Hello all,

I know there have probably been hundreds of posts having problems with the same problem I have, but I keep getting Zlob.DNSChanger on my S&D and can't get rid of it, and this is because it's some kind of hacking thing? Regardless, I've come seeking for help, but the problem is, I hardly know anything about technicalities in computers. I see a lot of people have HiJackThis log files and the such. Well, being myself I can't figure out what all of that means and so I'm looking for an explanation of how to get rid of this irritant as soon as possible, but in "simple" terms.

Thankyou to anyone who can reply,
Joe

Hello :)


Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HijackThis and save it to your desktop.
Double-click on HJTInstall.exe to run it.
HJTInstall.exe will install HijackThis to here C:\Program Files\Trend Micro\HijackThis
Click install
HJTInstall.exe will create an icon to your desktop.
When the installation is ready, it will start HijackThis.
When HijackThis is opened, click Do a system scan and save a logfile.
Post the HijackThis log here.
Do not fix anything with HijackThis, until I tell to you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:02, on 06/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Icons\Seticon.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
O4 - Global Startup: DSLMON.LNK = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{218D9B55-D202-4EF7-A55C-C7C6C7594C81}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2622CE10-3199-47C5-8CA6-617EC09A03AE}: NameServer = 85.255.113.106 85.255.112.111
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 85.255.113.106,85.255.112.111
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 7269 bytes


Tell me what to do next, captain!

Hello :)

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure Run fixit is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads, post the text that will open (report.txt) and a new Hijackthis log in the forum please.

Username "Andy" - 2007-08-07 15:50:51 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdbxs.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2622CE10-3199-47C5-8CA6-617EC09A03AE}
"nameserver"="85.255.113.106" <Value cleared.

Successfully flushed the DNS Resolver Cache.


PC crashed or was not allowed to reboot.

»»»»» Postrun check
....

Saving 'hklm\software\microsoft\windows\currentversion\run' to 'run1.hiv' was not successful

....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\TEMP\kdbxs.ren 65078 04/08/2004

»»»»» Current runs (hklm hkcu "run" Keys Only)

....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

Hello :)

Empty this folder:

C:\WINDOWS\TEMP
_____________

Re-run with Fixwareout!

Post:
- A fresh HijackThis log
- Contents of report.txt

Hello Marrka,

I'd like to enquire as to why I have to empty this folder? Is there something in it that has to be rid of the computer in order for me to get rid of Zlob?

Thanks in advance, Joe.

Hello Marrka,

I'd like to enquire as to why I have to empty this folder? Is there something in it that has to be rid of the computer in order for me to get rid of Zlob?
Yes, fixwareout found something from the temp folder and that's way we need to empty it.

Thankyou for your advice and co-operation thus far, it's much appreciated.

By empty, do you mean delete the items in the temp folder or just take them out?

By empty, do you mean delete the items in the temp folder or just take them out?
Yes, delete all items in temp folder :)

Alright, have done and will shortly run Fixwareout and then HiJackThis and post both reports, or just the HiJackThis one?

My Fixwareout report...

Username "Aaron" - 2007-08-09 19:04:49 [Fixwareout edited 2007/07/05]

»»»»»Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2622CE10-3199-47C5-8CA6-617EC09A03AE}
"nameserver"="85.255.113.106" <Value cleared.

Successfully flushed the DNS Resolver Cache.


And my subsequent HiJackthis log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:11, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Icons\Seticon.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{218D9B55-D202-4EF7-A55C-C7C6C7594C81}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 85.255.113.106,85.255.112.111
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 7464 bytes


Next step?

Here's a newer HiJackThis log, just in case something changed. If you could get back to me with the next step as soon as possible, that would be awesome, thankyou.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:16, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Icons\Seticon.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
C:\My Documents\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{218D9B55-D202-4EF7-A55C-C7C6C7594C81}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2622CE10-3199-47C5-8CA6-617EC09A03AE}: NameServer = 85.255.113.106 85.255.112.111
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 85.255.113.106,85.255.112.111
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 7705 bytes

Hello :)

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
____________________

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows except HijackThis and press fix checked.

O17 - HKLM\System\CCS\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{218D9B55-D202-4EF7-A55C-C7C6C7594C81}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2622CE10-3199-47C5-8CA6-617EC09A03AE}: NameServer = 85.255.113.106 85.255.112.111
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 85.255.113.106,85.255.112.111
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
___________________

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)
________________________

Please download ATF-cleaner (http://www.atribune.org/ccount/click.php?id=1) and save it to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser:

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser:

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
_______________________

Please then reboot your computer in Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
__________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
_______________________

Post:
- A fresh HijackThis log
- AVG Anti-Spyware's report

After a long afternoon of following your instructions, here is my fresh HiJackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:12, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\My Documents\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Icons\Seticon.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2622CE10-3199-47C5-8CA6-617EC09A03AE}: NameServer = 212.139.132.58 212.139.132.59
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Aaron.ANDY-067B4BDB81\My Documents\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 6880 bytes

It says my AVG Anti Spyware log is too long to post, and I can't upload it because it exceeds the limits. I'll post it in two halfs;

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:24:38 10/08/2007

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0162520.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0162556.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0162560.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0162567.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0162568.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0162569.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0163609.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0163611.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0163611.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0163611.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0163611.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0163611.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173652.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173653.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173657.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173658.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173658.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173658.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173658.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173658.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173660.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173661.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173661.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173661.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173661.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173661.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181778.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181779.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181780.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181780.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181780.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181780.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181780.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0186952.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0186957.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0186972.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0186977.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0186987.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0187016.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0187171.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199718.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199723.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199723.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199723.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199723.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199723.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199724.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199732.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199732.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199732.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199732.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199732.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0211887.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0211887.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0211887.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0211887.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0211887.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267365.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267365.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267365.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267365.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267365.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267374.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267374.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267374.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267374.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267374.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0274350.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0274350.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0274350.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0274350.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0274350.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0277538.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319208.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319208.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319208.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319208.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319208.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319210.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319210.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319210.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319210.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319210.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319221.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319221.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319221.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319221.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319221.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321233.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321233.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321233.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321233.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321233.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321241.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321241.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321241.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321241.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321241.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS137.CAB/A0042022.CPY -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS137.CAB/A0042020.CPY -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223331.exe -> Adware.Relevance : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0251746.CPY -> Adware.Relevance : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0255972.CPY -> Adware.Relevance : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199732.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0211887.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267365.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267374.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0274350.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319208.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319210.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319221.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321233.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321241.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\Downloads\TournamentChessII-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Andy\Local Settings\Temp\temp.frD8AA\MediaAccK.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Winad Client\WinClt.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Windows ServeAd\WinAtServ.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Windows ServeAd\WinServAd.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Windows ServeAd\WinServSuit.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223332.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS89.CAB/A0024431.CPY -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Windows TaskAd -> Adware.WinTaskAd : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS100.CAB/A0030479.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS101.CAB/A0031475.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS101.CAB/A0031476.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS132.CAB/A0040854.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS137.CAB/A0041992.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS137.CAB/A0041993.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS139.CAB/A0042995.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS152.CAB/A0047137.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS152.CAB/A0047140.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS152.CAB/A0047141.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS227.CAB/A0067902.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS227.CAB/A0067903.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS227.CAB/A0067907.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS272.CAB/A0077466.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078512.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078518.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078522.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078535.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078536.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078542.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078546.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078557.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078561.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078569.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078570.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078579.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS346.CAB/A0099548.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS346.CAB/A0099549.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS346.CAB/A0099550.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS346.CAB/A0099565.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS346.CAB/A0099581.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS346.CAB/A0099584.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS394.CAB/A0115230.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS82.CAB/A0020374.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS82.CAB/A0020401.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS96.CAB/A0029498.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS96.CAB/A0029499.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).

C:\_RESTORE\TEMP\A0163611.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173658.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173661.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181780.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199723.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199732.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0211887.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267365.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267374.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0274350.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319208.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319210.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319221.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321233.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321241.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS271.CAB/A0077445.CPY -> Downloader.Holica.b : Cleaned with backup (quarantined).
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\SD2VWLQ3\popup[1].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS271.CAB/A0077444.CPY -> Downloader.Small.or : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS271.CAB/A0077446.CPY -> Downloader.Small.qs : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS271.CAB/A0077447.CPY -> Downloader.Small.qs : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS394.CAB/A0115229.CPY -> Downloader.Small.zq : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS138.CAB/A0042224.CPY -> Downloader.TSUpdate.a : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS123.CAB/A0038665.CPY -> Dropper.Small.ja : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS126.CAB/A0039713.CPY -> Dropper.Small.ja : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS132.CAB/A0040857.CPY -> Dropper.Small.ja : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS134.CAB/A0040908.CPY -> Dropper.Small.ja : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS98.CAB/A0030457.CPY -> Dropper.Small.ja : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP82\A0087498.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP82\A0087499.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP82\A0087500.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP82\A0089824.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP82\A0089825.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP82\A0089826.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS48.CAB/A0012049.CPY -> Hijacker.StartPage.iv : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS8.CAB/A0000680.CPY -> Hijacker.StartPage.ix : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS123.CAB/A0038664.CPY -> Hijacker.StartPage.ld : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS132.CAB/A0040856.CPY -> Hijacker.StartPage.ld : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS134.CAB/A0040907.CPY -> Hijacker.StartPage.ld : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS181.CAB/A0057502.CPY -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
:mozilla.114:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.78:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.80:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.81:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.82:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.83:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.84:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Cookies(2)\aaron@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.28:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.29:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.30:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.31:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.33:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.43:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.44:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.45:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.46:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.58:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.59:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.60:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.61:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.62:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.63:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.65:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.66:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.72:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.73:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.74:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.75:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.76:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.77:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.135:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adtech : Cleaned.
:mozilla.136:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adtech : Cleaned.
:mozilla.24:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.25:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.30:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.18:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.24:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.44:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.51:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.63:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.142:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Cookies(2)\aaron@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.87:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Burstnet : Cleaned.
:mozilla.88:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Burstnet : Cleaned.
:mozilla.89:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Cookies(2)\aaron@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.127:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.128:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.129:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.130:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.27:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.28:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.30:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.85:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Com : Cleaned.
:mozilla.9:C:\Documents and Settings\Dawn.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\6nmq0gaw.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Cookies(2)\aaron@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\David(2).ANDY-067B4BDB81\Cookies(2)\david@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.14:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.17:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.18:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.37:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.38:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.35:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.39:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.39:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.40:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.42:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.43:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.44:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.45:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.46:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.47:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.57:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.58:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.59:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.60:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.61:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.70:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.71:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.72:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.73:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.74:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.17:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.18:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.19:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.20:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.20:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.21:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.21:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.22:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.23:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.24:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.25:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.50:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.51:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.52:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.52:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.53:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.53:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.54:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.54:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.55:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.56:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.168:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.169:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.170:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.67:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.68:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.88:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.89:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.93:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.94:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.60:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.87:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Masterstats : Cleaned.
:mozilla.143:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.95:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Cookies(2)\aaron@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\David(2).ANDY-067B4BDB81\Cookies(2)\david@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.
:mozilla.175:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.113:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Cookies(2)\aaron@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.137:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.138:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.139:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.140:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Cookies(2)\aaron@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Nathan(2).ANDY-067B4BDB81\Cookies(2)\nathan@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.
:mozilla.123:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Realmedia : Cleaned.
:mozilla.13:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Realmedia : Cleaned.
:mozilla.68:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Realmedia : Cleaned.
:mozilla.20:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Revsci : Cleaned.
:mozilla.42:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Revsci : Cleaned.
:mozilla.66:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Revsci : Cleaned.
:mozilla.22:C:\Documents and Settings\Andy.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\ausn26rx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.23:C:\Documents and Settings\Andy.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\ausn26rx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.24:C:\Documents and Settings\Andy.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\ausn26rx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.25:C:\Documents and Settings\Andy.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\ausn26rx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.26:C:\Documents and Settings\Andy.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\ausn26rx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.77:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.78:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.79:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.80:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.81:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.82:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Nathan(2).ANDY-067B4BDB81\Cookies(2)\nathan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.171:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.174:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.125:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.42:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.67:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.90:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.67:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.19:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.90:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.91:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.92:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Aaron\Local Settings\Temp\klclopmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Aaron\Local Settings\Temp\mdfejpmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228638.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228647.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228639.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024 -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

Hello :)

Next step is:

Kaspersky online scanner works only with Internet Explorer!

Please run an online scanner with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
______________________

Post:
- A fresh HijackThis log
- Kaspersky's report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:53, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\My Documents\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Icons\Seticon.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2622CE10-3199-47C5-8CA6-617EC09A03AE}: NameServer = 212.139.132.58 212.139.132.59
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Aaron.ANDY-067B4BDB81\My Documents\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 7151 bytes

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 10, 2007 8:54:45 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 10/08/2007
Kaspersky Anti-Virus database records: 378304
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 133087
Number of viruses found: 20
Number of infected objects: 116
Number of suspicious objects: 2
Duration of the scan process: 01:20:10

Infected Object Name / Virus Name / Last Action
C:\_RESTORE\TEMP\A0162523.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0162523.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
C:\_RESTORE\TEMP\A0162523.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
C:\_RESTORE\TEMP\A0162523.CPY NSIS: infected - 3 skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0162566.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0005/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0 NSIS: infected - 13 skipped
C:\_RESTORE\TEMP\AHADP.0/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.0/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.0 NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0199711.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\AHADP.1/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.1/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.1 NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0267346.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\AHADP.2/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.2/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.2 NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0319172.CPY/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319172.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319172.CPY NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319195.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\AHADP.3/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.3/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.3 NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0321219.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\AHADP.4/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.4/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.4 NSIS: infected - 2 skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047206.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047209.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047210.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047224.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047236.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047240.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047241.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047244.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047248.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047251.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047252.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB CAB: infected - 11 skipped
C:\_RESTORE\ARCHIVE\FS171.CAB/A0055447.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS171.CAB CAB: infected - 1 skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\mmf.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\spe\start.chm/start.html Infected: not-a-virus:Porn-Tool.JS.Navigator.a skipped
C:\spe\start.chm CHM: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\VcodeceMedia.zip/uninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\VcodeceMedia.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Andy.ANDY-067B4BDB81\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-5ca47f8f-333974be.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Andy.ANDY-067B4BDB81\Application Data\Sun\Java\Deployment\cache\6.0\34\3309722-3d5dae8d Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temp\~DFEE68.tmp Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temp\~DFEE6F.tmp Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temp\~DF91E3.tmp Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temp\~DF91EA.tmp Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\History\History.IE5\MSHist012007081020070811\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\NTUSER.DAT Object is locked skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP105\A0145854.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP105\A0146060.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223329.exe Infected: not-a-virus:AdWare.Win32.WinAD.i skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe/stream/data0005 Infected: Trojan-Clicker.Win32.VB.ex skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe/stream/data0006/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe/stream/data0007/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe/stream/data0007/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe/stream/data0007/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe/stream/data0007/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe/stream/data0007/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223330.exe NSIS: infected - 14 skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228634.exe Infected: not-a-virus:AdWare.Win32.Lop.x skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228640.exe/Stream/data0017 Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228640.exe/Stream Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228640.exe Inno: infected - 2 skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228712.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228713.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228714.exe Infected: not-a-virus:AdWare.Win32.WinAD.bc skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228715.exe Infected: not-a-virus:AdWare.Win32.WinAD skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228716.exe Infected: not-a-virus:AdWare.Win32.WinAD.f skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228717.dll Infected: not-a-virus:AdWare.Win32.WinAD.i skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228718.exe Infected: not-a-virus:AdWare.Win32.WinAD.f skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228719.exe Infected: not-a-virus:AdWare.Win32.WinAD.f skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228720.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228722.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\change.log Object is locked skipped

Scan process completed.

Okay, let's get the next step please Markka. All of this is much appreciated.

Hello :)

Empty these folders:

C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery
C:\Documents and Settings\Andy.ANDY-067B4BDB81\Application Data\Sun\Java\Deployment\cache

Delete this file:

C:\spe\start.chm
____________________

Disable system restore:
Right click on my computer icon
Choose properties
Click on system restore tab
Select Turn off System Restore
Click apply and click OK
Reboot!

Enable system restore:
Right click on my computer icon
Choose properties
Click on system restore tab
un-check Turn off System Restore
Click apply and click OK
Reboot!
________________________

Re-run with Kaspersky online scanner!

Post:
- A fresh HijackThis log
- Kaspersky's report

Markka,

On your first steps, I'm getting as far as All Users.WINDOWS, but I can't find application data. The folders that are there are desktop, favourites, shared documents and start menu, with a DAT file that says ntuser. What can I do to find application data?

Hi,

Are you sure, you've showed hidden files?

Can you find this application data folder?

C:\Documents and Settings\Andy.ANDY-067B4BDB81\Application Data

If you can't, then move to next step. :bigthumb:

Markka,

I can't find it, but I'm not sure how I would go about getting hidden files to show up. Any advice on how I could?

Hi

Make your hidden files visible:
Click start
Click my computer
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and shutdown My Computer.

Now try to find those folders :bigthumb:

Kaspersky Results;

C:\_RESTORE\TEMP\A0162523.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped

C:\_RESTORE\TEMP\A0162523.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped

C:\_RESTORE\TEMP\A0162523.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped

C:\_RESTORE\TEMP\A0162523.CPY NSIS: infected - 3 skipped

C:\_RESTORE\TEMP\A0162566.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped

C:\_RESTORE\TEMP\A0162566.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0162566.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0162566.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0162566.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0162566.CPY NSIS: infected - 5 skipped

C:\_RESTORE\TEMP\ADP8032.0/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped

C:\_RESTORE\TEMP\ADP8032.0/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\ADP8032.0/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\ADP8032.0/stream/data0005/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\ADP8032.0/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\ADP8032.0/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped

C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\ADP8032.0/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\ADP8032.0/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\ADP8032.0 NSIS: infected - 13 skipped

C:\_RESTORE\TEMP\AHADP.0/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\AHADP.0/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\AHADP.0 NSIS: infected - 2 skipped

C:\_RESTORE\TEMP\A0199711.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped

C:\_RESTORE\TEMP\A0199711.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0199711.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0199711.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0199711.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0199711.CPY NSIS: infected - 5 skipped

C:\_RESTORE\TEMP\AHADP.1/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\AHADP.1/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\AHADP.1 NSIS: infected - 2 skipped

C:\_RESTORE\TEMP\A0267346.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped

C:\_RESTORE\TEMP\A0267346.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0267346.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0267346.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0267346.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0267346.CPY NSIS: infected - 5 skipped

C:\_RESTORE\TEMP\AHADP.2/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\AHADP.2/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\AHADP.2 NSIS: infected - 2 skipped

C:\_RESTORE\TEMP\A0319172.CPY/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0319172.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0319172.CPY NSIS: infected - 2 skipped

C:\_RESTORE\TEMP\A0319195.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped

C:\_RESTORE\TEMP\A0319195.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0319195.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0319195.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0319195.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0319195.CPY NSIS: infected - 5 skipped

C:\_RESTORE\TEMP\AHADP.3/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\AHADP.3/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\AHADP.3 NSIS: infected - 2 skipped

C:\_RESTORE\TEMP\A0321219.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped

C:\_RESTORE\TEMP\A0321219.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0321219.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0321219.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0321219.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\A0321219.CPY NSIS: infected - 5 skipped

C:\_RESTORE\TEMP\AHADP.4/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\AHADP.4/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\_RESTORE\TEMP\AHADP.4 NSIS: infected - 2 skipped

C:\_RESTORE\ARCHIVE\FS155.CAB/A0047206.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped

C:\_RESTORE\ARCHIVE\FS155.CAB/A0047209.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped

C:\_RESTORE\ARCHIVE\FS155.CAB/A0047210.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped

C:\_RESTORE\ARCHIVE\FS155.CAB/A0047224.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped

C:\_RESTORE\ARCHIVE\FS155.CAB/A0047236.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped

C:\_RESTORE\ARCHIVE\FS155.CAB/A0047240.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped

C:\_RESTORE\ARCHIVE\FS155.CAB/A0047241.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped

C:\_RESTORE\ARCHIVE\FS155.CAB/A0047244.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped

C:\_RESTORE\ARCHIVE\FS155.CAB/A0047248.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped

C:\_RESTORE\ARCHIVE\FS155.CAB/A0047251.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped

C:\_RESTORE\ARCHIVE\FS155.CAB/A0047252.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped

C:\_RESTORE\ARCHIVE\FS155.CAB CAB: infected - 11 skipped

C:\_RESTORE\ARCHIVE\FS171.CAB/A0055447.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped

C:\_RESTORE\ARCHIVE\FS171.CAB CAB: infected - 1 skipped

C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\mmf.sys Object is locked skipped

C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG7\Log\emc.log Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Aaron.ANDY-067B4BDB81\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temp\~DF8C96.tmp Object is locked skipped

C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temp\~DF8C9B.tmp Object is locked skipped

C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\History\History.IE5\MSHist012007081220070813\index.dat Object is locked skipped

C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Aaron.ANDY-067B4BDB81\NTUSER.DAT Object is locked skipped

Scan process completed.

Sorry about that one, here is the real version.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, August 12, 2007 8:48:11 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 12/08/2007
Kaspersky Anti-Virus database records: 379021
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 119325
Number of viruses found: 5
Number of infected objects: 80
Number of suspicious objects: 0
Duration of the scan process: 01:21:44

Infected Object Name / Virus Name / Last Action
C:\_RESTORE\TEMP\A0162523.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0162523.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
C:\_RESTORE\TEMP\A0162523.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
C:\_RESTORE\TEMP\A0162523.CPY NSIS: infected - 3 skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0162566.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0005/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0 NSIS: infected - 13 skipped
C:\_RESTORE\TEMP\AHADP.0/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.0/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.0 NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0199711.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\AHADP.1/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.1/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.1 NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0267346.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\AHADP.2/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.2/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.2 NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0319172.CPY/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319172.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319172.CPY NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319195.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\AHADP.3/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.3/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.3 NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0321219.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\AHADP.4/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.4/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.4 NSIS: infected - 2 skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047206.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047209.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047210.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047224.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047236.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047240.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047241.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047244.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047248.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047251.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047252.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB CAB: infected - 11 skipped
C:\_RESTORE\ARCHIVE\FS171.CAB/A0055447.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS171.CAB CAB: infected - 1 skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\mmf.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temp\~DF8C96.tmp Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temp\~DF8C9B.tmp Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\History\History.IE5\MSHist012007081220070813\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\NTUSER.DAT Object is locked skipped

Scan process completed.

And my HijackThis log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:54, on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\My Documents\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Icons\Seticon.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10RN2.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2622CE10-3199-47C5-8CA6-617EC09A03AE}: NameServer = 212.139.132.58 212.139.132.59
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Aaron.ANDY-067B4BDB81\My Documents\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 7193 bytes

Please, the next steps to ridding myself of this pest. It's really irritating me now.

Hello :)

Your java is out of date. Update your java.

Instruction:

-> Go to Control panel -> Add/remove programs
-> Find java(s) from the list
-> Delete this java version:
jre1.6.0_01
-> Please download from here (https://java.sun.com/javase/downloads/index.jsp) a new java and install it.
-> The latest java version is: Java Runtime Environment (JRE) 6u2
_____________________

Flush system restore:

Managing Windows Millenium System Restore (http://www.bleepingcomputer.com/forums/tutorial63.html)
________________________

Re-run with Kaspersky online scanner.

Post:
- A fresh HijackThis log
- Kaspersky's report

What relevence does a new Java have to getting rid of Zlob for good? I only ask because I'd like to be thorough as I try and get rid of it.

Hello :)

If you have an out dated version of java it is security risk and you will get a vundo infection.

May I ask what it means to "Flush System Restore"?

"Flush System Restore" means clean system restore.

What does that do? Does it delete things or something, because I really don't want a lot of things to be deleted on my computer except for the things I've had to delete to cure it.

Hi


What does that do? Does it delete things or something
Yes and why we are going to flush system restore is your system restore points are infected.

How much does it delete in your system? Only infected objects? Or everything?

How much does it delete in your system? Only infected objects? Or everything?
Everything, but your computer will automatically create new system restore points.

So everything will be as it will when I come back on, but without the infections? I only ask because like I said, I've got some stuff I don't want to lose permanently, and I bought a game on the PC and so it would be kind of a waste of money.

Hi


So everything will be as it will when I come back on, but without the infections?
Yes and you won't lose that game. :bigthumb:

Alright, I'll trust you on this one. You're the one who knows what he's doing.

Nice to hear :bigthumb:

Please follow my previous instructions.

I un-checked the check box that reads "Turn Off System Restore" and I believe that it is supposed to ask me to reboot, however, it has not done that. Should I reboot anyway, or do I need to wait?

Hi

Put the system restore on and reboot your computer, then re-run Kaspersky online scanner and post a fresh HijackThis log and Kaspersky's report :bigthumb:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 14, 2007 10:52:25 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 14/08/2007
Kaspersky Anti-Virus database records: 381197
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 111929
Number of viruses found: 5
Number of infected objects: 80
Number of suspicious objects: 0
Duration of the scan process: 01:07:49

Infected Object Name / Virus Name / Last Action
C:\_RESTORE\TEMP\A0162523.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0162523.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
C:\_RESTORE\TEMP\A0162523.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
C:\_RESTORE\TEMP\A0162523.CPY NSIS: infected - 3 skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0162566.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0162566.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0005/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\ADP8032.0 NSIS: infected - 13 skipped
C:\_RESTORE\TEMP\AHADP.0/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.0/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.0 NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0199711.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0199711.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\AHADP.1/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.1/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.1 NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0267346.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0267346.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\AHADP.2/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.2/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.2 NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0319172.CPY/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319172.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319172.CPY NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319195.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0319195.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\AHADP.3/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.3/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.3 NSIS: infected - 2 skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0321219.CPY/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\A0321219.CPY NSIS: infected - 5 skipped
C:\_RESTORE\TEMP\AHADP.4/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.4/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_RESTORE\TEMP\AHADP.4 NSIS: infected - 2 skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047206.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047209.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047210.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047224.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047236.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047240.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047241.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047244.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047248.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047251.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB/A0047252.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS155.CAB CAB: infected - 11 skipped
C:\_RESTORE\ARCHIVE\FS171.CAB/A0055447.CPY Infected: not-a-virus:Porn-Dialer.Win32.Holistyc.gen skipped
C:\_RESTORE\ARCHIVE\FS171.CAB CAB: infected - 1 skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\mmf.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temp\~DF6423.tmp Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temp\~DF642E.tmp Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\History\History.IE5\MSHist012007081420070815\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\NTUSER.DAT Object is locked skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP1\change.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:14, on 14/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\My Documents\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Icons\Seticon.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2622CE10-3199-47C5-8CA6-617EC09A03AE}: NameServer = 212.139.132.58 212.139.132.59
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Aaron.ANDY-067B4BDB81\My Documents\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 7106 bytes

Hello :)

Open Notepad
-> copy the following lines into a new document:

@echo off
del /s /q C:\_RESTORE\TEMP\*.*
del /s /q C:\_RESTORE\ARCHIVE\*.*
Save the document to your desktop as Fix.bat and filetype: All Files
Go to your desktop and run the file Fix.bat and answer yes to any questions.
_________

Re-run again with Kaspersky online scanner!

Post:
- A fresh HijackThis log
- Kaspersky's report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:28, on 16/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\My Documents\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Icons\Seticon.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2622CE10-3199-47C5-8CA6-617EC09A03AE}: NameServer = 212.139.132.58 212.139.132.59
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Aaron.ANDY-067B4BDB81\My Documents\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 6989 bytes

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, August 16, 2007 10:37:09 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 16/08/2007
Kaspersky Anti-Virus database records: 381741
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 100417
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:13:07

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\mmf.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{21A166B5-0AEA-4A35-9822-8D6AFDF5FEFA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temp\~DFB339.tmp Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temp\~DFB35C.tmp Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temp\~DF5078.tmp Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temp\~DF509F.tmp Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temporary Internet Files\Content.IE5\R30T0T4B\basketball_slam[1].dir Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\NTUSER.DAT Object is locked skipped
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP4\change.log Object is locked skipped

Scan process completed.

Hello :)

Now all logs are clean! How is your computer running now?

Here are a couple of things how to stay clean:

Clean speech:

Use Mozilla firefox or Opera as your browser!
Mozilla firefox or Opera are better than Internet Explorer.
Download Mozilla firefox from here! (http://www.mozilla.org/download.html)
Download Opera from here! (http://www.opera.com/download/)

Install Hosts-file!
Hosts-file blocks bad web addresses. Remember to update hosts-file regularly.
Download Hosts-file from here! (http://mvps.org/winhelp2002/hosts.zip)

Install Winpatrol!
Winpatrol monitors your system and blocks hijacks.
Download Winpatrol from here! (http://www.filepedia.com/desktop_software/desktop_security/winpatrol.cfm)

Install AVG Anti-Spyware!
AVG anti-spyware detecs and removes malware and cleans your register too. Run a scan with Ad-aware regularly and update it before the scan.
Download AVG anti-spyware from here! (http://www.ewido.net/en/download/)

Install Ccleaner!
CCleaner cleans your temporary files and also cleans your register. Run CCleaner regularly.
Download CCleaner from here! (http://www.filepedia.com/desktop_software/desktop_security/ccleaner.cfm)

Install Ad-Aware!
Ad-aware detecs and removes malware and cleans your register too. Run a scan with Ad-aware regularly and update it before the scan.
Download Ad-aware from here! (http://www.filepedia.com/desktop_software/desktop_security/ad-aware.cfm)

Install SpywareBlaster!
Spywareblaster blocks bad activeX-components. Update it regularly.
Download Spywareblaster from here! (http://www.filepedia.com/desktop_software/desktop_security/spywareblaster.cfm)

System restore!
Clean and create a new system restore point regularly.
How do I clean my system restore and create the new system restore point?
Here are instructions! (http://www.pchell.com/virus/systemrestore.shtml)

Keep all programs updated!
Remember to keep all programs up-to-date, also Windows. So please visit here (http://windowsupdate.microsoft.com./) regularly and install all critical updates.

Markka,

First of all, thankyou for all your help! I really appreciate it, as do the other people who use this computer.

Secondly, my computer runs fine now except for the odd time where it "goes to sleep" by itself and I can't wake it up, but the last time that happened was yesterday morning, and it's been fine since then.

I will follow the rest of your tips to help my computer stay clean, and if I have any more problems I will refer to you as to what to do. Many thanks,

Joe.

You're welcome! :bigthumb:

Glad we could help, as the problem appears to be resolved this topic has been archived.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread.

Applies only to the original poster, anyone else with similar problems please start a new topic.