0

ok i just got this virus on my comp..
i downloaded hijackthis..

heres my log..

Logfile of HijackThis v1.99.1
Scan saved at 9:54:47 PM, on 6/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\WINDOWS\System32\ctfmon.exe
c:\windows\system32\opuzoav.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
c:\windows\system32\rlvknlg.exe
C:\Program Files\Propel Accelerator\PropelAC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AudioOutpuT\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Propel Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [qpc] C:\WINDOWS\System32\qpc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [pkhflt] c:\windows\system32\opuzoav.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

...

can anyone help???..

thanks!!

2
Contributors
6
Replies
7
Views
12 Years
Discussion Span
Last Post by crunchie
0

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

0

the nailfix file doesn't work... i tried downloading it and running winzip but it keeps telling me "Cannot open file: it does not appear to be a valid archive"

0

thanks!
ok... here is the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:43:59 AM, on 6/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Propel Accelerator\PropelAC.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll (file missing)
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Propel Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [vgbnbdl] c:\windows\system32\mgoqbcw.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

0

ok.. i'm not sure if i posted the right one... so here it is again... just incase:

Logfile of HijackThis v1.99.1
Scan saved at 3:48:52 AM, on 6/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Propel Accelerator\PropelAC.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll (file missing)
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Propel Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [vgbnbdl] c:\windows\system32\mgoqbcw.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe


and here is the log from the ewido scan:


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------


+ Created on:           3:36:25 AM, 6/23/2005
+ Report-Checksum:      91420D6B


+ Date of database:     6/23/2005
+ Version of scan engine:   v3.0


+ Duration:             26 min
+ Scanned Files:            75184
+ Speed:                47.34 Files/Second
+ Infected files:           94
+ Removed files:            94
+ Files put in quarantine:      94
+ Files that could not be opened:   0
+ Files that could not be cleaned:  0


+ Binder:       Yes
+ Crypter:      Yes
+ Archives:     Yes


+ Scanned items:
C:\
D:\


+ Scan result:
C:\WINDOWS\system32\epx30104.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\kgzr.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\epx30105.exe -> TrojanDownloader.Lastad.p -> Cleaned with backup
C:\WINDOWS\system32\WinStat12.dll -> Spyware.Winsta -> Cleaned with backup
C:\WINDOWS\system32\qpc.exe -> TrojanDownloader.Lastad.p -> Cleaned with backup
C:\WINDOWS\system32\qpcaeg05.dll -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\EPXActiveX.ocx -> Spyware.Winsta -> Cleaned with backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\Documents and Settings\AudioOutpuT\Local Settings\Temp\toc_0036.exe -> TrojanDownloader.Agent.jq -> Cleaned with backup
C:\Documents and Settings\AudioOutpuT\Local Settings\Temp\toc_0035.exe -> TrojanDownloader.Agent.jq -> Cleaned with backup
C:\Documents and Settings\AudioOutpuT\Local Settings\Temp\1D2.tmp\thnall1a.exe -> Spyware.BetterInternet.f -> Cleaned with backup
C:\Documents and Settings\AudioOutpuT\Local Settings\Temporary Internet Files\Content.IE5\0TE3GDYV\aun_0036[1].exe -> TrojanDownloader.Small.akz -> Cleaned with backup
C:\Documents and Settings\AudioOutpuT\Cookies\audiooutput@atdmt[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\AudioOutpuT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-1994f8a3-32ed8afe.class -> Trojan.Byteverify -> Cleaned with backup
C:\Documents and Settings\AudioOutpuT\installer_MARKETING35.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> TrojanDownloader.Small.apm -> Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
C:\Program Files\NewDotNet\uninstall6_38.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP48\A0016184.exe -> TrojanDownloader.Small.apm -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP51\A0017283.exe -> TrojanDownloader.Small.apm -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP53\A0017401.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP54\A0017427.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP56\A0017558.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP56\A0017688.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP56\A0017717.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017725.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017736.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017744.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017753.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017754.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017761.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017774.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017775.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017785.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017807.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017808.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017824.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017853.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017861.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017862.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017872.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017874.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017887.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017888.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017894.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017909.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017921.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017932.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017939.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017956.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017967.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017969.EXE -> Spyware.NewDotNet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017980.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017991.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017992.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0017998.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0018010.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0018020.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP57\A0018021.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0018036.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0018045.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0018046.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0019031.EXE -> Spyware.RK -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0019036.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0019048.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0020035.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0020045.exe -> Spyware.RK -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0020047.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0020058.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0020147.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0020164.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0020207.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0020225.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0020238.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0020256.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0020279.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0020293.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0020307.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0021308.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP58\A0021309.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP59\A0021325.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP59\A0021330.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP59\A0022302.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP59\A0022303.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP59\A0022316.dll -> Trojan.Agent.db -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP59\A0022317.dll -> Spyware.Winsta -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP59\A0022337.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP59\A0022338.dll -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP59\A0022357.exe -> Spyware.RK -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP59\A0022361.dll -> Spyware.RK -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP59\A0022405.dll -> Spyware.NewDotNet -> Cleaned with backup
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP59\A0022410.exe -> Trojan.Nail -> Cleaned with backup



::Report End

Edited by happygeek: fixed formatting

0

You have some entries there that need removing.

===============

Go to Add/Remove programs and remove(uninstall) the following, if present:

NewDotNet

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Run HiJackThis, click "Scan", then check(tick) the following, if present:


O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll (file missing)
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll (file missing)

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [vgbnbdl] c:\windows\system32\mgoqbcw.exe r

O15 - Trusted Zone: http://www.neededware.com

O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab


Now, with all windows closed (including Internet Explorer) except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\PROGRA~1\NEWDOT~1

files...

c:\windows\system32\mgoqbcw.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

After rebooting, rescan with hijackthis and post back a new log. Let me know how everything goes.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.