Ok went through it all. Here is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 3:39:27 AM, on 12/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\PROGRA~1\COMMON~1\AOL\113154~1\EE\AOLHOS~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\113154~1\EE\AOLServiceHost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\abc\Desktop\hijackthis\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131541680\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
http://www.symantec....rl/LSSupCtl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1133654646174O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec....rl/SymAData.cabO23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
Here is the ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 3:05:52 AM, 12/10/2005
+ Report-Checksum: 57264082
+ Scan result:
C:\WINDOWS\__delete_on_reboot__q324666.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286273.exe -> Worm.Bagle.ep : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286274.exe -> Worm.Bagle.ep : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286275.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286276.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286277.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286278.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286279.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286280.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286241.exe -> Trojan.LowZones.df : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286242.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286243.exe -> Worm.Bagle.ep : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286244.dll -> Dialer.Generic : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286245.exe -> Worm.Bagle.cm : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286246.exe -> Worm.Bagle.cl : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286247.exe/(-).cpl -> Worm.Bagle.cr : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286248.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286249.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286250.exe -> Worm.Bagle.dw : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286251.exe -> Worm.Bagle.pac : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286252.dll -> Logger.Agent.hn : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286253.dll -> Logger.Agent.hn : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286254.dll -> Logger.Agent.hn : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286255.dll -> Logger.Agent.hn : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286256.dll -> Logger.Agent.hn : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286257.dll -> Logger.Agent.hn : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286258.dll -> Logger.Agent.hn : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286259.dll -> Logger.Agent.hn : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286260.dll -> Logger.Agent.hn : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286261.dll -> Logger.Agent.hn : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286262.exe -> Worm.Bagle.pac : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286263.exe -> Worm.Bagle.dw : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286264.exe -> Worm.Bagle.dw : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286265.exe -> Worm.Bagle.pac : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286266.exe -> Worm.Bagle.pac : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286267.exe -> Worm.Bagle.pac : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286268.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286269.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286270.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286271.exe -> Worm.Bagle.ep : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286272.exe -> Worm.Bagle.ep : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286281.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286282.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286283.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286284.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286285.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286286.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286287.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286288.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286289.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286290.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286291.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286292.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286293.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286294.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286295.exe -> Dropper.Agent.ki : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286296.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286297.exe -> Trojan.LowZones.df : Cleaned with backup
C:\System Volume Information\_restore{9D8240D8-67BD-4EC0-BBCA-87A18B37768A}\RP73\A0286327.dll -> Spyware.Virtumonde : Cleaned with backup
::Report End
Here is the activescan log:
Incident Status Location
Dialer:dialer.cso Not disinfected HKEY_CLASSES_ROOT\CCACCESS.CHECKCONTROL
Virus:W32/Bagle.FD.worm Not disinfected C:\FOUND.087\FILE0002.CHK
Virus:W32/Bagle.FD.worm Not disinfected C:\FOUND.087\FILE0003.CHK
Virus:W32/Bagle.FD.worm Not disinfected C:\FOUND.051\FILE0000.CHK
Virus:W32/Bagle.FD.worm Not disinfected C:\FOUND.051\FILE0001.CHK
Virus:W32/Bagle.FD.worm Not disinfected C:\FOUND.069\FILE0002.CHK
Virus:W32/Bagle.FD.worm Not disinfected C:\FOUND.088\FILE0002.CHK
Virus:W32/Bagle.FD.worm Not disinfected C:\FOUND.088\FILE0003.CHK
Virus:W32/Bagle.FD.worm Not disinfected C:\FOUND.089\FILE0024.CHK
Virus:W32/Bagle.FD.worm Not disinfected C:\FOUND.089\FILE0025.CHK
Looks like there is something left.