I ran ATF Cleaner and in safe mode I ran AdAware with updates. I DL AVG antispyware but had error messages saying connection failed while trying to install it. I got rid of it and DL it from a different location and had the same problem so I skipped it. I then ran SUPERAntiSpyware, Panda Activescan, and my AVG Antivirus with updates. My AVG found another instance of the LOP trojan and this was after a whole day of getting no AVG popup warnings so the fact that I am not getting any AVG popups now doesn't really mean much to me. Below are my logs.
<<edit>> I have since uninstalled Mob Masher using the Windows uninstall programs utility
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/09/2007 at 02:50 AM
Application Version : 3.9.1008
Core Rules Database Version : 3321
Trace Rules Database Version: 1322
Scan type : Complete Scan
Total Scan Time : 02:32:24
Memory items scanned : 407
Memory threats detected : 0
Registry items scanned : 6601
Registry threats detected : 9
File items scanned : 152936
File threats detected : 33
Adware.IWantSearchBar
HKU\S-1-5-21-1999487287-3242104546-2654208912-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Adware.MyWay
HKU\S-1-5-21-1999487287-3242104546-2654208912-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}
Adware.180solutions/ZangoSearch
C:\Program Files\Zango Programs\Common\Zango.ico
C:\Program Files\Zango Programs\Common
C:\Program Files\Zango Programs\Mob Masher\Mob Masher.exe
C:\Program Files\Zango Programs\Mob Masher
C:\Program Files\Zango Programs
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107075.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107076.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107077.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107078.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107080.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107081.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107082.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107083.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107084.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107085.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107087.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107095.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107096.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107097.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107098.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP826\A0107104.DLL
Adware.MediaMotor
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\System32\safe.tlb [ ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/safe.tlb
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/safe.tlb#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/safe.tlb#{5526B4C6-63D6-41A1-9783-0FABF529859A}
C:\WINDOWS\Downloaded Program Files\amm06.inf
C:\WINDOWS\System32\safe.tlb
C:\WINDOWS\mm06y.ini
Adware.MediaMediatickets
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx#{9EB320CE-BE1D-4304-A081-4B4665414BEF}
Adware.AdSponsor/ISM
C:\Documents and Settings\Craig\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Craig\Start Menu\Programs\Internet Speed Monitor
Adware.GloboLook
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\ICONS\MISCA_ICO\MISCA96.ICO
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\ICONS\MISCB_ICO\MISCB53.ICO
Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\UFIZ\UFIZD\CLASS-BARREL
Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\MASTER12.DLL
Trojan.WinFixer
C:\WINDOWS\SYSTEM32\SSTQQ.DLL
Trojan.TWINK64
C:\WINDOWS\SYSTEM32\TWINK64.EXE
Trojan.Unknown Origin
C:\WINDOWS\TEMPF.TXT
Incident Status Location
Adware:adware/elitebar Not disinfected Windows Registry
Adware:adware/sidesearch Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Craig\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Krysta\Application Data\Mozilla\Firefox\Profiles\nb1fsym5.default\cookies.txt[searchportal.information.com/]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:55 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\apache\mysql\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
c:\apache\APACHE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\apache\APACHE.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1187562101\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\cleaningprograms\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187562101\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095903858332
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.installen...ne/isetupml.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan....bs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.co...snmusax3112.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: nnnllli - C:\WINDOWS\SYSTEM32\nnnllli.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8972 bytes
Edited by freakybeavis, 09 October 2007 - 09:16 PM.