Solved CiD popups... log and text files?

[Resolved] CiD popups... log and text files?

Hi there
needing help with my CiD popups. I am trying to rid of this thing and I have followed the first steps to get rid of it.... what do i do now....? Here are the text files I will post the log files in another post:



info.txt logfile of random's system information tool 1.04 2008-10-01 10:56:54

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll "
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
AVG Free Edition-->C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
BJ Printer-->C:\WINDOWS\system32\cnmUnInst.exe -@C:\WINDOWS\IsUninst.exe -fC:\CanonBJ\DeIsL3.isu -c "C:\CanonBJ\bjinst.dll
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Cake Mania (remove only)--> "C:\Program Files\Yahoo! Games\Cake Mania\Uninstall.exe "
CareBears-->C:\WINDOWS\uninst.exe -f "C:\Program Files\ValuSoft\CareBears\DeIsL1.isu "
Disney's Ready to Read with Pooh-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Disney Interactive\Ready to Read with Pooh\DeIsL1.isu" -c "C:\Program Files\Disney Interactive\Ready to Read with Pooh\Uninst.dll
Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
DVD Solution--> "C:\Program Files\Uninstall_CDS.exe "
enhanced keyboard driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79C25975-740E-436E-9327-C164831ADCE7}\setup.exe"
Google Desktop Search-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe -uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll "
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB926239)--> "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB929120)--> "C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPrimus Broadband Uninstaller--> "C:\Program Files\iPrimus\iConnectDSL\setup.exe" -mode uninstaller
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.18.3--> "C:\Program Files\LimeWire\uninstall.exe "
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
MP3 Player Utilities 4.05-->MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NETGEAR WG111v2 wireless USB 2.0 adapter-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E0F252A6-DE85-4E93-A93B-DFC3537B3965}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Pronto 1.1.2-F-->C:\Program Files\Horizon Wimba\Pronto\uninst.exe
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows Media Player (KB911564)--> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 6.4 (KB925398)--> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB911565)--> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe "
Security Update for Windows XP (KB890046)--> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe "
Security Update for Windows XP (KB893756)--> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896358)--> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896422)--> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896423)--> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896424)--> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896428)--> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899587)--> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899591)--> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe "
Security Update for Windows XP (KB900725)--> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901017)--> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901214)--> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe "
Security Update for Windows XP (KB902400)--> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe "
Security Update for Windows XP (KB904706)--> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905414)--> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905749)--> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905915)--> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe "
Security Update for Windows XP (KB908519)--> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe "
Security Update for Windows XP (KB908531)--> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911280)--> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911562)--> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911567)--> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911927)--> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe "
Security Update for Windows XP (KB912812)--> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe "
Security Update for Windows XP (KB912919)--> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe "
Security Update for Windows XP (KB913446)--> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe "
Security Update for Windows XP (KB913580)--> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe "
Security Update for Windows XP (KB914388)--> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe "
Security Update for Windows XP (KB914389)--> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe "
Security Update for Windows XP (KB916281)--> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917159)--> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917344)--> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917422)--> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917953)--> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe "
Security Update for Windows XP (KB918118)--> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe "
Security Update for Windows XP (KB918439)--> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe "
Security Update for Windows XP (KB918899)--> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe "
Security Update for Windows XP (KB919007)--> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920213)--> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920214)--> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920670)--> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920683)--> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920685)--> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe "
Security Update for Windows XP (KB921398)--> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe "
Security Update for Windows XP (KB921503)--> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe "
Security Update for Windows XP (KB921883)--> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe "
Security Update for Windows XP (KB922616)--> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe "
Security Update for Windows XP (KB922760)--> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB922819)--> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923191)--> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923414)--> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923689)--> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923694)--> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923980)--> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924191)--> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924270)--> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924496)--> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924667)--> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe "
Security Update for Windows XP (KB925454)--> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe "
Security Update for Windows XP (KB925902)--> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe "
Security Update for Windows XP (KB926255)--> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe "
Security Update for Windows XP (KB926436)--> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe "
Security Update for Windows XP (KB927779)--> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe "
Security Update for Windows XP (KB927802)--> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928090)--> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928255)--> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928843)--> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe "
Security Update for Windows XP (KB929123)--> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe "
Security Update for Windows XP (KB929969)--> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe "
Security Update for Windows XP (KB930178)--> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931261)--> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931768)--> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931784)--> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe "
Security Update for Windows XP (KB932168)--> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe "
Security Update for Windows XP (KB933566)--> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe "
Security Update for Windows XP (KB933729)--> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe "
Security Update for Windows XP (KB935839)--> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB935840)--> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe "
Security Update for Windows XP (KB936021)--> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe "
Security Update for Windows XP (KB937143)--> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938829)--> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe "
Security Update for Windows XP (KB939653)--> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941202)--> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941568)--> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941644)--> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941693)--> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe "
Security Update for Windows XP (KB942615)--> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943055)--> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943460)--> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943485)--> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe "
Security Update for Windows XP (KB944338)--> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe "
Security Update for Windows XP (KB944533)--> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe "
Security Update for Windows XP (KB944653)--> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe "
Security Update for Windows XP (KB945553)--> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946026)--> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB947864)--> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe "
Security Update for Windows XP (KB948590)--> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe "
Security Update for Windows XP (KB948881)--> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950749)--> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950759)--> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953838)--> "C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Sesame Street (R) Music Maker(TM)-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Mattel Media\Children's Television Workshop(R)\Sesame Street (R) Music Maker(TM)\Uninst.isu "
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Talking Math 4 Kids-->C:\WINDOWS\uninst.exe -f "C:\Program Files\Cosmi\Talking Math 4 Kids\DeIsL7.isu" -cC:\PROGRA~1\Cosmi\TALKIN~1\_ISREG32.DLL
Ulead Video ToolBox Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x9
Update for Windows XP (KB894391)--> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe "
Update for Windows XP (KB898461)--> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe "
Update for Windows XP (KB900485)--> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe "
Update for Windows XP (KB910437)--> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe "
Update for Windows XP (KB916595)--> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe "
Update for Windows XP (KB920872)--> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe "
Update for Windows XP (KB922582)--> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe "
Update for Windows XP (KB927891)--> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe "
Update for Windows XP (KB929338)--> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe "
Update for Windows XP (KB930916)--> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe "
Update for Windows XP (KB931836)--> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe "
Update for Windows XP (KB933360)--> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe "
Update for Windows XP (KB938828)--> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe "
Update for Windows XP (KB942763)--> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe "
Update for Windows XP (KB942840)--> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe "
Update for Windows XP (KB946627)--> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe "
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
USB MP3 Player WIN98 Drivers-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\MP3\U-MP3\Uninst.isu "
USB PC cam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\Setup.exe" -l0x9
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859--> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe "
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

======Security center information======

AV: AVG 7.5.524

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION "=2c02
"NUMBER_OF_PROCESSORS "=1
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

 

here are the log files from HJ THIS as well....

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-10-01 10:56:08
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 65 GB (85%) free of 76 GB
Total RAM: 511 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:52 AM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\EnhanceKeyboard\kb_2k.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NH8O9NR9\RSIT[1].exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ninemsn.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iprimus.com.au
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*;*.IPrimus.com.au;;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\chin logo.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [Gram file] C:\DOCUME~1\Owner\APPLIC~1\01LINK~1\CdromTickFork.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: enhanced keyboard driver.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/ZwinkyInitialSetup1.0.1.0.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8711 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AC06A6EA919559C2.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\{013BD331-CD54-48FA-ADB6-72E1625CE6E4}_USER-2DE632122C_Owner.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-18 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [2008-05-18 654320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-18 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA "=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-09-14 344064]
"RemoteControl "=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]
"NeroFilterCheck "=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SMSERIAL "=C:\WINDOWS\sm56hlpr.exe [2004-08-11 548864]
"Smapp "=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-05-19 180269]
"AVG7_CC "=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-04-18 579584]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"AntiSpywareMaster "=C:\Program Files\AntiSpywareMaster\asm.exe []
"CHIN PING PHONE PILE "=C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\chin logo.exe [2008-10-01 4949504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PowerBar "=C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe [2004-04-21 86016]
"Gram file "=C:\DOCUME~1\Owner\APPLIC~1\01LINK~1\CdromTickFork.exe [2008-09-26 487424]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
enhanced keyboard driver.lnk - C:\Program Files\EnhanceKeyboard\kb_2k.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-09-15 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Grisoft\AVG Free\avginet.exe "= "C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe "
"C:\Program Files\Grisoft\AVG Free\avgemc.exe "= "C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe "
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe "= "C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare "
"C:\My Games\Rock & Roll JEOPARDY!\Rock & Roll JEOPARDY!.exe "= "C:\My Games\Rock & Roll JEOPARDY!\Rock & Roll JEOPARDY!.exe:*:Enabled:Rock & Roll JEOPARDY! "
"C:\Program Files\Google\Google Talk\googletalk.exe "= "C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk "
"C:\Program Files\Horizon Wimba\Pronto\pronto.exe "= "C:\Program Files\Horizon Wimba\Pronto\pronto.exe:*:Enabledronto "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1 "

======List of files/folders created in the last 3 months======

2008-10-01 10:56:10 ----D---- C:\Program Files\trend micro
2008-10-01 10:56:08 ----DC---- C:\rsit
2008-09-26 07:51:41 ----D---- C:\Program Files\01LINKWEB
2008-09-11 17:08:07 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 17:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 21:01:40 ----D---- C:\Program Files\Enigma Software Group
2008-09-03 20:42:14 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-15 19:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-15 19:46:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-15 19:46:16 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 19:46:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-15 19:44:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 19:44:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-15 19:44:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-15 19:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-04 16:12:26 ----D---- C:\Program Files\iTunes
2008-08-04 16:11:28 ----D---- C:\Program Files\QuickTime
2008-08-04 16:10:22 ----D---- C:\Program Files\Apple Software Update
2008-08-04 16:09:52 ----D---- C:\Program Files\Common Files\Apple
2008-07-29 21:15:00 ----DC---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-07-29 21:15:00 ----D---- C:\Program Files\PC Drivers HeadQuarters
2008-07-29 21:10:42 ----RSD---- C:\WINDOWS\assembly
2008-07-29 21:10:00 ----D---- C:\WINDOWS\Microsoft.NET
2008-07-29 20:52:13 ----DC---- C:\Temp
2008-07-29 20:52:13 ----A---- C:\WINDOWS\i560_98ME_v800 Setup Log.txt
2008-07-27 21:34:30 ----D---- C:\WINDOWS\system32\VirtualExpander
2008-07-17 21:42:42 ----HDC---- C:\BJPrinter
2008-07-13 15:06:10 ----D---- C:\Program Files\Sun
2008-07-13 15:05:39 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-13 15:05:39 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-13 15:05:39 ----A---- C:\WINDOWS\system32\java.exe
2008-07-13 10:23:28 ----A---- C:\WINDOWS\RTacDbg.txt
2008-07-13 10:22:40 ----D---- C:\Program Files\NETGEAR
2008-07-09 19:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

======List of files/folders modified in the last 3 months======

2008-10-01 10:56:10 ----RD---- C:\Program Files
2008-10-01 10:55:55 ----D---- C:\WINDOWS\Prefetch
2008-10-01 10:05:03 ----D---- C:\WINDOWS
2008-10-01 10:04:48 ----D---- C:\WINDOWS\Temp
2008-10-01 01:17:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-26 18:26:30 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-09-26 07:54:54 ----SD---- C:\WINDOWS\Tasks
2008-09-26 07:54:54 ----D---- C:\Documents and Settings\Owner\Application Data\01LINKWEB
2008-09-26 07:52:31 ----DC---- C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
2008-09-25 22:16:01 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-21 09:18:53 ----DC---- C:\Documents and Settings\All Users\Application Data\avg7
2008-09-11 17:08:10 ----HD---- C:\WINDOWS\inf
2008-09-11 17:08:09 ----D---- C:\WINDOWS\WinSxS
2008-09-11 17:08:08 ----D---- C:\WINDOWS\system32
2008-09-11 17:07:07 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-11 17:06:28 ----A---- C:\WINDOWS\imsins.BAK
2008-09-09 21:03:51 ----D---- C:\WINDOWS\system32\drivers
2008-09-09 20:40:23 ----D---- C:\WINDOWS\Help
2008-09-09 19:35:10 ----D---- C:\Documents and Settings\Owner\Application Data\AVG7
2008-09-08 21:58:52 ----SHD---- C:\WINDOWS\Installer
2008-09-08 21:17:11 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-09-05 19:40:12 ----RHDC---- C:\$VAULT$.AVG
2008-09-03 21:25:30 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-03 20:42:13 ----D---- C:\WINDOWS\Debug
2008-08-27 06:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-19 20:50:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-08-17 19:40:20 ----D---- C:\Mis descargas
2008-08-15 19:46:20 ----D---- C:\Program Files\Messenger
2008-08-15 19:44:40 ----D---- C:\Program Files\Internet Explorer
2008-08-14 19:06:03 ----D---- C:\Documents and Settings\Owner\Application Data\Real
2008-08-07 19:36:03 ----A---- C:\WINDOWS\NeroDigital.ini
2008-08-04 17:08:31 ----A---- C:\WINDOWS\MediaManager.INI
2008-08-04 16:12:31 ----D---- C:\Program Files\iPod
2008-08-04 16:11:24 ----DC---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-04 16:10:09 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-04 16:09:52 ----D---- C:\Program Files\Common Files
2008-08-03 12:21:13 ----D---- C:\Program Files\MSN
2008-08-03 12:08:44 ----D---- C:\Program Files\LimeWire
2008-07-29 21:16:11 ----HD---- C:\Program Files\InstallShield Installation Information
2008-07-29 21:13:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-07-29 21:10:03 ----D---- C:\WINDOWS\system32\mui
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-14 21:09:18 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-07-13 15:09:28 ----D---- C:\WINDOWS\Registration
2008-07-13 15:08:31 ----D---- C:\Program Files\Java
2008-07-08 06:32:22 ----A---- C:\WINDOWS\system32\es.dll
2008-07-03 19:14:02 ----A---- C:\WINDOWS\system32\xpsp3res.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-28 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-04-05 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-04-05 27776]
R1 AvgClean;AVG Clean Driver; C:\WINDOWS\system32\drivers\avgclean.sys [2007-12-22 10760]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-13 21035]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-04-05 4960]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-09-15 1339392]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2004-08-11 917757]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2004-08-11 394496]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USB_RNDIS;Texas Instruments AR7D01 DSL Router; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 ACPI;ACPI; C:\WINDOWS\system32\drivers\ACPI.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-05-23 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-09-15 376832]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-28 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2007-04-05 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-22 406528]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-09-14 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-18 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

 

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a HJT log and start a new topic.


Hi and welcome

AntiSpywareMaster <--rogue anti-spyware program.
asm.exe is a process belonging to an advertising program by AltNet. This process monitors your browsing habits and distributes the data back to the author's site.
It is recommended you uninstall/delete this program.

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps.

Uninstall the following via Add/Remove Programs, if present :

CiD Help
CiD Manager
Messenger plus or messenger plus and client
Download Plugin for Internet Explorer
Bitdownload
Zone Media
WinZix
Search Plugin
Bitgrabber
BitRol
Netpumper
Torrent101
W3player

In case, during uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window

Then reboot. Important!


Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\chin logo.exe
O4 - HKCU\..\Run: [Gram file] C:\DOCUME~1\Owner\APPLIC~1\01LINK~1\CdromTickFork.exe




Go to My Computer->Tools->Folder Options->View tab:

[*]Under the Hidden files and folders heading:

[*]Select - Show hidden files and folders.

[*]Uncheck- Hide protected operating system files (recommended) option.

[*]Also, make sure there is no checkmark beside Hide file extensions for known file types.

[*] Click OK. (Remember to Hide files and folders once done)

Using Windows Explorer (right-click your "Start" button and select "Explore "), please navigate to and delete the following files/folders in bold

C:\Program Files\AntiSpywareMaster <--delete this folder
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping <--this folder
C:\DOCUMENTS AND SETTINGS\Owner\APPLICATION DATA\01LINK~1\CdromTickFork.exe <--delete this file

Next, launch Notepad, (Start > Run, type in: notepad) copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

Save this as fix.reg and change the "Save as type" to "All Files" and place it on your desktop. It should look like this:
Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK ". You should receive a message that it was successful. You may delete the file afterwards

Now please reboot your computer.


Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Go offline,(disconnect from the internet) disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

• Double-click LopSD.exe
  If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
• Choose the language by typing of the corresponding letter and press Enter
• Click OK at the informative window
• Type 1, to choose Option 1 (Search) then press Enter
• Wait until the end of the scan
• A report will be generated, post the contents of it in your next reply.

(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)




NEXT**
Please download Malwarebytes' Anti-Malware to your desktop

Additional Link

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* You can also access the log by doing the following:

o Click on the Malwarebytes' Anti-Malware icon to launch the program.
o Click on the Logs tab.
o Click on the log at the bottom of those listed to highlight it.
o Click Open.

Tutorial if needed
http://thespykiller.co.uk/index.php/topic,5946.0.html

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



In your next reply post:
C:\lopR.txt
Malwarebytes' Anti-Malware
New HJT log taken after the above scans have run

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Hi Juliet

Apologies for my abruptness and ignorance.... I have some problems.... I don't know how to run the Hijack This program.... It is on my computer but I just don't know how to access it.... It is on my change/remove programs and I have run a search through the C: but to no avail.
The following programs were not on my add/.remove list:

CiD Help
CiD Manager
Messenger plus or messenger plus and client
Download Plugin for Internet Explorer
Bitdownload
Zone Media
WinZix
Search Plugin
Bitgrabber
BitRol
Netpumper
Torrent101
W3player

However I did manage to go to remove this item CdromTickFork.exe , but the other items not so good. This file was not there: C:\Program Files\AntiSpywareMaster\asm.exe, so I guess it must have already been removed but ...... the one labelled Proxy Long Chin Ping did not want to go to recycle bin. It kept saying that it was in use by another user.... UUGGGHHHH

 

Welcome back

Please go to your C Drive, Program Files, Hijackthis Folder, inside you will find Highjack.exe , from here if found, you should be able to double click on this to start the program.
If not we can redownload the tool that will place a HJT icon on your desktop.

Download Trend Micro Hijack Thisâ„¢ and save to desktop.
It is important that you uninstall any previous versions by using Add/Remove programs in your control panel before installing a newer version.
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.

Accept the license agreement by clicking the "I Accept" button.
Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.<--If found.

O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\chin logo.exe
O4 - HKCU\..\Run: [Gram file] C:\DOCUME~1\Owner\APPLIC~1\01LINK~1\CdromTickFork.exe

Did you run the regfix in my previous reply?, if so we wont worry about this for now.

Thats fine not a problem.

good

We'll get it but first we need to continue.
Download Lop S&D by Eric_71 and save it to your desktop <--have you done this?

Please download Malwarebytes' Anti-Malware <--have you done this?

If not, please go back and follow those instructions and post the logs.

 

OK Here is the No Lop File


--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3100+ )
BIOS : BIOS Date: 07/15/05 12:14:52 Ver: 08.00.09
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.524 7.5.524 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 74 Go Free : 63 Go
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( Fri 03/10/2008|15:14 )

--------------------\\ Listing folders in APPLIC~1

[26/04/2008|01:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[04/08/2008|04:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[21/09/2008|09:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg7
[02/01/2002|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[18/05/2008|01:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[05/09/2006|08:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[19/02/2006|04:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iConnectDSL
[02/06/2007|07:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[23/05/2008|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[23/02/2006|08:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macromedia
[19/02/2006|05:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[15/11/2006|03:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MumboJumbo
[19/02/2006|04:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Open Networks
[29/07/2008|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Drivers HeadQuarters
[11/11/2006|06:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayFirst
[11/11/2006|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[26/09/2008|07:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Proxy Long Chin Ping
[20/05/2006|01:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games
[24/05/2008|01:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[14/11/2005|05:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> The Learning Company
[20/05/2006|01:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[26/07/2007|06:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[23/07/2006|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[01/01/2002|04:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[22/12/2007|09:14] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Apple Computer
[18/12/2007|03:20] C:\DOCUME~1\Guest\APPLIC~1\<DIR> AVG7
[18/12/2007|03:20] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Google
[18/12/2007|03:20] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Identities
[18/12/2007|03:21] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Macromedia
[18/12/2007|03:23] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Microsoft
[22/12/2007|09:07] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Mozilla
[24/12/2007|10:47] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Real
[26/09/2008|08:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> AVG7
[07/04/2008|05:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[08/04/2007|11:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help
[20/05/2008|06:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[05/09/2006|08:12] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[02/10/2008|03:37] C:\DOCUME~1\Owner\APPLIC~1\<DIR> 01LINKWEB
[22/12/2007|08:02] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[19/01/2007|08:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[09/09/2008|07:35] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AVG7
[12/11/2006|11:41] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Beep Industries
[17/04/2006|02:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> CyberLink
[13/05/2008|07:30] C:\DOCUME~1\Owner\APPLIC~1\<DIR> FunWebProducts
[26/10/2006|09:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Google
[19/05/2006|08:52] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[13/05/2007|11:37] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HorizonWimba
[28/06/2008|03:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[02/01/2002|12:44] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InterTrust
[17/05/2008|11:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lavasoft
[26/09/2008|06:26] C:\DOCUME~1\Owner\APPLIC~1\<DIR> LimeWire
[12/07/2007|06:51] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[08/09/2008|09:17] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[11/11/2007|02:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[11/11/2006|06:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> PlayFirst
[14/08/2008|07:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Real
[15/12/2007|10:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[26/07/2007|06:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ulead Systems
[18/12/2007|08:44] C:\DOCUME~1\Taliah\APPLIC~1\<DIR> AVG7
[11/01/2008|05:26] C:\DOCUME~1\Taliah\APPLIC~1\<DIR> Google
[18/12/2007|08:44] C:\DOCUME~1\Taliah\APPLIC~1\<DIR> Identities
[08/01/2008|08:57] C:\DOCUME~1\Taliah\APPLIC~1\<DIR> Macromedia
[20/02/2008|07:20] C:\DOCUME~1\Taliah\APPLIC~1\<DIR> Microsoft
[11/01/2008|06:48] C:\DOCUME~1\Taliah\APPLIC~1\<DIR> Real

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/10/2008 03:00 PM][--ah-----] C:\WINDOWS\tasks\AC06A6EA919559C2.job
[26/09/2008 07:34 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[02/10/2008 05:30 PM][--ah-----] C:\WINDOWS\tasks\{013BD331-CD54-48FA-ADB6-72E1625CE6E4}_USER-2DE632122C_Owner.job
[03/10/2008 03:04 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 10:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini ( AC06A6EA919559C2.job )=( c:\docume~1\owner\applic~1\01link~1\intraonethat.exe )

--------------------\\ Listing Folders in C:\Program Files

[26/09/2008|07:51] C:\Program Files\<DIR> 01LINKWEB
[02/01/2002|12:44] C:\Program Files\<DIR> Adobe
[02/01/2002|12:34] C:\Program Files\<DIR> Ahead
[01/01/2002|05:03] C:\Program Files\<DIR> Analog Devices
[04/08/2008|04:10] C:\Program Files\<DIR> Apple Software Update
[01/01/2002|05:08] C:\Program Files\<DIR> ATI Technologies
[13/10/2006|04:28] C:\Program Files\<DIR> BearShare Applications
[17/11/2007|09:45] C:\Program Files\<DIR> BearShare MediaBar
[26/04/2008|01:11] C:\Program Files\<DIR> Bonjour
[04/08/2008|04:09] C:\Program Files\<DIR> Common Files
[01/01/2002|04:54] C:\Program Files\<DIR> ComPlus Applications
[09/07/2006|08:17] C:\Program Files\<DIR> Cosmi
[02/01/2002|12:33] C:\Program Files\<DIR> CyberLink
[02/01/2002|12:33] C:\Program Files\<DIR> CyberLink DVD Solution
[09/03/2007|06:19] C:\Program Files\<DIR> Disney Interactive
[07/12/2007|11:55] C:\Program Files\<DIR> EnhanceKeyboard
[09/09/2008|09:01] C:\Program Files\<DIR> Enigma Software Group
[02/06/2008|08:50] C:\Program Files\<DIR> Google
[05/09/2006|08:13] C:\Program Files\<DIR> Grisoft
[13/05/2007|11:31] C:\Program Files\<DIR> Horizon Wimba
[29/07/2008|09:16] C:\Program Files\<DIR> InstallShield Installation Information
[08/05/2007|05:03] C:\Program Files\<DIR> InterActual
[15/08/2008|07:44] C:\Program Files\<DIR> Internet Explorer
[04/08/2008|04:12] C:\Program Files\<DIR> iPod
[19/02/2006|04:41] C:\Program Files\<DIR> iPrimus
[04/08/2008|04:12] C:\Program Files\<DIR> iTunes
[13/07/2008|03:08] C:\Program Files\<DIR> Java
[03/01/2002|01:14] C:\Program Files\<DIR> Kid Pix Deluxe 4
[23/05/2008|08:39] C:\Program Files\<DIR> Lavasoft
[03/08/2008|12:08] C:\Program Files\<DIR> LimeWire
[23/02/2006|08:46] C:\Program Files\<DIR> Macromedia
[02/09/2007|01:57] C:\Program Files\<DIR> Mattel Media
[15/08/2008|07:46] C:\Program Files\<DIR> Messenger
[03/01/2002|01:00] C:\Program Files\<DIR> Microsoft ActiveSync
[01/01/2002|04:57] C:\Program Files\<DIR> microsoft frontpage
[03/01/2002|12:59] C:\Program Files\<DIR> Microsoft Office
[01/01/2002|04:54] C:\Program Files\<DIR> Movie Maker
[18/05/2008|01:28] C:\Program Files\<DIR> Mozilla Firefox
[08/01/2008|07:17] C:\Program Files\<DIR> MP3
[13/01/2008|12:06] C:\Program Files\<DIR> MP3 Player Utilities 4.05
[03/08/2008|12:21] C:\Program Files\<DIR> MSN
[01/01/2002|04:53] C:\Program Files\<DIR> MSN Gaming Zone
[03/06/2008|12:29] C:\Program Files\<DIR> MSN Messenger
[13/07/2008|10:22] C:\Program Files\<DIR> NETGEAR
[01/01/2002|04:55] C:\Program Files\<DIR> NetMeeting
[01/01/2002|04:56] C:\Program Files\<DIR> Online Services
[13/06/2007|09:39] C:\Program Files\<DIR> Outlook Express
[29/07/2008|09:15] C:\Program Files\<DIR> PC Drivers HeadQuarters
[04/08/2008|04:11] C:\Program Files\<DIR> QuickTime
[12/11/2006|05:13] C:\Program Files\<DIR> Real
[09/07/2006|08:16] C:\Program Files\<DIR> Setup NetZero
[13/07/2008|03:06] C:\Program Files\<DIR> Sun
[03/10/2008|02:35] C:\Program Files\<DIR> trend micro
[01/01/2002|05:00] C:\Program Files\<DIR> Uninstall Information
[16/04/2008|03:38] C:\Program Files\<DIR> ValuSoft
[02/06/2007|07:23] C:\Program Files\<DIR> Windows Media Components
[20/05/2008|05:53] C:\Program Files\<DIR> Windows Media Connect 2
[20/05/2008|05:59] C:\Program Files\<DIR> Windows Media Player
[01/01/2002|04:53] C:\Program Files\<DIR> Windows NT
[01/01/2002|04:56] C:\Program Files\<DIR> WindowsUpdate
[01/01/2002|04:57] C:\Program Files\<DIR> xerox
[20/05/2006|01:44] C:\Program Files\<DIR> Yahoo! Games

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02/01/2002|12:44] C:\Program Files\Common Files\<DIR> Adobe
[02/01/2002|12:34] C:\Program Files\Common Files\<DIR> Ahead
[04/08/2008|04:09] C:\Program Files\Common Files\<DIR> Apple
[09/07/2006|08:17] C:\Program Files\Common Files\<DIR> Borland Shared
[09/07/2006|08:17] C:\Program Files\Common Files\<DIR> Cosmi
[03/01/2002|12:59] C:\Program Files\Common Files\<DIR> Designer
[02/06/2007|07:22] C:\Program Files\Common Files\<DIR> InstallShield
[15/12/2007|10:32] C:\Program Files\Common Files\<DIR> Java
[23/02/2006|08:46] C:\Program Files\Common Files\<DIR> Macromedia
[03/01/2002|01:00] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/01/2002|04:55] C:\Program Files\Common Files\<DIR> MSSoap
[01/01/2002|10:31] C:\Program Files\Common Files\<DIR> ODBC
[11/11/2006|05:50] C:\Program Files\Common Files\<DIR> Real
[01/01/2002|04:55] C:\Program Files\Common Files\<DIR> Services
[21/02/2006|12:45] C:\Program Files\Common Files\<DIR> snpstd3
[01/01/2002|10:31] C:\Program Files\Common Files\<DIR> SpeechEngines
[13/06/2007|09:39] C:\Program Files\Common Files\<DIR> System
[02/06/2007|07:23] C:\Program Files\Common Files\<DIR> Ulead Systems
[23/05/2008|08:37] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[19/05/2006|09:16] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 37 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\chin logo.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1
C:\DOCUME~1\Owner\APPLIC~1\01link~1\gblmaylo.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\INTERNET THE MOVE FOUR.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\intraonethat.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\itbidwgy.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\mrlkbtnn.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\xkdzgpys.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\yortgmvs.exe
C:\Program Files\01link~1
C:\DOCUME~1\Owner\Cookies\owner@advertising.marketnetwork[2].txt
C:\DOCUME~1\Owner\Cookies\owner@advertising[1].txt
C:\DOCUME~1\Owner\Cookies\owner@adopt.euroclick[2].txt
C:\DOCUME~1\Owner\Cookies\owner@pacificpoker[1].txt
C:\DOCUME~1\Owner\Cookies\owner@partypoker[1].txt
C:\DOCUME~1\Owner\Cookies\owner@888[1].txt
C:\DOCUME~1\Owner\Cookies\owner@888[2].txt
C:\WINDOWS\Tasks\AC06A6EA919559C2.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 15:15:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Searching for other infections


No other infections found !

[F:145][D:17]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:353][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:978][D:13]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Fri 03/10/2008|15:16 - Option : [1]

--------------------\\ Scan completed at 15:16:12

 

THE New HJT Log as requested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:41 PM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\EnhanceKeyboard\kb_2k.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ninemsn.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iprimus.com.au
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*;*.IPrimus.com.au;;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: enhanced keyboard driver.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8032 bytes

 

MBAM Log file is here as well :

Malwarebytes' Anti-Malware 1.28
Database version: 1225
Windows 5.1.2600 Service Pack 2

3/10/2008 3:32:16 PM
mbam-log-2008-10-03 (15-32-16).txt

Scan type: Quick Scan
Objects scanned: 48943
Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.

 

Welcome back

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close every window that is open later in the fix.


Highlight the entire contents of the code box below, then right-click and choose Copy

Code:

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\chin logo.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1
C:\DOCUME~1\Owner\APPLIC~1\01link~1\gblmaylo.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\INTERNET THE MOVE FOUR.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\intraonethat.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\itbidwgy.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\mrlkbtnn.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\xkdzgpys.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\yortgmvs.exe
C:\Program Files\01link~1

Restart Lop S&D
Choose Option 4 (LopScript)
A blank page will be opened, right-click it and choose Paste
Close the page, you'll be asked to save it, click [Save]
Don't close the windows during suppression!
Post the log which is created: (C:\lopR.txt)
(%SystemDrive%\lopR.txt)



NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Please do a scan with Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
[*]The program will install and then begin downloading the latest definition
files.
[*]After the files have been downloaded on the left side of the page in the Scan section select My Computer.
[*]This will start the program and scan your system.
[*]The scan will take a while, so be patient and let it run. (At times it may appear to stall)
* Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
* Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
* Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

[*]Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
C:\lopR.txt
Kaspersky log
New HJT log taken after the above scans have run

You may need several replies to post the requested logs, otherwise they might get cut off.

Also at this time I need an update on how the computer is at the moment.

 

LopR.text scan....

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\chin logo.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1
C:\DOCUME~1\Owner\APPLIC~1\01link~1\gblmaylo.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\INTERNET THE MOVE FOUR.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\intraonethat.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\itbidwgy.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\mrlkbtnn.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\xkdzgpys.exe
C:\DOCUME~1\Owner\APPLIC~1\01link~1\yortgmvs.exe
C:\Program Files\01link~1

 

juliet iwill have to try later to do the kaspersky scan .... it seems that the server is very busy...... i will give it a go in about 4 hours

 

Thats fine....
also I need you to add this in your next reply

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

 

Lop S&D scan

Hey Juliet

I was still unable to perform the kaspersky scan for some reason.... I wil keep on trying though.... I have managed to do the LOP Scan again but i dont know if you wanted me to do this after the kaspersky scan... BTW i havent recieved any CiD popups lately...which is really when this is over let me know where i can leave feedback for you..


--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3100+ )
BIOS : BIOS Date: 07/15/05 12:14:52 Ver: 08.00.09
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.524 7.5.524 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 74 Go Free : 63 Go
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( Sat 04/10/2008|15:49 )

--------------------\\ Listing folders in APPLIC~1

[26/04/2008|01:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[04/08/2008|04:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[21/09/2008|09:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg7
[02/01/2002|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[18/05/2008|01:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[05/09/2006|08:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[19/02/2006|04:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iConnectDSL
[02/06/2007|07:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[23/05/2008|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[23/02/2006|08:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macromedia
[03/10/2008|03:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[19/02/2006|05:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[15/11/2006|03:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MumboJumbo
[19/02/2006|04:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Open Networks
[29/07/2008|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Drivers HeadQuarters
[11/11/2006|06:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayFirst
[11/11/2006|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[20/05/2006|01:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games
[24/05/2008|01:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[14/11/2005|05:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> The Learning Company
[20/05/2006|01:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[26/07/2007|06:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[23/07/2006|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[01/01/2002|04:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[22/12/2007|09:14] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Apple Computer
[18/12/2007|03:20] C:\DOCUME~1\Guest\APPLIC~1\<DIR> AVG7
[18/12/2007|03:20] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Google
[18/12/2007|03:20] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Identities
[18/12/2007|03:21] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Macromedia
[18/12/2007|03:23] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Microsoft
[22/12/2007|09:07] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Mozilla
[24/12/2007|10:47] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Real

[26/09/2008|08:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> AVG7
[07/04/2008|05:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[08/04/2007|11:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help
[20/05/2008|06:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[05/09/2006|08:12] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[22/12/2007|08:02] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[19/01/2007|08:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[09/09/2008|07:35] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AVG7
[12/11/2006|11:41] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Beep Industries
[17/04/2006|02:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> CyberLink
[13/05/2008|07:30] C:\DOCUME~1\Owner\APPLIC~1\<DIR> FunWebProducts
[26/10/2006|09:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Google
[19/05/2006|08:52] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[13/05/2007|11:37] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HorizonWimba
[28/06/2008|03:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[02/01/2002|12:44] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InterTrust
[17/05/2008|11:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lavasoft
[26/09/2008|06:26] C:\DOCUME~1\Owner\APPLIC~1\<DIR> LimeWire
[12/07/2007|06:51] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[03/10/2008|03:22] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[08/09/2008|09:17] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[11/11/2007|02:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[11/11/2006|06:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> PlayFirst
[14/08/2008|07:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Real
[15/12/2007|10:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[26/07/2007|06:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ulead Systems

[18/12/2007|08:44] C:\DOCUME~1\Taliah\APPLIC~1\<DIR> AVG7
[11/01/2008|05:26] C:\DOCUME~1\Taliah\APPLIC~1\<DIR> Google
[18/12/2007|08:44] C:\DOCUME~1\Taliah\APPLIC~1\<DIR> Identities
[08/01/2008|08:57] C:\DOCUME~1\Taliah\APPLIC~1\<DIR> Macromedia
[20/02/2008|07:20] C:\DOCUME~1\Taliah\APPLIC~1\<DIR> Microsoft
[11/01/2008|06:48] C:\DOCUME~1\Taliah\APPLIC~1\<DIR> Real

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[26/09/2008 07:34 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[03/10/2008 05:30 PM][--ah-----] C:\WINDOWS\tasks\{013BD331-CD54-48FA-ADB6-72E1625CE6E4}_USER-2DE632122C_Owner.job
[04/10/2008 03:30 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 10:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/01/2002|12:44] C:\Program Files\<DIR> Adobe
[02/01/2002|12:34] C:\Program Files\<DIR> Ahead
[01/01/2002|05:03] C:\Program Files\<DIR> Analog Devices
[04/08/2008|04:10] C:\Program Files\<DIR> Apple Software Update
[01/01/2002|05:08] C:\Program Files\<DIR> ATI Technologies
[13/10/2006|04:28] C:\Program Files\<DIR> BearShare Applications
[17/11/2007|09:45] C:\Program Files\<DIR> BearShare MediaBar
[26/04/2008|01:11] C:\Program Files\<DIR> Bonjour
[04/08/2008|04:09] C:\Program Files\<DIR> Common Files
[01/01/2002|04:54] C:\Program Files\<DIR> ComPlus Applications
[09/07/2006|08:17] C:\Program Files\<DIR> Cosmi
[02/01/2002|12:33] C:\Program Files\<DIR> CyberLink
[02/01/2002|12:33] C:\Program Files\<DIR> CyberLink DVD Solution
[09/03/2007|06:19] C:\Program Files\<DIR> Disney Interactive
[07/12/2007|11:55] C:\Program Files\<DIR> EnhanceKeyboard
[09/09/2008|09:01] C:\Program Files\<DIR> Enigma Software Group
[02/06/2008|08:50] C:\Program Files\<DIR> Google
[05/09/2006|08:13] C:\Program Files\<DIR> Grisoft
[13/05/2007|11:31] C:\Program Files\<DIR> Horizon Wimba
[29/07/2008|09:16] C:\Program Files\<DIR> InstallShield Installation Information
[08/05/2007|05:03] C:\Program Files\<DIR> InterActual
[15/08/2008|07:44] C:\Program Files\<DIR> Internet Explorer
[04/08/2008|04:12] C:\Program Files\<DIR> iPod
[19/02/2006|04:41] C:\Program Files\<DIR> iPrimus
[04/08/2008|04:12] C:\Program Files\<DIR> iTunes
[13/07/2008|03:08] C:\Program Files\<DIR> Java
[03/01/2002|01:14] C:\Program Files\<DIR> Kid Pix Deluxe 4
[23/05/2008|08:39] C:\Program Files\<DIR> Lavasoft
[03/08/2008|12:08] C:\Program Files\<DIR> LimeWire
[23/02/2006|08:46] C:\Program Files\<DIR> Macromedia
[03/10/2008|03:25] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[02/09/2007|01:57] C:\Program Files\<DIR> Mattel Media
[15/08/2008|07:46] C:\Program Files\<DIR> Messenger
[03/01/2002|01:00] C:\Program Files\<DIR> Microsoft ActiveSync
[01/01/2002|04:57] C:\Program Files\<DIR> microsoft frontpage
[03/01/2002|12:59] C:\Program Files\<DIR> Microsoft Office
[01/01/2002|04:54] C:\Program Files\<DIR> Movie Maker
[18/05/2008|01:28] C:\Program Files\<DIR> Mozilla Firefox
[08/01/2008|07:17] C:\Program Files\<DIR> MP3
[13/01/2008|12:06] C:\Program Files\<DIR> MP3 Player Utilities 4.05
[03/08/2008|12:21] C:\Program Files\<DIR> MSN
[01/01/2002|04:53] C:\Program Files\<DIR> MSN Gaming Zone
[03/06/2008|12:29] C:\Program Files\<DIR> MSN Messenger
[13/07/2008|10:22] C:\Program Files\<DIR> NETGEAR
[01/01/2002|04:55] C:\Program Files\<DIR> NetMeeting
[01/01/2002|04:56] C:\Program Files\<DIR> Online Services
[13/06/2007|09:39] C:\Program Files\<DIR> Outlook Express
[29/07/2008|09:15] C:\Program Files\<DIR> PC Drivers HeadQuarters
[04/08/2008|04:11] C:\Program Files\<DIR> QuickTime
[12/11/2006|05:13] C:\Program Files\<DIR> Real
[09/07/2006|08:16] C:\Program Files\<DIR> Setup NetZero
[13/07/2008|03:06] C:\Program Files\<DIR> Sun
[03/10/2008|02:35] C:\Program Files\<DIR> trend micro
[01/01/2002|05:00] C:\Program Files\<DIR> Uninstall Information
[16/04/2008|03:38] C:\Program Files\<DIR> ValuSoft
[02/06/2007|07:23] C:\Program Files\<DIR> Windows Media Components
[20/05/2008|05:53] C:\Program Files\<DIR> Windows Media Connect 2
[20/05/2008|05:59] C:\Program Files\<DIR> Windows Media Player
[01/01/2002|04:53] C:\Program Files\<DIR> Windows NT
[01/01/2002|04:56] C:\Program Files\<DIR> WindowsUpdate
[01/01/2002|04:57] C:\Program Files\<DIR> xerox
[20/05/2006|01:44] C:\Program Files\<DIR> Yahoo! Games

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02/01/2002|12:44] C:\Program Files\Common Files\<DIR> Adobe
[02/01/2002|12:34] C:\Program Files\Common Files\<DIR> Ahead
[04/08/2008|04:09] C:\Program Files\Common Files\<DIR> Apple
[09/07/2006|08:17] C:\Program Files\Common Files\<DIR> Borland Shared
[09/07/2006|08:17] C:\Program Files\Common Files\<DIR> Cosmi
[03/01/2002|12:59] C:\Program Files\Common Files\<DIR> Designer
[02/06/2007|07:22] C:\Program Files\Common Files\<DIR> InstallShield
[15/12/2007|10:32] C:\Program Files\Common Files\<DIR> Java
[23/02/2006|08:46] C:\Program Files\Common Files\<DIR> Macromedia
[03/01/2002|01:00] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/01/2002|04:55] C:\Program Files\Common Files\<DIR> MSSoap
[01/01/2002|10:31] C:\Program Files\Common Files\<DIR> ODBC
[11/11/2006|05:50] C:\Program Files\Common Files\<DIR> Real
[01/01/2002|04:55] C:\Program Files\Common Files\<DIR> Services
[21/02/2006|12:45] C:\Program Files\Common Files\<DIR> snpstd3
[01/01/2002|10:31] C:\Program Files\Common Files\<DIR> SpeechEngines
[13/06/2007|09:39] C:\Program Files\Common Files\<DIR> System
[02/06/2007|07:23] C:\Program Files\Common Files\<DIR> Ulead Systems
[23/05/2008|08:37] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[19/05/2006|09:16] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 38 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 15:50:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Searching for other infections


No other infections found !

[F:149][D:20]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:349][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:978][D:13]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Fri 03/10/2008|15:16 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Fri 03/10/2008|20:23 - Option : [4]
3 - "C:\Lop SD\LopR_3.txt" - Sat 04/10/2008|15:51 - Option : [1]

--------------------\\ Scan completed at 15:51:36

 

Welcome back

I think it's gone now.


Delete Lop S&D from your desktop

C:\Lop SD <--delete this folder


I see you have P2P software ( Limewire, BearShare etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified/unknown sources, and these are most often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them,




Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close every window that is open later in the fix.


NEXT**
Go to Start > Control Panel > Internet Options

In the General tab, Temporary Internet Files, click:Delete Files
When prompted, check:Delete all offline content

You can also check: Delete Cookies
(You will have to re-enter passwords at websites that require them.)
Click OK

For I.E. 7 - under Browsing History, click delete... Under Temporary Internet Files, click Delete files...

Then, go to Start >Run and enter: cleanmgr
Select the drive to clean: C:\
Check the following boxes and then press OK to remove:
Temporary Files
Temporary Internet Files
RecycleBin
Agree to the prompt to perform the action...


Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================







Let's try another online scan with Panda ActiveScan

* Click on Scan Your PC Now
* A "pop up" window will appear, or a new tab will open.
* Click on Register
* Choose the option you like most, but we recommend the Free Registration.
* Click on Register
* Enter your e-mail address, and create a password.
* Select "I do not want to receive any type of information ". (unless you want to receive such information)
* Click on Send
* Confirm registration, and continue by entering your user name and password, then click on Enter
* Select Full Scan, then Click on Scan Now
* Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
* If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
* Please ignore the offer to buy the program.
Click on Export To

* Export the log and save it to your desktop.
Please post this report in your next reply.

* Turn off the real time scanner of any existing antivirus program while performing the online scan




In your next reply post:
Panda log
New HJT log

I need an update on how the computer is at the moment.

 

Hi Juliet
The Panda Log... before I ran the scan I removed limewire, bearshare.... is iTunes a P2P as well??? what other programs should i remove....? The panda scan did not allow me to disinfect unless i paid..
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-05 21:49:44
PROTECTIONS: 1
MALWARE: 7
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.524 7.5.524 Yes No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h6nhzxzr.default\cookies.txt[.linksynergy.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h6nhzxzr.default\cookies.txt[.linksynergy.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i5um2je2.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i5um2je2.default\cookies.txt[.go.com/]
03471753 Adware/AntiSpywareMaster Adware No 0 Yes No C:\System Volume Information\_restore{17122B4B-5A74-428C-8DA7-DF1487EE9AD6}\RP732\A0363830.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
170911 HIGH MS07-050
;===================================================================================================================================================================================

 

And Here is the new HJT Log. Wondering why my recycling bin has changed?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:07 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\EnhanceKeyboard\kb_2k.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iprimus.com.au
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*;*.IPrimus.com.au;;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: enhanced keyboard driver.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8250 bytes

 

iTunes is generally safer to use.

No, Panda will show us whats left and will not remove, I wanted to see the file paths if any.

Read over the below link on how to manage or delete cookies for FireFox
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html




Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [TkBellExe] \ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [SunJavaUpdateSched] \ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe\ "
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
(Description: Microsoft Office startup assistant. Not necessary. Removing this entry will free up a significant amount of system resources.)


Now reboot your computer to set the registry.



OK...this turned out good here, only item showing from the Panda scan is in system restore and thats an easy fix.


CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click OK


Please post back once more and let me know what issues remain, I think we're ready for closing and preventive tips.

 

Well I don't know if there is anything else that I had to post. Juliet you are a gem ... thank you for your endured patience with me.

 

You are very welcome, glad we could help!

Please take time to read over a few preventive tips.


Below are recommendations to protect your computer.

Please navigate to Microsoft Windows Updates and download all the "Critical Updates " for Windows.


Firefox 2.0 The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

How to prevent Malware: Created by Miekiemoes

Here are some additional utilities that will further enhance your safety.
# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)


Read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

Secure My Computer: A Layered Approach

Strong passwords: How to create and use them

Slow Computer? Check here first; it may not be malware
http://www.castlecops.com/postitle175256-0-0-.html
Free Antivirus-AntiSpyware-Firewall Software


PC Safety and Security--What Do I Need?
http://www.techsupportforum.com/sec...115548-pc-safety-security-what-do-i-need.html

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
This site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware

 

sorry juliet i am trying to get firefox 2 but to no avail.... can you post me another link... is there anything wrong with firefox 3 that i should be aware of??