7 viruses?

[kotain]

Im pretty lost on what to do, hope you guys can help me.  Im running windows XP Pro.  These are the Identified Virus names and their location according to Avast.  Also have the Hijackthis logfile posted below.  Thanks for any help

Win32:Trojano-803 [Trj]

Win32:DyfucDldr-Z [Trj]-
 C:\Documents and Settings\K O'Tain\Local Settings\Temporary Internet Files\Content.IE5\O581U30X\optimize[1].exe

C:\DOCUME~1\KO'TAI~1\LOCALS~1\Temp\optimize.exe

Win32:Trojan-gen. {Other}
C:\Documents and Settings\K O'Tain\Local Settings\Temporary Internet Files\Content.IE5\XPZRS2L4\sidefind13[1].dll

Win32:Trojan-gen. {UPX!}

Win32:Istdnldr-Y [Trj]- C:\DOCUME~1\KO'TAI~1\LOCALS~1\Temp\vnccyxe.exe

Win32:Adan-024 [Adw]- C:\Documents and Settings\K O'Tain\Local Settings\Temporary Internet Files\Content.IE5\O10R0V8R\sfbho13[1].dll

C:\Program Files\SideFind\sfbho.dll

C:\WINDOWS\system32\Djvvlz.exe

Win32:Adan-060 [Adw]

C:\Documents and Settings\K O'Tain\Local Settings\Temporary Internet Files\Content.IE5\XPZRS2L4\bb[1].exe

Win32:Adan-021 [Adw]
C:\Documents and Settings\K O'Tain\Local Settings\Temporary Internet Files\Content.IE5\O10R0V8R\cmctl[1].dll\[UPX]



Scan saved at 1:33:05 PM, on 6/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\12Ghosts\12popup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamespot.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.gamespot.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: 12Ghosts Popup-Killer - {00000000-0007-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - Startup: 12Ghosts Popup-Killer.lnk = C:\Program Files\12Ghosts\12popup.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

[xistenz]

Hi kotain,

run through all the links in my signature below (especially the spyware scan - p2pnetworking.exe is spyware/adware).
Here is an online analysis of your logfile: http://hijackthis.de/logfiles/32e43f2a505332b4baf030e88adc0d5b.html (valid for three days only) (Ignore the 023 references to avast. Its a glitch in the hijackthis program)

If you have kazaa, try to remove it first before doing any of the above mentioned.

[DavidR]

1. Clear your temporary Internet Files (cache).
2. Disable system restore.
3. Schedule boot-time scan in avast's menu (or try the 'Schedule Boot-Time Scan' using RejZoR's AEC avast! External Control Tool

Fix the entries suggested in the on-line analysis link xistenz gave you.

Win32:Adan can be a little perssitant, there may be files that regenerate it.

[MFB]

Did you send these viruses to the Virus Chest?  Recommend sending them to the chest rather than deleting them.  I see your using Internet Explorer as your web browser, you should get Firefox or Opera instead to improve security over the internet. 

Mozilla Firefox: http://www.mozilla.org/

Opera: http://www.opera.com/

I'm giving you two common web browsers since there are more web browsers that are more secured than IE.

[kotain]

Xistenz I ran through all of the links in at the bottom of your post, I used the Hijackthis and cleared the files.  DavindR I cleared all temp files several times. Did the boot time scan.  Even found the files manually highlighted them and clicked delete.  FIXER, i used the Send to virus chest instead of trying to delete.  I also already have Firefox, i just dont use it much.

Unfortunatly it shows that the files are still on there. :'( Any more thoughts?

[MFB]

Xistenz I ran through all of the links in at the bottom of your post, I used the Hijackthis and cleared the files.  DavindR I cleared all temp files several times. Did the boot time scan.  Even found the files manually highlighted them and clicked delete.  FIXER, i used the Send to virus chest instead of trying to delete.  I also already have Firefox, i just dont use it much.

Unfortunatly it shows that the files are still on there. :'( Any more thoughts?

One more question, is your system restore disable?  If not, disable it and do another boot scan after restart.

[kotain]

If i disable system restore will this in any way create the possibility that i would loose files if i had to restore?  Because i have some very important files that I cant have disappear if i have to restore.  Also ive done several Ad-aware scans and removals, as well as X-cleaner and Ccleaner and everytime they find something and deletes it, it comes back?

I will try the system restore thing if i know theres no chance of loosing anything important. Thanks for the help

[Lisandro]

If you disable system restore and your computer is working you won't loose 'important files' as it just backup old system and drivers files.
There is no other possibility of getting rid of virus infections on folder C:\system volume information.
After being clean, you can enable the system restore feature again.
In fact, I never believe this feature that much. I do believe in backup. If you have important files, you must backup them and not trust in system restore.

[kotain]

I disabled system restore and did the boot time scan and the virus still showed up and i cant get rid of it.  Most of the viruses have been eliminated except for the Trojano's and the other Trojan-gen.  They seem to pop up and spawn the others. yet i cant get rid of them.  HELP?!?!? Thanks

[polonus]

Hi kotain,

After you got rid of the virus, and your system is clean. Read what our DavidR has to say in this thread http://forum.avast.com/index.php?topic=14024.0 to you about dropping rights while surfing. P2P is lively dangerous on the net, it is the way to get additional crap viruses and malware, even when you protect yourself with programs like PeerGuard etc. It is just like in real life, when you go into a dark alley at night, you run a greater risk of being clubbed over the head. Safe surfing habits, updated OS and realtime protection is the best way to go. We all come to this forum to learn, and we all made these mistakes in the past. This is the place to come and get educated on safe practices.

Have a nice virus- and malware free day,

polonus