Solved Can you please analyze my hijackthis.log file?

[TiffanieMarie]

All processes killed
========== OTL ==========
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\LimeWire On Startup.lnk moved successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Documents and Settings\student\My Documents\~WRL0958.tmp deleted successfully.
C:\Documents and Settings\student\My Documents\~WRL2235.tmp deleted successfully.
C:\Documents and Settings\student\My Documents\~WRL2428.tmp deleted successfully.
C:\Documents and Settings\student\Application Data\LimeWire\.NetworkShare folder moved successfully.
C:\Documents and Settings\student\Application Data\LimeWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\student\Application Data\LimeWire\xml\schemas folder moved successfully.
C:\Documents and Settings\student\Application Data\LimeWire\xml\misc folder moved successfully.
C:\Documents and Settings\student\Application Data\LimeWire\xml\data folder moved successfully.
C:\Documents and Settings\student\Application Data\LimeWire\xml folder moved successfully.
C:\Documents and Settings\student\Application Data\LimeWire\themes\windows_theme folder moved successfully.
C:\Documents and Settings\student\Application Data\LimeWire\themes folder moved successfully.
C:\Documents and Settings\student\Application Data\LimeWire folder moved successfully.
C:\Documents and Settings\Guest\Application Data\LimeWire\.NetworkShare folder moved successfully.
C:\Documents and Settings\Guest\Application Data\LimeWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\Guest\Application Data\LimeWire\xml\schemas folder moved successfully.
C:\Documents and Settings\Guest\Application Data\LimeWire\xml\misc folder moved successfully.
C:\Documents and Settings\Guest\Application Data\LimeWire\xml\data folder moved successfully.
C:\Documents and Settings\Guest\Application Data\LimeWire\xml folder moved successfully.
C:\Documents and Settings\Guest\Application Data\LimeWire\themes\windows_theme folder moved successfully.
C:\Documents and Settings\Guest\Application Data\LimeWire\themes folder moved successfully.
C:\Documents and Settings\Guest\Application Data\LimeWire folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 579642 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: student
->Temp folder emptied: 11636487 bytes
->Temporary Internet Files folder emptied: 5782051 bytes
->Java cache emptied: 42995 bytes
->FireFox cache emptied: 116781144 bytes
->Opera cache emptied: 15408662 bytes
->Flash cache emptied: 1820 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Documents and Settings

User: ShoppingReport

User: cs

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 143.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Administrator

User: student
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Documents and Settings

User: ShoppingReport

User: cs

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02232011_234440

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[TiffanieMarie]

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10.2.152.26
Adobe Reader 9.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.5.) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
``````````End of Log````````````

 

[TiffanieMarie]

C:\Documents and Settings\All Users\Documents\My Music\all hope is gone slipknot.mp3 WMA/TrojanDownloader.GetCodec.C trojan
C:\Documents and Settings\All Users\Documents\My Music\pyschosocial slipknot.mp3 WMA/TrojanDownloader.GetCodec.C trojan
C:\Documents and Settings\All Users\Documents\My Music\long gone lonesome blues hank.mp3 WMA/TrojanDownloader.GetCodec.C trojan
C:\Documents and Settings\All Users\Documents\My Music\spicy mchagiss 192kb.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\All Users\Documents\My Music\spicy mchagiss dropkick.mp3 WMA/TrojanDownloader.GetCodec.C trojan
C:\Documents and Settings\All Users\Documents\My Music\spicy mchagiss dropkick sexy girl has shaking orgasm during sex.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\All Users\Documents\Incomplete\Preview-T-3545425-all hope is gone slipknot.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\All Users\Documents\Incomplete\Preview-T-3545425-pyschosocial slipknot.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan

 

[Broni]

Uninstall:
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5

=========================================================================

Update Firefox to the latest 3.6.13 version.

=========================================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

========================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\Documents and Settings\All Users\Documents\My Music\all hope is gone slipknot.mp3 
  C:\Documents and Settings\All Users\Documents\My Music\pyschosocial slipknot.mp3 
  C:\Documents and Settings\All Users\Documents\My Music\long gone lonesome blues hank.mp3 
  C:\Documents and Settings\All Users\Documents\My Music\spicy mchagiss 192kb.mp3 
  C:\Documents and Settings\All Users\Documents\My Music\spicy mchagiss dropkick.mp3 
  C:\Documents and Settings\All Users\Documents\My Music\spicy mchagiss dropkick sexy girl has shaking orgasm during sex.mp3 
  C:\Documents and Settings\All Users\Documents\Incomplete\Preview-T-3545425-all hope is gone slipknot.mp3 
  C:\Documents and Settings\All Users\Documents\Incomplete\Preview-T-3545425-pyschosocial slipknot.mp3
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=========================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[Broni]

The issue seems to be resolved.

 

[TiffanieMarie]

Sorry, been busy the past week. I am running all the fixes u sent previously and will be posting the requested logs.

I also have a question about my SD card device, and it not reading or acknowledging my SD at all, I was wondering if you would be able to help me with this, or if I have to go somewhere else for it?
And I am still having trouble with videos playing smoothly. Any help or suggestions you can give would be awesome, thanks.

 

[TiffanieMarie]

Adobe is not fun to install.. it would not update, so I had to uninstall the older version first then download the newer version. pain in the butt process.

 

[TiffanieMarie]

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Documents\My Music\all hope is gone slipknot.mp3 moved successfully.
C:\Documents and Settings\All Users\Documents\My Music\pyschosocial slipknot.mp3 moved successfully.
C:\Documents and Settings\All Users\Documents\My Music\long gone lonesome blues hank.mp3 moved successfully.
C:\Documents and Settings\All Users\Documents\My Music\spicy mchagiss 192kb.mp3 moved successfully.
C:\Documents and Settings\All Users\Documents\My Music\spicy mchagiss dropkick.mp3 moved successfully.
C:\Documents and Settings\All Users\Documents\My Music\spicy mchagiss dropkick sexy girl has shaking orgasm during sex.mp3 moved successfully.
C:\Documents and Settings\All Users\Documents\Incomplete\Preview-T-3545425-all hope is gone slipknot.mp3 moved successfully.
C:\Documents and Settings\All Users\Documents\Incomplete\Preview-T-3545425-pyschosocial slipknot.mp3 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 581013 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: student
->Temp folder emptied: 39192257 bytes
->Temporary Internet Files folder emptied: 9605461 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46769534 bytes
->Opera cache emptied: 15329993 bytes
->Flash cache emptied: 6482 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Documents and Settings

User: ShoppingReport

User: cs

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 106.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Administrator

User: student
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Documents and Settings

User: ShoppingReport

User: cs

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 03032011_035610

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\student\Local Settings\Temp\Perflib_Perfdata_151c.dat not found!

Registry entries deleted on Reboot...

 

[TiffanieMarie]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: student
->Temp folder emptied: 866771 bytes
->Temporary Internet Files folder emptied: 62096 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 268093 bytes
->Flash cache emptied: 456 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Documents and Settings

User: ShoppingReport

User: cs

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Administrator

User: student
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Documents and Settings

User: ShoppingReport

User: cs

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.20.6 log created on 03032011_040732

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Broni]

I also have a question about my SD card device, and it not reading or acknowledging my SD at all, I was wondering if you would be able to help me with this, or if I have to go somewhere else for it?
And I am still having trouble with videos playing smoothly.

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck

 

[TiffanieMarie]

Thank you for all the help. Greatly appreciated. my laptop is doing so much better.

 

[Broni]

You're very welcome

 

[TiffanieMarie]

Ok... Everything was running fine. But all of a sudden it seems AVG wont run? I like AVG and would like to continue using it. Whenever I try and run it now it keeps popping up saying:
C:\ProgramFiles\AVG\AVG10\avgui.exe
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.

I have uninstalled and reinstalled 3 times, and tried to just repair it.. to no avail have I found a fix. I also went onto AVG and did what they said to do when you encounter this problem, still nothing. It is bordering on frustrating at this point, I hope you can help me?!

 

[Broni]

I stopped recommending AVG a while ago, because of number of issues, including problems like yours.
All I can recommend is to uninstall AVG using AVG Remover: http://www.avg.com/us-en/download-tools and switch to some more reliable product like one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

 

[TiffanieMarie]

Awww... ok.. thanks.

 

[Broni]

You're very welcome

 

[TiffanieMarie]

Hi Broni,

I am having some issues with the laptop again, and fear it might be a virus. What scans can I run for you to check it? and see if it is clean or if I have clean up to do?

Thanks.

 

[Broni]

Please start new topic and go ahead with all preliminaries.

 

[TiffanieMarie]

Ok, will do. Thanks.

 

[Broni]

Sure ...........