Win32/heur virus found. Having problems with msn and IE 32bit

[fever]

I did a scan this morning and found the virus win32\heur which i deleted. Msn worked last night night and now its crashing all of the time. Also being effected is IE8 32 bit and links from e-mails which i have noticed.

heres the log i just run from HJT i am on windows vista 64bit and AVG picked up the virus it never finished the scan but i will do a full scan over night

I attached the log

 

[kimsland]

Logfile of HijackThis v1.99.1

HJT version too old

Please uninstall HJT fully
Then refer to this guide: New Preliminary Removal Instructions

 

[fever]

thanks for the quick responce ill update the thread as soon as i am done

so far i have completed steps 1,3,4,6 and currently running scans 4,5 and then 2

and then finish off with 7

 

[fever]

results from avg

Scan "Scan whole computer" was finished.
Infections found:;"2"
Infected objects removed or healed:;"2"
Not removed or healed:;"0"
Spyware found:;"4"
Spyware removed:;"4"
Not removed:;"0"
Warnings count:;"3"
Information count:;"0"
Scan started:;"04 September 2008, 01:37:49"
Scan finished:;"04 September 2008, 07:42:03 (6 hour(s) 4 minute(s) 13 second(s))"
Total object scanned:;"2775055"
User who launched the scan:;"Andy"

Infections
File;"Infection";"Result"
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00014e;"Trojan horse Downloader.FraudLoad.AE";"Moved to Virus Vault"
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00014e:\$JF\d100747.exe;"Trojan horse Downloader.FraudLoad.AE";"Moved to Virus Vault"

Spyware
File;"Infection";"Result"
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00015d;"Potentially harmful program HideExec.EV";"Moved to Virus Vault"
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00015d:\327882R2FWJFW\hidec.exe;"Potentially harmful program HideExec.EV";"Moved to Virus Vault"
C:\Users\Andy\Desktop\ComboFix.exe;"Potentially harmful program HideExec.EV";"Moved to Virus Vault"
C:\Users\Andy\Desktop\ComboFix.exe:\327882R2FWJFW\hidec.exe;"Potentially harmful program HideExec.EV";"Moved to Virus Vault"

Warnings
File;"Infection";"Result"
C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\wddsq1qt.default\cookies.txt;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\wddsq1qt.default\cookies.txt:\2o7.net.484dbb69;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\wddsq1qt.default\cookies.txt:\2o7.net.fb64e8ce;"Found Tracking cookie.2o7";"Potentially dangerous object"


another scan i did the day before

Infections
File;"Infection";"Result"
C:\Users\Andy\Documents\asus\Realtek_HDAudio_v6015506_vista.zip;"Virus found Win32/Heur";"Deleted"
C:\Users\Andy\Documents\asus\Realtek_HDAudio_v6015506_vista.zip:\Audio\Hotfix\Microsoft_Hotfix\WS03\HOTFIX-PTB.EXE;"Virus found Win32/Heur";"Deleted"

 

[kimsland]

aaCenter.exe:
To remove this go into task scheduler in windows vista and disable the ASUS ACPI service provider.
Daemon.exe or Daemon:
Virtual Daemon Manager task which is installed as a startup by Daemon Tools
msnmsgr.exe
You can stop this startup, by opening the Program and deselecting "Start with Windows" in the settings

I have placed those above, because many programs when installed create their own Windows automatic startup. You are able to turn off these Windows startups (and any others not required to auto-start) using this program

There are many entries in HJT that states "No file" or "File Missing" all of these can have a tick placed against them and FIX selected

The temporary files listed above (like cookies) can all be fully removed via CCleaner (which I recommend you run.)
Step 3 ATF Cleaner by Atribune, should have done this though, not sure why it didn't?

You can also run a reset of IE following this guide

You can then restart, and provide a much smaller HJT log

 

[fever]

I followed exactly what you have said but i dont think its helped much

heres the new log

 

[fever]

just reinstalled msn and its now working the links from ms outlook arn't working tho it might if i reinstalled it but i don't fancy that lol

edit

msn isnt working any more but its the longest its worked for

 

[kimsland]

You know I didn't want to paste all these entries in (I even wondered why other support did) But please Tick and Fix all these entries in the HJT Program:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: VMC NetFlix Download Manager (NetFlixDownloadManager) - Unknown owner - C:\Program Files\Luttmann\vmcNetFlix\NetFlixDownloadManager.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

Also your AVG Antivirus, is that the free one?
If so consider uninstalling it fully and try one of these Avast or Avira

Yet another log file to come!
Actually, make sure you have updated and run a full scan of your Antivirus software first. Especially if you have decided to change to a new Antivirus

I wait again.

 

[fever]

You know I didn't want to paste all these entries in (I even wondered why other support did) But please Tick and Fix all these entries in the HJT Program:



Also your AVG Antivirus, is that the free one?
If so consider uninstalling it fully and try one of these Avast or Avira

Yet another log file to come!
Actually, make sure you have updated and run a full scan of your Antivirus software first. Especially if you have decided to change to a new Antivirus

I wait again.

yes its the free one... i swear i done excally what you said it even restarted my computer but they came back. also system restore is another thing to add to the not working list

 

[fever]

I am back been trying to fix this for the last few hours i cant install either of the 2 virus checkers you said i can install avast but i cant do a scan.

msn wont even install now. i cant do a system restore i even tried in save mode. its taking all of my time! i really dont wanna have to do a reformat but its looking that way thinking about going back to xp

 

[kimsland]

Run Kaspersky Online AV Scanner

In order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Animated Tutorial using Kaspersky Online Scanner: http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif
Attach the report into your next reply

 

[fever]

Run Kaspersky Online AV Scanner

In order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Animated Tutorial using Kaspersky Online Scanner: http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif
Attach the report into your next reply

thanks i appreciate this help and i will post my results in the morning

 

[fever]

here is the first scan after 7 hours only got17% ill have to do it again tonight

 

[fever]

i am gonna do a reformat i have way to many things running and i cant risk keeping any viruses with uni coming back around,

thanks for all the help i must of had about 10 different Trojans i think someone stole my wow password i dont dont use anymore but they cant use it as they are not letting them add a card lol so i am gonna reformat go to windows xp install better protection and then change my passwords