-1

hi i have some kind of virus on my compter trying to get me to buy paladin antivirus or something and also plays audio clips random and installs porn on my pc. i have tryed CC cleaner and avg anti virus any help would be greatly appriacated.

heres my hijack this log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:06:11, on 12/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Dassault Systemes\B10\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\QuickTime\qttask.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\RegTool\RegTool.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\msdtctr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\drwatson64ex.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Common Files\AOL\1214759444\ee\aolsoftware.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ALOT Toolbar BHO - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msdtctr.exe] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\msdtctr.exe
O4 - HKCU\..\Run: [Paladin Antivirus] "C:\Program Files\Paladin Antivirus\pav.exe" -noscan
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\SoftCodec\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\SoftCodec\pmsngr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://paulawaula.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B60E2A0-A8CB-4DA7-8A83-47567B0D079A}: NameServer = 205.188.146.145
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: pushow41.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B10\intel_a\code\bin\CATSysDemon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 12434 bytes

8
Contributors
14
Replies
15
Views
7 Years
Discussion Span
Last Post by crunchie
Featured Replies
  • Download [b]Malwarebytes' Anti-Malware[/b] ([url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url]) to your desktop. * Double-click [b]mbam-setup.exe[/b] and follow the prompts to install the program. * At the end, be sure to checkmark the [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then click [b]Finish.[/b] * If an update is found, it will download and install the latest … Read More

  • andyk2331, please follow the instructions given to you by jbisono, without instructions and then again by Crunchie with instructions in post#4. MBA-M is, at the present time, the top of the line in malware removal. We rarely, if ever recommend registry edits for removals, especially since the MBA-M program WILL … Read More

0

Have you tried the Trend Micro free scan? I see you have tried McAfee. I have found Trend Micro to be pretty reliable

1

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Download the update from here if you have problems.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Make sure that you restart the computer.

Post new HJT log.

0

Hello! I found some manual removal instructions to remove Paladin Antivirus here. You could try that, in case all else fails..

basically what they want you to do is,

1) Open Task Manager, under Processes tab, locate pav.exe and click End Process.
2) Start menu > Run > type "regedit.exe"
Locate the following values and delete them.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Paladin Antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus

3) Locate "pavext.dll" and "phook.dll" using windows search, note their filepaths and do the following.
Start > Run > type as shown

regsvr32 /u <file path>\pavext.dll
regsvr32 /u <file path>\phook.dll

4) Locate the following directories and delete them
--> C:\Program Files\Paladin Antivirus
--> %UserProfile%\Start Menu\Programs\Paladin Antivirus

%userprofile% is usually C:\Documents and Settings\<user name>

5) Search and delete the following files.
- pav.db
- pav.exe
- pavext.dll
- phook.dll
- Paladin Antivirus.lnk
- Paladin Antivirus Support.lnk
- Uninstall Paladin Antivirus.lnk

That's it. And please be careful about what you delete, if in doubt better ask someone here rather than delete a wrong file.

2

andyk2331, please follow the instructions given to you by jbisono, without instructions and then again by Crunchie with instructions in post#4.
MBA-M is, at the present time, the top of the line in malware removal.
We rarely, if ever recommend registry edits for removals, especially since the MBA-M program WILL remove and repair registry entries for most of today's infections.
Follow Crunchie's instructions exactly and post back with the requested logs.

0

Thanks very much guys seems to be working fine now here is my log.

Malwarebytes' Anti-Malware 1.44
Database version: 3710
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

13/02/2010 10:05:06
mbam-log-2010-02-13 (10-05-06).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 261771
Time elapsed: 52 minute(s), 4 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 50
Files Infected: 109

Memory Processes Infected:
C:\Documents and Settings\HP_Owner\Local Settings\Temp\msdtctr.exe (Rogue.Installer.Gen) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\alot\bin\alot.dll (Adware.ALOT) -> Delete on reboot.
C:\Program Files\Paladin Antivirus\phook.dll (Rogue.PaladinAntivirus) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\paladin antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\_VOID (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys (Rootkit.TDSS) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\alot (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\paladin antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\HP_Owner\Application Data\alot (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_0 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_1 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_2 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_3 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_4 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_5 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_6 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_7 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_8 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_9 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\configurator (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\contextMenu (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\postInstallLayout (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\products (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\BrowserSearch (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\BrowserSearch\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_0 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_0\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_1 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_1\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_2 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_2\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_3 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_3\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_4 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_4\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_5 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_5\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_6 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_6\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_7 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_7\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_8 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_8\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_9 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_9\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\contextMenu (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\contextMenu\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\TimerManager (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\toolbarContextMenu (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\ToolbarSearch (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Updater (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Program Files\alot (Adware.ALOT) -> Delete on reboot.
C:\Program Files\alot\bin (Adware.ALOT) -> Delete on reboot.
C:\Program Files\Paladin Antivirus (Rogue.PaladinAntivirus) -> Delete on reboot.
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\alot\bin\alot.dll (Adware.ALOT) -> Delete on reboot.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\msdtctr.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\drwatson64ex.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\HP_Owner\Application Data\alot\toolbar.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\toolbar.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_0\Button_0.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_0\Button_0.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_1\Button_1.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_1\Button_1.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_2\Button_2.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_2\Button_2.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_3\Button_3.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_3\Button_3.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_4\Button_4.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_4\Button_4.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_5\Button_5.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_5\Button_5.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_6\Button_6.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_6\Button_6.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_7\Button_7.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_7\Button_7.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_8\Button_8.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_8\Button_8.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_9\Button_9.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Button_9\Button_9.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\configurator\configurator.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\configurator\configurator.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\contextMenu\contextMenu.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\contextMenu\contextMenu.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\products\products.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\products\products.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\BrowserSearch\images\favicon.ico (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_0\images\alot_logo_button.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_1\images\alot_search_button.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_2\images\default_1008_alot_map_widget_default.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_2\images\default_1008_alot_map_widget_default.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_3\images\default_1182_alot_map_guides.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_3\images\default_1182_alot_map_guides.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_4\images\cloudy.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_4\images\default_1007_alot_weather_widget.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_4\images\default_1007_alot_weather_widget.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_4\images\mcloud.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_4\images\nmcloud.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_4\images\pcloud.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_4\images\shower.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_5\images\default_1272_alot_map_travel.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_5\images\default_1272_alot_map_travel.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_6\images\default_1724_alot_mus_mymusic.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_6\images\default_1724_alot_mus_mymusic.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_7\images\default_2018_compass.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_7\images\default_2018_compass.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_8\images\2259_icon.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_8\images\2259_icon.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_8\images\default_2258_alot_ref_resources.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_8\images\default_2258_alot_ref_resources.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_9\images\default_1795_default_1795_alot_configure.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Button_9\images\default_1795_default_1795_alot_configure.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\contextMenu\images\alot_icon.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\domains.dat (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\alot_brand.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\alot_splitter.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\discover.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\spinner.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\widget_bottom.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\widget_caption.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\widget_error_close.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\TimerManager\TimerManager.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\TimerManager\TimerManager.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Updater\Updater.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\alot\Updater\Updater.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Program Files\alot\alotUninst.exe (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Program Files\Paladin Antivirus\help.ico (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Paladin Antivirus\pav.db (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Paladin Antivirus\pav.exe (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Paladin Antivirus\pavext.dll (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Paladin Antivirus\phook.dll (Rogue.PaladinAntivirus) -> Delete on reboot.
C:\Program Files\Paladin Antivirus\splash.mp3 (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Paladin Antivirus\uninstall.exe (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Paladin Antivirus\virus.mp3 (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Paladin Antivirus\Paladin Antivirus Support.lnk (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Paladin Antivirus\Paladin Antivirus.lnk (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Paladin Antivirus\Uninstall Paladin Antivirus.lnk (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\HP_Owner\Desktop\Paladin Antivirus.lnk (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Desktop\Paladin Antivirus Support.lnk (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Paladin Antivirus.lnk (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.

0

here you are

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:20:33, on 13/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dassault Systemes\B10\intel_a\code\bin\CATSysDemon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Common Files\AOL\1214759444\ee\aolsoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msdtctr.exe] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\msdtctr.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\SoftCodec\isamonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://paulawaula.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B60E2A0-A8CB-4DA7-8A83-47567B0D079A}: NameServer = 205.188.146.145
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: pushow41.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B10\intel_a\code\bin\CATSysDemon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 11532 bytes

0

Can you please do the following.

===============

Go to Add/Remove programs and uninstall the following, if present:

X Password Manager

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Scan with HijackThis and then place a check next to all the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop

R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)

O4 - HKCU\..\Run: [msdtctr.exe] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\msdtctr.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\SoftCodec\isamonitor.exe

O20 - AppInit_DLLs: pushow41.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\SoftCodec

files...

C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\msdtctr.exe

Search for...

pushow41.dll

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

0

PC is acting as normal once again thanks for the help.
Here the log.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:08:35, on 13/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL 9.0\waol.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dassault Systemes\B10\intel_a\code\bin\CATSysDemon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Common Files\AOL\1214759444\ee\aolsoftware.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://paulawaula.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B60E2A0-A8CB-4DA7-8A83-47567B0D079A}: NameServer = 205.188.146.145
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B10\intel_a\code\bin\CATSysDemon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10685 bytes

0

If I may jump in here for just a moment, there seems to be portions of two anti-virus programs running on the machine and also some AOL Security items:

Running Processes:
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe

URL Searchhook
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

Toolbars
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

AutoStarting Programs
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

Services

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

Should only be one anti-virus program running on the computer.

Edited by jholland1964: n/a

0

I have the same virus and I'm trying to follow your instructions, my problem is that before my scan finishes, my laptop freezes (it had found 4 infected files before the freeze).
No idea what to do...

0

Please help me as well. I have this virus on my computer. I dowloaded Malwarebyte software to my destop. I can not open the software. Please advise

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.