desperate request for assistance. logs inside.

Question

geesixty 0 Newbie Poster

15 Years Ago

Well it seems that this background changing virus has gotten me good. I have been in safe mode w/ networking just to be able to download Mlb, Hjt, and kaspersky. Any help is greatly appreciated!

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

11:16:12 AM 8/25/2008
mbam-log-08-25-2008 (11-15-53).txt

Scan type: Quick Scan
Objects scanned: 115212
Time elapsed: 43 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 61
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 20
Files Infected: 80

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\urqQkLFy.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nnnLbyvW.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ayqqbm.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10537936-09a9-498a-afd7-5f9812d5a665} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{10537936-09a9-498a-afd7-5f9812d5a665} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d13e92fb-b19a-49c0-aee6-29e4d74aa202} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d13e92fb-b19a-49c0-aee6-29e4d74aa202} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffb64cfe-b832-48fc-980d-5b9bb2198f39} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlbyvw (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ffb64cfe-b832-48fc-980d-5b9bb2198f39} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\clientax.zangoclientax (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\clientax.zangoclientax.1 (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\sb6.strangebho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\sb6.strangebho.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0985c112-2562-46f2-8da6-92648ba4630f} (Adware.ISTBar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe} (Adware.ISTBar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610} (Adware.Delphinmediaviewer) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3ed808d8-9119-4757-b7be-40c463452f87} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{41700749-a109-4254-af13-be54011e8783} (Adware.Delphinmediaviewer) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{459f4226-1aab-43b6-9dc1-b6313ef83749} (Rogue.WinAntivirus) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{580eb069-9905-4a04-a20c-ad6598d8c0a3} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{67a89831-6bc7-4cc0-a2c3-560f9a581e64} (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{dd469a88-316c-441d-b712-783d9b9a6707} (Adware.180Solutions) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0b9b7b2e-30e3-4c5d-ad2c-c38724979b4b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2a5c2e6d-864b-4f2c-9542-8b272741d78b} (Rogue.WinAntivirus) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6f520be0-9b54-4558-816f-224e67997df3} (Rogue.WinAntivirus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429} (Adware.ISTBar) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df} (Adware.ISTBar) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{55149956-1a81-44f8-a00a-f9cf7ca03329} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073} (Adware.Delphinmediaviewer) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5} (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{d28cd14c-50be-4cfa-951e-b37f25da3472} (Adware.180Solutions) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b9b7b2e-30e3-4c5d-ad2c-c38724979b4b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{01e23480-fce6-4b6f-9930-4c38dd55eecd} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{39762228-f40f-46d1-979c-393fce6e5b64} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusremover2008 (Rogue.VirusRemove) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\uwap7.pcheck.1 (Rogue.WinAntivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ffb64cfe-b832-48fc-980d-5b9bb2198f39} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stuninst (Trojan.Fakealert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virusremover2008 (Rogue.VirusRemove) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqqklfy -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqqklfy -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55277-OEM-0011903-00103) -> No action taken.

Folders Infected:
C:\Program Files\Common Files\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\SystemDoctor 2006 Free (Rogue.SystemDoctor) -> No action taken.
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> No action taken.
C:\Program Files\WinMsg (Trojan.Fakealert) -> No action taken.
C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> No action taken.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\LAURA\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\LAURA\Application Data\WinAntiVirus Pro 2007\Logs (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\VirusRemover2008 (Rogue.VirusRemove) -> No action taken.

Files Infected:
C:\WINDOWS\system32\urqQkLFy.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yFLkQqru.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yFLkQqru.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ayqqbm.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nnnLbyvW.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll (Rogue.WinAntivirus) -> No action taken.
C:\WINDOWS\emtb.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\vtqnxfko.dll (Trojan.Zlob) -> No action taken.
C:\WINDOWS\system32\byXPJDvu.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log (Rogue.WinAntivirus) -> No action taken.
C:\Program Files\Common Files\WinAntiVirus Pro 2007\mfc71.dll (Rogue.WinAntivirus) -> No action taken.
C:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcp71.dll (Rogue.WinAntivirus) -> No action taken.
C:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcr71.dll (Rogue.WinAntivirus) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\001B1578.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\016396F1.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\016410E4.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\02D2A158.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\02D3B142.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\02D9886F.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\02DC8072.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\02DCA0AC.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\02DE0AAC.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\02E28A48.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0544ED51.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\06C80C39.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\06C868DF.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0A5F566B.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0A5FB302.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0A5FD0EA.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0A5FFF2E.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\14E03733.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\016410E4.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\02D2A158.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\02D3B142.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\02D9886F.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\02DC8072.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\02DCA0AC.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\02DE0AAC.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\02E28A48.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\0544ED51.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\06C80C39.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\06C868DF.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\0A5F566B.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\0A5FB302.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\0A5FD0EA.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\0A5FFF2E.jpg (Adware.MyWebSearch) -> No action taken.
C:\Program Files\SystemDoctor 2006 Free\mfc71.dll (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\SystemDoctor 2006 Free\msvcp71.dll (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\SystemDoctor 2006 Free\msvcr71.dll (Rogue.SystemDoctor) -> No action taken.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> No action taken.
C:\Program Files\WinMsg\sb_bar.css (Trojan.Fakealert) -> No action taken.
C:\Program Files\WinMsg\sb_bar.htm (Trojan.Fakealert) -> No action taken.
C:\Program Files\WinMsg\sb_config.ini (Trojan.Fakealert) -> No action taken.
C:\Program Files\WinMsg\sb_ep.htm (Trojan.Fakealert) -> No action taken.
C:\Program Files\WinMsg\uinst.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\VirusRemover2008\Viruses.bdt (Rogue.VirusRemove) -> No action taken.
C:\Program Files\VirusRemover2008\VRM2008.exe (Rogue.VirusRemove) -> No action taken.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\LAURA\Application Data\WinAntiVirus Pro 2007\avtasks.dat (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\LAURA\Application Data\WinAntiVirus Pro 2007\CookieList.dat (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\LAURA\Application Data\WinAntiVirus Pro 2007\history.db (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\LAURA\Application Data\WinAntiVirus Pro 2007\PGE.dat (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\LAURA\Application Data\WinAntiVirus Pro 2007\Logs\update.log (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\LAURA\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\LAURA\Application Data\WinAntiVirus Pro 2007\Logs\winav.log (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\VirusRemover2008\VirusRemover2008.lnk (Rogue.VirusRemove) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\blphcekhj0eeaa.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcekhj0eeaa.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:42 AM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
O2 - BHO: QXK Olive - {0A0AC612-42C3-4E93-981D-54BA756BC15E} - C:\WINDOWS\twmxbsqrsqm.dll
O2 - BHO: QXK Olive - {28D932ED-9984-45F9-937A-25607B79E2BC} - C:\WINDOWS\twmxbsqrqwe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
O3 - Toolbar: rafbsvnx - {99F2DC38-9687-4F45-B3F2-F815363D42CD} - C:\WINDOWS\rafbsvnx.dll
O3 - Toolbar: rafbsvnx - {1B27DC3F-A487-486D-BBA8-CA45373B1457} - C:\WINDOWS\rafbsvnx.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AVa.exe] c:\windows\system32\AVa.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com/start.html
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157649450276
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - AppInit_DLLs: ayqqbm.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O22 - SharedTaskScheduler: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

--
End of file - 8973 bytes

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 27, 2008 02:43:45
Records in database: 1149792
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 94095
Threat name 22
Infected objects 2913
Suspicious objects 0
Duration of the scan 03:54:54

File name Threat name Threats count
C:\Documents and Settings\ALEXA\Incomplete\T-3566446-06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\0.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\07HpS2ceK.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\0BMp.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\0FDp.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\0fGwc.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\0J.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\0j8GBY.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\0KRl.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\0nCKoSjC.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\0nIMi4U5.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\0pl.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\0v.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\0vMeHf.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\0ZB0FSPk.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\0ZV.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\12ix.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\18.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1BtAQG.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1dEtNwv.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1F7.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1ge.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1L.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1lI.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1Lq6OJ.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1nkg0x9Vr.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1no0.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1nvEH.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1O.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1ocNZReK.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1VV5Oi.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\1w6XNSCp.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\24MiSI.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\26ak5L.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2aH.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2eilvHAp.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2enlYGG.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2GocXW.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2Hgr.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2IkE.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2LP8Np4d4.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2MGd.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2MN2.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2oewS.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2PmjswG6X.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2TXf.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2x.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\2zx8Rumr.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\3.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\31Q.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\366vPtx.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\37Q.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\3fG45jan.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\3k92bmfQ.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\3KPc.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\3xv.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\429hiQ.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\43.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\47Cf.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4Br1ovo.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4Cx.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4E.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4eM.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4ht.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4ip.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4j8nQiC.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4JI.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4P5I2.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4QR0.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4Rwx.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4rZhzLOQe.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4sNg7.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4T.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4Tp.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4tTztcN.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4Ug8vOe.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\4UiQ.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\51j.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5Azd.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5CaP.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5csws.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5hTsim4T.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5J.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5Kr.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5lqDYtGN.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5LWnSi2o.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5MZ0bZL.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5PHC7U4l.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5pQ.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5qRT.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5sAQtHZA.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5unAaY8w.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5utQo.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5WQb6Naz.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5XEuj8h0.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5xV0aDe.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5yUQJo.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\5zQDo.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\6.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\61JF.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\6bnnoy.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\6fTeu.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\6k37q2.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\6kji5vz.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\6LKoAga.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\6m.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\6nQRmd4.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\6RbDNHo0.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\6RSuLY.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\6Ty9.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\6w.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\6yGPj.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\6YXT.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\7.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\75.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\77.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\77v.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\7dYGrpFu.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\7GeBAzPZG.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\7jak.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\7k9.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\7lLW.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\7MxKPE7ht.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\7N.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\7o.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\7owq44HSF.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\7uxu9Iznq.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\7X2B4I.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\7XUH.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\7Y.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\80rUF.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\83Zk.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\88e.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\8fm6JuZvH.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\8g.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\8HCNyD.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\8I.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\8i3kHX.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\8MXXf.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\8RuYt.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\8sUv.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\8tHOO.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\8VYoz.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\8XEaZ.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\8yE.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\9.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\92Ydc69h.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\94Ja.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\97ot.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\98b9M9.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\9A.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\9mfXj.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\9MJa2.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\9n.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\9nYV.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\9TU.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\9u1.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\9VsJ.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\9Z6dJuid.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\A.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\A2S.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\A4F30lI.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\A6w0R.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\A92YJkKP.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\a9KUpNIU.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\a9xeGN.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\Ab0n3.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\aBYhoz7X.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\aciV5w.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\AcJ.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\Ae.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\AGCZi.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\aJ21W.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\AJsWC5.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\ajX.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\aKQynSB.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\ALfmP2W.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\aLPsinv1l.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\aLqqf.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\anMoA.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\aOo.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\AQkU9.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\aRO.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\aRP.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\atIu.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\AU5PXA0u.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\Av8w.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\AvbiNp1.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\Aw.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\AWQVv0c.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\AyEn.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\az2.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\B.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\B4g.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\B5oVbvT.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\b5RU.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\B8Qw.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\BA7EEz.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\ba7Qqn.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\bAC.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\BB.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\BC5u6k.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\bCs.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\bdG.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\bEfuh.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\BiDZ9Ito.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\BJ.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\BKWHbKUU.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\bl.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\BlbJik.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\BM.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\bMyktxGf1.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\bO7.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\BP.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\bP3V75.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\bPUY.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\bqY6jTUO2.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\BR.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\brY9.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\bS.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\BsAv7LUU.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\BUOS5x.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\BVxKgHucm.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\Bx.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\BXoYQ.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\by1yH.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\bZ.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\C.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\c3y.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\c84FjZ.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\Cb.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\CC.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\CCN.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\CcPJtQD.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\CeR2.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\cf.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\cg0SuSUh.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\ch6Vp5vL.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\CI0Yu.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\ciJJ.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\CKOK.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\clCYXF.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\cmgHxjy.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\CnyBgY9U.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\CO0.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\coanNgK.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\CoqQ.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\cp.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\CTD51LhOr.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\cTZ8LSr0x.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\cvaye.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\cVGF.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\CX5.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\CzQtcQ.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\d.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\D2Yyy3eWT.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\d72CTw7.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\D94YLdBQE.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\d9CH.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\d9UEJWlb.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\DAJn.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\DBqxNQ2.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\DcW.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\DdM.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\DeF.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\dEOeVKI.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\Dewg.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\dgJp6xLA1.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\dh.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\dhCFZu.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\dHp1An.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\dhTMO.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\dI.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\diAW6RQqC.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\DjV9G10U.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\dOjeUj.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\dpu5TTe4.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\DQAS0.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\dR.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\DsKfqVxcF.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\dvRIWH.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\Dy.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\Dy3zQz.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\DYDPC.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\dyv5.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\E.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\E0iM9kptb.dll Infected: not-a-virus:AdWare.Win32.Midadle.e 1
C:\Documents and Settings\ALEXA\Local Settings\Tempold\e0uEVu82.dll

windows-virus

2 Contributors
7 Replies
3K Views
1 Week Discussion Span
Latest Post 15 Years Ago Latest Post by jholland1964

All 7 Replies

jholland1964 650 Posting Expert

15 Years Ago

Please Download ATF-Cleaner.exe by Atribune (Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.
-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

Next run Malwarebytes' Anti-Malware program again, be sure to UPDATE it first, and this time when it is finished Be sure that everything is checked, and click Remove Selected.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked , and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

After you have done all of the above, and saved the logs, then run HJT again and save that new log. Post back here with those three attached logs.

jholland1964 650 Posting Expert

15 Years Ago

Please re-run Malwarebytes'-Anti-Malware and have if FIX everything found.
Next run HouseCall and also have it fix everything found.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

geesixty 0 Newbie Poster · Answer 1 · 2008-08-29T11:33:50+00:00

Hi, thanks for the help, again. Anyways kept getting an error while trying to run Eset- error updating(108). In the meantime, ran atf cleaner, malwarebytes, and Hjt. Logs below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:01 PM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/MTE3MTA=/2/3948/free1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: AutorunsDisabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm045
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com/start.html
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157649450276
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - AppInit_DLLs: ayqqbm.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O22 - SharedTaskScheduler: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

--
End of file - 10871 bytes

Malwarebytes' Anti-Malware 1.25
Database version: 1090
Windows 5.1.2600 Service Pack 2

10:54:51 PM 7/28/2008
mbam-log-07-28-2008 (22-53-50).txt

Scan type: Full Scan (C:\|)
Objects scanned: 132354
Time elapsed: 2 hour(s), 51 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{774b549d-c6e5-4494-be57-72f9776b5f11} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5fcb8fff-5ebd-4e5c-99b5-2b907c4ee50c} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{f37b97e7-299a-4fa1-b9d9-acc861363d24} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7052b97d-5e40-4199-ba38-e3f0ef329e75} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1b27dc3f-a487-486d-bba8-ca45373b1457} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{99f2dc38-9687-4f45-b3f2-f815363d42cd} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\rafbsvnx.btqk (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\rafbsvnx.bxlb (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\rafbsvnx.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\drivecleaner 2006 free (Rogue.DriveCleaner) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2007 (Rogue.WinAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1b27dc3f-a487-486d-bba8-ca45373b1457} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99f2dc38-9687-4f45-b3f2-f815363d42cd} (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\AUSTIN\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\AUSTIN\Application Data\WinAntiVirus Pro 2007\Logs (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\AUSTIN\Application Data\SystemDoctor 2006 Free (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\AUSTIN\Application Data\SystemDoctor 2006 Free\Logs (Rogue.SystemDoctor) -> No action taken.

Files Infected:
C:\Documents and Settings\AUSTIN\Local Settings\Temp\jfahirko.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\AUSTIN\Local Settings\Temp\wdffrrrb.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\AUSTIN\Application Data\WinAntiVirus Pro 2007\avtasks.dat (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\AUSTIN\Application Data\WinAntiVirus Pro 2007\history.db (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\AUSTIN\Application Data\WinAntiVirus Pro 2007\PGE.dat (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\AUSTIN\Application Data\WinAntiVirus Pro 2007\Logs\update.log (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\AUSTIN\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\AUSTIN\Application Data\WinAntiVirus Pro 2007\Logs\winav.log (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\AUSTIN\Application Data\SystemDoctor 2006 Free\Logs\update.log (Rogue.SystemDoctor) -> No action taken.
C:\WINDOWS\rafbsvnx.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\AUSTIN\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRemover2008.lnk (Rogue.VirusRemove) -> No action taken.
C:\Documents and Settings\AUSTIN\Favorites\Online Security Test.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\AUSTIN\Favorites\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\AUSTIN\Favorites\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\AUSTIN\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.

geesixty 0 Newbie Poster · Answer 2 · 2008-09-01T23:02:27+00:00

As asked, three logs: Hjt, Mlb, and Eset. Again, thanks a lot!

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3401 (20080829)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=95f797aaf122b442a6cd5615b68ded6a
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-07-31 11:27:09
# local_time=2008-07-31 05:27:09 (-0700, Mountain Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=279579
# found=45
# scan_time=10482
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\3zfUd.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\4SyWH.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\a7PiHGy.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\aj9p.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\B.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\B6bUUwXZO.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\Cgpjw.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\D3.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\Il.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\JOZH0Im.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\oNtW4xyBp.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\p0r.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\pG6ojb.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\R8.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\rm1bq.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\SZaO.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\UeA.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\w.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\AUSTIN\Local Settings\TempNew\yUBzUH.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\1.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\7x.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\93Ev530lR.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\AVQUIprl0.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\dXbVC4S7.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\i10.tmp a variant of Win32/Adware.SurfSideKick application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\i16.tmp a variant of Win32/Adware.SurfSideKick application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\o.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\ued5amx7i_.exe a variant of Win32/Adware.SAHAgent application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\VXAtULZ.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\XVbYs7f.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\Y9gnZ2pGi.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\ICD1.tmp\GRInstall.exe a variant of Win32/Adware.SAHAgent application (deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\ICD1.tmp\GRInstall.exe »NSIS »bundlep.exe a variant of Win32/Adware.SAHAgent application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\ICD2.tmp\GRInstall.exe a variant of Win32/Adware.SAHAgent application (deleted) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\ICD2.tmp\GRInstall.exe »NSIS »bundlep.exe a variant of Win32/Adware.SAHAgent application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\LAURA\Local Settings\Tempold\RIB\aurareco.exe a variant of Win32/Adware.BetterInternet application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\MARK\Local Settings\Tempold\8PuKq4II.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\MARK\Local Settings\Tempold\Dtr.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\MARK\Local Settings\Tempold\FccOiN99.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\MARK\Local Settings\Tempold\JkaUK528Y.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\MARK\Local Settings\Tempold\L9RuxBpQ.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\MARK\Local Settings\Tempold\Nb2w6lTdw.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\MARK\Local Settings\Tempold\nrBWeMjc.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\MARK\Local Settings\Tempold\telH.dll Win32/Adware.MidADdle application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\ebel.exe a variant of Win32/Adware.Vapsup.AP application (unable to clean - deleted) 00000000000000000000000000000000

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06: VIRUS ALERT!, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Windows OneCare Live\GtCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm045
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com/start.html
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157649450276
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - AppInit_DLLs: ayqqbm.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O22 - SharedTaskScheduler: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11032 bytes

Malwarebytes' Anti-Malware 1.25
Database version: 1093
Windows 5.1.2600 Service Pack 2

10:41:04 AM 8/1/2008
mbam-log-08-01-2008 (10-41-04).txt

Scan type: Quick Scan
Objects scanned: 54173
Time elapsed: 31 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 7
Registry Data Items Infected: 17
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IST (Trojan.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2007 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 3 · 2008-09-02T04:06:40+00:00

You should run HiJackThis again and place checkmarks next to these entries if they still remain;
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll (file missing)

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm045
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - AppInit_DLLs: ayqqbm.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O22 - SharedTaskScheduler: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Once you have placed the checkmarks then click the Fix Checked button.
Exit HiJackThis.
Reboot the computer.
You also need to update your java which is out of date. Go HERE and download the Offline Install and save it to the desktop.
Once you have done that close your browser and go to Start, Control Panel, Add/Remove and uninstall all old versions of Java.
When that is completed then go back to that Java Icon on the desktop, doubleclick to install. Once the install is complete then go back to the download page and on the right side you will see Verify Now. Click there to verify that the install was complete.
Then run HiJackThis again and post back here with that new log.

geesixty 0 Newbie Poster · Answer 4 · 2008-09-03T12:59:35+00:00

Latest info: Installed Java, posting hjt, and computer is moving somewhat faster.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:54 AM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com/start.html
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com/start.html
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157649450276
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 10184 bytes

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 5 · 2008-09-04T10:21:59+00:00

Hi, sorry I didn't get back sooner. They were doing some power work here this morning when I was working on your thread and had to shut down the computer. Then when I got back on I forgot which thread I was working on! Blame it on "old timers disease":D
To speed the computer a bit more you do have some programs auto starting, and therefore running all the time and using resources which really aren't necessary. All of these programs can very easily be run manually when needed.
If you want to stop these then run HiJackThis again and put checkmarks next to the following;
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exeO4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Once you have the checkmarks placed then click the Fix Checked button.
Exit HJT and reboot the computer. See if it has speeded up a bit.
Judy

desperate request for assistance. logs inside.

Recommended Answers Collapse Answers

All 7 Replies

Recommended Answers