lop problem

and here it is her log.. how was mine ? i sense mine was clean?

Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : Rev 1.00
USER : usr ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:73 Go (Free:48 Go)
D:\ (Local Disk) - NTFS - Total:75 Go (Free:74 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - FAT32 - Total:149 Go (Free:77 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 24.02.2009|22:12 )

--------------------\\ Listing folders in APPLIC~1

[26.10.2006|17:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[20.12.2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[20.12.2008|19:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[20.12.2008|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
[22.02.2009|21:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
[08.03.2008|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Go Go Gourmet
[29.01.2008|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[10.10.2006|16:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[09.06.2008|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[12.04.2007|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LongPokeClockHope
[25.11.2006|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[09.06.2008|16:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[03.02.2007|16:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[03.10.2006|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[21.01.2009|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[21.01.2009|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Reflexive
[25.09.2007|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[05.12.2008|21:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[20.12.2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[02.12.2007|18:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08.03.2008|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[0|Dosya] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bayt
[23|Dizin] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bayt boŸ

[02.10.2006|08:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bayt
[3|Dizin] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bayt boŸ

[28.03.2008|13:49] C:\DOCUME~1\Guest\APPLIC~1\Google
[10.10.2006|18:01] C:\DOCUME~1\Guest\APPLIC~1\HP
[10.10.2006|18:00] C:\DOCUME~1\Guest\APPLIC~1\Identities
[26.12.2006|20:42] C:\DOCUME~1\Guest\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\Guest\APPLIC~1\bayt
[6|Dizin] C:\DOCUME~1\Guest\APPLIC~1\bayt boŸ

[23.12.2007|11:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\LOCALS~1\APPLIC~1\bayt
[3|Dizin] C:\DOCUME~1\LOCALS~1\APPLIC~1\bayt boŸ

[02.10.2006|08:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[16.09.2007|17:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[0|Dosya] C:\DOCUME~1\NETWOR~1\APPLIC~1\bayt
[4|Dizin] C:\DOCUME~1\NETWOR~1\APPLIC~1\bayt boŸ

[23.09.2008|16:04] C:\DOCUME~1\usr\APPLIC~1\Adobe
[26.10.2006|17:12] C:\DOCUME~1\usr\APPLIC~1\AdobeUM
[21.07.2007|23:33] C:\DOCUME~1\usr\APPLIC~1\Bleh Bin Mix
[13.10.2008|18:37] C:\DOCUME~1\usr\APPLIC~1\Go-Go Gourmet Chef of the Year
[01.02.2008|12:43] C:\DOCUME~1\usr\APPLIC~1\Google
[10.10.2006|16:02] C:\DOCUME~1\usr\APPLIC~1\HP
[02.10.2006|12:14] C:\DOCUME~1\usr\APPLIC~1\Identities
[11.05.2008|10:34] C:\DOCUME~1\usr\APPLIC~1\Image Zone Express
[22.09.2007|22:33] C:\DOCUME~1\usr\APPLIC~1\InterVideo
[09.06.2008|16:55] C:\DOCUME~1\usr\APPLIC~1\iWin
[03.10.2006|09:05] C:\DOCUME~1\usr\APPLIC~1\Macromedia
[28.04.2008|19:28] C:\DOCUME~1\usr\APPLIC~1\Microsoft
[24.02.2009|16:25] C:\DOCUME~1\usr\APPLIC~1\Mozilla
[21.01.2009|17:51] C:\DOCUME~1\usr\APPLIC~1\PlayFirst
[16.09.2007|18:07] C:\DOCUME~1\usr\APPLIC~1\Printer Info Cache
[20.12.2008|19:54] C:\DOCUME~1\usr\APPLIC~1\QQ Games
[07.10.2006|09:33] C:\DOCUME~1\usr\APPLIC~1\Symantec
[20.12.2008|19:54] C:\DOCUME~1\usr\APPLIC~1\Tencent
[0|Dosya] C:\DOCUME~1\usr\APPLIC~1\bayt
[20|Dizin] C:\DOCUME~1\usr\APPLIC~1\bayt boŸ

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[24.02.2009 22:00][--ah-----] C:\WINDOWS\tasks\A04AAA1A90895C36.job
[24.02.2009 21:58][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[24.02.2009 21:58][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04.08.2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( A04AAA1A90895C36.job )=( c:\docume~1\usr\applic~1\blehbi~1\greylistremote.exe )

--------------------\\ Listing Folders in C:\Program Files

[26.10.2006|16:59] C:\Program Files\Adobe
[12.04.2007|19:51] C:\Program Files\Adverts
[07.10.2006|09:23] C:\Program Files\Ahead
[20.12.2008|19:52] C:\Program Files\AIMTunes
[01.12.2008|21:51] C:\Program Files\Ares
[11.10.2008|13:24] C:\Program Files\AskSBar
[12.04.2007|19:52] C:\Program Files\Bleh Bin Mix
[24.02.2009|16:42] C:\Program Files\Common Files
[02.10.2006|08:42] C:\Program Files\ComPlus Applications
[22.09.2007|22:18] C:\Program Files\Creative
[02.10.2006|12:36] C:\Program Files\DIFX
[25.04.2008|19:26] C:\Program Files\DVDVideoSoft
[06.03.2007|21:06] C:\Program Files\EA GAMES
[29.09.2007|22:11] C:\Program Files\EA Sports
[13.11.2006|16:35] C:\Program Files\Electronic Arts
[24.02.2009|18:25] C:\Program Files\ESET
[17.10.2008|21:35] C:\Program Files\Gamenext
[17.10.2008|21:36] C:\Program Files\GamesBar
[29.01.2008|18:41] C:\Program Files\Google
[10.10.2006|15:59] C:\Program Files\Hewlett-Packard
[16.09.2007|18:06] C:\Program Files\HP
[17.05.2008|11:27] C:\Program Files\Incomplete
[15.12.2007|21:04] C:\Program Files\InstallShield Installation Information
[02.10.2006|12:53] C:\Program Files\Intel
[22.09.2007|22:19] C:\Program Files\InterActual
[14.12.2008|13:44] C:\Program Files\Internet Explorer
[22.09.2007|22:41] C:\Program Files\InterVideo
[15.07.2008|14:29] C:\Program Files\Java
[07.10.2006|09:28] C:\Program Files\LifeView TVR
[17.05.2008|11:27] C:\Program Files\LimeWire
[03.10.2006|07:54] C:\Program Files\Marvell
[18.04.2007|21:29] C:\Program Files\Maxis
[02.09.2008|13:11] C:\Program Files\Messenger
[06.02.2009|18:30] C:\Program Files\Messenger Plus! Live
[25.11.2006|19:19] C:\Program Files\MessengerPlus! 3
[08.02.2007|12:01] C:\Program Files\Microsoft ActiveSync
[02.10.2006|08:46] C:\Program Files\microsoft frontpage
[21.07.2008|22:05] C:\Program Files\Microsoft Games
[24.11.2008|20:55] C:\Program Files\Microsoft Office
[23.01.2007|17:30] C:\Program Files\Microsoft Visual Studio
[13.07.2008|20:25] C:\Program Files\Microsoft Works
[08.02.2007|12:01] C:\Program Files\Microsoft.NET
[02.10.2006|08:43] C:\Program Files\Movie Maker
[24.02.2009|20:17] C:\Program Files\Mozilla Firefox
[24.11.2008|20:55] C:\Program Files\MSECache
[02.10.2006|08:41] C:\Program Files\MSN Gaming Zone
[01.09.2008|19:50] C:\Program Files\MSN Messenger
[27.09.2007|10:59] C:\Program Files\MSXML 4.0
[23.12.2006|21:45] C:\Program Files\NetMeeting
[02.10.2006|08:44] C:\Program Files\Online Services
[14.06.2007|22:16] C:\Program Files\Outlook Express
[18.01.2009|19:59] C:\Program Files\PhotoScape
[03.10.2007|12:46] C:\Program Files\Play65
[21.01.2009|17:50] C:\Program Files\PlayFirst
[07.06.2007|21:34] C:\Program Files\ReflexiveArcade
[07.06.2008|12:37] C:\Program Files\Ricochet Lost Worlds
[13.10.2006|15:51] C:\Program Files\SMC
[15.12.2007|21:04] C:\Program Files\STV
[15.07.2008|14:29] C:\Program Files\Sun
[25.09.2007|20:42] C:\Program Files\Symantec
[07.10.2006|09:28] C:\Program Files\Teletext
[20.12.2008|19:54] C:\Program Files\Tencent
[02.10.2006|12:14] C:\Program Files\Uninstall Information
[20.12.2008|19:51] C:\Program Files\Viewpoint
[06.03.2007|19:13] C:\Program Files\Winamp
[08.03.2008|18:13] C:\Program Files\Windows Live
[23.12.2007|11:37] C:\Program Files\Windows Media Connect 2
[23.12.2007|11:41] C:\Program Files\Windows Media Player
[02.10.2006|08:41] C:\Program Files\Windows NT
[02.10.2006|08:44] C:\Program Files\WindowsUpdate
[06.10.2006|07:55] C:\Program Files\WinRAR
[02.10.2006|08:46] C:\Program Files\xerox
[0|Dosya] C:\Program Files\bayt
[74|Dizin] C:\Program Files\bayt boŸ

--------------------\\ Listing Folders in C:\Program Files\Common Files

[26.10.2006|17:11] C:\Program Files\Common Files\Adobe
[07.10.2006|09:23] C:\Program Files\Common Files\Ahead
[23.02.2009|21:54] C:\Program Files\Common Files\AOL
[25.09.2007|20:21] C:\Program Files\Common Files\Cisco Systems
[08.02.2007|12:01] C:\Program Files\Common Files\DESIGNER
[25.04.2008|19:26] C:\Program Files\Common Files\DVDVideoSoft
[16.09.2007|18:06] C:\Program Files\Common Files\HP
[22.09.2007|22:18] C:\Program Files\Common Files\InstallShield
[22.09.2007|22:38] C:\Program Files\Common Files\InterVideo
[04.01.2007|18:42] C:\Program Files\Common Files\Java
[08.02.2007|12:01] C:\Program Files\Common Files\L&H
[13.07.2008|20:24] C:\Program Files\Common Files\Microsoft Shared
[02.10.2006|08:43] C:\Program Files\Common Files\MSSoap
[09.06.2008|16:53] C:\Program Files\Common Files\Oberon Media
[02.10.2006|11:28] C:\Program Files\Common Files\ODBC
[02.10.2006|08:43] C:\Program Files\Common Files\Services
[20.12.2008|19:51] C:\Program Files\Common Files\Software Update Utility
[02.10.2006|11:28] C:\Program Files\Common Files\SpeechEngines
[25.09.2007|20:42] C:\Program Files\Common Files\Symantec Shared
[17.01.2009|17:49] C:\Program Files\Common Files\System
[08.03.2008|18:14] C:\Program Files\Common Files\WindowsLiveInstaller
[0|Dosya] C:\Program Files\Common Files\bayt
[23|Dizin] C:\Program Files\Common Files\bayt boŸ

--------------------\\ Process

( 37 Processes )

... OK !

--------------------\\ Searching with S_Lop

C:\DOCUME~1\usr\LOCALS~1\Temp\bis301.exe

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\usr\APPLIC~1\blehbi~1
C:\DOCUME~1\usr\APPLIC~1\blehbi~1\third name bits trust.exe
C:\DOCUME~1\usr\APPLIC~1\blehbi~1\wkopylwn.exe
C:\Program Files\blehbi~1
C:\DOCUME~1\usr\LOCALS~1\Temp\msgpl_f9a4.exe
C:\DOCUME~1\usr\LOCALS~1\Temp\nsm18E.tmp
C:\DOCUME~1\usr\LOCALS~1\Temp\nsu88A.tmp
C:\DOCUME~1\usr\LOCALS~1\Temp\status.txt
C:\Program Files\Adverts
C:\Program Files\Adverts\uninst.exe
C:\WINDOWS\Tasks\A04AAA1A90895C36.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file MODIFIED

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 22:14:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Searching for other infections


No other infections found !

Hello
Restart Lop S&D

This time choose Option 2 (Fix + Hosts)
Don't close the window during suppression!
Post the log which is created: (%SystemDrive%\lopR.txt)

hello again we need to thank you for everything that you done for us till now.. heres my log (for option 2)

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.86GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:38 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - FAT32 - Total:149 Go (Free:77 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 24.02.2009|22:30 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\Owner\LOCALS~1\Temp\nsd6.tmp
Deleted! - C:\DOCUME~1\Owner\LOCALS~1\Temp\nsx3F.tmp
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[24.02.2009|22:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
[21.02.2009|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\KONAMI
[29.12.2008|01:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[24.11.2008|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[11.11.2008|08:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[11.11.2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[19.01.2009|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\qs
[21.01.2009|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
[14.11.2008|22:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sports Interactive
[20.01.2009|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11.11.2008|18:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[0|Dosya] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bayt
[13|Dizin] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bayt boŸ

[10.11.2008|20:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bayt
[3|Dizin] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bayt boŸ

[19.01.2009|19:24] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\LOCALS~1\APPLIC~1\bayt
[3|Dizin] C:\DOCUME~1\LOCALS~1\APPLIC~1\bayt boŸ

[15.11.2008|15:06] C:\DOCUME~1\Moiz\APPLIC~1\Adobe
[18.12.2008|22:59] C:\DOCUME~1\Moiz\APPLIC~1\Babylon
[09.01.2009|23:55] C:\DOCUME~1\Moiz\APPLIC~1\DivX
[15.11.2008|15:05] C:\DOCUME~1\Moiz\APPLIC~1\Identities
[15.11.2008|15:11] C:\DOCUME~1\Moiz\APPLIC~1\Macromedia
[28.12.2008|22:06] C:\DOCUME~1\Moiz\APPLIC~1\Microsoft
[15.11.2008|15:05] C:\DOCUME~1\Moiz\APPLIC~1\Windows Desktop Search
[22.02.2009|00:49] C:\DOCUME~1\Moiz\APPLIC~1\Windows Search
[0|Dosya] C:\DOCUME~1\Moiz\APPLIC~1\bayt
[10|Dizin] C:\DOCUME~1\Moiz\APPLIC~1\bayt boŸ

[10.11.2008|20:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\NETWOR~1\APPLIC~1\bayt
[3|Dizin] C:\DOCUME~1\NETWOR~1\APPLIC~1\bayt boŸ

[11.11.2008|13:22] C:\DOCUME~1\Owner\APPLIC~1\Adobe
[19.01.2009|16:46] C:\DOCUME~1\Owner\APPLIC~1\Babylon
[12.11.2008|11:38] C:\DOCUME~1\Owner\APPLIC~1\BSplayer
[12.11.2008|11:31] C:\DOCUME~1\Owner\APPLIC~1\BSplayer Pro
[10.11.2008|20:39] C:\DOCUME~1\Owner\APPLIC~1\Identities
[11.11.2008|14:35] C:\DOCUME~1\Owner\APPLIC~1\Macromedia
[11.11.2008|17:35] C:\DOCUME~1\Owner\APPLIC~1\Media Player Classic
[17.12.2008|20:54] C:\DOCUME~1\Owner\APPLIC~1\Microsoft
[11.11.2008|19:39] C:\DOCUME~1\Owner\APPLIC~1\Mozilla
[14.11.2008|22:49] C:\DOCUME~1\Owner\APPLIC~1\Sports Interactive
[11.11.2008|19:24] C:\DOCUME~1\Owner\APPLIC~1\Sun
[11.11.2008|19:39] C:\DOCUME~1\Owner\APPLIC~1\Thunderbird
[11.11.2008|11:30] C:\DOCUME~1\Owner\APPLIC~1\Windows Desktop Search
[12.11.2008|19:07] C:\DOCUME~1\Owner\APPLIC~1\Windows Search
[11.02.2009|11:53] C:\DOCUME~1\Owner\APPLIC~1\WinRAR
[0|Dosya] C:\DOCUME~1\Owner\APPLIC~1\bayt
[17|Dizin] C:\DOCUME~1\Owner\APPLIC~1\bayt boŸ

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[24.02.2009 17:24][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04.08.2004 16:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11.11.2008|08:56] C:\Program Files\7-Zip
[30.11.2008|14:51] C:\Program Files\Ares
[18.12.2008|18:28] C:\Program Files\Babylon
[11.11.2008|12:15] C:\Program Files\Common Files
[10.11.2008|20:32] C:\Program Files\ComPlus Applications
[08.02.2009|22:09] C:\Program Files\ESET
[10.11.2008|22:11] C:\Program Files\Foxit Software
[11.11.2008|08:57] C:\Program Files\Google
[11.11.2008|12:16] C:\Program Files\InstallShield Installation Information
[02.02.2009|20:47] C:\Program Files\Internet Explorer
[11.11.2008|09:03] C:\Program Files\Java
[11.11.2008|09:03] C:\Program Files\K-Lite Codec Pack
[21.02.2009|16:11] C:\Program Files\KONAMI
[10.11.2008|20:35] C:\Program Files\microsoft frontpage
[11.11.2008|09:45] C:\Program Files\Microsoft Office
[11.11.2008|11:20] C:\Program Files\Microsoft Silverlight
[11.11.2008|09:45] C:\Program Files\Microsoft Visual Studio
[11.11.2008|09:45] C:\Program Files\Microsoft Works
[10.11.2008|20:33] C:\Program Files\Movie Maker
[24.02.2009|21:30] C:\Program Files\Mozilla Firefox
[10.11.2008|20:31] C:\Program Files\MSN Gaming Zone
[10.11.2008|22:12] C:\Program Files\mtu
[11.11.2008|09:01] C:\Program Files\Nero
[10.11.2008|20:33] C:\Program Files\NetMeeting
[10.11.2008|20:33] C:\Program Files\Online Services
[10.11.2008|22:13] C:\Program Files\OpenOffice.org 2.3
[10.11.2008|20:33] C:\Program Files\Outlook Express
[11.11.2008|08:57] C:\Program Files\Picasa2
[19.01.2009|17:53] C:\Program Files\QuickSnooker
[22.01.2009|11:00] C:\Program Files\Steam
[20.01.2009|12:16] C:\Program Files\Trend Micro
[10.11.2008|20:39] C:\Program Files\Uninstall Information
[12.11.2008|11:31] C:\Program Files\Webteh
[20.01.2009|13:35] C:\Program Files\Winamp
[11.11.2008|11:30] C:\Program Files\Windows Desktop Search
[11.11.2008|08:58] C:\Program Files\Windows Live
[11.11.2008|11:22] C:\Program Files\Windows Media Connect 2
[11.11.2008|11:22] C:\Program Files\Windows Media Player
[10.11.2008|20:31] C:\Program Files\Windows NT
[10.11.2008|20:33] C:\Program Files\WindowsUpdate
[11.02.2009|11:44] C:\Program Files\WinRAR
[10.11.2008|20:35] C:\Program Files\xerox
[0|Dosya] C:\Program Files\bayt
[44|Dizin] C:\Program Files\bayt boŸ

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11.11.2008|09:45] C:\Program Files\Common Files\DESIGNER
[11.11.2008|12:15] C:\Program Files\Common Files\InstallShield
[11.11.2008|09:02] C:\Program Files\Common Files\Java
[11.11.2008|10:03] C:\Program Files\Common Files\Microsoft Shared
[10.11.2008|20:33] C:\Program Files\Common Files\MSSoap
[11.11.2008|09:00] C:\Program Files\Common Files\Nero
[10.11.2008|22:18] C:\Program Files\Common Files\ODBC
[10.11.2008|20:33] C:\Program Files\Common Files\Services
[10.11.2008|22:18] C:\Program Files\Common Files\SpeechEngines
[10.11.2008|22:22] C:\Program Files\Common Files\System
[0|Dosya] C:\Program Files\Common Files\bayt
[12|Dizin] C:\Program Files\Common Files\bayt boŸ

--------------------\\ Process

( 37 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 22:30:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\Recent\CRACK ve SERIAL.lnk


[F:998][D:25]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:95][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:7265][D:8]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 24.02.2009|22:08 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 24.02.2009|22:31 - Option : [2]

--------------------\\ Scan completed at 22:31:14

Hello.
The LOP is gone, lets see what's left.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  Link 3
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

and here is hers log file (option2).. were we both under attack? and should i continue to do all steps for both of us? cos she needs to sleep and cant work on her machine any further for to night..

her log: \\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : Rev 1.00
USER : usr ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:73 Go (Free:48 Go)
D:\ (Local Disk) - NTFS - Total:75 Go (Free:74 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - FAT32 - Total:149 Go (Free:77 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 24.02.2009|22:37 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\usr\APPLIC~1\blehbi~1\third name bits trust.exe
Deleted! - C:\DOCUME~1\usr\APPLIC~1\blehbi~1\wkopylwn.exe
Deleted! - C:\DOCUME~1\usr\LOCALS~1\Temp\msgpl_f9a4.exe
Deleted! - C:\DOCUME~1\usr\LOCALS~1\Temp\nsm18E.tmp
Deleted! - C:\DOCUME~1\usr\LOCALS~1\Temp\nsu88A.tmp
Deleted! - C:\DOCUME~1\usr\LOCALS~1\Temp\status.txt
Deleted! - C:\Program Files\Adverts\uninst.exe
Deleted! - C:\WINDOWS\Tasks\A04AAA1A90895C36.job
Deleted! - C:\DOCUME~1\usr\LOCALS~1\Temp\bis301.exe
Deleted! - C:\DOCUME~1\usr\APPLIC~1\blehbi~1
Deleted! - C:\Program Files\blehbi~1
Deleted! - C:\Program Files\Adverts
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[26.10.2006|17:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[20.12.2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[20.12.2008|19:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[20.12.2008|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
[22.02.2009|21:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
[08.03.2008|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Go Go Gourmet
[29.01.2008|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[10.10.2006|16:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[09.06.2008|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[12.04.2007|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LongPokeClockHope
[25.11.2006|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[09.06.2008|16:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[03.02.2007|16:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[03.10.2006|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[21.01.2009|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[21.01.2009|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Reflexive
[25.09.2007|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[05.12.2008|21:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[02.12.2007|18:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08.03.2008|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[0|Dosya] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bayt
[22|Dizin] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bayt boŸ

[02.10.2006|08:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bayt
[3|Dizin] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bayt boŸ

[28.03.2008|13:49] C:\DOCUME~1\Guest\APPLIC~1\Google
[10.10.2006|18:01] C:\DOCUME~1\Guest\APPLIC~1\HP
[10.10.2006|18:00] C:\DOCUME~1\Guest\APPLIC~1\Identities
[26.12.2006|20:42] C:\DOCUME~1\Guest\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\Guest\APPLIC~1\bayt
[6|Dizin] C:\DOCUME~1\Guest\APPLIC~1\bayt boŸ

[23.12.2007|11:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\LOCALS~1\APPLIC~1\bayt
[3|Dizin] C:\DOCUME~1\LOCALS~1\APPLIC~1\bayt boŸ

[02.10.2006|08:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[16.09.2007|17:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[0|Dosya] C:\DOCUME~1\NETWOR~1\APPLIC~1\bayt
[4|Dizin] C:\DOCUME~1\NETWOR~1\APPLIC~1\bayt boŸ

[23.09.2008|16:04] C:\DOCUME~1\usr\APPLIC~1\Adobe
[26.10.2006|17:12] C:\DOCUME~1\usr\APPLIC~1\AdobeUM
[13.10.2008|18:37] C:\DOCUME~1\usr\APPLIC~1\Go-Go Gourmet Chef of the Year
[01.02.2008|12:43] C:\DOCUME~1\usr\APPLIC~1\Google
[10.10.2006|16:02] C:\DOCUME~1\usr\APPLIC~1\HP
[02.10.2006|12:14] C:\DOCUME~1\usr\APPLIC~1\Identities
[11.05.2008|10:34] C:\DOCUME~1\usr\APPLIC~1\Image Zone Express
[22.09.2007|22:33] C:\DOCUME~1\usr\APPLIC~1\InterVideo
[09.06.2008|16:55] C:\DOCUME~1\usr\APPLIC~1\iWin
[03.10.2006|09:05] C:\DOCUME~1\usr\APPLIC~1\Macromedia
[28.04.2008|19:28] C:\DOCUME~1\usr\APPLIC~1\Microsoft
[24.02.2009|16:25] C:\DOCUME~1\usr\APPLIC~1\Mozilla
[21.01.2009|17:51] C:\DOCUME~1\usr\APPLIC~1\PlayFirst
[16.09.2007|18:07] C:\DOCUME~1\usr\APPLIC~1\Printer Info Cache
[20.12.2008|19:54] C:\DOCUME~1\usr\APPLIC~1\QQ Games
[07.10.2006|09:33] C:\DOCUME~1\usr\APPLIC~1\Symantec
[20.12.2008|19:54] C:\DOCUME~1\usr\APPLIC~1\Tencent
[0|Dosya] C:\DOCUME~1\usr\APPLIC~1\bayt
[19|Dizin] C:\DOCUME~1\usr\APPLIC~1\bayt boŸ

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[24.02.2009 21:58][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[24.02.2009 21:58][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04.08.2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[26.10.2006|16:59] C:\Program Files\Adobe
[07.10.2006|09:23] C:\Program Files\Ahead
[20.12.2008|19:52] C:\Program Files\AIMTunes
[01.12.2008|21:51] C:\Program Files\Ares
[11.10.2008|13:24] C:\Program Files\AskSBar
[24.02.2009|16:42] C:\Program Files\Common Files
[02.10.2006|08:42] C:\Program Files\ComPlus Applications
[22.09.2007|22:18] C:\Program Files\Creative
[02.10.2006|12:36] C:\Program Files\DIFX
[25.04.2008|19:26] C:\Program Files\DVDVideoSoft
[06.03.2007|21:06] C:\Program Files\EA GAMES
[29.09.2007|22:11] C:\Program Files\EA Sports
[13.11.2006|16:35] C:\Program Files\Electronic Arts
[24.02.2009|18:25] C:\Program Files\ESET
[17.10.2008|21:35] C:\Program Files\Gamenext
[17.10.2008|21:36] C:\Program Files\GamesBar
[29.01.2008|18:41] C:\Program Files\Google
[10.10.2006|15:59] C:\Program Files\Hewlett-Packard
[16.09.2007|18:06] C:\Program Files\HP
[17.05.2008|11:27] C:\Program Files\Incomplete
[15.12.2007|21:04] C:\Program Files\InstallShield Installation Information
[02.10.2006|12:53] C:\Program Files\Intel
[22.09.2007|22:19] C:\Program Files\InterActual
[14.12.2008|13:44] C:\Program Files\Internet Explorer
[22.09.2007|22:41] C:\Program Files\InterVideo
[15.07.2008|14:29] C:\Program Files\Java
[07.10.2006|09:28] C:\Program Files\LifeView TVR
[17.05.2008|11:27] C:\Program Files\LimeWire
[03.10.2006|07:54] C:\Program Files\Marvell
[18.04.2007|21:29] C:\Program Files\Maxis
[02.09.2008|13:11] C:\Program Files\Messenger
[06.02.2009|18:30] C:\Program Files\Messenger Plus! Live
[25.11.2006|19:19] C:\Program Files\MessengerPlus! 3
[08.02.2007|12:01] C:\Program Files\Microsoft ActiveSync
[02.10.2006|08:46] C:\Program Files\microsoft frontpage
[21.07.2008|22:05] C:\Program Files\Microsoft Games
[24.11.2008|20:55] C:\Program Files\Microsoft Office
[23.01.2007|17:30] C:\Program Files\Microsoft Visual Studio
[13.07.2008|20:25] C:\Program Files\Microsoft Works
[08.02.2007|12:01] C:\Program Files\Microsoft.NET
[02.10.2006|08:43] C:\Program Files\Movie Maker
[24.02.2009|20:17] C:\Program Files\Mozilla Firefox
[24.11.2008|20:55] C:\Program Files\MSECache
[02.10.2006|08:41] C:\Program Files\MSN Gaming Zone
[01.09.2008|19:50] C:\Program Files\MSN Messenger
[27.09.2007|10:59] C:\Program Files\MSXML 4.0
[23.12.2006|21:45] C:\Program Files\NetMeeting
[02.10.2006|08:44] C:\Program Files\Online Services
[14.06.2007|22:16] C:\Program Files\Outlook Express
[18.01.2009|19:59] C:\Program Files\PhotoScape
[03.10.2007|12:46] C:\Program Files\Play65
[21.01.2009|17:50] C:\Program Files\PlayFirst
[07.06.2007|21:34] C:\Program Files\ReflexiveArcade
[07.06.2008|12:37] C:\Program Files\Ricochet Lost Worlds
[13.10.2006|15:51] C:\Program Files\SMC
[15.12.2007|21:04] C:\Program Files\STV
[15.07.2008|14:29] C:\Program Files\Sun
[25.09.2007|20:42] C:\Program Files\Symantec
[07.10.2006|09:28] C:\Program Files\Teletext
[20.12.2008|19:54] C:\Program Files\Tencent
[02.10.2006|12:14] C:\Program Files\Uninstall Information
[24.02.2009|22:37] C:\Program Files\Viewpoint
[06.03.2007|19:13] C:\Program Files\Winamp
[08.03.2008|18:13] C:\Program Files\Windows Live
[23.12.2007|11:37] C:\Program Files\Windows Media Connect 2
[23.12.2007|11:41] C:\Program Files\Windows Media Player
[02.10.2006|08:41] C:\Program Files\Windows NT
[02.10.2006|08:44] C:\Program Files\WindowsUpdate
[06.10.2006|07:55] C:\Program Files\WinRAR
[02.10.2006|08:46] C:\Program Files\xerox
[0|Dosya] C:\Program Files\bayt
[72|Dizin] C:\Program Files\bayt boŸ

--------------------\\ Listing Folders in C:\Program Files\Common Files

[26.10.2006|17:11] C:\Program Files\Common Files\Adobe
[07.10.2006|09:23] C:\Program Files\Common Files\Ahead
[23.02.2009|21:54] C:\Program Files\Common Files\AOL
[25.09.2007|20:21] C:\Program Files\Common Files\Cisco Systems
[08.02.2007|12:01] C:\Program Files\Common Files\DESIGNER
[25.04.2008|19:26] C:\Program Files\Common Files\DVDVideoSoft
[16.09.2007|18:06] C:\Program Files\Common Files\HP
[22.09.2007|22:18] C:\Program Files\Common Files\InstallShield
[22.09.2007|22:38] C:\Program Files\Common Files\InterVideo
[04.01.2007|18:42] C:\Program Files\Common Files\Java
[08.02.2007|12:01] C:\Program Files\Common Files\L&H
[13.07.2008|20:24] C:\Program Files\Common Files\Microsoft Shared
[02.10.2006|08:43] C:\Program Files\Common Files\MSSoap
[09.06.2008|16:53] C:\Program Files\Common Files\Oberon Media
[02.10.2006|11:28] C:\Program Files\Common Files\ODBC
[02.10.2006|08:43] C:\Program Files\Common Files\Services
[20.12.2008|19:51] C:\Program Files\Common Files\Software Update Utility
[02.10.2006|11:28] C:\Program Files\Common Files\SpeechEngines
[25.09.2007|20:42] C:\Program Files\Common Files\Symantec Shared
[17.01.2009|17:49] C:\Program Files\Common Files\System
[08.03.2008|18:14] C:\Program Files\Common Files\WindowsLiveInstaller
[0|Dosya] C:\Program Files\Common Files\bayt
[23|Dizin] C:\Program Files\Common Files\bayt boŸ

--------------------\\ Process

( 37 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 22:38:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Searching for other infections


No other infections found !

[F:6312][D:149]-> C:\DOCUME~1\usr\LOCALS~1\Temp
[F:13][D:0]-> C:\DOCUME~1\usr\Cookies
[F:4242][D:25]-> C:\DOCUME~1\usr\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 24.02.2009|22:15 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 24.02.2009|22:39 - Option : [2]

--------------------\\ Scan completed at 22:39:14

Okay, now I'm confused.
Are you running tools on both machines? I want to work on one machine, then the other, otherwise it will cause problems for me.

Please run DDS for your sisters machine, instructions here:
http://www.geekpolice.net/virus-spyware-malware-removal-f11/lop-problem-t6996.htm#42957

yes sorry for chaos that i caused:( because of our anxiety i run the tools for both machines.. now that she had to sleep i cant work on her pc and now on my own pc only.. i did what you say till the option 2 step for both machines.. and i didnt download dds yet.. did my explanations help you to get rid of confusion? now should i follow your instructions for my pc? ( if its under threat i couldn't understand this part) and may be tomorrow i cant try the same path for her machine..

Okay, we'll do your machine for now.

And you aren't under attack, but this is caused by something you did without realizing.
The LOP infection is brought on when you install Messenger Plus! with sponsors, the messenger is legit, the sponsors is an infection.
I can see from LOP S&D that Messenger Plus! is installed here, so we'll uninstall it and re-install it without sponsors.

Please run DDS from YOUR machine.

i even didn't know and still am not sure that i have messenger plus.. i know my sister has it but.. my machine i dont think so.. but if you say i have it you must be right:) here is DDS log form MY machine..



DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 23:08:43,76 on 24.02.2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.2046.1497 [GMT 2:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.tr/
mDefault_Page_URL = hxxp://www.google.com.tr/
uInternet Settings,ProxyServer = libpxy.cc.yildiz.edu.tr:81
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [NodLogin] c:\program files\eset\nodlogin.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\progra~1\balang~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Microsoft Excel'e &Ver - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\dk994s4c.default\
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\dk994s4c.default\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}\components\FFAlert.dll
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-2-8 15424]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-2-8 552064]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Dönüştürücüsü;c:\windows\system32\drivers\ADM8511.SYS [2008-11-10 20160]

=============== Created Last 30 ================

2009-02-24 22:04 --d----- C:\Lop SD
2009-02-22 02:24 268 a---h--- C:\sqmdata03.sqm
2009-02-22 02:24 244 a---h--- C:\sqmnoopt03.sqm
2009-02-21 20:19 268 a---h--- C:\sqmdata02.sqm
2009-02-21 20:19 244 a---h--- C:\sqmnoopt02.sqm
2009-02-21 18:46 268 a---h--- C:\sqmdata01.sqm
2009-02-21 18:46 244 a---h--- C:\sqmnoopt01.sqm
2009-02-21 16:24 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-02-21 16:15 --d----- c:\docume~1\alluse~1\applic~1\KONAMI
2009-02-21 16:11 --d----- c:\program files\KONAMI
2009-02-16 22:55 268 a---h--- C:\sqmdata00.sqm
2009-02-16 22:55 244 a---h--- C:\sqmnoopt00.sqm
2009-02-15 17:59 a-dshr-- C:\autorun.inf
2009-02-13 12:44 --d----- C:\_OTMoveIt
2009-02-08 21:09 664 a------- c:\windows\system32\d3d9caps.dat
2009-02-08 21:07 512,096 a------- c:\windows\system32\drivers\amon.sys
2009-02-08 21:07 298,104 a------- c:\windows\system32\imon.dll
2009-02-08 21:07 15,424 a------- c:\windows\system32\drivers\nod32drv.sys
2009-02-02 20:45 230 a------- c:\windows\system32\spupdsvc.inf

==================== Find3M ====================

2009-02-24 17:28 413,744 a------- c:\windows\system32\perfh01F.dat
2009-02-24 17:28 82,292 a------- c:\windows\system32\perfc01F.dat

============= FINISH: 23:08:58,03 ===============

Hello.
There are a few things we can throw, so I want to see what's installed.

• Open HijackThis
  
• Click "Open the Misc Tools section"
  
• Click "Open Uninstall Manager"
  
• Click "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.57
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Ares 2.1.0
Babylon
BS.Player FREE
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
Java(TM) 6 Update 4
K-Lite Codec Pack 3.7.0 Full
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Turkish Language Pack
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - TRK
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Turkish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Turkish) 2007
Microsoft Office Groove MUI (Turkish) 2007
Microsoft Office InfoPath MUI (Turkish) 2007
Microsoft Office OneNote MUI (Turkish) 2007
Microsoft Office Outlook MUI (Turkish) 2007
Microsoft Office PowerPoint MUI (Turkish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Turkish) 2007
Microsoft Office Proofing (Turkish) 2007
Microsoft Office Publisher MUI (Turkish) 2007
Microsoft Office Shared MUI (Turkish) 2007
Microsoft Office Word MUI (Turkish) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.6)
Nero 8 Lite 8.3.6.0
NOD32 antivirus system
NVIDIA Drivers
OpenOffice.org 2.3
OpenOffice.org 2.3 Language Pack (Türkçe)
Picasa 2
Pro Evolution Soccer 2009
QuickSnooker
Realtek High Definition Audio Driver
Steam
Texas Instruments PCIxx21/x515 drivers.
Winamp (remove only)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 11 (KB936782) için Güvenlik Güncelleştirmesi
Windows Media Player 11 (KB939683) için Düzeltme
Windows Media Player 11 (KB954154) için Güvenlik Güncelleştirmesi
Windows Search 4.0
Windows XP (KB941569) için Güvenlik Güncelleştirmesi
Windows XP için Düzeltme (KB952287)
Windows XP için Güncelleştirme (KB898461)
Windows XP için Güncelleştirme (KB951072-v2)
Windows XP için Güncelleştirme (KB951978)
Windows XP için Güvenlik Güncelleştirmesi (KB938464)
Windows XP için Güvenlik Güncelleştirmesi (KB950762)
Windows XP için Güvenlik Güncelleştirmesi (KB950974)
Windows XP için Güvenlik Güncelleştirmesi (KB951066)
Windows XP için Güvenlik Güncelleştirmesi (KB951376-v2)
Windows XP için Güvenlik Güncelleştirmesi (KB951698)
Windows XP için Güvenlik Güncelleştirmesi (KB952954)
Windows XP için Güvenlik Güncelleştirmesi (KB954211)
Windows XP için Güvenlik Güncelleştirmesi (KB956390)
Windows XP için Güvenlik Güncelleştirmesi (KB956391)
Windows XP için Güvenlik Güncelleştirmesi (KB956803)
Windows XP için Güvenlik Güncelleştirmesi (KB956841)
Windows XP için Güvenlik Güncelleştirmesi (KB957095)
Windows XP için Güvenlik Güncelleştirmesi (KB958644)
WinRAR archiver

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

7-Zip 4.57 <== old version, will update soon
Ares 2.1.0 <== P2P, see my note below
Java(TM) 6 Update 4 <== old version, will update soon
WinRAR archiver <== not needed since 7zip is installed

P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

I see the OTMoveIt folder still on your C drive, but I can't remember if you still have the executable file for it, so if not, here is the instructions.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  C:\sqmdata*.sqm
  C:\sqmnoopt*.sqm
  C:\Lop SD
  C:\Documents and Settings\Owner\Desktop\dds.scr
  C:\Program Files\Viewpoint
  C:\Program Files\LimeWire
  C:\Program Files\AskSBar
  C:\Program Files\Ares
  C:\Program Files\GamesBar
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

hello again here is otmoveıt log of my machine..

========== FILES ==========
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\Lop SD\Backup-Lop\Reg moved successfully.
C:\Lop SD\Backup-Lop\Hosts moved successfully.
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\LOCALS~1\Temp moved successfully.
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\LOCALS~1 moved successfully.
C:\Lop SD\Backup-Lop\DOCUME~1\Owner moved successfully.
C:\Lop SD\Backup-Lop\DOCUME~1 moved successfully.
C:\Lop SD\Backup-Lop moved successfully.
Folder move failed. C:\Lop SD scheduled to be moved on reboot.
C:\Documents and Settings\Owner\Desktop\dds.scr moved successfully.
File/Folder C:\Program Files\Viewpoint not found.
File/Folder C:\Program Files\LimeWire not found.
File/Folder C:\Program Files\AskSBar not found.
File/Folder C:\Program Files\Ares not found.
File/Folder C:\Program Files\GamesBar not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02242009_234552

Files moved on Reboot...
C:\Lop SD moved successfully.

Okay, lets finish up here.

• Please double-click OTMoveIt3.exe to run it again.
  
• Press the green CleanUp! button.
  
• Press Yes cleanup process prompt.
  
• It will start cleaning now, and will want to reboot after, please allow it to do so.
  
• It will make a log of what it has removed, but I don't need to see the log.
  

Lets update the software now.
Download and install the latest version of 7zip from here:
http://downloads.sourceforge.net/sevenzip/7z465.exe

Then update Java:

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 12.
  
• Select the first option where it says "This release includes the highly anticipated...".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  - Examples of older versions in Add or Remove Programs:
  - Java 2 Runtime Environment, SE v1.4.2
  - J2SE Runtime Environment 5.0
  - J2SE Runtime Environment 5.0 Update 2
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
  

Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

• First, unzip it.
  
• Then run JavaRa. (If you are running Vista, you will need to right click JavaRa > select "Run as administrator")
  
• Select English from the drop down menu and press Select.
  
• This will open JavaRa.
  
• Press Remove older versions
  
• Press yes to the prompt.
  
• It will make a log file of what it's removed.
  
• Copy and paste the log back here.
  

Let me know how the machine is running now.