That Damn toolbar 888 virus....[solved]

Unknown · October 2006

Hey, I'm new here and have searched through the net looking for solutions to my virus problem. This site seems to have helped others so I thought I'd ask if anyone could help me please.
I've got that toolbar 888 virus thingy via msn. It keeps coming up with a project1 window when I'm on msn saying ' run-time error 430 ' and my avg trojan detector thing keeps detecting the install.exe virus, which can't be healed and I have to ignore it.
Would appreciate any help....
Thanks

jmoney3457 · October 2006

hi dr, yes i'm very familiar with that virus, have helped alot of people recently with it lets see what you got please do the following: Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Do a system scan and save a logfile".

When the Notepad window opens, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Dr.Plimp · October 2006

cheers. Here ya go

Logfile of HijackThis v1.99.1
Scan saved at 15:27:57, on 05/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Virgin Net Broadband\Dragdiag.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Yinstall.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\MyToolBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\MyToolBar.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [licli] li.exe
O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [explorer] C:\Yinstall.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinnsaw.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135536079530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141675849131
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5F1AECF-E388-4E34-95D2-CA9D09422A48}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\enjql1151.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\ir4ql5h51.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

jmoney3457 · October 2006

dr, please go to http://virusscan.jotti.org/ and submit the following file and post back the results:
C:\Yinstall.exe

Dr.Plimp · October 2006

ok, heres the 'C:\Yinstall.exe' scan:

Service load: 0% 100%

File: Yinstall.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 a54d088ec296c06e4c77ea5245846934
Packers detected: -
Scanner results
AntiVir Found Dropper/Dldr.Purityscan.U.1 dropper
ArcaVir Found Adware.Purityscan.U
Avast Found nothing
AVG Antivirus Found Generic.RDR
BitDefender Found Dropped:Trojan.Downloader.Purityscan.U
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found Adware/PurityScan
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.PurityScan.u
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found AdWare.Win32.PurityScan.u

jmoney3457 · October 2006

ahh purityscan..lets take care of that 1st dr..please do the following: run the purityscan uninstaller -->http://www.outerinfo.com/OiUninstaller.exe then reboot and post new hjt log along with how uninstall went

Dr.Plimp · October 2006

one problem.... an error comes up when i click on it 'internet explorer cannot download Oi Uninstaller from outerinfo.com, the operation was terminally aborted'

jmoney3457 · October 2006

thats strange..lets try this:First download ewido anti-spyware from HERE and save that file to your desktop.

Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need to run ewido and update the definition files.
On the main screen select the "Update" icon then click "Start Update". The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

Close ewido anti-spyware and reboot your computer into Safe Mode.

Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
Ewido will now begin the scanning process, be patient this may take a little time.
Ewido will list any infections found on the left hand side. When the scan has finished, it should automatically set the recommended action to Quarantine--if not click on Recommended Action and set it there. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Close ewido & post that report

Dr.Plimp · October 2006

have downloaded ewido...its now AVG...and when installing it it takes ages on the context.dll bit... ive waited the last half hour for that certain part and its still on the same bit. I do have the AVG free edition already on my computer, would that be enough or does it need to be the free trial proper software?

jmoney3457 · October 2006

yes ewido was bought by AVG, see if the install will complete then try it

Dr.Plimp · October 2006

here it is... it installed inside a minute... whereas the other night it took ages and didnt finish.

AVG Anti-Spyware - Scan Report

+ Created at: 22:11:21 07/10/2006

+ Scan result:

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP323\A0329109.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP324\A0329447.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP325\A0329491.exe -> Adware.Agent : No action taken.
C:\Program Files\Internet Explorer\update.exe -> Adware.BHO : No action taken.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.
C:\Program Files\Common Files\SYSTEM\Mapi\1033\Yinstall.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP324\A0329444.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP334\A0332880.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP335\A0332981.exe -> Adware.PurityScan : No action taken.
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP325\A0329493.dll -> Adware.Softomate : No action taken.
C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : No action taken.
C:\WINDOWS\system32\rmdsregj.exe -> Adware.ZenoSearch : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP335\A0333015.exe -> Backdoor.MSNMaker.aa : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP323\A0329023.exe -> Downloader.Adload.fu : No action taken.
C:\drsmartload1135a.exe -> Downloader.Adload.fu : No action taken.
C:\WINDOWS\system32\run.exe -> Downloader.Agent.akj : No action taken.
C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : No action taken.
C:\Documents and Settings\Ron\Local Settings\Temp\temp.fr44FA -> Downloader.Zlob.ov : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP323\A0329373.tlb -> Downloader.Zlob.ov : No action taken.
C:\Documents and Settings\Ron\Local Settings\Temp\installer.exe -> Dropper.PurityScan.q : No action taken.
C:\WINDOWS\enewsletterpro.exe -> Hijacker.StartPage.aha : No action taken.
C:\WINDOWS\system32\bpkwb.dll -> Not-A-Virus.Monitor.Win32.Perflogger.d : No action taken.
C:\WINDOWS\system32\bpkr.exe -> Not-A-Virus.Monitor.Win32.Perflogger.f : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[2].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@www.epilot[1].txt -> TrackingCookie.Epilot : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@ehg-carphonewarehouse.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@targetnet[2].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@login.tracking101[2].txt -> TrackingCookie.Tracking101 : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Ron\Cookies\ron@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\Downloaded Program Files\221288__.exe546 -> Trojan.Dialer.li : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP332\A0332772.RBF -> Trojan.QQPass.ly : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP333\A0332800.RBF -> Trojan.QQPass.ly : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP323\A0329026.exe -> Worm.VB.ao : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP323\A0329336.exe -> Worm.VB.ao : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP323\A0329357.exe -> Worm.VB.ao : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP327\A0331686.exe -> Worm.VB.ao : No action taken.
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP334\A0332901.EXE -> Worm.VB.ao : No action taken.

::Report end

jmoney3457 · October 2006

good job only one minor problem..you didn't set it to quarentine any infected files so please rescan only do this step first before scanning-->Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
then post that new log please

Dr.Plimp · October 2006

im 99% sure i set it to quarantine... i checked twice. But I'll do it again

Dr.Plimp · October 2006

I was wrong, I checked quarantine but didnt apply all actions before, have done now....

AVG Anti-Spyware - Scan Report

+ Created at: 10:08:49 08/10/2006

+ Scan result:

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP323\A0329109.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP324\A0329447.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP325\A0329491.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\update.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SYSTEM\Mapi\1033\Yinstall.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP324\A0329444.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP334\A0332880.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP335\A0332981.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP325\A0329493.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rmdsregj.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP335\A0333015.exe -> Backdoor.MSNMaker.aa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP323\A0329023.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\drsmartload1135a.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\WINDOWS\system32\run.exe -> Downloader.Agent.akj : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Ron\Local Settings\Temp\temp.fr44FA -> Downloader.Zlob.ov : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP323\A0329373.tlb -> Downloader.Zlob.ov : Cleaned with backup (quarantined).
C:\Documents and Settings\Ron\Local Settings\Temp\installer.exe -> Dropper.PurityScan.q : Cleaned with backup (quarantined).
C:\WINDOWS\enewsletterpro.exe -> Hijacker.StartPage.aha : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bpkwb.dll -> Not-A-Virus.Monitor.Win32.Perflogger.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bpkr.exe -> Not-A-Virus.Monitor.Win32.Perflogger.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Ron\Cookies\ron@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@ehg-carphonewarehouse.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Ron\Cookies\ron@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\Downloaded Program Files\221288__.exe546 -> Trojan.Dialer.li : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP332\A0332772.RBF -> Trojan.QQPass.ly : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP333\A0332800.RBF -> Trojan.QQPass.ly : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP323\A0329026.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP323\A0329336.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP323\A0329357.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP327\A0331686.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP334\A0332901.EXE -> Worm.VB.ao : Cleaned with backup (quarantined).

::Report end

jmoney3457 · October 2006

Please perform an online virus scan with F-Secure Online Scanner.

Please navigate (using Internet Explorer, other browsers won't work) to the following site: http://support.f-secure.com/enu/home/ols3.shtml

Click the F-Secure Online Scanner Next Generation Beta link.
When prompted, choose to install the software.
After the software has installed, click Accept.
Click Custom Scan and check the option for Scan inside archives, then click Start.
The necessary databases will then be downloaded, and the scan will then start automatically. Please be patient as this scan will take a while to complete.
If any infections are found then once the scan has finished the "cleaning" screen will be displayed. Choose Automatic cleaning (recommended).
After cleaning has finished, then the Finish screen will be displayed. Choose Show Report.
In order to post the report, press CTRL+A on your keyboard to highlight all the text. Then copy and paste that information into this thread, along with a new HijackThis log.

Dr.Plimp · October 2006

Here's the F-Secure Scan:

Result: 67 malware found
IM-Worm.Win32.Licat.d (virus)
C:\c.exe (Renamed & Submitted)
IM-Worm.Win32.VB.ao (virus)
C:\b.exe (Renamed & Submitted)
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP326\A0329587.exe (Renamed & Submitted)
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP326\A0330586.exe (Renamed & Submitted)
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP326\A0331619.EXE (Renamed & Submitted)
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP325\A0329489.exe (Renamed & Submitted)
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP325\A0329513.exe (Renamed & Submitted)
C:\Program Files\Common Files\SYSTEM\Mapi\1033\a.exe (Renamed & Submitted)
Packed.Win32.Klone.g (virus)
C:\WINDOWS\system32\winfbn32.dll (Submitted)
Possible Browser Hijack attempt (spyware)
System
Rootkit.Win32.Agent.ao (virus)
C:\WINDOWS\system32\drivers\fs_natw4.sys (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System
System (Submitted)
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
Trojan-Clicker.Win32.Small.jf (virus)
C:\WINDOWS\system32\DH9013.exe (Submitted)
Trojan-Downloader.Win32.Adload.fu (virus)
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335038.exe (Renamed & Submitted)
Trojan-Downloader.Win32.Agent.akj (virus)
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335036.exe (Renamed)
Trojan-Downloader.Win32.Zlob.on (virus)
C:\WINDOWS\system32\regperf.exe (Submitted)
Trojan-Dropper.Win32.Agent.mf (virus)
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP326\A0331581.exe (Renamed & Submitted)
Trojan.Win32.Crypt.t (virus)
C:\WINDOWS\system32\ws2atcha.dll (Renamed & Submitted)
C:\WINDOWS\system32\keriperf.exe (Renamed & Submitted)
C:\WINDOWS\system32\mqlrunas.exe (Renamed & Submitted)
Trojan.Win32.StartPage.aha (virus)
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335037.exe (Submitted)
W32/BHO.BO.dropper (virus)
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335041.exe (Submitted)
W32/KeyLogger.MJ (virus)
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335045.exe (Submitted)
W32/Malware (virus)
C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP334\A0332929.exe (Submitted)
C:\Documents and Settings\Ron\Local Settings\Temp\win6E8.tmp.exe (Submitted)

Statistics
Scanned:
Files: 24170
System: 7864
Not scanned: 10
Actions:
Disinfected: 1
Renamed: 14
Deleted: 0
None: 52
Submitted: 23
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{56C43D53-E23A-4B99-BCC6-E0E7D27B4D66}.BIN
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-10-11
F-Secure Libra: 2.4.1, 2006-10-11
F-Secure Orion: 1.2.37, 2006-10-10
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-08-29
F-Secure Draco: 1.0.35, 2006-10-06
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP
Scan inside archives
Use Advanced heuristics

Here's the HJT Log:

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Virgin Net Broadband\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\Update.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
O2 - BHO: (no name) - {2B5E25BC-C1B2-92D8-02F0-081D435BC4F0} - C:\WINDOWS\System32\mmzarpe.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\MyToolBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\MyToolBar.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [licli] li.exe
O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ovuflnf.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ovuflnf.dll,onbcyhg
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinnsaw.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135536079530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141675849131
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5F1AECF-E388-4E34-95D2-CA9D09422A48}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\enjql1151.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\ir4ql5h51.dll (file missing)
O20 - Winlogon Notify: winfbn32 - C:\WINDOWS\SYSTEM32\winfbn32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

jmoney3457 · October 2006

glad fsecure got those please also do this-->Please run the BitDefender online scan from here; http://www.bitdefender.com/scan8/ie.html
You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Please attach the bdscan.html file to your next post along with a new hijackthis log

Dr.Plimp · October 2006

HJT log:

ogfile of HijackThis v1.99.1
Scan saved at 18:50:46, on 12/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Virgin Net Broadband\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\Update.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cool.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
O2 - BHO: (no name) - {2B5E25BC-C1B2-92D8-02F0-081D435BC4F0} - C:\WINDOWS\System32\mmzarpe.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\MyToolBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\MyToolBar.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [licli] li.exe
O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ovuflnf.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ovuflnf.dll,onbcyhg
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinnsaw.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135536079530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141675849131
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5F1AECF-E388-4E34-95D2-CA9D09422A48}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\enjql1151.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\ir4ql5h51.dll (file missing)
O20 - Winlogon Notify: winfbn32 - C:\WINDOWS\SYSTEM32\winfbn32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

will send other later, have no time left

Dr.Plimp · October 2006

just one problem... i try uploading it but it is an invalid file apparently, so ive copied and pasted it... hopefully that will do

BitDefender Online Scanner

Scan report generated at: Thu, Oct 12, 2006 - 18:49:59

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time
02:45:37

Files
311650

Folders
4053

Boot Sectors
2

Archives
2102

Packed Files
28243

Results

Identified Viruses
31

Infected Files
79

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
112

Engines Info

Virus Definitions
475844

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Program Files\Common Files\SYSTEM\Mapi\1033\a.0xe
Infected with: Generic.Kelvir.D7EC1CC8

C:\Program Files\Common Files\SYSTEM\Mapi\1033\a.0xe
Disinfection failed

C:\Program Files\Common Files\SYSTEM\Mapi\1033\a.0xe
Deleted

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine\fil0841BDE1.dat=>(gzip)
Infected with: Trojan.Downloader.VB.YV

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine\fil0841BDE1.dat=>(gzip)
Disinfection failed

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine\fil0841BDE1.dat=>(gzip)
Deleted

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine\fil0841BDE1.dat
Update failed

C:\Program Files\ESET\cache\FND7.NFI=>(Quarantine-PE)
Infected with: Trojan.Downloader.VB.YV

C:\Program Files\ESET\cache\FND7.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND7.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND8.NFI=>(Quarantine-PE)
Infected with: Trojan.Downloader.VB.YV

C:\Program Files\ESET\cache\FND8.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND8.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND9.NFI=>(Quarantine-PE)
Infected with: Trojan.Downloader.VB.YV

C:\Program Files\ESET\cache\FND9.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND9.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND18.NFI=>(Quarantine-PE)
Infected with: DeepScan:Generic.Malware.dld!!g.B02B78FD

C:\Program Files\ESET\cache\FND18.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND18.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND1F.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Infected with: Backdoor.Sdbot.BGW

C:\Program Files\ESET\cache\FND1F.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Disinfection failed

C:\Program Files\ESET\cache\FND1F.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Deleted

C:\Program Files\ESET\cache\FND1F.NFI=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\cache\FND1F.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>server2.exe
Infected with: Trojan.Dropper.Agent.MF

C:\Program Files\ESET\cache\FND1F.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>server2.exe
Deleted

C:\Program Files\ESET\cache\FND1F.NFI=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\cache\FND20.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Infected with: Backdoor.Sdbot.BGW

C:\Program Files\ESET\cache\FND20.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Disinfection failed

C:\Program Files\ESET\cache\FND20.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Deleted

C:\Program Files\ESET\cache\FND20.NFI=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\cache\FND21.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Infected with: Backdoor.Sdbot.BGW

C:\Program Files\ESET\cache\FND21.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Disinfection failed

C:\Program Files\ESET\cache\FND21.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Deleted

C:\Program Files\ESET\cache\FND21.NFI=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\cache\FND22.NFI=>(Quarantine-PE)
Infected with: Generic.Istbar.62B01105

C:\Program Files\ESET\cache\FND22.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND22.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND24.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Infected with: Backdoor.Sdbot.BGW

C:\Program Files\ESET\cache\FND24.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Disinfection failed

C:\Program Files\ESET\cache\FND24.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Deleted

C:\Program Files\ESET\cache\FND24.NFI=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\cache\FND26.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Infected with: Backdoor.Sdbot.BGW

C:\Program Files\ESET\cache\FND26.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Disinfection failed

C:\Program Files\ESET\cache\FND26.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Deleted

C:\Program Files\ESET\cache\FND26.NFI=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\cache\FND27.NFI=>(Quarantine-PE)
Infected with: Trojan.Downloader.Harnig.CU

C:\Program Files\ESET\cache\FND27.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND27.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND28.NFI=>(Quarantine-PE)
Infected with: Trojan.Downloader.Adload.EM

C:\Program Files\ESET\cache\FND28.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND28.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND29.NFI=>(Quarantine-PE)
Infected with: Trojan.Downloader.Adload.EM

C:\Program Files\ESET\cache\FND29.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND29.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND2A.NFI=>(Quarantine-PE)
Infected with: Trojan.Downloader.Adload.EM

C:\Program Files\ESET\cache\FND2A.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND2A.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND2B.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Infected with: Backdoor.Sdbot.BGW

C:\Program Files\ESET\cache\FND2B.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Disinfection failed

C:\Program Files\ESET\cache\FND2B.NFI=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Deleted

C:\Program Files\ESET\cache\FND2B.NFI=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\cache\FND2D.NFI=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Purityad.BP

C:\Program Files\ESET\cache\FND2D.NFI=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Disinfection failed

C:\Program Files\ESET\cache\FND2D.NFI=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Deleted

C:\Program Files\ESET\cache\FND2D.NFI=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\Program Files\ESET\cache\FND2E.NFI=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Purityad.BP

C:\Program Files\ESET\cache\FND2E.NFI=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Disinfection failed

C:\Program Files\ESET\cache\FND2E.NFI=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Deleted

C:\Program Files\ESET\cache\FND2E.NFI=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\Program Files\ESET\cache\FND2F.NFI=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Purityad.BP

C:\Program Files\ESET\cache\FND2F.NFI=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Disinfection failed

C:\Program Files\ESET\cache\FND2F.NFI=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Deleted

C:\Program Files\ESET\cache\FND2F.NFI=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\Program Files\ESET\cache\FND31.NFI=>(Quarantine-PE)
Infected with: Trojan.Downloader.Adload.CO

C:\Program Files\ESET\cache\FND31.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND31.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND32.NFI=>(Quarantine-PE)
Infected with: Trojan.Downloader.Adload.CO

C:\Program Files\ESET\cache\FND32.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND32.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND36.NFI=>(Quarantine-PE)
Infected with: Trojan.Downloader.Adload.EM

C:\Program Files\ESET\cache\FND36.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND36.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND38.NFI=>(Quarantine-PE)
Infected with: Trojan.Downloader.Adload.CO

C:\Program Files\ESET\cache\FND38.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND38.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND3E.NFI=>(Quarantine-PE)
Infected with: MemScan:Trojan.Vundo.K

C:\Program Files\ESET\cache\FND3E.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND3E.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND3F.NFI=>(Quarantine-PE)
Infected with: MemScan:Trojan.Vundo.K

C:\Program Files\ESET\cache\FND3F.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND3F.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND40.NFI
Infected with: Exploit.Win32.WMF-PFV.B

C:\Program Files\ESET\cache\FND40.NFI
Disinfection failed

C:\Program Files\ESET\cache\FND40.NFI
Deleted

C:\Program Files\ESET\cache\FND41.NFI=>(Quarantine-PE)
Infected with: Generic.Malware.SYd!dld.EBEEABD9

C:\Program Files\ESET\cache\FND41.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND41.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND43.NFI=>(Quarantine-PE)
Infected with: Trojan.Dialer.Premium

C:\Program Files\ESET\cache\FND43.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND43.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND4B.NFI=>(Quarantine-PE)=>(Embedded EXE o)
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Program Files\ESET\cache\FND4B.NFI=>(Quarantine-PE)=>(Embedded EXE o)
Disinfection failed

C:\Program Files\ESET\cache\FND4B.NFI=>(Quarantine-PE)=>(Embedded EXE o)
Deleted

C:\Program Files\ESET\cache\FND4B.NFI=>(Quarantine-PE)
Update failed

C:\Program Files\ESET\cache\FND4C.NFI=>(Quarantine-PE)
Infected with: Trojan.Startpage.AHA

C:\Program Files\ESET\cache\FND4C.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND4C.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND4D.NFI=>(Quarantine-PE)
Infected with: Trojan.Keylogg.B

C:\Program Files\ESET\cache\FND4D.NFI=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\cache\FND4D.NFI=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\cache\FND4E.NFI=>(Quarantine-PE)=>(Embedded EXE r)
Infected with: Generic.Zlob.D184E784

C:\Program Files\ESET\cache\FND4E.NFI=>(Quarantine-PE)=>(Embedded EXE r)
Disinfection failed

C:\Program Files\ESET\cache\FND4E.NFI=>(Quarantine-PE)=>(Embedded EXE r)
Deleted

C:\Program Files\ESET\cache\FND4E.NFI=>(Quarantine-PE)
Update failed

C:\Program Files\ESET\infected\TF23HXAA.NQF=>(Quarantine-PE)
Infected with: Generic.Zlob.D184E784

C:\Program Files\ESET\infected\TF23HXAA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\TF23HXAA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\WSYFABDA.NQF=>(Quarantine-PE)
Infected with: Generic.Zlob.D184E784

C:\Program Files\ESET\infected\WSYFABDA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\WSYFABDA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\2TKAD4AA.NQF=>(Quarantine-PE)
Infected with: Trojan.Dialer.GBDialer.A

C:\Program Files\ESET\infected\2TKAD4AA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\2TKAD4AA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\Q0L40DCA.NQF=>(Quarantine-PE)
Infected with: Trojan.Dialer.GBDialer.A

C:\Program Files\ESET\infected\Q0L40DCA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\Q0L40DCA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\1XEWB5BA.NQF=>(Quarantine-PE)
Infected with: Trojan.Downloader.VB.YV

C:\Program Files\ESET\infected\1XEWB5BA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\1XEWB5BA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\ER5FWIDA.NQF=>(Quarantine-PE)
Infected with: Trojan.Downloader.VB.YV

C:\Program Files\ESET\infected\ER5FWIDA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\ER5FWIDA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\SMTXDMAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Infected with: Backdoor.Sdbot.BGW

C:\Program Files\ESET\infected\SMTXDMAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Disinfection failed

C:\Program Files\ESET\infected\SMTXDMAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Deleted

C:\Program Files\ESET\infected\SMTXDMAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\infected\XT0CBTBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Infected with: Backdoor.Sdbot.BGW

C:\Program Files\ESET\infected\XT0CBTBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Disinfection failed

C:\Program Files\ESET\infected\XT0CBTBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Deleted

C:\Program Files\ESET\infected\XT0CBTBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\infected\NMD5SYDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Infected with: Backdoor.Sdbot.BGW

C:\Program Files\ESET\infected\NMD5SYDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Disinfection failed

C:\Program Files\ESET\infected\NMD5SYDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Deleted

C:\Program Files\ESET\infected\NMD5SYDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\infected\G32M5YDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Infected with: Backdoor.Sdbot.BGW

C:\Program Files\ESET\infected\G32M5YDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Disinfection failed

C:\Program Files\ESET\infected\G32M5YDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Deleted

C:\Program Files\ESET\infected\G32M5YDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\infected\5VC4CPCA.NQF=>(Quarantine-PE)
Infected with: Trojan.Downloader.Adload.EM

C:\Program Files\ESET\infected\5VC4CPCA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\5VC4CPCA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\OUAPWICA.NQF=>(Quarantine-PE)
Infected with: Trojan.Downloader.Adload.EM

C:\Program Files\ESET\infected\OUAPWICA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\OUAPWICA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\V0RAEUBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Infected with: Backdoor.Sdbot.BGW

C:\Program Files\ESET\infected\V0RAEUBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Disinfection failed

C:\Program Files\ESET\infected\V0RAEUBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>dev.exe
Deleted

C:\Program Files\ESET\infected\V0RAEUBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\infected\GUF325CA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Purityad.BP

C:\Program Files\ESET\infected\GUF325CA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Disinfection failed

C:\Program Files\ESET\infected\GUF325CA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Deleted

C:\Program Files\ESET\infected\GUF325CA.NQF=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\Program Files\ESET\infected\DEXTYTBA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Purityad.BP

C:\Program Files\ESET\infected\DEXTYTBA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Disinfection failed

C:\Program Files\ESET\infected\DEXTYTBA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Deleted

C:\Program Files\ESET\infected\DEXTYTBA.NQF=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\Program Files\ESET\infected\OTOK1FDA.NQF=>(Quarantine-PE)
Infected with: Trojan.Downloader.Adload.CO

C:\Program Files\ESET\infected\OTOK1FDA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\OTOK1FDA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\NCZ04CAA.NQF=>(Quarantine-PE)
Infected with: Trojan.Downloader.Adload.EM

C:\Program Files\ESET\infected\NCZ04CAA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\NCZ04CAA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\FAY3KAAA.NQF=>(Quarantine-PE)
Infected with: Trojan.Downloader.Adload.CO

C:\Program Files\ESET\infected\FAY3KAAA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\FAY3KAAA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\XOIOYRDA.NQF=>(Quarantine-PE)
Infected with: MemScan:Trojan.Vundo.K

C:\Program Files\ESET\infected\XOIOYRDA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\XOIOYRDA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\VJA5FPDA.NQF=>(Quarantine-PE)=>(Embedded EXE o)
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Program Files\ESET\infected\VJA5FPDA.NQF=>(Quarantine-PE)=>(Embedded EXE o)
Disinfection failed

C:\Program Files\ESET\infected\VJA5FPDA.NQF=>(Quarantine-PE)=>(Embedded EXE o)
Deleted

C:\Program Files\ESET\infected\VJA5FPDA.NQF=>(Quarantine-PE)
Update failed

C:\Program Files\ESET\infected\X2QLTGBA.NQF=>(Quarantine-PE)
Infected with: Trojan.Startpage.AHA

C:\Program Files\ESET\infected\X2QLTGBA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\X2QLTGBA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\TMFNAQAA.NQF=>(Quarantine-PE)
Infected with: Trojan.Keylogg.B

C:\Program Files\ESET\infected\TMFNAQAA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\TMFNAQAA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\SGLQTYCA.NQF=>(Quarantine-PE)=>(Embedded EXE r)
Infected with: Generic.Zlob.D184E784

C:\Program Files\ESET\infected\SGLQTYCA.NQF=>(Quarantine-PE)=>(Embedded EXE r)
Disinfection failed

C:\Program Files\ESET\infected\SGLQTYCA.NQF=>(Quarantine-PE)=>(Embedded EXE r)
Deleted

C:\Program Files\ESET\infected\SGLQTYCA.NQF=>(Quarantine-PE)
Update failed

C:\Program Files\ESET\infected\BFMAN1CA.NQF=>(Quarantine-PE)
Infected with: Dropped:Trojan.Clicker.Small.JF

C:\Program Files\ESET\infected\BFMAN1CA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\BFMAN1CA.NQF=>(Quarantine-PE)
Deleted

C:\WINDOWS\system32\winfbn32.dll
Infected with: Trojan.Klone.H

C:\WINDOWS\system32\winfbn32.dll
Disinfection failed

C:\WINDOWS\system32\winfbn32.dll
Delete failed

C:\Documents and Settings\Ron\Local Settings\Temp\mst6A1.tmp
Infected with: Trojan.Klone.H

C:\Documents and Settings\Ron\Local Settings\Temp\mst6A1.tmp
Disinfection failed

C:\Documents and Settings\Ron\Local Settings\Temp\mst6A1.tmp
Deleted

C:\Documents and Settings\Ron\Local Settings\Temp\mst6E5.tmp
Infected with: Trojan.Agent.TEX

C:\Documents and Settings\Ron\Local Settings\Temp\mst6E5.tmp
Disinfection failed

C:\Documents and Settings\Ron\Local Settings\Temp\mst6E5.tmp
Deleted

C:\Documents and Settings\Ron\Local Settings\Temp\mst7C3.tmp
Infected with: Trojan.Klone.H

C:\Documents and Settings\Ron\Local Settings\Temp\mst7C3.tmp
Disinfection failed

C:\Documents and Settings\Ron\Local Settings\Temp\mst7C3.tmp
Deleted

C:\Documents and Settings\Ron\Local Settings\Temp\mst86F.tmp
Infected with: Trojan.Klone.H

C:\Documents and Settings\Ron\Local Settings\Temp\mst86F.tmp
Disinfection failed

C:\Documents and Settings\Ron\Local Settings\Temp\mst86F.tmp
Deleted

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP325\A0329489.0xe
Infected with: Generic.Kelvir.4C25F383

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP325\A0329489.0xe
Disinfection failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP325\A0329489.0xe
Deleted

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP325\A0329513.0xe
Infected with: Generic.Kelvir.AF95E971

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP325\A0329513.0xe
Disinfection failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP325\A0329513.0xe
Deleted

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP326\A0329587.0xe
Infected with: Generic.Kelvir.704BA102

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP326\A0329587.0xe
Disinfection failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP326\A0329587.0xe
Deleted

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP326\A0330586.0xe
Infected with: Generic.Kelvir.7C576DFC

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP326\A0330586.0xe
Disinfection failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP326\A0330586.0xe
Deleted

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP326\A0331619.0XE
Infected with: Generic.Kelvir.7C576DFC

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP326\A0331619.0XE
Disinfection failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP326\A0331619.0XE
Deleted

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335039.exe
Infected with: Dropped:Trojan.Downloader.Purityscan.U

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335039.exe
Disinfection failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335039.exe
Deleted

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335041.exe
Detected with: Adware.BHO.HotWebFinder.A

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335041.exe
Disinfection failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335041.exe
Deleted

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335042.exe
Infected with: Trojan.Downloader.Agent.35

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335042.exe
Disinfection failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335042.exe
Deleted

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335043.exe
Infected with: Trojan.Downloader.Agent.35

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335043.exe
Disinfection failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335043.exe
Deleted

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335044.dll
Detected with: Application.Keylog.Perfect.A

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335044.dll
Disinfection failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP336\A0335044.dll
Deleted

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP339\A0336468.exe
Infected with: Generic.Kelvir.7C576DFC

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP339\A0336468.exe
Disinfection failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP339\A0336468.exe
Deleted

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP339\A0336471.exe=>(Embedded EXE r)
Infected with: Generic.Zlob.D184E784

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP339\A0336471.exe=>(Embedded EXE r)
Disinfection failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP339\A0336471.exe=>(Embedded EXE r)
Deleted

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP339\A0336471.exe
Update failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP339\A0336476.exe
Infected with: Dropped:Trojan.Clicker.Small.JF

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP339\A0336476.exe
Disinfection failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP339\A0336476.exe
Deleted

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP339\A0336477.exe
Infected with: Generic.Kelvir.D7EC1CC8

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP339\A0336477.exe
Disinfection failed

C:\System Volume Information\_restore{ED662EF8-5340-471F-A9F1-1DFF99F8C52E}\RP339\A0336477.exe
Deleted

C:\FOUND.062\FILE0099.CHK
Infected with: Exploit.ADODB.Stream.AK

C:\FOUND.062\FILE0099.CHK
Disinfection failed

C:\FOUND.062\FILE0099.CHK
Deleted

C:\b.0xe
Infected with: Generic.Kelvir.7C576DFC

C:\b.0xe
Disinfection failed

C:\b.0xe
Deleted

jmoney3457 · October 2006

whoa, a lot of hidden nasties bitdefender deleted..that's good, your computer must be running somewhat better now.. is it? also please post new hjt log

Dr.Plimp · October 2006

no probs, yes it is running better, heres the log:

Logfile of HijackThis v1.99.1
Scan saved at 19:47:47, on 13/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Virgin Net Broadband\Dragdiag.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\Update.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\cool.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
O2 - BHO: (no name) - {2B5E25BC-C1B2-92D8-02F0-081D435BC4F0} - C:\WINDOWS\System32\mmzarpe.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\MyToolBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\MyToolBar.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [licli] li.exe
O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ovuflnf.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ovuflnf.dll,onbcyhg
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinnsaw.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135536079530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141675849131
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5F1AECF-E388-4E34-95D2-CA9D09422A48}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\enjql1151.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\ir4ql5h51.dll (file missing)
O20 - Winlogon Notify: winfbn32 - C:\WINDOWS\SYSTEM32\winfbn32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

jmoney3457 · October 2006

that's good..please fix *check* the following lines in HJT (make sure no windows except hjt are open):R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
O2 - BHO: (no name) - {2B5E25BC-C1B2-92D8-02F0-081D435BC4F0} - C:\WINDOWS\System32\mmzarpe.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\MyToolBar.dll
O4 - HKLM\..\Run: [licli] li.exe
O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe
O4 - HKLM\..\Run: [ovuflnf.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ovuflnf.dll,onbcyhg
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\enjql1151.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\ir4ql5h51.dll (file missing)
O20 - Winlogon Notify: winfbn32 - C:\WINDOWS\SYSTEM32\winfbn32.dll
then reboot and run this removal tool-->http://securityresponse.symantec.com/avcenter/FixAbwiz.exe let me know if it found and removed the trojan it targets and also post new hjt log

Dr.Plimp · October 2006

i did the symantec scan and it found no trojan.abwiz (I think that is what it was after)...not sure if that is bad or good, but heres another hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 18:04:24, on 15/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Virgin Net Broadband\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\Update.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
O2 - BHO: (no name) - {2B5E25BC-C1B2-92D8-02F0-081D435BC4F0} - C:\WINDOWS\System32\mmzarpe.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\MyToolBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\MyToolBar.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [licli] li.exe
O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ovuflnf.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ovuflnf.dll,onbcyhg
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinnsaw.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135536079530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141675849131
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\enjql1151.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\ir4ql5h51.dll (file missing)
O20 - Winlogon Notify: winfbn32 - C:\WINDOWS\SYSTEM32\winfbn32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

jmoney3457 · October 2006

please fix these lines in hjt-->O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\enjql1151.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\ir4ql5h51.dll (file missing) reboot and post new log along with how the pc is now

Dr.Plimp · October 2006

have done, here u go.... the pc is running fine, not much difference really but no virus pop-ups or nothing.

Logfile of HijackThis v1.99.1
Scan saved at 18:44:23, on 16/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Virgin Net Broadband\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\Update.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
O2 - BHO: (no name) - {2B5E25BC-C1B2-92D8-02F0-081D435BC4F0} - C:\WINDOWS\System32\mmzarpe.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\MyToolBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3B1B130D-038C-1033-0921-00050802002c}\MyToolBar.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [licli] li.exe
O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ovuflnf.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ovuflnf.dll,onbcyhg
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinnsaw.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135536079530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141675849131
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5F1AECF-E388-4E34-95D2-CA9D09422A48}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winfbn32 - C:\WINDOWS\SYSTEM32\winfbn32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

jmoney3457 · October 2006

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

* ClickStart.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.

On the Desktop, right-clickMy Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.

On the Desktop, right-clickMy Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard to catch and block spyware before it can execute.
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 3 free ones available for personal use:

and a good antivirus (these are also free for personal use):

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

Microsoft Windows Update

monthly. And to keep your system clean run these free malware scanners

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day & i'll mark this resolved and close it:)

That Damn toolbar 888 virus....[solved]

Comments