0

Hi all! This is my first time posting on this forum. Very new to forums altogether really, but recently my second PC got a horrible virus. The background was changed to "WARNING viruses and spyware have been found on your computer. please run a spyware check", my CD rom drive does not work, the internet does not work and the computer is running amazingly slow. Normally I wouldn't mind just popping in the windows CD, wiping my whole hard drive and reinstalling the OS on a fresh new partition, but since the CD-rom drive isn't reading the CD's, i can't boot the computer from a CD and therefore I don't really know what else to do.

Note: My CD-ROM drive was working before I got this virus. I checked the cables inside of the computer, switched out to another CD-ROM drive, but still no help.

I ran malware bytes, and i'm including the log as an attachment. I also managed to download hijackthis and have also included the log. I'm also going to post both of the logs in case the attachment doesn't work:

Hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:24 PM, on 3/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
E:\itunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: The Poker Community - {23ce1f91-bc56-49f9-be01-bddf4ef76305} - C:\Documents and Settings\Zeke\Start Menu\Programs\The Poker Community\The Poker Community.lnk (HKCU)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: pushow82.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dcdbfadaddbdefe - C:\WINDOWS\system32\dcdbfadaddbdefe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 9548 bytes

Malware-Bytes:
Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 3

3/29/2009 7:08:24 PM
mbam-log-2009-03-29 (19-08-24).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 163658
Time elapsed: 4 hour(s), 22 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 9
Files Infected: 108

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Meta (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Partials (Adware.WhenUSave) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Zeke\Local Settings\Temp\358.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\4Z9JYMRP\xdmane[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\6423SELR\u879[1].int (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\67ST2PSV\g335[1].msg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\67ST2PSV\aasuper2[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\67ST2PSV\aasuper2[2].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\9VRVXDGA\xdmane[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\C52X8FYZ\lebcppdde[1].htm (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\CB05KPOV\ntpqqn[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\CB05KPOV\ntpqqn[2].htm (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\CB05KPOV\pqz[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\CB05KPOV\lebcppdde[1].htm (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\KLAV0TIJ\MalwareDefender2009[1].exe (Rogue.MalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\KLAV0TIJ\cmjjtkllmv[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\KLAV0TIJ\cmjjtkllmv[2].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\QXCTWT2F\MalwareDefender2009[1].exe (Rogue.MalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\YBDD5JWR\lebcppdde[1].htm (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064888.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064889.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064899.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064901.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064907.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064908.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064916.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064917.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data\cache.net (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data\MyMedia.edb (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data\searchkeys.dat (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data\ultracache.net (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data\webcache.net (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\(Unverified) 100 Greatest Guitar Solos - 71 - George Clinton & Parliament Funkadelic- Maggot Brain.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\(Unverified) 50 cent ft mobb deep - outta control (remix).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\(Unverified) Beatnuts - Look Around feat Dead Prez.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\(Unverified) Dead Prez - Hip Hop.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\02 Pain In My Heart.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\05 Hard as steel.wma (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\06 Lonesome Fiddle Blues.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\11-112-the_way_(feat_jermaine_dupri)-h8me.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\50 Cent - The Massacre - 02 - In My Hood.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Baby ft Lil Wayne - Neck Of The Woods (dirty).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Bow Wow ft.Omarion-Let Me Hold You.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead Prez - Animal In Man.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\dead prez - Ghetto Youths.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead Prez - Its still bigger_than Hip Hop.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead Prez - Mind Sex.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\dead prez - propaganda.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead Prez - Psychology.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\dead prez - sellin d o p e.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead Prez - The Game Of Life.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead Prez I Have A Dream Too.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead Prez Slick Rick KRS ONE Nas- Money, Power.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead Prezidents & Talib Kweli - Sharp Shooters.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead prezz-They Schools.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dolly Parton - I Will Always Love You.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\G-Unit - 50 Cent ft Mobb Deep - Out Of Control.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\George Clinton - Atomic Dog.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\George Clinton - Bow wow wow.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Greatful Dead - Wild Horses.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Jerry Garcia & David Grisman - Old And In The Way.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Jodeci, Raekwon & Ghostface - Freakin' You (Remix).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\JoJo Feat. Bow Wow - Baby Its You (Remix).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\K Ci Hailey of Jodeci - If You Think Your Lonely Now.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\KC & The Sunshine Band - That's The Way I Like It.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Lionel Ritchie and the Commodores - Easy like Sunday morning.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\martin (tv show).jpg (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\MIDNITE - Pagan Pay Gone.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Mobb Deep - Quiet Storm.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Mobb Deep - Shook Ones Part II.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Mobb Deep - Thug Life Is Mine (featuring Nas).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Mobb Deep feat. Nas & Raekwon - Eye For an Eye.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Mos Def ft. Pharoahe Monche - Dead Prez & Last Emperor.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Nas, Mobb Deep, Jay Z & DMX - Oochie wally wally.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\old & in the way - Catfish John.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\old and in the way - Hazel Dickens.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Raphael Saadiq (f. D'Angelo) - You Should Be Here.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Ray-J - One Wish.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Static-X and Dead Prez - (It's Bigger Than) Hip Hop 1.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\The Ramones - I Wanna Be Sedated.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Tony Yayo ft. 50 Cent - So Seductive (dirty).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Tweet ft 50 Cent & Missy Elliot - Turn Da Lights Off (Remix).MP3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Waylon Jennings & Willie Nelson - Mamas Don't Let Your Babies Grow Up To Be Cowboys.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Willie Nelson - You Were Always On My Mind.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Wu-Tang - Killarmy - The Cookout.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Zach de la Rocha - Mumia 911 (w. Chuck D & Dead Prez).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Meta\(Unverified) 100 Greatest Guitar Solos - 71 - George Clinton & Parliament Funkadelic- Maggot Brain.mp3.xml (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Meta\(Unverified) 50 cent ft mobb deep - outta control (remix).mp3.xml (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Meta\(Unverified) Beatnuts - Look Around feat Dead Prez.mp3.xml (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Meta\(Unverified) Civilization III crack 1.exe.xml (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Meta\(Unverified) Civilization III crack.exe.xml (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Meta\(Unverified) Dead Prez - Hip Hop.mp3.xml (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Partials\aesop rock - the substance.mp3.info (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Partials\Aesop Rock vs. Slug - Freestyle Battle.mp3.info (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Partials\aesoprock - Rock Water.mp3.info (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Partials\aesoprock - Rock Water.partial.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Partials\Atmosphere feat. I self Divine, Musab & Aesop Rock - Flesh Remix.mp3.info (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Partials\D'Angelo ft. The Roots & Erykah Badu - Shining Star.partial.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Partials\dj krush - 09 - kill switch (feat. aesop rock).mp3.info (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Partials\Highschool Homemade Porn Webcam - Cutie - Hidden camera of college couple sex full.partial.mpg (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Partials\Midnite - Bushman.partial.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Partials\MIDNITE - Rasta Man Stand.partial.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Partials\Old And In The Way - Kissimmee Kid.partial.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Partials\Old and In the Way - Midnight Moonlight3.partial.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temp\mousehook.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yedejava.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.

Thanks again! Sorry if I did anything wrong. I'm still new to fixing this sort of thing....

Attachments
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:24 PM, on 3/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
E:\itunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: The Poker Community - {23ce1f91-bc56-49f9-be01-bddf4ef76305} - C:\Documents and Settings\Zeke\Start Menu\Programs\The Poker Community\The Poker Community.lnk (HKCU)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: pushow82.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dcdbfadaddbdefe - C:\WINDOWS\system32\dcdbfadaddbdefe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 9548 bytes
Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 3

3/29/2009 7:08:24 PM
mbam-log-2009-03-29 (19-08-24).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 163658
Time elapsed: 4 hour(s), 22 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 9
Files Infected: 108

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Meta (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Partials (Adware.WhenUSave) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Zeke\Local Settings\Temp\358.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\4Z9JYMRP\xdmane[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\6423SELR\u879[1].int (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\67ST2PSV\g335[1].msg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\67ST2PSV\aasuper2[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\67ST2PSV\aasuper2[2].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\9VRVXDGA\xdmane[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\C52X8FYZ\lebcppdde[1].htm (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\CB05KPOV\ntpqqn[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\CB05KPOV\ntpqqn[2].htm (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\CB05KPOV\pqz[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\CB05KPOV\lebcppdde[1].htm (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\KLAV0TIJ\MalwareDefender2009[1].exe (Rogue.MalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\KLAV0TIJ\cmjjtkllmv[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\KLAV0TIJ\cmjjtkllmv[2].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\QXCTWT2F\MalwareDefender2009[1].exe (Rogue.MalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\YBDD5JWR\lebcppdde[1].htm (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064888.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064889.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064899.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064901.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064907.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064908.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064916.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064917.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data\cache.net (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data\MyMedia.edb (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data\searchkeys.dat (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data\ultracache.net (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data\webcache.net (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\(Unverified) 100 Greatest Guitar Solos - 71 - George Clinton & Parliament Funkadelic- Maggot Brain.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\(Unverified) 50 cent ft mobb deep - outta control (remix).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\(Unverified) Beatnuts - Look Around feat Dead Prez.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\(Unverified) Dead Prez - Hip Hop.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\02 Pain In My Heart.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\05 Hard as steel.wma (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\06 Lonesome Fiddle Blues.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\11-112-the_way_(feat_jermaine_dupri)-h8me.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\50 Cent - The Massacre - 02 - In My Hood.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Baby ft Lil Wayne - Neck Of The Woods (dirty).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Bow Wow ft.Omarion-Let Me Hold You.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead Prez - Animal In Man.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\dead prez - Ghetto Youths.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead Prez - Its still bigger_than Hip Hop.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead Prez - Mind Sex.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\dead prez - propaganda.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead Prez - Psychology.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\dead prez - sellin d o p e.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead Prez - The Game Of Life.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Downloads\Dead Prez I Have A Dream Too.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Are
3
Contributors
7
Replies
8
Views
8 Years
Discussion Span
Last Post by DallasAM
0

Hello,

Well it seems there are a few things that need to be done. Malwarebytes did do a lot of deletions.... so that is a good sign.

Can you please do the following:

Please download ATF cleaner
Make sure that all browser windows are closed.

  • Double-click

ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser

  • Click

Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser

  • Click

Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Also, a question, after running Malwarebytes, how is the computer going now? any changes?

Thanks,

Cohen

0

The computer is still running kind of slow. The CD-ROM drive still doesn't work, and i'm not sure if i have complete control over the computer. The taskbar keeps hiding itself no matter if I lock it or not.

After running malware-bytes and using windows restore to restore it to an earlier point in the month, I managed to get my internet up and working again. My background has also changed back, but as I said before the CD-ROM drive does not work (big problem..) and my taskbar is still a bit loopy. Any other suggestions?

0

The computer is still running kind of slow. The CD-ROM drive still doesn't work, and i'm not sure if i have complete control over the computer. The taskbar keeps hiding itself no matter if I lock it or not.

After running malware-bytes and using windows restore to restore it to an earlier point in the month, I managed to get my internet up and working again. My background has also changed back, but as I said before the CD-ROM drive does not work (big problem..) and my taskbar is still a bit loopy. Any other suggestions?

I've checked the computer again. The internet is no longer working. I'm running malwarebytes again along with AVG to see if I can catch another virus or trojan, but i'm not sure if that's the issue. If only my CD-ROM drive worked! Then I can just format my whole hard drive...

0

Maybe you could try terminating processes?
It's possible that there is unwanted threads injected to your
processes.

Sometimes if many programs/threads are trying to connect
to somewhere at same time, it would distract or disable your network.
so check your network ports with currports:
http://www.nirsoft.net/utils/cports.html
and netstat ( run > cmd > netstat /a )

Then you may check for injectors/applications that are trying to inject every
time when Windows starts.

run > regedit
Navigate to
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
and
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
and check for values that should not be there (programs with
paths like %appdata% and %temp% or randomly named application)

Very basic and simply virus checking routine.

0

Maybe you could try terminating processes?
It's possible that there is unwanted threads injected to your
processes.

Sometimes if many programs/threads are trying to connect
to somewhere at same time, it would distract or disable your network.
so check your network ports with currports:
http://www.nirsoft.net/utils/cports.html
and netstat ( run > cmd > netstat /a )

Then you may check for injectors/applications that are trying to inject every
time when Windows starts.

run > regedit
Navigate to
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
and
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
and check for values that should not be there (programs with
paths like %appdata% and %temp% or randomly named application)

Very basic and simply virus checking routine.

Netstat didn't seem to do anything. Nothing showed up, and nothing showed up on currports either. I checked the registry for anything like what you said, but it all looks normal.

I went into the device manager and there is an (!) next to a list of network drivers. I reinstalled the network drivers that I got from the dell website and it didn't seem to change anything.

My CD-ROM drive shows up on the device manager as well with no (!), but it wont read any CD's I put in. Could this be the virus also?

0

I don't think that your virus - if there is one - can be so smart that it keeps removing your drivers.

First of all you should get network driver working.
Before you tried to reinstall that, did you make sure that there
are no remains of the original network driver in the list of installed programs. If yes, uninstall them all and then try to install the new driver.
And newest isn't always the best, I noticed that long time ago.
If you're using laptop, you can get bit older driver from
http://www.laptopbeep.com/
And maybe you can try to install several times (3-5), if last time didn't act. It worked me when I had irritating problems with my graphic driver.

good luck

0

I completely uninstalled the network driver and reinstalled it, but the (!) is still on the icon and the internet is still not working. It says the driver might be corrupt or missing.

The strange thing is, the list of network drivers is a bit long. There are 8 different driver names, and they all have (!)'s next to them.

(!) Direct Parallel
(!) Intel(R) PRO/100 VE Network Connection (this is the only one i could find on the website)
(!) Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
(!) WAN Miniport (IP)
(!) WAN Miniport (IP) - Packet Scheduler Miniport
(!) WAN Miniport (L2TP)
(!) WAN Miniport (PPPOE)
(!) WAN Miniport (PPTP)

Any ideas? I also tried to find a driver for my CD-ROM drive but it seems there is none, just firmware that did nothing.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.