trojan and malware removal help please

Hi,
i have tried to deleted what i can, i have run bitdefender and that deleted alot of stuff, also run DR web, but that picked up nothing, have run superantispyware, i also think i may of got rid of the CNSMIN, the only thing that nod32 is picking up now is in the E:| system vol information\restore, and its a trojan downloader agent RS, so not sure what to do about that, when bitdefender finished i made a new restore point deleted the old ones, hopefully i am doing this right.
here is the new highjackthis log and bitdefenders log


BitDefender Online Scanner







Scan report generated at: Sat, May 12, 2007 - 12:50:58









Scan path: A:\;C:\;D:\;E:\;F:\;















Statistics

Time


00:52:38

Files


181900

Folders


4464

Boot Sectors


5

Archives


2467

Packed Files


13438







Results

Identified Viruses


4

Infected Files


4

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


4







Engines Info

Virus Definitions


505683

Engine build


AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Program Files\ESET\infected\IUJ23TDA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0035=>(NSIS o)=>lzma_solid_nsis0005


Infected with: Trojan.Downloader.Agent.RS

C:\Program Files\ESET\infected\IUJ23TDA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0035=>(NSIS o)=>lzma_solid_nsis0005


Disinfection failed

C:\Program Files\ESET\infected\IUJ23TDA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0035=>(NSIS o)=>lzma_solid_nsis0005


Deleted

C:\Program Files\ESET\infected\IUJ23TDA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0035=>(NSIS o)


Update failed

D:\WINDOWS\Downloaded Program Files\CnsMinAL.cab=>AutoLive.dll


Infected with: Trojan.ZSKiller.B

D:\WINDOWS\Downloaded Program Files\CnsMinAL.cab=>AutoLive.dll


Disinfection failed

D:\WINDOWS\Downloaded Program Files\CnsMinAL.cab=>AutoLive.dll


Deleted

D:\WINDOWS\Downloaded Program Files\CnsMinAL.cab


Update failed

D:\WINDOWS\Downloaded Program Files\CnsMinEx.cab=>CnsMinEx.dll


Infected with: Trojan.Dloader.ANK

D:\WINDOWS\Downloaded Program Files\CnsMinEx.cab=>CnsMinEx.dll


Disinfection failed

D:\WINDOWS\Downloaded Program Files\CnsMinEx.cab=>CnsMinEx.dll


Deleted

D:\WINDOWS\Downloaded Program Files\CnsMinEx.cab


Update failed

E:\System Volume Information\_restore{E3C75DFB-C8B9-4891-8A48-99965A8397B6}\RP12\A0004876.exe=>(NSIS o)=>lzma_solid_nsis0035=>(NSIS o)=>lzma_solid_nsis0005


Infected with: Trojan.Downloader.Agent.RS

E:\System Volume Information\_restore{E3C75DFB-C8B9-4891-8A48-99965A8397B6}\RP12\A0004876.exe=>(NSIS o)=>lzma_solid_nsis0035=>(NSIS o)=>lzma_solid_nsis0005


Disinfection failed

E:\System Volume Information\_restore{E3C75DFB-C8B9-4891-8A48-99965A8397B6}\RP12\A0004876.exe=>(NSIS o)=>lzma_solid_nsis0035=>(NSIS o)=>lzma_solid_nsis0005


Deleted

E:\System Volume Information\_restore{E3C75DFB-C8B9-4891-8A48-99965A8397B6}\RP12\A0004876.exe=>(NSIS o)=>lzma_solid_nsis0035=>(NSIS o)


Update failed





















Logfile of HijackThis v1.99.1
Scan saved at 7:25:30 PM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtra.co.nz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe "
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

thanks

 

need help with this

hi im new here and i need help with a problem i got this virus that pops up windows at random and i can seem to stop it, and i´ve resently found out that a lot of PCs has them and that this forum could help
plz i beg of you help me out.

 

Hi drangonmaru,
You can not post your problem at this forum by jumping in and adding it to someone else's...You must create your own and as soon as you do someone will try their best to assist you...