[evilfantasy]

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Now download The Avenger by Swandog46 and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your Desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Code box below, and paste it into the Input script here window:

Code:

Comment:

Files to delete:
C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe
C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe//PE_Patch.UPX//UPX/C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe//PE_Patch.UPX//UPX
C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe/C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe
C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe
C:\Documents and Settings\Tsugomaru\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe
C:\Documents and Settings\Tsugomaru\Desktop\Unknown\k-f_sysreset\k-f_sysreset\mirc.exe
C:\Documents and Settings\Tsugomaru\Local Settings\temp\cmdinst.exe
C:\Documents and Settings\Tsugomaru\Local Settings\temp\cmdinst.exe
C:\Documents and Settings\Tsugomaru\Local Settings\temp\__2D.tmp
C:\Documents and Settings\Tsugomaru\Local Settings\temp\__2F.tmp
C:\Documents and Settings\Tsugomaru\Local Settings\temp\__40.tmp
C:\Program Files\Mozilla Firefox\chrome\chrome\content\browser.js
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\geBtSLCt.dll
C:\WINDOWS\VHN1Z29tYXJ1\command.exe

[b]

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.

• Add the Avenger log in your next post.

[mysteryman]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe" deleted successfully.

Error: could not open file "C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe//PE_Patch.UPX//UPX/C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe//PE_Patch.UPX//UPX"
Deletion of file "C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe//PE_Patch.UPX//UPX/C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe//PE_Patch.UPX//UPX" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name


Error: could not open file "C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe/C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe"
Deletion of file "C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe/C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name


Error: file "C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe" not found!
Deletion of file "C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Documents and Settings\Tsugomaru\Application Data\SpeedRunner\SRUninstall.exe" deleted successfully.
File "C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe" deleted successfully.
File "C:\Documents and Settings\Tsugomaru\Desktop\Unknown\k-f_sysreset\k-f_sysreset\mirc.exe" deleted successfully.
File "C:\Documents and Settings\Tsugomaru\Local Settings\temp\cmdinst.exe" deleted successfully.

Error: file "C:\Documents and Settings\Tsugomaru\Local Settings\temp\cmdinst.exe" not found!
Deletion of file "C:\Documents and Settings\Tsugomaru\Local Settings\temp\cmdinst.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Documents and Settings\Tsugomaru\Local Settings\temp\__2D.tmp" deleted successfully.
File "C:\Documents and Settings\Tsugomaru\Local Settings\temp\__2F.tmp" deleted successfully.
File "C:\Documents and Settings\Tsugomaru\Local Settings\temp\__40.tmp" deleted successfully.
File "C:\Program Files\Mozilla Firefox\chrome\chrome\content\browser.js" deleted successfully.
File "C:\Program Files\Network Monitor\netmon.exe" deleted successfully.
File "C:\WINDOWS\system32\geBtSLCt.dll" deleted successfully.
File "C:\WINDOWS\VHN1Z29tYXJ1\command.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[evilfantasy]

Please copy the below line into The Avenger and run it again. Post the log when complete.

Code:

C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe

[mysteryman]

I'm assuming I had to type:
Comment:

Files to Delete:
because when I didn't, it gave me an error

Here's the log

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe" deleted successfully.

Error: could not open file "C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe//PE_Patch.UPX//UPX/C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe//PE_Patch.UPX//UPX"
Deletion of file "C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe//PE_Patch.UPX//UPX/C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe//PE_Patch.UPX//UPX" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name


Error: could not open file "C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe/C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe"
Deletion of file "C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe/C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name


Error: file "C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe" not found!
Deletion of file "C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Documents and Settings\Tsugomaru\Application Data\SpeedRunner\SRUninstall.exe" deleted successfully.
File "C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe" deleted successfully.
File "C:\Documents and Settings\Tsugomaru\Desktop\Unknown\k-f_sysreset\k-f_sysreset\mirc.exe" deleted successfully.
File "C:\Documents and Settings\Tsugomaru\Local Settings\temp\cmdinst.exe" deleted successfully.

Error: file "C:\Documents and Settings\Tsugomaru\Local Settings\temp\cmdinst.exe" not found!
Deletion of file "C:\Documents and Settings\Tsugomaru\Local Settings\temp\cmdinst.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Documents and Settings\Tsugomaru\Local Settings\temp\__2D.tmp" deleted successfully.
File "C:\Documents and Settings\Tsugomaru\Local Settings\temp\__2F.tmp" deleted successfully.
File "C:\Documents and Settings\Tsugomaru\Local Settings\temp\__40.tmp" deleted successfully.
File "C:\Program Files\Mozilla Firefox\chrome\chrome\content\browser.js" deleted successfully.
File "C:\Program Files\Network Monitor\netmon.exe" deleted successfully.
File "C:\WINDOWS\system32\geBtSLCt.dll" deleted successfully.
File "C:\WINDOWS\VHN1Z29tYXJ1\command.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Dec 22 11:11:38 2008

11:11:38: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe" not found!
Deletion of file "C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist



Completed script processing.

*******************

Finished! Terminate.

[evilfantasy]

Download OTCleanIt.exe and save it to your Desktop.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it yourself.

How is the computer running now?

[mysteryman]

I'm still getting pop ups although they seem to only open in Firefox now.

[evilfantasy]

Download Lop S&D by Eric_71 and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

• Double-click Lop S&D.exe
• Choose the language by typing of the corresponding letter and press Enter
• Click OK at the informative window
• Type 1, to choose Option 1 (Search) then press Enter
• Wait until the end of the scan
• A report will be generated, post the contents of it in your next reply.

A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt

[mysteryman]

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : Tsugomaru ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081221-0] 4.8.1296 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:97 Go (Free:55 Go)
D:\ (Local Disk) - NTFS - Total:126 Go (Free:60 Go)
E:\ (Local Disk) - NTFS - Total:8 Go (Free:8 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Mon 12/22/2008|15:18 )

--------------------\\ Listing folders in APPLIC~1

[04/15/2007|04:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[04/15/2007|04:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[08/12/2006|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[05/17/2007|03:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[08/15/2006|02:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[10/04/2007|06:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[12/21/2008|07:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[11/15/2006|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macromedia
[12/21/2008|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[12/21/2007|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/11/2008|06:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[12/21/2008|06:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller
[08/11/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[12/21/2008|02:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[02/12/2008|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[08/18/2008|05:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[10/31/2006|04:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[12/02/2007|01:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[05/18/2008|12:48] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Adobe
[05/18/2008|12:24] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Identities
[05/18/2008|12:25] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Macromedia
[05/18/2008|12:44] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Microsoft
[05/18/2008|12:24] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Mozilla
[05/18/2008|12:24] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Talkback

[12/21/2007|08:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[12/21/2008|07:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> NetMon

[01/14/2007|07:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[12/04/2008|11:40] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Adobe
[08/15/2006|09:06] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> AdobeUM
[10/04/2007|09:31] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Ahead
[08/15/2006|03:14] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Aim
[03/24/2007|11:16] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Apple Computer
[12/20/2008|06:46] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Azureus
[01/03/2007|05:16] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> CyberLink
[06/12/2008|11:01] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> DAEMON Tools
[10/16/2007|04:05] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> DivX
[12/20/2008|08:36] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> foobar2000
[12/22/2008|10:52] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> gadcom
[12/21/2008|07:30] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> GetModule
[03/27/2008|09:26] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Google
[11/28/2008|01:47] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> gtk-2.0
[12/14/2008|06:05] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Hamachi
[11/29/2006|09:22] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Help
[05/05/2007|09:43] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Humanbalance
[08/03/2006|04:27] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Identities
[02/16/2008|07:57] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Macromedia
[12/21/2008|11:14] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Malwarebytes
[10/02/2007|10:02] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Media Player Classic
[03/25/2007|02:52] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Microsoft
[06/28/2008|08:31] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Mozilla
[02/24/2008|11:21] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Nexon
[09/20/2006|07:50] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> NJStar
[01/21/2007|08:16] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> OpenOffice.org2
[08/11/2006|10:54] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Opera
[01/09/2008|08:47] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> SmartFTP
[12/21/2008|10:21] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> SpeedRunner
[11/14/2006|08:58] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Sun
[12/21/2008|02:46] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[04/11/2007|11:20] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Talkback
[12/21/2008|07:35] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Twain
[06/01/2007|02:04] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Ventrilo
[03/06/2007|07:19] C:\DOCUME~1\TSUGOM~1\APPLIC~1\<DIR> Viewpoint

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[12/22/2008 12:00 PM][--a------] C:\WINDOWS\tasks\olqucicu.job
[12/22/2008 11:34 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 04:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[04/20/2007|02:16] C:\Program Files\<DIR> Adobe
[11/04/2008|10:12] C:\Program Files\<DIR> Ahead
[09/30/2007|09:32] C:\Program Files\<DIR> AIM
[12/20/2008|11:24] C:\Program Files\<DIR> Alwil Software
[08/15/2006|03:14] C:\Program Files\<DIR> AOD
[10/22/2006|11:51] C:\Program Files\<DIR> Audio MP3 Maker
[01/12/2008|10:08] C:\Program Files\<DIR> Audiosurf
[12/13/2006|10:26] C:\Program Files\<DIR> AutoHotkey
[08/12/2006|08:48] C:\Program Files\<DIR> Azureus
[12/21/2008|02:40] C:\Program Files\<DIR> CCleaner
[05/07/2007|03:37] C:\Program Files\<DIR> CDisplay
[10/02/2007|10:03] C:\Program Files\<DIR> Combined Community Codec Pack
[12/21/2008|07:17] C:\Program Files\<DIR> Common Files
[08/03/2006|04:21] C:\Program Files\<DIR> ComPlus Applications
[08/12/2006|08:32] C:\Program Files\<DIR> CyberLink
[06/26/2008|12:49] C:\Program Files\<DIR> CycloDS
[03/25/2007|12:19] C:\Program Files\<DIR> Deskshare
[06/30/2008|08:29] C:\Program Files\<DIR> Diablo
[10/16/2007|03:49] C:\Program Files\<DIR> DivX
[08/12/2006|08:19] C:\Program Files\<DIR> Driver
[08/13/2006|02:56] C:\Program Files\<DIR> EPSON
[08/14/2006|08:02] C:\Program Files\<DIR> ffdshow
[10/05/2007|04:20] C:\Program Files\<DIR> Finale NotePad 2007
[01/28/2007|11:26] C:\Program Files\<DIR> foobar2000
[01/06/2007|08:23] C:\Program Files\<DIR> GameFlier
[12/21/2008|10:21] C:\Program Files\<DIR> GetModule
[11/28/2008|01:25] C:\Program Files\<DIR> GIMP-2.0
[10/23/2008|04:16] C:\Program Files\<DIR> Google
[05/05/2007|09:44] C:\Program Files\<DIR> GraphicsGale FreeEdition
[08/14/2006|08:01] C:\Program Files\<DIR> Haali
[12/12/2008|09:39] C:\Program Files\<DIR> Hamachi
[12/21/2008|07:30] C:\Program Files\<DIR> iCheck
[12/21/2008|07:50] C:\Program Files\<DIR> InetGet2
[11/30/2008|03:47] C:\Program Files\<DIR> InstallShield Installation Information
[02/13/2008|03:00] C:\Program Files\<DIR> Internet Explorer
[09/02/2006|03:46] C:\Program Files\<DIR> IrfanView
[01/03/2007|05:25] C:\Program Files\<DIR> iSofter
[12/21/2008|12:21] C:\Program Files\<DIR> Java
[08/18/2006|10:51] C:\Program Files\<DIR> KSIGN
[03/01/2007|09:26] C:\Program Files\<DIR> Last.fm
[11/15/2006|03:08] C:\Program Files\<DIR> Macromedia
[12/21/2008|11:14] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[03/25/2007|01:04] C:\Program Files\<DIR> MediaCoder
[08/15/2006|06:56] C:\Program Files\<DIR> Messenger
[08/13/2006|09:12] C:\Program Files\<DIR> Microsoft ActiveSync
[01/11/2008|06:38] C:\Program Files\<DIR> Microsoft DirectX SDK (November 2007)
[08/03/2006|04:24] C:\Program Files\<DIR> microsoft frontpage
[01/15/2008|11:15] C:\Program Files\<DIR> Microsoft Office
[08/17/2008|10:10] C:\Program Files\<DIR> Microsoft Silverlight
[01/14/2007|07:05] C:\Program Files\<DIR> Microsoft SQL Server
[08/13/2006|09:11] C:\Program Files\<DIR> Microsoft Visual Studio
[01/14/2007|07:02] C:\Program Files\<DIR> Microsoft Visual Studio 8
[08/13/2006|09:11] C:\Program Files\<DIR> Microsoft Works
[01/14/2007|07:04] C:\Program Files\<DIR> Microsoft.NET
[12/13/2007|06:10] C:\Program Files\<DIR> Movie Maker
[12/22/2008|11:35] C:\Program Files\<DIR> Mozilla Firefox
[01/15/2008|11:15] C:\Program Files\<DIR> MSECache
[08/03/2006|04:20] C:\Program Files\<DIR> MSN
[08/03/2006|04:21] C:\Program Files\<DIR> MSN Gaming Zone
[08/21/2007|02:00] C:\Program Files\<DIR> MSXML 6.0
[08/03/2006|04:22] C:\Program Files\<DIR> NetMeeting
[12/21/2008|07:46] C:\Program Files\<DIR> Network Monitor
[12/05/2007|10:01] C:\Program Files\<DIR> NJStar Chinese WP
[06/12/2007|09:15] C:\Program Files\<DIR> NoteWorthy Composer
[08/03/2006|04:21] C:\Program Files\<DIR> Online Services
[01/21/2007|08:17] C:\Program Files\<DIR> OpenOffice.org 2.1
[12/14/2007|11:43] C:\Program Files\<DIR> Opera
[08/10/2008|06:39] C:\Program Files\<DIR> osu!
[06/13/2007|02:00] C:\Program Files\<DIR> Outlook Express
[08/19/2008|02:57] C:\Program Files\<DIR> PADI
[05/15/2008|02:22] C:\Program Files\<DIR> Perfect World
[08/30/2006|02:20] C:\Program Files\<DIR> PocketRAR
[12/27/2007|08:14] C:\Program Files\<DIR> Project64 1.6
[05/17/2007|03:25] C:\Program Files\<DIR> QuickTime
[03/24/2007|11:10] C:\Program Files\<DIR> RADVideo
[08/12/2006|12:04] C:\Program Files\<DIR> Realtek AC97
[12/19/2008|12:57] C:\Program Files\<DIR> Runes of Magic
[10/04/2007|05:00] C:\Program Files\<DIR> Smart Projects
[01/09/2008|08:47] C:\Program Files\<DIR> SmartFTP Client
[01/09/2008|08:47] C:\Program Files\<DIR> SmartFTP Client 2.5 Setup Files
[03/25/2007|01:48] C:\Program Files\<DIR> SoftwareClub.ws
[08/10/2008|02:12] C:\Program Files\<DIR> StepMania
[12/21/2008|02:46] C:\Program Files\<DIR> SUPERAntiSpyware
[05/06/2008|10:13] C:\Program Files\<DIR> TI Education
[12/21/2008|12:25] C:\Program Files\<DIR> Trend Micro
[08/03/2006|04:27] C:\Program Files\<DIR> Uninstall Information
[12/04/2007|08:27] C:\Program Files\<DIR> Ventrilo
[08/20/2007|07:03] C:\Program Files\<DIR> VentSrv
[08/18/2008|05:20] C:\Program Files\<DIR> Viewpoint
[10/08/2008|04:55] C:\Program Files\<DIR> WalkerPoker
[12/21/2008|08:53] C:\Program Files\<DIR> WC3Banlist
[12/21/2008|07:30] C:\Program Files\<DIR> Webtools
[08/20/2006|07:14] C:\Program Files\<DIR> WhatPulse
[10/31/2006|04:34] C:\Program Files\<DIR> Windows Media Connect 2
[03/01/2007|09:26] C:\Program Files\<DIR> Windows Media Player
[08/03/2006|04:21] C:\Program Files\<DIR> Windows NT
[08/03/2006|04:23] C:\Program Files\<DIR> WindowsUpdate
[08/13/2008|02:04] C:\Program Files\<DIR> WinPcap
[09/02/2008|10:42] C:\Program Files\<DIR> WinRAR
[08/15/2006|02:58] C:\Program Files\<DIR> Wizet
[08/16/2008|04:52] C:\Program Files\<DIR> World of Warcraft
[08/03/2006|04:24] C:\Program Files\<DIR> xerox
[01/03/2007|05:53] C:\Program Files\<DIR> Xilisoft

--------------------\\ Listing Folders in C:\Program Files\Common Files

[04/15/2007|04:56] C:\Program Files\Common Files\<DIR> Adobe
[04/15/2007|04:55] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[08/12/2006|08:26] C:\Program Files\Common Files\<DIR> Ahead
[08/11/2006|10:54] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[08/13/2006|09:12] C:\Program Files\Common Files\<DIR> DESIGNER
[03/25/2007|12:19] C:\Program Files\Common Files\<DIR> DeskShare Shared
[02/24/2008|11:21] C:\Program Files\Common Files\<DIR> INCA Shared
[11/15/2006|03:07] C:\Program Files\Common Files\<DIR> InstallShield
[08/18/2006|10:25] C:\Program Files\Common Files\<DIR> Java
[08/13/2006|09:12] C:\Program Files\Common Files\<DIR> L&H
[11/15/2006|03:08] C:\Program Files\Common Files\<DIR> Macromedia
[01/14/2007|07:00] C:\Program Files\Common Files\<DIR> Merge Modules
[01/15/2008|11:15] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/03/2006|04:22] C:\Program Files\Common Files\<DIR> MSSoap
[08/12/2006|08:30] C:\Program Files\Common Files\<DIR> Nero
[08/03/2006|09:14] C:\Program Files\Common Files\<DIR> ODBC
[08/03/2006|04:22] C:\Program Files\Common Files\<DIR> Services
[08/03/2006|09:14] C:\Program Files\Common Files\<DIR> SpeechEngines
[05/06/2008|10:13] C:\Program Files\Common Files\<DIR> SpellEx
[12/21/2008|06:24] C:\Program Files\Common Files\<DIR> Symantec Shared
[06/13/2007|02:00] C:\Program Files\Common Files\<DIR> System
[05/06/2008|10:13] C:\Program Files\Common Files\<DIR> TI Shared
[04/15/2007|04:20] C:\Program Files\Common Files\<DIR> Vbox
[12/21/2008|02:46] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 43 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\TSUGOM~1\Cookies\tsugomaru@advertising[1].txt
C:\DOCUME~1\TSUGOM~1\Cookies\tsugomaru@advertising[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 15:20:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\LkTCcMoq.ini
C:\WINDOWS\system32\LkTCcMoq.ini2
C:\WINDOWS\system32\qoMcCTkL.dll
==> VUNDO <==



[F:941][D:18]-> C:\DOCUME~1\TSUGOM~1\LOCALS~1\Temp
[F:67][D:0]-> C:\DOCUME~1\TSUGOM~1\Cookies
[F:777][D:4]-> C:\DOCUME~1\TSUGOM~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 12/22/2008|15:21 - Option : [1]

--------------------\\ Scan completed at 15:21:22

[evilfantasy]

Download Vundofix to your desktop.

Important! If using Windows Vista be sure to Run As Administrator

• Double-click VundoFix.exe to run it.
• Put a check next to Run VundoFix as a task.
• You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt and a new HijackThis log in your next reply.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

If you receive this error: "Run-time error '339': Component 'comdlg32.ocx' or one its dependencies not correctly registered: a file is missing or invalid", a new copy and instructions on where to put it can be found here

Please let VundoFix finish, sometimes it can take multiple passes

----------

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.


Double click LopSD.exe


If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

• Choose the language by typing of the corresponding letter and press Enter
• Click OK at the informative window.
• Type 2 to choose Option 2 (Delete with Hosts File Restore), then press Enter
• Wait until the end of the scan.
• A report will be generated, post the contents of it in your next reply, along with a HijackThis log.

[mysteryman]

I tried running Vundo and it never prompted me to run it as a task. I tried Scanning for Vundo and then I tried Removing Vundo. My desktop went blank and then the program froze so I restarted my computer. Should I try again?