07/2004|23:17] C:\Program Files\microsoft frontpage
[06/07/2004|21:15] C:\Program Files\Microsoft Office
[01/02/2008|08:26] C:\Program Files\Microsoft Silverlight
[06/07/2004|21:15] C:\Program Files\Microsoft Visual Studio
[06/07/2004|21:15] C:\Program Files\Microsoft Works
[05/07/2004|23:15] C:\Program Files\Movie Maker
[14/11/2007|14:09] C:\Program Files\Mozilla Firefox
[01/02/2008|08:24] C:\Program Files\MSBuild
[05/07/2004|23:14] C:\Program Files\MSN
[04/06/2005|01:00] C:\Program Files\MSN Content Plus
[12/06/2005|13:00] C:\Program Files\MSN Games
[05/07/2004|23:14] C:\Program Files\MSN Gaming Zone
[14/10/2006|15:02] C:\Program Files\MSXML 4.0
[01/02/2008|08:17] C:\Program Files\MSXML 6.0
[06/07/2004|20:32] C:\Program Files\MUSICMATCH
[17/03/2007|21:54] C:\Program Files\MyABCD
[05/07/2004|23:15] C:\Program Files\NetMeeting
[12/10/2005|20:36] C:\Program Files\Nokia
[23/06/2005|13:11] C:\Program Files\Oberon Media
[05/07/2004|23:14] C:\Program Files\Online Services
[05/07/2004|23:15] C:\Program Files\Outlook Express
[06/07/2006|22:29] C:\Program Files\PIE Patch
[27/07/2005|11:47] C:\Program Files\PlayFirst
[07/01/2006|21:05] C:\Program Files\PopCap Games
[23/09/2005|18:20] C:\Program Files\QuickTime
[31/05/2005|18:45] C:\Program Files\Real
[01/02/2008|08:19] C:\Program Files\Reference Assemblies
[25/06/2005|16:05] C:\Program Files\ReflexiveArcade
[26/08/2005|20:45] C:\Program Files\roxypalace
[22/08/2006|10:34] C:\Program Files\Samsung
[31/05/2005|19:18] C:\Program Files\Sherston Software
[26/07/2005|18:35] C:\Program Files\Shockwave.com
[06/09/2005|14:10] C:\Program Files\Solar System 3D Screensaver
[02/04/2008|00:46] C:\Program Files\Sony Ericsson
[06/01/2006|15:18] C:\Program Files\Star Defender 2
[31/01/2007|23:36] C:\Program Files\Sunbelt Software
[31/05/2005|17:46] C:\Program Files\Symantec
[07/01/2008|01:38] C:\Program Files\Trend Micro
[05/07/2004|23:20] C:\Program Files\Uninstall Information
[20/07/2008|14:46] C:\Program Files\uTorrent
[06/07/2004|04:37] C:\Program Files\VIA Technologies, Inc
[14/08/2007|20:26] C:\Program Files\Virgin Media Games
[16/12/2007|18:54] C:\Program Files\Virtual Earth 3D
[21/11/2006|21:55] C:\Program Files\Winamp
[01/02/2008|09:13] C:\Program Files\Windows Defender
[20/07/2007|23:32] C:\Program Files\Windows Live
[10/09/2006|18:01] C:\Program Files\Windows Live Toolbar
[20/07/2005|22:41] C:\Program Files\Windows Media Components
[11/12/2006|15:46] C:\Program Files\Windows Media Connect 2
[05/07/2004|23:14] C:\Program Files\Windows Media Player
[05/07/2004|23:14] C:\Program Files\Windows NT
[05/07/2004|23:14] C:\Program Files\WindowsUpdate
[31/12/2007|14:12] C:\Program Files\WinRAR
[05/07/2004|23:17] C:\Program Files\xerox
[10/06/2006|14:58] C:\Program Files\Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[23/09/2005|21:50] C:\Program Files\Common Files\Adobe
[10/08/2005|20:59] C:\Program Files\Common Files\Ahead
[12/07/2008|20:20] C:\Program Files\Common Files\Apple
[06/07/2004|21:16] C:\Program Files\Common Files\DESIGNER
[06/07/2004|05:16] C:\Program Files\Common Files\InstallShield
[06/07/2004|21:16] C:\Program Files\Common Files\L&H
[03/06/2005|16:45] C:\Program Files\Common Files\Logitech
[11/07/2008|23:07] C:\Program Files\Common Files\Macromedia
[11/07/2008|23:07] C:\Program Files\Common Files\Macromedia Shared
[05/07/2004|23:11] C:\Program Files\Common Files\Microsoft Shared
[02/08/2005|20:34] C:\Program Files\Common Files\MimarSinan
[05/07/2004|23:15] C:\Program Files\Common Files\MSSoap
[12/10/2005|20:36] C:\Program Files\Common Files\Nokia
[31/03/2007|22:58] C:\Program Files\Common Files\Oberon Media
[05/07/2004|23:11] C:\Program Files\Common Files\ODBC
[31/05/2005|18:45] C:\Program Files\Common Files\Real
[07/01/2008|18:51] C:\Program Files\Common Files\Scanner
[05/07/2004|23:15] C:\Program Files\Common Files\Services
[02/04/2008|00:46] C:\Program Files\Common Files\Sony Ericsson Shared
[05/07/2004|23:11] C:\Program Files\Common Files\SpeechEngines
[31/05/2005|17:46] C:\Program Files\Common Files\Symantec Shared
[05/07/2004|23:15] C:\Program Files\Common Files\System
[02/04/2008|00:46] C:\Program Files\Common Files\Teleca Shared
[08/11/2007|18:14] C:\Program Files\Common Files\WindowsLiveInstaller
[01/02/2008|09:09] C:\Program Files\Common Files\Wise Installation Wizard
[31/10/2007|17:57] C:\Program Files\Common Files\xing shared
--------------------\\ Process
( 53 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !

--------------------\\ Searching for Lop Files - Folders
C:\DOCUME~1\janet\Cookies\[email protected][3].txt

--------------------\\ Searching within the Registry

..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 22:15:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections
--------------------\\ Suspect ..
C:\WINDOWS\photo album.zip
C:\WINDOWS\photo album.zip
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\janet\My Documents\My Music\Oldies - Neil Diamond - Crackling Rose.mp3

[F:2056][D:26]-> C:\DOCUME~1\janet\LOCALS~1\Temp
[F:1119][D:0]-> C:\DOCUME~1\janet\Cookies
[F:3833][D:21]-> C:\DOCUME~1\janet\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 25/09/2008|16:57 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 25/09/2008|22:16 - Option : [2]
--------------------\\ Scan completed at 22:16:30

Thanks

jpshortstuff · Sep 26, 2008

Hi

Select the entire area below, then right-click and choose Copy

C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bold Grey Spam Peak
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
Click to expand...

Restart Lop S&D
Choose Option 4 (LopScript)
A blank page will be opened, right-click it and choose Paste
Close the page, you'll be asked to save it, click [Save]
Don't close the windows during suppression!
Post the log which is created: (%SystemDrive%\lopR.txt).

Installing Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 7.

Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".

Click the "Download" button to the right.

Check the box that says: "Accept License Agreement".

The page will refresh.

Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop.

Close any programs you may have running - especially any web browsers.

Reboot your computer once all Java components are removed.

Then from your desktop double-click on jre-6u7-windowsi586.exe to install the newest version.

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.

It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.

When the downloads have finished, click on Settings.

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Please post this log in your next reply.

Please also post a new HijackThis log in your next reply.

Thanks.

sandmock · Sep 26, 2008

Hi I have done the scans you advised, here is the new logs.

--------------------\\ Lop S&D 4.2.4-4 XP/Vista

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [4] ( 26/09/2008|20:55 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script
C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bold Grey Spam Peak
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache -> does not exist !
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bold Grey Spam Peak -> does not exist !
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! -> does not exist !

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in APPLIC~1
[06/07/2004|20:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Cyberlink
[05/07/2004|23:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[05/07/2004|23:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[24/01/2007|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/07/2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[12/07/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/02/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[16/07/2007|22:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[12/01/2008|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Channel4
[06/07/2004|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[26/01/2007|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Genimo
[25/03/2007|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/02/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[29/07/2006|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HMV
[01/02/2008|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[11/07/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[05/07/2004|23:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31/05/2005|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[16/12/2006|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[22/09/2008|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
[03/08/2007|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
[01/06/2005|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[17/09/2005|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Media
[02/08/2006|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[08/08/2005|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[13/10/2005|21:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[02/04/2008|00:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[23/11/2006|18:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
[09/01/2008|00:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[23/09/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt
[02/04/2008|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[30/03/2008|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[22/09/2005|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[10/09/2006|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[08/11/2007|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[05/07/2004|23:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[01/02/2008|08:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[02/09/2007|20:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[17/08/2005|20:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[05/07/2004|23:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[11/07/2005|11:12] C:\DOCUME~1\janet\APPLIC~1\Adobe
[11/07/2005|11:35] C:\DOCUME~1\janet\APPLIC~1\AdobeUM
[10/08/2005|21:05] C:\DOCUME~1\janet\APPLIC~1\Ahead
[12/07/2008|20:24] C:\DOCUME~1\janet\APPLIC~1\Apple Computer
[01/02/2008|08:13] C:\DOCUME~1\janet\APPLIC~1\AVG7
[06/07/2004|20:35] C:\DOCUME~1\janet\APPLIC~1\Cyberlink
[12/08/2007|14:09] C:\DOCUME~1\janet\APPLIC~1\Darwin
[22/09/2008|12:53] C:\DOCUME~1\janet\APPLIC~1\GameHouse
[14/08/2005|21:08] C:\DOCUME~1\janet\APPLIC~1\Google
[19/07/2005|21:51] C:\DOCUME~1\janet\APPLIC~1\Help
[05/07/2004|23:17] C:\DOCUME~1\janet\APPLIC~1\Identities
[30/06/2005|21:46] C:\DOCUME~1\janet\APPLIC~1\Incredible Ink
[17/08/2008|20:12] C:\DOCUME~1\janet\APPLIC~1\Keynote Systems
[04/08/2007|00:21] C:\DOCUME~1\janet\APPLIC~1\Leadertech
[21/02/2008|21:32] C:\DOCUME~1\janet\APPLIC~1\LimeWire
[01/06/2005|13:22] C:\DOCUME~1\janet\APPLIC~1\Macromedia
[23/11/2007|18:26] C:\DOCUME~1\janet\APPLIC~1\MagicBall3
[05/07/2004|23:10] C:\DOCUME~1\janet\APPLIC~1\Microsoft
[14/09/2005|14:53] C:\DOCUME~1\janet\APPLIC~1\Mind Control Software
[14/11/2007|14:10] C:\DOCUME~1\janet\APPLIC~1\Mozilla
[31/05/2005|17:55] C:\DOCUME~1\janet\APPLIC~1\MSN6
[12/06/2005|17:19] C:\DOCUME~1\janet\APPLIC~1\Musicmatch
[12/10/2005|20:38] C:\DOCUME~1\janet\APPLIC~1\Nokia
[10/12/2007|20:25] C:\DOCUME~1\janet\APPLIC~1\Nokia 6630 (2)
[12/10/2005|21:00] C:\DOCUME~1\janet\APPLIC~1\Nokia Multimedia Player
[30/01/2006|14:15] C:\DOCUME~1\janet\APPLIC~1\Nology
[22/05/2006|16:19] C:\DOCUME~1\janet\APPLIC~1\PlayFirst
[22/04/2007|15:55] C:\DOCUME~1\janet\APPLIC~1\Real
[15/08/2006|14:15] C:\DOCUME~1\janet\APPLIC~1\RealArcade
[03/08/2007|13:52] C:\DOCUME~1\janet\APPLIC~1\Roxio
[02/08/2007|22:16] C:\DOCUME~1\janet\APPLIC~1\Sandlot Games
[21/07/2007|12:04] C:\DOCUME~1\janet\APPLIC~1\Snapfish
[02/04/2008|00:58] C:\DOCUME~1\janet\APPLIC~1\Sony Ericsson
[15/10/2005|22:26] C:\DOCUME~1\janet\APPLIC~1\Sun
[23/09/2008|17:54] C:\DOCUME~1\janet\APPLIC~1\Sunbelt
[31/05/2005|17:46] C:\DOCUME~1\janet\APPLIC~1\Symantec
[02/04/2008|12:07] C:\DOCUME~1\janet\APPLIC~1\Teleca
[20/07/2008|14:46] C:\DOCUME~1\janet\APPLIC~1\uTorrent
[11/06/2005|10:42] C:\DOCUME~1\janet\APPLIC~1\Wildfire
[05/03/2008|21:17] C:\DOCUME~1\janet\APPLIC~1\Windows Live Writer
[31/12/2007|14:12] C:\DOCUME~1\janet\APPLIC~1\WinRAR
[07/01/2008|01:55] C:\DOCUME~1\janet\APPLIC~1\Yahoo!
[12/08/2005|21:39] C:\DOCUME~1\callum\APPLIC~1\Ahead
[06/07/2004|20:35] C:\DOCUME~1\callum\APPLIC~1\Cyberlink
[16/08/2005|16:01] C:\DOCUME~1\callum\APPLIC~1\Google
[05/07/2004|23:17] C:\DOCUME~1\callum\APPLIC~1\Identities
[31/05/2005|20:43] C:\DOCUME~1\callum\APPLIC~1\Macromedia
[05/07/2004|23:10] C:\DOCUME~1\callum\APPLIC~1\Microsoft
[31/05/2005|18:25] C:\DOCUME~1\callum\APPLIC~1\MSN6
[13/12/2005|18:30] C:\DOCUME~1\callum\APPLIC~1\Sun
[03/09/2006|14:57] C:\DOCUME~1\steven\APPLIC~1\Adobe
[03/09/2006|14:57] C:\DOCUME~1\steven\APPLIC~1\AdobeUM
[27/02/2008|17:32] C:\DOCUME~1\steven\APPLIC~1\AVG7
[06/07/2004|20:35] C:\DOCUME~1\steven\APPLIC~1\Cyberlink
[06/09/2005|20:44] C:\DOCUME~1\steven\APPLIC~1\Google
[05/07/2004|23:17] C:\DOCUME~1\steven\APPLIC~1\Identities
[31/05/2005|21:31] C:\DOCUME~1\steven\APPLIC~1\Macromedia
[05/07/2004|23:10] C:\DOCUME~1\steven\APPLIC~1\Microsoft
[31/05/2005|20:57] C:\DOCUME~1\steven\APPLIC~1\MSN6
[07/09/2006|19:45] C:\DOCUME~1\steven\APPLIC~1\Nokia Multimedia Player
[25/04/2007|00:45] C:\DOCUME~1\steven\APPLIC~1\Real
[04/05/2008|12:24] C:\DOCUME~1\steven\APPLIC~1\Sony Ericsson
[22/06/2006|16:44] C:\DOCUME~1\steven\APPLIC~1\Sun
[31/05/2005|21:44] C:\DOCUME~1\steven\APPLIC~1\Symantec
[04/05/2008|12:26] C:\DOCUME~1\steven\APPLIC~1\Teleca
[12/01/2008|00:48] C:\DOCUME~1\steven\APPLIC~1\Yahoo!
[02/04/2006|10:56] C:\DOCUME~1\TEMP\APPLIC~1\Adobe
[02/04/2006|10:56] C:\DOCUME~1\TEMP\APPLIC~1\AdobeUM
[01/02/2008|09:02] C:\DOCUME~1\TEMP\APPLIC~1\AVG7
[06/07/2004|20:35] C:\DOCUME~1\TEMP\APPLIC~1\Cyberlink
[05/07/2004|23:17] C:\DOCUME~1\TEMP\APPLIC~1\Identities
[17/02/2006|20:06] C:\DOCUME~1\TEMP\APPLIC~1\Macromedia
[05/07/2004|23:10] C:\DOCUME~1\TEMP\APPLIC~1\Microsoft
[09/04/2008|20:32] C:\DOCUME~1\TEMP\APPLIC~1\Mozilla
[17/03/2006|17:45] C:\DOCUME~1\TEMP\APPLIC~1\MSN6
[07/05/2006|13:20] C:\DOCUME~1\TEMP\APPLIC~1\onlineproxy
[17/02/2006|20:03] C:\DOCUME~1\TEMP\APPLIC~1\PC Suite
[25/05/2007|11:58] C:\DOCUME~1\TEMP\APPLIC~1\Real
[09/04/2008|20:30] C:\DOCUME~1\TEMP\APPLIC~1\Sony Ericsson
[16/05/2006|17:30] C:\DOCUME~1\TEMP\APPLIC~1\Sun
[24/09/2008|09:57] C:\DOCUME~1\TEMP\APPLIC~1\Sunbelt
[09/04/2008|20:31] C:\DOCUME~1\TEMP\APPLIC~1\Teleca
[15/03/2006|17:30] C:\DOCUME~1\TEMP\APPLIC~1\WinPatrol
[11/02/2008|21:05] C:\DOCUME~1\TEMP\APPLIC~1\WinRAR

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[26/09/2008 14:19][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[13/09/2008 11:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[26/09/2008 13:58][--ah-----] C:\WINDOWS\tasks\SA.DAT
[29/08/2002 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[31/05/2005|18:44] C:\Program Files\_ArcadeDownloadFolder
[14/07/2005|00:25] C:\Program Files\5 Spots II
[31/12/2007|14:11] C:\Program Files\7-Zip
[05/08/2008|14:18] C:\Program Files\ABBYY FineReader 5.0 Sprint
[16/07/2007|22:52] C:\Program Files\ABBYY FineReader 6.0
[11/07/2005|11:08] C:\Program Files\Adobe
[10/08/2005|20:59] C:\Program Files\Ahead
[05/01/2006|21:01] C:\Program Files\Alien Stars
[12/07/2008|20:21] C:\Program Files\Apple Software Update
[06/07/2004|20:54] C:\Program Files\AVer Teletext
[06/07/2004|20:53] C:\Program Files\AVerTV2K
[03/11/2005|18:05] C:\Program Files\BFG
[24/09/2008|23:55] C:\Program Files\bfgclient
[14/03/2006|22:21] C:\Program Files\BillP Studios
[04/01/2006|21:54] C:\Program Files\Bomberman vs Digger
[24/09/2008|23:56] C:\Program Files\Bookworm Deluxe
[01/06/2005|00:22] C:\Program Files\BroadJump
[12/01/2008|21:15] C:\Program Files\Channel4
[05/07/2004|23:11] C:\Program Files\Common Files
[05/07/2004|23:14] C:\Program Files\ComPlus Applications
[25/11/2007|13:08] C:\Program Files\Coupon Printer
[06/07/2004|20:21] C:\Program Files\CyberLink
[25/12/2007|08:43] C:\Program Files\Disc2Phone
[06/07/2004|20:26] C:\Program Files\DivX
[13/08/2006|15:53] C:\Program Files\DK Interactive Learning
[08/08/2005|20:04] C:\Program Files\DK Multimedia
[23/07/2005|23:53] C:\Program Files\GameHouse
[14/08/2005|21:08] C:\Program Files\Google
[01/02/2008|08:11] C:\Program Files\Grisoft
[05/01/2006|21:52] C:\Program Files\Heavy Weapon
[23/09/2005|00:16] C:\Program Files\HurricaneSoftware.com
[26/05/2006|19:39] C:\Program Files\IM Names
[10/04/2008|01:18] C:\Program Files\IncrediGames
[22/06/2005|23:37] C:\Program Files\IncrediMail
[06/07/2004|20:21] C:\Program Files\InstallShield Installation Information
[05/07/2004|23:15] C:\Program Files\Internet Explorer
[12/07/2008|20:24] C:\Program Files\iPod
[12/07/2008|20:24] C:\Program Files\iTunes
[12/10/2005|21:14] C:\Program Files\Java
[23/09/2008|16:32] C:\Program Files\Lavasoft
[23/09/2008|16:00] C:\Program Files\Lavasoft(2)
[16/07/2007|22:45] C:\Program Files\Lexmark 1200 Series
[21/02/2008|21:31] C:\Program Files\LimeWire
[03/06/2005|16:44] C:\Program Files\Logitech
[27/07/2007|11:58] C:\Program Files\LucasArts
[11/07/2008|23:06] C:\Program Files\Macromedia
[07/08/2005|20:47] C:\Program Files\Mahjong Towers Eternity
[23/09/2005|00:16] C:\Program Files\Mapper
[05/07/2004|23:14] C:\Program Files\Messenger
[06/07/2004|21:16] C:\Program Files\Microsoft ActiveSync
[09/05/2007|17:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[05/07/2004|23:17] C:\Program Files\microsoft frontpage
[06/07/2004|21:15] C:\Program Files\Microsoft Office
[01/02/2008|08:26] C:\Program Files\Microsoft Silverlight
[06/07/2004|21:15] C:\Program Files\Microsoft Visual Studio
[06/07/2004|21:15] C:\Program Files\Microsoft Works
[05/07/2004|23:15] C:\Program Files\Movie Maker
[14/11/2007|14:09] C:\Program Files\Mozilla Firefox
[01/02/2008|08:24] C:\Program Files\MSBuild
[05/07/2004|23:14] C:\Program Files\MSN
[04/06/2005|01:00] C:\Program Files\MSN Content Plus
[12/06/2005|13:00] C:\Program Files\MSN Games
[05/07/2004|23:14] C:\Program Files\MSN Gaming Zone
[14/10/2006|15:02] C:\Program Files\MSXML 4.0
[01/02/2008|08:17] C:\Program Files\MSXML 6.0
[06/07/2004|20:32] C:\Program Files\MUSICMATCH
[17/03/2007|21:54] C:\Program Files\MyABCD
[05/07/2004|23:15] C:\Program Files\NetMeeting
[12/10/2005|20:36] C:\Program Files\Nokia
[23/06/2005|13:11] C:\Program Files\Oberon Media
[05/07/2004|23:14] C:\Program Files\Online Services
[05/07/2004|23:15] C:\Program Files\Outlook Express
[06/07/2006|22:29] C:\Program Files\PIE Patch
[27/07/2005|11:47] C:\Program Files\PlayFirst
[07/01/2006|21:05] C:\Program Files\PopCap Games
[23/09/2005|18:20] C:\Program Files\QuickTime
[31/05/2005|18:45] C:\Program Files\Real
[01/02/2008|08:19] C:\Program Files\Reference Assemblies
[25/06/2005|16:05] C:\Program Files\ReflexiveArcade
[26/08/2005|20:45] C:\Program Files\roxypalace
[22/08/2006|10:34] C:\Program Files\Samsung
[31/05/2005|19:18] C:\Program Files\Sherston Software
[26/07/2005|18:35] C:\Program Files\Shockwave.com
[06/09/2005|14:10] C:\Program Files\Solar System 3D Screensaver
[02/04/2008|00:46] C:\Program Files\Sony Ericsson
[06/01/2006|15:18] C:\Program Files\Star Defender 2
[31/01/2007|23:36] C:\Program Files\Sunbelt Software
[31/05/2005|17:46] C:\Program Files\Symantec
[07/01/2008|01:38] C:\Program Files\Trend Micro
[05/07/2004|23:20] C:\Program Files\Uninstall Information
[20/07/2008|14:46] C:\Program Files\uTorrent
[06/07/2004|04:37] C:\Program Files\VIA Technologies, Inc
[14/08/2007|20:26] C:\Program Files\Virgin Media Games
[16/12/2007|18:54] C:\Program Files\Virtual Earth 3D
[21/11/2006|21:55] C:\Program Files\Winamp
[01/02/2008|09:13] C:\Program Files\Windows Defender
[20/07/2007|23:32] C:\Program Files\Windows Live
[10/09/2006|18:01] C:\Program Files\Windows Live Toolbar
[20/07/2005|22:41] C:\Program Files\Windows Media Components
[11/12/2006|15:46] C:\Program Files\Windows Media Connect 2
[05/07/2004|23:14] C:\Program Files\Windows Media Player
[05/07/2004|23:14] C:\Program Files\Windows NT
[05/07/2004|23:14] C:\Program Files\WindowsUpdate
[31/12/2007|14:12] C:\Program Files\WinRAR
[05/07/2004|23:17] C:\Program Files\xerox
[10/06/2006|14:58] C:\Program Files\Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[23/09/2005|21:50] C:\Program Files\Common Files\Adobe
[10/08/2005|20:59] C:\Program Files\Common Files\Ahead
[12/07/2008|20:20] C:\Program Files\Common Files\Apple
[06/07/2004|21:16] C:\Program Files\Common Files\DESIGNER
[06/07/2004|05:16] C:\Program Files\Common Files\InstallShield
[26/09/2008|14:12] C:\Program Files\Common Files\Java
[06/07/2004|21:16] C:\Program Files\Common Files\L&H
[03/06/2005|16:45] C:\Program Files\Common Files\Logitech
[11/07/2008|23:07] C:\Program Files\Common Files\Macromedia
[11/07/2008|23:07] C:\Program Files\Common Files\Macromedia Shared
[05/07/2004|23:11] C:\Program Files\Common Files\Microsoft Shared
[02/08/2005|20:34] C:\Program Files\Common Files\MimarSinan
[05/07/2004|23:15] C:\Program Files\Common Files\MSSoap
[12/10/2005|20:36] C:\Program Files\Common Files\Nokia
[31/03/2007|22:58] C:\Program Files\Common Files\Oberon Media
[05/07/2004|23:11] C:\Program Files\Common Files\ODBC
[31/05/2005|18:45] C:\Program Files\Common Files\Real
[07/01/2008|18:51] C:\Program Files\Common Files\Scanner
[05/07/2004|23:15] C:\Program Files\Common Files\Services
[02/04/2008|00:46] C:\Program Files\Common Files\Sony Ericsson Shared
[05/07/2004|23:11] C:\Program Files\Common Files\SpeechEngines
[31/05/2005|17:46] C:\Program Files\Common Files\Symantec Shared
[05/07/2004|23:15] C:\Program Files\Common Files\System
[02/04/2008|00:46] C:\Program Files\Common Files\Teleca Shared
[08/11/2007|18:14] C:\Program Files\Common Files\WindowsLiveInstaller
[01/02/2008|09:09] C:\Program Files\Common Files\Wise Installation Wizard
[31/10/2007|17:57] C:\Program Files\Common Files\xing shared
--------------------\\ Process
( 54 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !

--------------------\\ Searching for Lop Files - Folders
No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 20:57:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections
--------------------\\ Suspect ..
C:\WINDOWS\photo album.zip
C:\WINDOWS\photo album.zip
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\janet\My Documents\My Music\Oldies - Neil Diamond - Crackling Rose.mp3

[F:2881][D:36]-> C:\DOCUME~1\janet\LOCALS~1\Temp
[F:1141][D:0]-> C:\DOCUME~1\janet\Cookies
[F:5035][D:21]-> C:\DOCUME~1\janet\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 25/09/2008|16:57 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 25/09/2008|22:16 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 26/09/2008|13:26 - Option : [4]
4 - "C:\Lop SD\LopR_4.txt" - 26/09/2008|20:59 - Option : [4]
--------------------\\ Scan completed at 20:59:10

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, September 26, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, September 26, 2008 12:56:05
Records in database: 1263204
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 185111
Threat name: 9
Infected objects: 60
Suspicious objects: 0
Duration of the scan: 06:02:18

File name / Threat name / Threats count
C:\WINDOWS\Downloaded Program Files\imloader.exe Infected: not-a-virusownloader.Win32.ImLoader.g 1
C:\Documents and Settings\janet\My Documents\My Music\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\janet\My Documents\My Music\Top of Charts - 2005.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\janet\My Documents\My Music\Wicked Remix.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\janet\My Documents\My Music\TOTALLY HIP TRACK.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\janet\My Documents\My Music\Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\scouting for girls elvis aint.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\sally cinamon stone rose.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\your pretty good looking white.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\mad indian dance music.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\Hollywood Blvd - Japanese Boy 2000.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\aggro enemy.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\Zutons - Always Right Behind You.wma Infected: Trojan-Downloader.WMA.GetCodec.b 1
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\local boy in photograph.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\ghetto gosbel 2pac(1).mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\ghetto gosbel 2pac.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\kendoon diss part 3.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\David Bowie - Hunky Dory.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-6b000e3a.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\janet\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-54b85417 Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\janet\Shared\nirvarna.wm Infected: Trojan-Downloader.WMA.Wimad.m 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP317\A0045972.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP318\A0045981.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP318\A0045989.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP319\A0046004.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP319\A0046009.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP319\A0046034.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP320\A0047034.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP322\A0047052.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP327\A0047380.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP328\A0047401.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP328\A0048401.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP330\A0048405.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP330\A0048414.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP330\A0048438.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP331\A0048459.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP331\A0048470.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP332\A0048474.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP332\A0048501.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP333\A0048505.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP333\A0048518.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP333\A0048528.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP333\A0048540.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP334\A0048550.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP334\A0048566.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP334\A0048575.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP337\A0048887.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP337\A0048898.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP337\A0048902.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP337\A0048903.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP337\A0048904.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP337\A0048905.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{B8A407C4-042A-4E7D-8B20-6CB93B053421}\RP337\A0048906.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\Peak ooze date army\Meet Cake.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\janet\APPLIC~1\DEFAUL~1\Bike Style.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\janet\APPLIC~1\DEFAUL~1\rznoqmfe.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\janet\APPLIC~1\DEFAUL~1\32 Ante Balm Platform.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\janet\APPLIC~1\DEFAUL~1\cornthetrust.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\janet\LOCALS~1\Temp\bis2.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\TEMP\APPLIC~1\DEFAUL~1\Bike Style.exe Infected: Trojan.Win32.Obfuscated.gen 1
The selected area was scanned.

Hijackthis log on next page

sandmock · Sep 26, 2008

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:05, on 26/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\program files\quicktime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1117559368690
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147014740671
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - https://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
--
End of file - 11444 bytes

Thanks

jpshortstuff · Sep 27, 2008

Hi

As you can see from the Kaspersky scan, some of the music that you have downloaded contains infections. Again, since you use Limewire, this isn't surprising. Since you don't want to get rid of Limewire, I urge you to scan everything you download with AVG and/or an AntiSpyware program.

Please download the OTMoveIt2 by OldTimer.
Save it to your desktop.

Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
C:\WINDOWS\photo album.zip
C:\WINDOWS\Downloaded Program Files\imloader.exe
C:\Documents and Settings\janet\My Documents\My Music\03 Track 3.wma
C:\Documents and Settings\janet\My Documents\My Music\Top of Charts - 2005.wma
C:\Documents and Settings\janet\My Documents\My Music\Wicked Remix.wma
C:\Documents and Settings\janet\My Documents\My Music\TOTALLY HIP TRACK.wma
C:\Documents and Settings\janet\My Documents\My Music\Rare Recording.wma
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\scouting for girls elvis aint.mp3
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\sally cinamon stone rose.mp3
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\your pretty good looking white.mp3
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\mad indian dance music.mp3
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\Hollywood Blvd - Japanese Boy 2000.mp3
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\aggro enemy.mp3
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\Zutons - Always Right Behind You.wma
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\local boy in photograph.mp3
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\ghetto gosbel 2pac(1).mp3
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\ghetto gosbel 2pac.mp3
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\kendoon diss part 3.mp3
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\David Bowie - Hunky Dory.mp3
Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.

Click the red Moveit! button.

Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Open HijackThis. Hit Do A System Scan Only. Place a check next to the following items (if present):
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} -

Close all browsers and windows except for HijackThis and click Fix Checked.

Please run ATFCleaner again, as before. Reboot your computer and then post a new HijackThis log. Also, please give a detailed description of how your computer is running and behaving at the moment, listing any remaining problems.

Another question: are you connecting to the internet via an Router or similar?

Thanks.

sandmock · Sep 27, 2008

Hi 02moveit log

C:\WINDOWS\photo album.zip moved successfully.
C:\WINDOWS\Downloaded Program Files\imloader.exe moved successfully.
C:\Documents and Settings\janet\My Documents\My Music\03 Track 3.wma moved successfully.
C:\Documents and Settings\janet\My Documents\My Music\Top of Charts - 2005.wma moved successfully.
C:\Documents and Settings\janet\My Documents\My Music\Wicked Remix.wma moved successfully.
C:\Documents and Settings\janet\My Documents\My Music\TOTALLY HIP TRACK.wma moved successfully.
C:\Documents and Settings\janet\My Documents\My Music\Rare Recording.wma moved successfully.
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\scouting for girls elvis aint.mp3 moved successfully.
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\sally cinamon stone rose.mp3 moved successfully.
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\your pretty good looking white.mp3 moved successfully.
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\mad indian dance music.mp3 moved successfully.
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\Hollywood Blvd - Japanese Boy 2000.mp3 moved successfully.
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\aggro enemy.mp3 moved successfully.
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\Zutons - Always Right Behind You.wma moved successfully.
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\local boy in photograph.mp3 moved successfully.
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\ghetto gosbel 2pac(1).mp3 moved successfully.
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\ghetto gosbel 2pac.mp3 moved successfully.
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\kendoon diss part 3.mp3 moved successfully.
C:\Documents and Settings\janet\My Documents\LimeWire\Saved\David Bowie - Hunky Dory.mp3 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09272008_134610

Hijackthis log in next post

Thanks

sandmock · Sep 27, 2008

Hi I have done the ATF cleaner and have a new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:36, on 27/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\program files\quicktime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1117559368690
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147014740671
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - https://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
--
End of file - 11124 bytes

Since I rebooted after the ATF cleaner the computer has been going really fast (compared to how it was running previously) I have not noticed any other problems.
I connect to the internet via a modem

Thanks.

sandmock · Sep 27, 2008

Sorry I forgot to add in the last post another problem I still have, when I tried to remove adaware 2007 to update it I get an error message and cant remove it. I have had this problem with some programmes in the past.

Thanks.

jpshortstuff · Sep 27, 2008

Hi

Are you an Administrator? If so, what is the exact error message you get when you try to uninstall Ad-Aware?

The best procedure for uninstalling is to log in as an Administrator, then go to Start >> Control Panel >> Add/Remove Programs and then click Remove next to Ad-Aware 2007. If this doesn't work, try again in safe mode. If still no luck let me know what the error message is and I'll see if I can find a solution.

You don't appear to be running any third party Firewall software

Install a firewall! Without a firewall you are very susceptible to being hacked, and people could gain access to your computer. If you don't have a firewall I strongly recommend you download ONE of the following:

1) Comodo
2) Agnitum
3) Sunbelt/Kerio

You can fix these items in HijackThis:
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -

You need to upgrade to Windows XP Service Pack 3. Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install Windows XP - Service Pack 3.

Any other problems, apart from the Ad-Aware problem? Please post a new HijackThis log as well, to make sure there is no more malware.

Thanks.

Log in or Sign up

cid pop ups

sandmock Thread Starter

jpshortstuff

sandmock Thread Starter

jpshortstuff

sandmock Thread Starter

jpshortstuff

sandmock Thread Starter

jpshortstuff

sandmock Thread Starter

sandmock Thread Starter

jpshortstuff

sandmock Thread Starter

sandmock Thread Starter

sandmock Thread Starter

jpshortstuff

Sponsor

Welcome to Tech Support Guy!

Log in or Sign up

cid pop ups

sandmock Thread Starter

jpshortstuff

sandmock Thread Starter

jpshortstuff

sandmock Thread Starter

jpshortstuff

sandmock Thread Starter

jpshortstuff

sandmock Thread Starter

sandmock Thread Starter

jpshortstuff

sandmock Thread Starter

sandmock Thread Starter

sandmock Thread Starter

jpshortstuff

Sponsor

Welcome to Tech Support Guy!

Useful Searches