Zlob AdWare/Trojan!?

[PurePwnage]

Still have pop ups with...porn images and warnings?
That's somehow unbelievable, lol.

• Open HijackThis.
• Click on Open the Misc Tools section.
• Look under System tools.
• Click on the Open Uninstall Manager... button.
• Click on the Save list... button.
• It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
• Notepad will open. Please copy and paste the contents of this log in your next reply.

See in this link details.
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

No, I don't still have it. I've been on safe mode since I tried it and got BSOD during startup a couple days ago. I don't know if it's working yet, I guess it's worth a shot if you say it's good to go?

Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Reader 7.0.7
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
AIM 6
America's Army
Apple Mobile Device Support
Apple Software Update
Backyard Baseball 2003
Belkin Range Extender
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Camtasia Studio 4
Core FTP LE 2.1
Dev-C++ 5 beta 9 release (4.9.9.2)
Dual-Core Optimizer
EA SPORTS online 2005
Encode360
ffdshow [rev 2019] [2008-06-22]
FlashGet 1.9.6.1073
FoxyTunes for Firefox
Gigabyte GN-WP01GS
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 3
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech Gaming Software 5.02
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 SDK - ENU
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Basic Edition 2003
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Mozilla Firefox (2.0.0.16)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MVP Baseball 2005
NVIDIA Drivers
PDF Settings
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Project64 1.6
QuickTime
Realtek High Definition Audio Driver
SCAR 1.12
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
SHOUTcast DNAS (remove only)
SopCast 1.1.2
Subversion 1.4.5-r25188
System Requirements Lab
The Sims 2
TuneUp Utilities 2008
TVAnts 1.0
UltraMon
VideoLAN VLC media player 0.8.6c
WhatPulse 1.5
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XAMPP 1.6.7
Xfire (remove only)
Yahoo! Install Manager
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

Do you think I'm good to go?

EDIT: I just booted into normal mode. No strange icons, slow downs, anything yet. Is it safe to delete any of the programs you sent me?

 

[GameMaster]

Yes, it is. Also, the log is clean and your computer appears to be clean.
Please get back here if your computer starts lagging again

 

[PurePwnage]

Yes, it is. Also, the log is clean and your computer appears to be clean.
Please get back here if your computer starts lagging again

Yeah, buddy, problem.

I was on for 20 minutes today, normal mode. Web pages were often freezing up, not responding. I got rid of McAfee because it was ceasing to work and put on Kaspersky. It came up with a trojan warning and started deleting it. Then it did a couple restarts and wouldn't log on the first time.... and now when I try to log on, whether it is safe mode or normal mode, it logs on for a tenth of a second, then starts logging off again.

Please, what do I do??? Should I just reformat?

 

[ceewi1]

With backdoor trojans such as this, many experts believe that the system can never be completely trusted and that a reformat and reinstall of the OS is the best course of action.

We should be able to get your system working again, at least. It is likely that userinit.exe has been deleted. Do you have your Windows CD? If so, please do the following:

1. Boot from your Windows CD and press R to "repair the Windows XP installation using Recovery Console" when prompted.
2. Select your Windows installation from the list and type your Administrator password if asked.
3. Type the following commands, pressing Enter after each:
   D:
   cd I386
   expand userinit.ex_ c:\Windows\System32
   
   Note: If your CD-ROM drive has a letter other than D:, please substitute D for the letter of your CD-ROM in the first command.
4. You should now see "1 file(s) copied". Please remove your Windows CD and reboot. Please tell me if you can login normally.

 

[PurePwnage]

With backdoor trojans such as this, many experts believe that the system can never be completely trusted and that a reformat and reinstall of the OS is the best course of action.

We should be able to get your system working again, at least. It is likely that userinit.exe has been deleted. Do you have your Windows CD? If so, please do the following:

1. Boot from your Windows CD and press R to "repair the Windows XP installation using Recovery Console" when prompted.
2. Select your Windows installation from the list and type your Administrator password if asked.
3. Type the following commands, pressing Enter after each:
   D:
   cd I386
   expand userinit.ex_ c:\Windows\System32
   
   Note: If your CD-ROM drive has a letter other than D:, please substitute D for the letter of your CD-ROM in the first command.
4. You should now see "1 file(s) copied". Please remove your Windows CD and reboot. Please tell me if you can login normally.

Thanks for the help. I had already reformatted...let's just hope Windows will find my key genuine. I always have a problem w/ this part.

 

[cohen]

Thanks for the help. I had already reformatted...let's just hope Windows will find my key genuine. I always have a problem w/ this part.

If it doesn't call Microsoft and say it is a reinstall and they will issue a new key for you.