i would like to give more info but my browser keeps closeing down on me thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:50 AM, on 2/20/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\gsdfr5yhgjng.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\xInsIDE\xInsIDE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: 0 - {065639B6-E1AE-4F39-039E-ED448A115021} - C:\Program Files\MSN\lavuqaj48.dll (file missing)
O2 - BHO: (no name) - {8EE4E8F7-679F-47A9-97B7-00B18F3451BA} - C:\WINDOWS\System32\cmpbk3.dll
O2 - BHO: (no name) - {C415010D-9BF9-4EB6-B500-33D373FD535D} - C:\Program Files\Online Services\naqudan89104.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Igc] C:\WINDOWS\??sembly\n?tdde.exe
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO21 - SSODL: Sysosavi - {5565E69B-A763-4AB7-86FA-7DEE64B1269B} - C:\WINDOWS\System32\liboheng.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 3512 bytes
AntiVir PersonalEdition Classic
Report file date: Wednesday, February 20, 2008 09:44
Scanning for 1118258 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: SYSTEM
Computer name: NONE-IN6FRH4HL5
Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 19:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 18:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 21:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 18:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 20:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 12/14/2007 14:44:00
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2/8/2008 14:44:00
ANTIVIR3.VDF : 7.0.2.167 305664 Bytes 2/20/2008 14:44:00
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 2/20/2008 14:44:00
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 16:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 13:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 19:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2/20/2008 14:44:00
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 13:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 18:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 13:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 17:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 18:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 18:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 15:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Wednesday, February 20, 2008 09:44
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'WasherSvc.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
22 processes with 22 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '20' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\2892gazvkyoa[1].exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\CA3T1ZD3.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[INFO] The file was moved to '47ef3e5b.qua'!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\CANZL5P1.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[INFO] The file was moved to '480a3e5c.qua'!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\CA43Q7KV.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[INFO] The file was moved to '47f03e63.qua'!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\tk58[1].exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[INFO] The file was deleted!
C:\Program Files\MSN\lavuqaj.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\Program Files\MSN\lavuqaj33.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\Program Files\MSN\lavuqaj48.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\Program Files\MSN\lavuqaj888.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\QooBox\Quarantine\catchme2008-02-17_102247.25.zip
[0] Archive type: ZIP
--> pmnnl.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> pmnnl.dll.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> yayyaaa.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\catchme2008-02-19_100308.29.zip
[0] Archive type: ZIP
--> ddcca.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> ddcca.dll.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\Program Files\MSN\lavuqaj.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\Program Files\MSN\lavuqaj10.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\Program Files\MSN\lavuqaj43.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\Program Files\MSN\lavuqaj878.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\Program Files\Temporary\InsiDERIns.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.fow.2
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\amFtZXM\command.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Banbra.df.199
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcca.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\fccayyv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\opnkjhi.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnnl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvvvvv.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\yayyaaa.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\a1\tliamdll2.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.CWS.gen.2
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\nGpxx01\nGpxx011065.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.cgu.2
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\p9\liopud89104.exe.vir
[DETECTION] Contains detection pattern of the dropper DR/TTC.D
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\SSTEM~1\dllhost.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ
[INFO] The file was deleted!
C:\System Volume Information\_restore{EDAF3163-403F-40F6-AC1F-D07563A12755}\RP2\A0000040.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\System Volume Information\_restore{EDAF3163-403F-40F6-AC1F-D07563A12755}\RP2\A0000041.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\System Volume Information\_restore{EDAF3163-403F-40F6-AC1F-D07563A12755}\RP2\A0000042.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\System Volume Information\_restore{EDAF3163-403F-40F6-AC1F-D07563A12755}\RP2\A0000043.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\WINDOWS\gfderygfh.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.VLG.36
[INFO] The file was deleted!
C:\WINDOWS\tk58.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[INFO] The file was deleted!
C:\WINDOWS\system32\cmpbk3.dll
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\hjjtgyg.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.VLG.36
[INFO] The file was deleted!
C:\WINDOWS\system32\lanmanwrk.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
End of the scan: Wednesday, February 20, 2008 10:08
Used time: 23:34 min
The scan has been done completely.
3220 Scanning directories
109165 Files were scanned
41 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
37 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
109124 Files not concerned
738 Archives were scanned
2 Warnings
0 Notes