Inactive [InActive] iexplore.exe problem.

A process called "iexplore.exe" has been giving me endless pop ups. Going Crazy here. When I have NO IE windows open 2 processes of "iexplore.exe" are running, and I am sure that these are generating the popups. Ending the processes does not help because they pop right back up in the list about 1-2 seconds after ending the process. (I read this and I just copied it, same bs is happening.)

I've ran system scan multiple times with no results.

Here is my HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:47 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {af53dfe0-23a8-4ffd-a599-7e253b55f5cc} - C:\WINDOWS\system32\mejeweme.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zemevijiri] Rundll32.exe "C:\WINDOWS\system32\fapasego.dll ",s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [CPM53dc463a] Rundll32.exe "c:\windows\system32\vujigami.dll ",a
O4 - HKLM\..\Run: [50ef75a6] rundll32.exe "C:\WINDOWS\system32\selekide.dll ",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Clock Locks] C:\DOCUME~1\Owner\APPLIC~1\MOVEPH~1\Knob Jugs.exe
O4 - HKUS\S-1-5-19\..\Run: [CollagesSystray] C:\Program Files\Collages.net Inc\Collages.net Desktop\CollagesSysTray.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [zemevijiri] Rundll32.exe "C:\WINDOWS\system32\fapasego.dll ",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CollagesSystray] C:\Program Files\Collages.net Inc\Collages.net Desktop\CollagesSysTray.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://*.teenchat.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\geratuna.dll c:\windows\system32\vujigami.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vujigami.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vujigami.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file

--Any help would be greatly appreciated.

 

Welcome to WindowsBBS diagray

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix



Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Thank you for the welcome. I just finished running ComboFix, here is the log.

ComboFix 08-12-06.06 - Owner 2008-12-06 23:44:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.155 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Favorites\Online Security Test.url
c:\windows\system32\apekelov.ini
c:\windows\system32\edikeles.ini
c:\windows\system32\fapasego.dll
c:\windows\system32\geratuna.dll
c:\windows\system32\mejeweme.dll
c:\windows\system32\selekide.dll
c:\windows\system32\volekepa.dll
c:\windows\system32\vujigami.dll
c:\windows\system32\weyalomi.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 23:14 . 2008-12-06 23:14 <DIR> d-------- c:\program files\Trend Micro
2008-12-06 10:53 . 2008-12-06 10:53 <DIR> d-------- c:\program files\iTunes
2008-12-06 10:53 . 2008-12-06 10:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 15:37 . 2002-08-29 09:10 229,479 --a------ c:\windows\system32\jpicpl32.cpl
2008-12-01 14:01 . 2008-12-01 14:02 <DIR> d-------- c:\program files\CleanUp!
2008-12-01 13:31 . 2008-12-01 13:31 <DIR> d-------- c:\program files\Lavasoft
2008-12-01 13:31 . 2008-12-01 13:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-01 13:30 . 2008-12-01 13:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-01 13:21 . 2008-12-01 13:25 <DIR> d-------- C:\aa_tools
2008-12-01 12:42 . 2004-08-27 03:54 <DIR> d-------- c:\documents and settings\Repair\WINDOWS
2008-12-01 12:42 . 2006-01-04 23:11 <DIR> d-------- c:\documents and settings\Repair\Application Data\You've Got Pictures Screensaver
2008-12-01 12:42 . 2006-01-04 23:10 <DIR> d-------- c:\documents and settings\Repair\Application Data\SampleView
2008-12-01 12:42 . 2007-04-23 07:54 <DIR> d-------- c:\documents and settings\Repair\Application Data\AOL
2008-12-01 12:42 . 2008-12-01 12:42 <DIR> d-------- c:\documents and settings\Repair
2008-12-01 12:31 . 2004-08-27 03:54 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-12-01 12:31 . 2006-01-04 23:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-12-01 12:31 . 2006-01-04 23:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SampleView
2008-12-01 12:31 . 2007-04-23 07:54 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL
2008-12-01 12:31 . 2008-12-01 12:31 <DIR> d-------- c:\documents and settings\Administrator
2008-11-22 19:25 . 2008-11-22 19:25 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-11 23:07 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 23:07 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 16:53 --------- d-----w c:\program files\iPod
2008-12-05 22:40 --------- d-----w c:\documents and settings\Princess Diana\Application Data\Skype
2008-12-05 22:00 --------- d-----w c:\documents and settings\Princess Diana\Application Data\skypePM
2008-12-04 03:40 --------- d-----w c:\documents and settings\Princess Diana\Application Data\Move Networks
2008-12-03 23:06 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-03 18:12 --------- d-----w c:\documents and settings\Owner\Application Data\Skype
2008-12-03 17:20 --------- d-----w c:\documents and settings\Owner\Application Data\skypePM
2008-12-02 02:31 --------- d--h--w c:\documents and settings\Owner\Application Data\Move Networks
2008-12-01 20:04 --------- d-----w c:\documents and settings\Princess Diana\Application Data\LimeWire
2008-11-23 18:10 --------- d-----w c:\documents and settings\Owner\Application Data\MOVE PHONE PURE
2008-11-23 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\two setup mode load
2008-11-18 20:36 --------- d-----w c:\documents and settings\Princess Diana\Application Data\uTorrent
2008-11-03 18:36 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-07 23:02 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-04-01 23:21 88 --sh--r c:\windows\system32\69463674DE.sys
2008-04-27 19:08 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Clock Locks "= "c:\docume~1\Owner\APPLIC~1\MOVEPH~1\Knob Jugs.exe" [2008-11-23 589824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 18:54 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
-ra------ 2007-11-05 04:32 61440 c:\program files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-09-18 10:32 7204864 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-09-18 10:32 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-14 01:42 212992 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2005-03-15 11:04 966656 c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 22:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-11-15 17:04 135168 c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TimeSyc]
--a------ 2005-06-19 00:00 90112 c:\program files\timesync\TimeSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--------- 2003-11-18 16:20 45056 c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
--a------ 2004-01-12 20:40 69632 c:\program files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-11-06 19:51 3810544 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-18 10:32 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-09-26 17:07 90112 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\NetMeeting\\conf.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe "=
"c:\\Program Files\\TightVNC\\WinVNC.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe "=

S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.SYS [2008-02-08 31899]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab3576d1-6bef-11da-9919-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2FBEEEC3-B04C-9678-0104-030004030205}]
c:\windows\system32\__System.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-07 c:\windows\Tasks\BD08806388A330E3.job
- c:\docume~1\owner\applic~1\moveph~1\Pile less city.exe [2008-11-23 12:10]
.
- - - - ORPHANS REMOVED - - - -

BHO-{af53dfe0-23a8-4ffd-a599-7e253b55f5cc} - c:\windows\system32\mejeweme.dll
MSConfigStartUp-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe
MSConfigStartUp-CollagesSystray - c:\program files\Collages.net Inc\Collages.net
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-MBkLogOnHook - c:\program files\McAfee\MBK\LogOnHook.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-Spam Blocker for Outlook Express - c:\progra~1\SPAMBL~1\Bin\484~1.0\SBInst.exe
MSConfigStartUp-SpamBlocker - c:\program files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-WeatherOnTray - c:\program files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-Microsoft Update Machine - gbaqgz.exe


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://att.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://att.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7t9tp30.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\j2re1.4.1\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\j2re1.4.1\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\j2re1.4.1\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\j2re1.4.1\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\j2re1.4.1\bin\NPJPI141.dll
FF -: plugin - c:\program files\Java\j2re1.4.1\bin\NPOJI610.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 23:52:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-07 0:09:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 06:08:21

Pre-Run: 83,855,867,904 bytes free
Post-Run: 84,014,784,512 bytes free

235 --- E O F --- 2008-11-12 18:13:45

 

Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

• Plug in your USB flash drive.
• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Your desktop will vanish for a while, and then reappear. This is normal.
• Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab3576d1-6bef-11da-9919-806d6172696f}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2FBEEEC3-B04C-9678-0104-030004030205}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Clock Locks "=-

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed when prompted.


You also have a LOP infection. Did you install Messenger Plus?
Download Lop S&D and save it to your desktop.

Please disable resident protections (Antivirus...) you'll re-enable them after the scan

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created at C:\lopR.txt

Don't forget to re-enable your resident protections now!

 

I did install windows live, but I removed it.

ComboFix 08-12-06.06 - Owner 2008-12-07 1:38:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.186 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-07 01:18 . 2008-12-07 01:25 <DIR> d-------- C:\Lop SD
2008-12-06 23:14 . 2008-12-06 23:14 <DIR> d-------- c:\program files\Trend Micro
2008-12-06 10:53 . 2008-12-06 10:53 <DIR> d-------- c:\program files\iTunes
2008-12-06 10:53 . 2008-12-06 10:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 15:37 . 2002-08-29 09:10 229,479 --a------ c:\windows\system32\jpicpl32.cpl
2008-12-01 14:01 . 2008-12-01 14:02 <DIR> d-------- c:\program files\CleanUp!
2008-12-01 13:31 . 2008-12-01 13:31 <DIR> d-------- c:\program files\Lavasoft
2008-12-01 13:31 . 2008-12-01 13:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-01 13:30 . 2008-12-01 13:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-01 13:21 . 2008-12-07 00:59 <DIR> d-------- C:\aa_tools
2008-12-01 12:42 . 2004-08-27 03:54 <DIR> d-------- c:\documents and settings\Repair\WINDOWS
2008-12-01 12:42 . 2006-01-04 23:11 <DIR> d-------- c:\documents and settings\Repair\Application Data\You've Got Pictures Screensaver
2008-12-01 12:42 . 2006-01-04 23:10 <DIR> d-------- c:\documents and settings\Repair\Application Data\SampleView
2008-12-01 12:42 . 2007-04-23 07:54 <DIR> d-------- c:\documents and settings\Repair\Application Data\AOL
2008-12-01 12:42 . 2008-12-01 12:42 <DIR> d-------- c:\documents and settings\Repair
2008-12-01 12:31 . 2004-08-27 03:54 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-12-01 12:31 . 2006-01-04 23:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-12-01 12:31 . 2006-01-04 23:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SampleView
2008-12-01 12:31 . 2007-04-23 07:54 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL
2008-12-01 12:31 . 2008-12-01 12:31 <DIR> d-------- c:\documents and settings\Administrator
2008-11-22 19:25 . 2008-11-22 19:25 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-11 23:07 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 23:07 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 16:53 --------- d-----w c:\program files\iPod
2008-12-05 22:40 --------- d-----w c:\documents and settings\Princess Diana\Application Data\Skype
2008-12-05 22:00 --------- d-----w c:\documents and settings\Princess Diana\Application Data\skypePM
2008-12-04 03:40 --------- d-----w c:\documents and settings\Princess Diana\Application Data\Move Networks
2008-12-03 23:06 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-03 18:12 --------- d-----w c:\documents and settings\Owner\Application Data\Skype
2008-12-03 17:20 --------- d-----w c:\documents and settings\Owner\Application Data\skypePM
2008-12-02 02:31 --------- d--h--w c:\documents and settings\Owner\Application Data\Move Networks
2008-12-01 20:04 --------- d-----w c:\documents and settings\Princess Diana\Application Data\LimeWire
2008-11-23 18:10 --------- d-----w c:\documents and settings\Owner\Application Data\MOVE PHONE PURE
2008-11-23 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\two setup mode load
2008-11-18 20:36 --------- d-----w c:\documents and settings\Princess Diana\Application Data\uTorrent
2008-11-03 18:36 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-07 23:02 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2003-08-05 17:41 53,248 ----a-w c:\windows\inf\ap561.exe
2002-11-26 22:24 32,768 ----a-w c:\windows\inf\Remove561.exe
2002-11-22 21:56 118,784 ----a-w c:\windows\inf\ShowBmp.exe
2002-10-30 00:07 36,864 ----a-w c:\windows\inf\Setup8a.exe
2002-10-01 20:43 119,798 ----a-w c:\windows\inf\spca561.sys
2008-04-01 23:21 88 --sh--r c:\windows\system32\69463674DE.sys
2008-04-27 19:08 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 18:54 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
-ra------ 2007-11-05 04:32 61440 c:\program files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-09-18 10:32 7204864 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-09-18 10:32 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-14 01:42 212992 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2005-03-15 11:04 966656 c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 22:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-11-15 17:04 135168 c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TimeSyc]
--a------ 2005-06-19 00:00 90112 c:\program files\timesync\TimeSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--------- 2003-11-18 16:20 45056 c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
--a------ 2004-01-12 20:40 69632 c:\program files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-11-06 19:51 3810544 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-18 10:32 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-09-26 17:07 90112 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\NetMeeting\\conf.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe "=
"c:\\Program Files\\TightVNC\\WinVNC.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe "=

S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.SYS [2008-02-08 31899]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-07 c:\windows\Tasks\BD08806388A330E3.job
- c:\docume~1\owner\applic~1\moveph~1\Pile less city.exe [2008-11-23 12:10]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://att.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://att.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7t9tp30.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\j2re1.4.1\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\j2re1.4.1\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\j2re1.4.1\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\j2re1.4.1\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\j2re1.4.1\bin\NPJPI141.dll
FF -: plugin - c:\program files\Java\j2re1.4.1\bin\NPOJI610.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 01:39:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-07 1:41:55
ComboFix-quarantined-files.txt 2008-12-07 07:40:52
ComboFix2.txt 2008-12-07 06:09:44

Pre-Run: 83,978,092,544 bytes free
Post-Run: 83,960,381,440 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

220 --- E O F --- 2008-11-12 18:13:45

---
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3400+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Owner ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:144 Go (Free:78 Go)
D:\ (Local Disk) - FAT32 - Total:4 Go (Free:2 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB) - FAT - Total:982 Mo (Free:0 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Sun 12/07/2008| 1:19 )

--------------------\\ Listing folders in APPLIC~1

[04/23/2007|07:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> AOL
[08/26/2004|12:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[01/04/2006|11:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[01/04/2006|11:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SampleView
[01/04/2006|11:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[12/06/2008|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[06/11/2008|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[03/27/2007|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[04/23/2007|07:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[06/30/2007|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[02/02/2007|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[03/16/2006|06:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Broderbund
[03/15/2006|02:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[04/01/2008|04:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[03/15/2006|08:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[04/22/2008|06:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[01/29/2008|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[12/20/2006|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[01/16/2007|05:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[12/01/2008|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[12/03/2008|05:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[07/08/2008|11:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/21/2007|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[01/04/2006|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy
[01/04/2006|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[03/23/2006|04:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[06/24/2006|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games
[10/07/2008|05:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[06/17/2008|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[12/20/2006|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[03/27/2006|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[04/28/2006|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[11/23/2008|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> two setup mode load
[01/05/2008|09:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[01/29/2008|09:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[07/18/2006|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[03/15/2008|03:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[01/29/2008|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!

[05/01/2007|09:00] C:\DOCUME~1\APPLIC~1\APPLIC~1\<DIR> Microsoft

[04/23/2007|07:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AOL
[08/26/2004|12:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[01/04/2006|11:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[01/04/2006|11:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[01/04/2006|11:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[09/07/2006|05:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[04/29/2006|10:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[01/16/2007|05:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[11/03/2008|12:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore

[10/25/2006|11:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[06/29/2008|02:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[07/16/2008|02:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Alien Skin
[04/23/2007|07:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AOL
[01/25/2008|12:24] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[08/10/2008|01:07] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Corel
[03/15/2006|08:03] C:\DOCUME~1\Owner\APPLIC~1\<DIR> CyberLink
[06/29/2007|06:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DivX
[03/25/2006|01:44] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[12/20/2006|10:56] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HP
[08/26/2004|12:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[10/12/2007|08:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Kodak
[06/26/2008|01:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> LimeWire
[04/21/2008|03:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[01/29/2008|08:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> McAfee
[07/04/2008|12:41] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[12/01/2008|08:31] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Move Networks
[11/23/2008|12:10] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MOVE PHONE PURE
[08/31/2008|09:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[09/07/2006|11:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MSNInstaller
[11/21/2007|11:28] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Real
[01/04/2006|11:10] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SampleView
[12/03/2008|12:12] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Skype
[12/03/2008|11:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> skypePM
[07/14/2007|01:03] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[07/31/2007|01:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Talkback
[06/08/2006|03:32] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Template
[10/12/2007|09:46] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ulead Systems
[09/03/2008|12:10] C:\DOCUME~1\Owner\APPLIC~1\<DIR> uTorrent
[07/05/2007|09:04] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Viewpoint
[09/03/2008|08:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Winamp
[01/29/2008|09:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> yahoo!

[06/23/2008|10:27] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Adobe
[02/01/2008|08:12] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> AdobeUM
[02/09/2008|10:46] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Alien Skin
[04/23/2007|07:54] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> AOL
[07/19/2008|11:40] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Apple Computer
[02/19/2008|11:02] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Ceedo
[04/01/2008|05:20] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Corel
[02/09/2008|06:15] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> CyberLink
[07/30/2008|02:00] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> GNU Solfege
[06/10/2008|03:38] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Google
[04/12/2008|04:43] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> HP
[08/26/2004|12:09] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Identities
[04/01/2008|04:10] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> InstallShield
[12/01/2008|02:04] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> LimeWire
[02/04/2008|12:04] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Macromedia
[06/17/2008|05:44] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Microsoft
[12/03/2008|09:40] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Move Networks
[09/04/2008|10:22] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Mozilla
[01/04/2006|11:10] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> SampleView
[12/05/2008|04:40] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Skype
[12/05/2008|04:00] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> skypePM
[01/30/2008|01:12] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Sun
[11/18/2008|02:36] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> uTorrent
[09/04/2008|04:47] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Winamp
[02/16/2008|02:48] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Yahoo!
[01/04/2006|11:11] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[12/01/2008|02:18] C:\DOCUME~1\Repair\APPLIC~1\<DIR> Adobe
[04/23/2007|07:54] C:\DOCUME~1\Repair\APPLIC~1\<DIR> AOL
[08/26/2004|12:09] C:\DOCUME~1\Repair\APPLIC~1\<DIR> Identities
[12/01/2008|12:42] C:\DOCUME~1\Repair\APPLIC~1\<DIR> Microsoft
[01/04/2006|11:10] C:\DOCUME~1\Repair\APPLIC~1\<DIR> SampleView
[01/04/2006|11:11] C:\DOCUME~1\Repair\APPLIC~1\<DIR> You've Got Pictures Screensaver

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[12/07/2008 01:00 AM][--ah-----] C:\WINDOWS\tasks\BD08806388A330E3.job
[11/22/2008 04:17 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/06/2008 11:51 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 01:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( BD08806388A330E3.job )=( c:\docume~1\owner\applic~1\moveph~1\Pilelesscity.exe )

--------------------\\ Listing Folders in C:\Program Files

[07/17/2008|07:26] C:\Program Files\<DIR> Adobe
[09/22/2008|07:58] C:\Program Files\<DIR> Apple Software Update
[07/20/2007|11:27] C:\Program Files\<DIR> AvailaSoft
[01/04/2006|11:08] C:\Program Files\<DIR> AvRack
[01/29/2008|09:35] C:\Program Files\<DIR> Axis Communications
[09/22/2008|07:37] C:\Program Files\<DIR> Bonjour
[01/29/2008|09:35] C:\Program Files\<DIR> BroadJump
[04/01/2008|05:05] C:\Program Files\<DIR> Broderbund
[01/29/2008|09:44] C:\Program Files\<DIR> Canon
[04/23/2007|11:34] C:\Program Files\<DIR> Chief Architect Inc
[12/01/2008|02:02] C:\Program Files\<DIR> CleanUp!
[12/06/2008|11:47] C:\Program Files\<DIR> Common Files
[08/26/2004|12:01] C:\Program Files\<DIR> ComPlus Applications
[01/29/2008|09:58] C:\Program Files\<DIR> CONEXANT
[08/10/2008|01:07] C:\Program Files\<DIR> Corel
[01/04/2006|11:06] C:\Program Files\<DIR> CyberLink
[01/04/2006|11:02] C:\Program Files\<DIR> Digital Media Reader
[01/29/2008|09:40] C:\Program Files\<DIR> DivX
[06/20/2008|05:21] C:\Program Files\<DIR> Google
[01/29/1927|08:34] C:\Program Files\<DIR> HP
[02/08/2008|01:25] C:\Program Files\<DIR> InstallShield Installation Information
[03/17/2006|09:02] C:\Program Files\<DIR> InterActual
[12/06/2008|11:06] C:\Program Files\<DIR> Internet Explorer
[12/06/2008|10:53] C:\Program Files\<DIR> iPod
[12/06/2008|10:53] C:\Program Files\<DIR> iTunes
[02/03/2008|02:01] C:\Program Files\<DIR> Java
[12/01/2008|01:31] C:\Program Files\<DIR> Lavasoft
[01/31/2008|04:05] C:\Program Files\<DIR> Macromedia
[08/29/2008|11:57] C:\Program Files\<DIR> Messenger
[12/07/2008|01:12] C:\Program Files\<DIR> Messenger Plus! Live
[10/13/2006|11:01] C:\Program Files\<DIR> Microsoft ActiveSync
[04/18/2006|10:16] C:\Program Files\<DIR> Microsoft Digital Image 2006
[08/26/2004|12:04] C:\Program Files\<DIR> microsoft frontpage
[03/17/2008|12:21] C:\Program Files\<DIR> Microsoft Office
[11/22/2008|07:25] C:\Program Files\<DIR> Microsoft Silverlight
[10/13/2006|11:01] C:\Program Files\<DIR> Microsoft Visual Studio
[06/02/2008|09:27] C:\Program Files\<DIR> Microsoft Works
[06/01/2006|06:53] C:\Program Files\<DIR> Microsoft.NET
[08/29/2008|11:52] C:\Program Files\<DIR> Movie Maker
[12/07/2008|12:19] C:\Program Files\<DIR> Mozilla Firefox
[03/17/2008|12:20] C:\Program Files\<DIR> MSECache
[10/15/2006|05:18] C:\Program Files\<DIR> MSN
[01/04/2006|11:09] C:\Program Files\<DIR> MSN Encarta Plus
[08/26/2004|12:00] C:\Program Files\<DIR> MSN Gaming Zone
[11/15/2006|11:54] C:\Program Files\<DIR> MSXML 4.0
[08/29/2008|11:48] C:\Program Files\<DIR> NetMeeting
[08/26/2004|12:02] C:\Program Files\<DIR> Online Services
[08/29/2008|11:48] C:\Program Files\<DIR> Outlook Express
[06/10/2008|04:14] C:\Program Files\<DIR> Picasa2
[04/23/2007|08:38] C:\Program Files\<DIR> Pure Networks
[09/22/2008|07:51] C:\Program Files\<DIR> QuickTime
[03/20/2006|04:58] C:\Program Files\<DIR> Rand McNally
[01/04/2006|11:11] C:\Program Files\<DIR> Real
[01/04/2006|11:08] C:\Program Files\<DIR> Realtek AC97
[01/04/2006|11:08] C:\Program Files\<DIR> Realtek Sound Manager
[07/18/2008|12:05] C:\Program Files\<DIR> Safari
[06/17/2008|07:56] C:\Program Files\<DIR> Skype
[03/23/2006|08:00] C:\Program Files\<DIR> SocratesMedia
[03/27/2006|11:09] C:\Program Files\<DIR> support.com
[01/29/2008|08:10] C:\Program Files\<DIR> TightVNC
[01/18/2008|03:17] C:\Program Files\<DIR> timesync
[12/06/2008|11:14] C:\Program Files\<DIR> Trend Micro
[01/05/2008|09:48] C:\Program Files\<DIR> Ulead Systems
[08/26/2004|12:09] C:\Program Files\<DIR> Uninstall Information
[02/08/2008|01:24] C:\Program Files\<DIR> USB Vibration
[06/26/2008|11:48] C:\Program Files\<DIR> uTorrent
[07/04/2007|05:53] C:\Program Files\<DIR> Veoh Networks
[09/03/2008|08:28] C:\Program Files\<DIR> Winamp
[03/16/2008|10:17] C:\Program Files\<DIR> Windows Live
[04/23/2007|07:51] C:\Program Files\<DIR> Windows Media Connect 2
[08/29/2008|11:48] C:\Program Files\<DIR> Windows Media Player
[08/29/2008|11:48] C:\Program Files\<DIR> Windows NT
[08/26/2004|12:02] C:\Program Files\<DIR> WindowsUpdate
[01/29/2008|10:27] C:\Program Files\<DIR> xerox
[01/29/2008|09:55] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[06/23/2008|10:56] C:\Program Files\Common Files\<DIR> Adobe
[03/27/2007|10:36] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[04/23/2007|07:54] C:\Program Files\Common Files\<DIR> AOL
[09/22/2008|07:49] C:\Program Files\Common Files\<DIR> Apple
[10/13/2006|11:01] C:\Program Files\Common Files\<DIR> DESIGNER
[03/15/2008|09:07] C:\Program Files\Common Files\<DIR> HP
[01/16/2007|05:48] C:\Program Files\Common Files\<DIR> InstallShield
[10/13/2006|11:02] C:\Program Files\Common Files\<DIR> L&H
[01/31/2008|04:05] C:\Program Files\Common Files\<DIR> Macromedia
[04/09/2008|05:37] C:\Program Files\Common Files\<DIR> Macrovision Shared
[12/03/2008|03:35] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/26/2004|12:01] C:\Program Files\Common Files\<DIR> MSSoap
[01/04/2006|10:55] C:\Program Files\Common Files\<DIR> New Boundary
[01/04/2006|11:11] C:\Program Files\Common Files\<DIR> Nullsoft
[08/26/2004|04:54] C:\Program Files\Common Files\<DIR> ODBC
[11/21/2007|11:28] C:\Program Files\Common Files\<DIR> Real
[08/26/2004|12:01] C:\Program Files\Common Files\<DIR> Services
[06/17/2008|07:56] C:\Program Files\Common Files\<DIR> Skype
[03/15/2008|09:10] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/26/2004|04:54] C:\Program Files\Common Files\<DIR> SpeechEngines
[11/06/2007|05:33] C:\Program Files\Common Files\<DIR> SWF Studio
[12/24/2007|09:47] C:\Program Files\Common Files\<DIR> Symantec Shared
[08/29/2008|11:48] C:\Program Files\Common Files\<DIR> System
[10/12/2007|08:16] C:\Program Files\Common Files\<DIR> Ulead Systems
[03/15/2008|03:36] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[12/01/2008|01:30] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 28 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load
C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\time delete.exe
C:\DOCUME~1\Owner\APPLIC~1\moveph~1
C:\DOCUME~1\Owner\APPLIC~1\moveph~1\dodbgmvz.exe
C:\DOCUME~1\Owner\APPLIC~1\moveph~1\hubqyuea.exe
C:\DOCUME~1\Owner\APPLIC~1\moveph~1\Knob Jugs.exe
C:\DOCUME~1\Owner\APPLIC~1\moveph~1\Pile less city.exe
C:\DOCUME~1\Owner\APPLIC~1\moveph~1\plyqwafc.exe
C:\DOCUME~1\Owner\APPLIC~1\moveph~1\uhhrlcph.exe
C:\DOCUME~1\Owner\APPLIC~1\moveph~1\Warn Bird Close Site.exe
C:\DOCUME~1\Owner\APPLIC~1\moveph~1\zfsskhbp.exe
C:\DOCUME~1\Owner\Cookies\owner@adopt.euroclick[1].txt
C:\WINDOWS\Tasks\BD08806388A330E3.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clock Locks "= "C:\\DOCUME~1\\Owner\\APPLIC~1\\MOVEPH~1\\Knob Jugs.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 01:20:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 8

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\My Documents\My Received Files\My Pictures\David\Adobe_Acrobat_8_Pro___Keygen.3640056.TPB.torrent
C:\DOCUME~1\Owner\Shared\Adobe Acrobat Professional 8.10\Keygen.exe


[F:2][D:1]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:6][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:32][D:6]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sun 12/07/2008| 1:25 - Option : [1]

--------------------\\ Scan completed at 1:25:16

 

Looks as though you ran LopS&D before running ComboFix. Please do things in the order given in the future.

I asked about the program named Messenger Plus, not Windows Live.

You would do well to stay away from cracks. It's not only dishonest and unfair to the program creator, it's a good way to get infected. Malware authors love to spread their junk via cracks and keygens.



Disable resident protections (Antivirus...); you'll re-enable them after the scan

Double-click Lop S&D.exe
Choose the language, then choose Option 3 (Fix - Hosts)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

 

Sorry about not doing things in order. I will have tose cracks & Keygens removed as soon as this is done. And yes I did have messenger plus but I removed it. It wasn't used that often, did I make a mistake?

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3400+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Owner ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:144 Go (Free:78 Go)
D:\ (Local Disk) - FAT32 - Total:4 Go (Free:2 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [3] ( Sun 12/07/2008|16:41 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\Owner\Cookies\owner@www.lop[2].txt

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[04/23/2007|07:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> AOL
[08/26/2004|12:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[01/04/2006|11:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[01/04/2006|11:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SampleView
[01/04/2006|11:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[12/06/2008|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[06/11/2008|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[03/27/2007|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[04/23/2007|07:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[06/30/2007|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[02/02/2007|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[03/16/2006|06:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Broderbund
[03/15/2006|02:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[04/01/2008|04:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[03/15/2006|08:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[04/22/2008|06:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[01/29/2008|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[12/20/2006|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[01/16/2007|05:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[12/01/2008|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[12/03/2008|05:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[07/08/2008|11:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/21/2007|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[01/04/2006|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy
[01/04/2006|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[03/23/2006|04:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[06/24/2006|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games
[10/07/2008|05:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[06/17/2008|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[12/20/2006|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[03/27/2006|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[04/28/2006|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[01/05/2008|09:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[07/18/2006|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[03/15/2008|03:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[01/29/2008|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!

[05/01/2007|09:00] C:\DOCUME~1\APPLIC~1\APPLIC~1\<DIR> Microsoft

[04/23/2007|07:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AOL
[08/26/2004|12:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[01/04/2006|11:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[01/04/2006|11:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[01/04/2006|11:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[09/07/2006|05:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[04/29/2006|10:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[01/16/2007|05:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[11/03/2008|12:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore

[10/25/2006|11:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[06/29/2008|02:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[07/16/2008|02:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Alien Skin
[04/23/2007|07:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AOL
[01/25/2008|12:24] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[08/10/2008|01:07] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Corel
[03/15/2006|08:03] C:\DOCUME~1\Owner\APPLIC~1\<DIR> CyberLink
[06/29/2007|06:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DivX
[03/25/2006|01:44] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[12/20/2006|10:56] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HP
[08/26/2004|12:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[10/12/2007|08:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Kodak
[06/26/2008|01:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> LimeWire
[04/21/2008|03:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[01/29/2008|08:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> McAfee
[07/04/2008|12:41] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[12/01/2008|08:31] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Move Networks
[08/31/2008|09:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[09/07/2006|11:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MSNInstaller
[11/21/2007|11:28] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Real
[01/04/2006|11:10] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SampleView
[12/03/2008|12:12] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Skype
[12/03/2008|11:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> skypePM
[07/14/2007|01:03] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[07/31/2007|01:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Talkback
[06/08/2006|03:32] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Template
[10/12/2007|09:46] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ulead Systems
[09/03/2008|12:10] C:\DOCUME~1\Owner\APPLIC~1\<DIR> uTorrent
[09/03/2008|08:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Winamp
[01/29/2008|09:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> yahoo!

[06/23/2008|10:27] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Adobe
[02/01/2008|08:12] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> AdobeUM
[02/09/2008|10:46] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Alien Skin
[04/23/2007|07:54] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> AOL
[07/19/2008|11:40] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Apple Computer
[02/19/2008|11:02] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Ceedo
[04/01/2008|05:20] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Corel
[02/09/2008|06:15] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> CyberLink
[07/30/2008|02:00] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> GNU Solfege
[06/10/2008|03:38] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Google
[04/12/2008|04:43] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> HP
[08/26/2004|12:09] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Identities
[04/01/2008|04:10] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> InstallShield
[12/01/2008|02:04] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> LimeWire
[02/04/2008|12:04] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Macromedia
[06/17/2008|05:44] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Microsoft
[12/03/2008|09:40] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Move Networks
[09/04/2008|10:22] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Mozilla
[01/04/2006|11:10] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> SampleView
[12/05/2008|04:40] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Skype
[12/05/2008|04:00] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> skypePM
[01/30/2008|01:12] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Sun
[11/18/2008|02:36] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> uTorrent
[09/04/2008|04:47] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Winamp
[02/16/2008|02:48] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> Yahoo!
[01/04/2006|11:11] C:\DOCUME~1\PRINCE~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[12/01/2008|02:18] C:\DOCUME~1\Repair\APPLIC~1\<DIR> Adobe
[04/23/2007|07:54] C:\DOCUME~1\Repair\APPLIC~1\<DIR> AOL
[08/26/2004|12:09] C:\DOCUME~1\Repair\APPLIC~1\<DIR> Identities
[12/01/2008|12:42] C:\DOCUME~1\Repair\APPLIC~1\<DIR> Microsoft
[01/04/2006|11:10] C:\DOCUME~1\Repair\APPLIC~1\<DIR> SampleView
[01/04/2006|11:11] C:\DOCUME~1\Repair\APPLIC~1\<DIR> You've Got Pictures Screensaver

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/22/2008 04:17 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/07/2008 01:41 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 01:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[07/17/2008|07:26] C:\Program Files\<DIR> Adobe
[09/22/2008|07:58] C:\Program Files\<DIR> Apple Software Update
[07/20/2007|11:27] C:\Program Files\<DIR> AvailaSoft
[01/04/2006|11:08] C:\Program Files\<DIR> AvRack
[01/29/2008|09:35] C:\Program Files\<DIR> Axis Communications
[09/22/2008|07:37] C:\Program Files\<DIR> Bonjour
[01/29/2008|09:35] C:\Program Files\<DIR> BroadJump
[04/01/2008|05:05] C:\Program Files\<DIR> Broderbund
[01/29/2008|09:44] C:\Program Files\<DIR> Canon
[04/23/2007|11:34] C:\Program Files\<DIR> Chief Architect Inc
[12/01/2008|02:02] C:\Program Files\<DIR> CleanUp!
[12/07/2008|01:39] C:\Program Files\<DIR> Common Files
[08/26/2004|12:01] C:\Program Files\<DIR> ComPlus Applications
[01/29/2008|09:58] C:\Program Files\<DIR> CONEXANT
[08/10/2008|01:07] C:\Program Files\<DIR> Corel
[01/04/2006|11:06] C:\Program Files\<DIR> CyberLink
[01/04/2006|11:02] C:\Program Files\<DIR> Digital Media Reader
[01/29/2008|09:40] C:\Program Files\<DIR> DivX
[06/20/2008|05:21] C:\Program Files\<DIR> Google
[01/29/1927|08:34] C:\Program Files\<DIR> HP
[02/08/2008|01:25] C:\Program Files\<DIR> InstallShield Installation Information
[03/17/2006|09:02] C:\Program Files\<DIR> InterActual
[12/06/2008|11:06] C:\Program Files\<DIR> Internet Explorer
[12/06/2008|10:53] C:\Program Files\<DIR> iPod
[12/06/2008|10:53] C:\Program Files\<DIR> iTunes
[02/03/2008|02:01] C:\Program Files\<DIR> Java
[12/01/2008|01:31] C:\Program Files\<DIR> Lavasoft
[01/31/2008|04:05] C:\Program Files\<DIR> Macromedia
[08/29/2008|11:57] C:\Program Files\<DIR> Messenger
[10/13/2006|11:01] C:\Program Files\<DIR> Microsoft ActiveSync
[04/18/2006|10:16] C:\Program Files\<DIR> Microsoft Digital Image 2006
[08/26/2004|12:04] C:\Program Files\<DIR> microsoft frontpage
[03/17/2008|12:21] C:\Program Files\<DIR> Microsoft Office
[11/22/2008|07:25] C:\Program Files\<DIR> Microsoft Silverlight
[10/13/2006|11:01] C:\Program Files\<DIR> Microsoft Visual Studio
[06/02/2008|09:27] C:\Program Files\<DIR> Microsoft Works
[06/01/2006|06:53] C:\Program Files\<DIR> Microsoft.NET
[08/29/2008|11:52] C:\Program Files\<DIR> Movie Maker
[12/07/2008|04:41] C:\Program Files\<DIR> Mozilla Firefox
[03/17/2008|12:20] C:\Program Files\<DIR> MSECache
[10/15/2006|05:18] C:\Program Files\<DIR> MSN
[01/04/2006|11:09] C:\Program Files\<DIR> MSN Encarta Plus
[08/26/2004|12:00] C:\Program Files\<DIR> MSN Gaming Zone
[11/15/2006|11:54] C:\Program Files\<DIR> MSXML 4.0
[08/29/2008|11:48] C:\Program Files\<DIR> NetMeeting
[08/26/2004|12:02] C:\Program Files\<DIR> Online Services
[08/29/2008|11:48] C:\Program Files\<DIR> Outlook Express
[06/10/2008|04:14] C:\Program Files\<DIR> Picasa2
[04/23/2007|08:38] C:\Program Files\<DIR> Pure Networks
[09/22/2008|07:51] C:\Program Files\<DIR> QuickTime
[03/20/2006|04:58] C:\Program Files\<DIR> Rand McNally
[01/04/2006|11:11] C:\Program Files\<DIR> Real
[01/04/2006|11:08] C:\Program Files\<DIR> Realtek AC97
[01/04/2006|11:08] C:\Program Files\<DIR> Realtek Sound Manager
[07/18/2008|12:05] C:\Program Files\<DIR> Safari
[06/17/2008|07:56] C:\Program Files\<DIR> Skype
[03/23/2006|08:00] C:\Program Files\<DIR> SocratesMedia
[03/27/2006|11:09] C:\Program Files\<DIR> support.com
[01/29/2008|08:10] C:\Program Files\<DIR> TightVNC
[01/18/2008|03:17] C:\Program Files\<DIR> timesync
[12/06/2008|11:14] C:\Program Files\<DIR> Trend Micro
[01/05/2008|09:48] C:\Program Files\<DIR> Ulead Systems
[08/26/2004|12:09] C:\Program Files\<DIR> Uninstall Information
[02/08/2008|01:24] C:\Program Files\<DIR> USB Vibration
[06/26/2008|11:48] C:\Program Files\<DIR> uTorrent
[07/04/2007|05:53] C:\Program Files\<DIR> Veoh Networks
[09/03/2008|08:28] C:\Program Files\<DIR> Winamp
[03/16/2008|10:17] C:\Program Files\<DIR> Windows Live
[04/23/2007|07:51] C:\Program Files\<DIR> Windows Media Connect 2
[08/29/2008|11:48] C:\Program Files\<DIR> Windows Media Player
[08/29/2008|11:48] C:\Program Files\<DIR> Windows NT
[08/26/2004|12:02] C:\Program Files\<DIR> WindowsUpdate
[01/29/2008|10:27] C:\Program Files\<DIR> xerox
[01/29/2008|09:55] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[06/23/2008|10:56] C:\Program Files\Common Files\<DIR> Adobe
[03/27/2007|10:36] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[04/23/2007|07:54] C:\Program Files\Common Files\<DIR> AOL
[09/22/2008|07:49] C:\Program Files\Common Files\<DIR> Apple
[10/13/2006|11:01] C:\Program Files\Common Files\<DIR> DESIGNER
[03/15/2008|09:07] C:\Program Files\Common Files\<DIR> HP
[01/16/2007|05:48] C:\Program Files\Common Files\<DIR> InstallShield
[10/13/2006|11:02] C:\Program Files\Common Files\<DIR> L&H
[01/31/2008|04:05] C:\Program Files\Common Files\<DIR> Macromedia
[04/09/2008|05:37] C:\Program Files\Common Files\<DIR> Macrovision Shared
[12/03/2008|03:35] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/26/2004|12:01] C:\Program Files\Common Files\<DIR> MSSoap
[01/04/2006|10:55] C:\Program Files\Common Files\<DIR> New Boundary
[01/04/2006|11:11] C:\Program Files\Common Files\<DIR> Nullsoft
[08/26/2004|04:54] C:\Program Files\Common Files\<DIR> ODBC
[11/21/2007|11:28] C:\Program Files\Common Files\<DIR> Real
[08/26/2004|12:01] C:\Program Files\Common Files\<DIR> Services
[06/17/2008|07:56] C:\Program Files\Common Files\<DIR> Skype
[03/15/2008|09:10] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/26/2004|04:54] C:\Program Files\Common Files\<DIR> SpeechEngines
[11/06/2007|05:33] C:\Program Files\Common Files\<DIR> SWF Studio
[12/24/2007|09:47] C:\Program Files\Common Files\<DIR> Symantec Shared
[08/29/2008|11:48] C:\Program Files\Common Files\<DIR> System
[10/12/2007|08:16] C:\Program Files\Common Files\<DIR> Ulead Systems
[03/15/2008|03:36] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[12/01/2008|01:30] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 28 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 16:42:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 8

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\My Documents\My Received Files\My Pictures\David\Adobe_Acrobat_8_Pro___Keygen.3640056.TPB.torrent
C:\DOCUME~1\Owner\Shared\Adobe Acrobat Professional 8.10\Keygen.exe


[F:1][D:2]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:23][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:219][D:4]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sun 12/07/2008| 1:25 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Sun 12/07/2008|16:40 - Option : [3]
3 - "C:\Lop SD\LopR_3.txt" - Sun 12/07/2008|16:45 - Option : [3]

--------------------\\ Scan completed at 16:45:19

 

Well oddly enough, despite none of the logs showing the Lop folders as having been removed, they are no longer present. That's a good thing.

I just wanted to make sure Messenger Plus was not still installed, since it would possibly just re-infect your system with Lop. It's not the Messenger Plus program itself that does it, it is the sponsor's software that get's installed with it if allowed that is responsible for Lop. Glad to hear it's been removed.

It appears as though you're free of infections now, but lets get an online scan to be sure. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log here.