Here Is My Hijack This Log.. Plz Help

[wbarnesnc]

i downloaded magix music creator and fl studio on utorrent off thepiratebay.org and got a bunch of alerts with avast!

Here is the malwarebytes log:

Malwarebytes' Anti-Malware 1.29

Database version: 1295

Windows 5.1.2600 Service Pack 2

10/20/2008 1:55:28 AM

mbam-log-2008-10-20 (01-55-28).txt

Scan type: Full Scan (C:\|)

Objects scanned: 61072

Time elapsed: 13 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 21

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system32 (Trojan.FakeAlert.H) -> Quarantined and deleted

successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1)

Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\update32.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\WILL BARNES\Local Settings\Temp\GLK59.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted

successfully.

C:\WINDOWS\system32\dlds1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dlds2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dlds5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dlds6.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dlds7.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dlds8.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vedxg3am1et3.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vedxg6ame4.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vedxga1me4t1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vedxga3me2.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vedxga4me1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vx.tll (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v3xd1.g22me (Heuristics.Malware) -> Quarantined and deleted

successfully.

C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v5xd2.g3ame (Heuristics.Malware) -> Quarantined and deleted

successfully.

C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v5xd4.ga2me (Heuristics.Malware) -> Quarantined and deleted

successfully.

C:\Documents and Settings\WILL BARNES\Local Settings\Temp\vx1dt1.game (Heuristics.Malware) -> Quarantined and deleted

successfully.

C:\Documents and Settings\WILL BARNES\Local Settings\Temp\vx1dt3.game (Heuristics.Malware) -> Quarantined and deleted

successfully.

C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v4xd6.gam5e (Heuristics.Malware) -> Quarantined and deleted

successfully.

------------------------------------------------------------------------------------------------------------

and here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:00:42 AM, on 10/20/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\DOCUME~1\WILLBA~1\LOCALS~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

C:\F1xF.exe

C:\Program Files\Alwil Software\Avast4\ashChest.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: Y'z Toolbar.lnk = ?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

--

End of file - 3301 bytes

plz help me, i try so hard to keep my computer clean

[sarahw]

Hi,

If you got infected from that program, you should uninstall it.

Check this item in Hijack This:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

then delete this file:

c:\Windows\SYSTEM32\ALCMTR.EXE

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
  
• Once the files have been downloaded click on NEXT
  
  
• Now click on Scan Settings
  
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
    
  • Extended (if available otherwise Standard)
    
  • Scan Options:
    
  • Scan Archives
    Scan Mail Bases
    

  [*]Click OK

  [*]Now under select a target to scan:

  • Select My Computer
    

  [*]This will program will start and scan your system.

  [*]The scan will take a while so be patient and let it run.

  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:
    

  [*]Save the file to your desktop.

  [*]Copy and paste that information in your next post.