I've been getting many popups from AVG telling me my computer's infested with several trojans. And so I ran AVG, but they cant do anything about it. It wont even let me send it to the Virus Vault. I tried online virus scanners such as Panda and Housecalls, but they dont find anything. i ve also checked with Adaware and i got rid of almost everything it came up with but the viruses havent gone away
Here's what AVG came up and my hijack log is below it
Results of Complete Test, date and time 9/11/2004 17:37:59 :
Testing C:\ volume PRESARIO serial 64D7-0EAD
C:\HIBERFIL.SYS Cannot open; not checked!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\IDB\APP9640.LST Cannot open; not checked!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\IDB\APP9712.LST Cannot open; not checked!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\IDB\APP9762.LST Cannot open; not checked!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\IDB\APPS.LST Cannot open; not checked!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\IDB\MAIN.IDX Cannot open; not checked!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\IDB\SPOOL.LST Cannot open; not checked!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\IDB\STYLE.LST Cannot open; not checked!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\IDB\SYSNEWS.LST Cannot open; not checked!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\IDB\TOOLBAR.LST Cannot open; not checked!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ORGANIZE\ukchildholla Cannot open; not checked!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ORGANIZE\CACHE\ukchildhol00 Cannot open; not checked!
C:\Documents and Settings\LocalService\NTUSER.DAT Cannot open; not checked!
C:\Documents and Settings\LocalService\ntuser.dat.LOG Cannot open; not checked!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
C:\Documents and Settings\Owner.YOUR-N3TY7ATHD5\NTUSER.DAT Cannot open; not checked!
C:\Documents and Settings\Owner.YOUR-N3TY7ATHD5\NTUSER.DAT.LOG Cannot open; not checked!
C:\Documents and Settings\Owner.YOUR-N3TY7ATHD5\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
C:\Documents and Settings\Owner.YOUR-N3TY7ATHD5\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
C:\Documents and Settings\Owner.YOUR-N3TY7ATHD5\Local Settings\TEMP\Installer2.exe Trojan horse Dropper.Delf.3.L
C:\Documents and Settings\Owner.YOUR-N3TY7ATHD5\Local Settings\TEMP\ISTSVC.EXE Trojan horse Downloader.Istbar.4.AO
C:\Documents and Settings\Owner.YOUR-N3TY7ATHD5\Local Settings\TEMP\SIDEFIND.EXE Trojan horse Downloader.Istbar.4.AD
C:\Documents and Settings\Owner.YOUR-N3TY7ATHD5\Local Settings\TEMP\THI1774.TMP\POLALL1L.EXE Trojan horse Downloader.Agent.AS
C:\Documents and Settings\Owner.YOUR-N3TY7ATHD5\Local Settings\TEMP\THI2795.TMP\POLALL1L.EXE Trojan horse Downloader.Agent.AS
C:\Documents and Settings\Owner.YOUR-N3TY7ATHD5\Local Settings\TEMP\THI2ACE.TMP\POLALL1L.EXE Trojan horse Downloader.Agent.AS
C:\Documents and Settings\Owner.YOUR-N3TY7ATHD5\Local Settings\Temporary Internet Files\CONTENT.IE5\4B8NMTWF\nem219[1].dll Trojan horse Downloader.Dyfica.2.AA
C:\Documents and Settings\Owner.YOUR-N3TY7ATHD5\Local Settings\Temporary Internet Files\CONTENT.IE5\CPA3WHMB\istsvc[1].exe Trojan horse Downloader.Istbar.4.AO
C:\Documents and Settings\Owner.YOUR-N3TY7ATHD5\Local Settings\Temporary Internet Files\CONTENT.IE5\U3KD69CJ\sidefind[1].exe Trojan horse Downloader.Istbar.4.AD
C:\Documents and Settings\Owner.YOUR-N3TY7ATHD5\Local Settings\Temporary Internet Files\CONTENT.IE5\UJS7U32H\bdl14122[1].exe Trojan horse Revop.C
C:\Program Files\Common Files\UPDMGR\SIMGR.EXE Trojan horse Downloader.Keenval.C
C:\Program Files\WON\FLIPWebLog.txt Cannot open; not checked!
C:\Program Files\WON\WONPLAY\WONLOG.TXT Cannot open; not checked!
C:\WINDOWS\2_0_1browserhelper2.dll Trojan horse Clicker.AJ
C:\WINDOWS\SYSTEM32\DP807615.EXE Trojan horse Downloader.Lalus.A
C:\WINDOWS\SYSTEM32\TVM_B5.EXE Trojan horse Dropper.Small.5.BP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Cannot open; not checked!
Testing D:\ volume PRESARIO_RP serial 3C7C-5E5C
Test finished, duration 00:46:39.3 s
33929 objects tested, 14 found infected
Logfile of HijackThis v1.98.2
Scan saved at 7:09:33 PM, on 9/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\PROGRA~1\Save\Save.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\PROGRA~1\WEATHE~1\Weather.exe
C:\WINDOWS\system32\mshearts.exe
C:\DOCUME~1\OWNER~1.YOU\Desktop\MONOPO~1.EXE
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Grisoft\AVG6\avgw.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijcak\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jokersupdates.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM32\winb2s32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q
O4 - HKCU\..\Run: [Monopoly3.exe] C:\DOCUME~1\OWNER~1.YOU\Desktop\MONOPO~1.EXE /r
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://chat.privatef...000/java/cr.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo...g-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pog...n-ob-assets.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.co...pside_web18.cab
O16 - DPF: {18871EA7-1B30-46DE-9283-E96E707492BA} (Playcom_ATL_Object Class) - http://leela.vide.se...com/Playcom.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://62.39.141.135...cherControl.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00E464C2-FA6C-4D63-941C-FC881D98FAC0}: NameServer = 205.188.146.146
I'd be very thankful and so relieved!
tks in advance