remove win32/agent.ODG

I have problem with virus win32/agent.ODG. my NOD32 can't remove it.
I need help to resolve that virus.
here my log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:50 AM, on 4/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jet\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CC789DC-C03B-474C-9F16-D45C323A00DE}: NameServer = 202.134.0.155,202.134.2.5
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 4805 bytes


can help plz...anyway thx for I become a new member here...

Hello.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

ok, I will try..

here my uninstall list :

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
avast! Antivirus
Aztech CNR2800 V.90 Modem
Boilsoft Video Splitter 5.01
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Java(TM) 6 Update 13
Mozilla Firefox (3.0.8)
PDF Settings
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
SigmaTel C-Major Audio
Total Video Converter 3.12 080307
Update for Windows XP (KB898461)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WIDCOMM Bluetooth Software
Windows Installer 3.1 (KB893803)
Windows XP Service Pack 2
WinRAR archiver
Yahoo! Messenger

then what should I do??
I already re-install my com 2 days ago, but just in drive C
should I re-install all drive..??

Hello.

Where did you get Nod32 from? because I can see from your Hijack This log that avast! and Nod32 is present, yet I only see avast on the uninstall list.

Do you know what this IP is?
202.134.2.5

The IP traces back to Indonesia, is your ISP telkom?

These services needs resetting back to their default value.


O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\


Please download this fix tool from here.

Double click it to run it.
Allow it to run if protection programs stop it.
The services should now be back to default value and no longer appear in Hijack This.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

yes, it's from indonesia
I used 2 anti virus...i install nod32 before...then avast

Okay, we'll adress that after we have the DDS log.

nothing happend when I click fix tool, just show log very fast moment then dissapear

here it is:


DDS (Ver_09-03-16.01) - FAT32x86
Run by jet at 1:10:15.68 on Sun 04/12/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.608 [GMT 7:00]

AV: avast! antivirus 4.8.1335 [VPS 090410-0] *On-access scanning enabled* (Updated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
SVCHOST.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jet\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239472794140
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {cafeefac-0016-0000-0013-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {8CC789DC-C03B-474C-9F16-D45C323A00DE} = 202.134.0.155,202.134.2.5

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jet\applic~1\mozilla\firefox\profiles\az7fx1fe.default\

============= SERVICES / DRIVERS ===============

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-10 114768]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2008-11-10 104456]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-11-10 92168]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-10 20560]
R2 avast! antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-10 138680]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-11-10 711240]
R3 avast! mail scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-10 254040]
R3 avast! web scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-10 352920]
R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [2002-9-20 296179]
R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [2002-9-20 231983]

=============== Created Last 30 ================

2009-04-12 00:54 --ds---- c:\documents and settings\jet\UserData
2009-04-11 23:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-11 23:35 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-09 22:50 --d----- c:\docume~1\jet\applic~1\Malwarebytes
2009-04-09 22:50 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-08 15:28 89,426 a------- c:\windows\system32\drivers\3570682.sys
2009-04-08 14:55 155 a------- c:\windows\system32\SelfDel.bat
2009-04-08 14:52 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-04-08 14:52 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-04-08 13:52 310,784 a------- c:\windows\system32\wgatray.exe.old
2009-04-08 13:52 183,808 a------- c:\windows\system32\wgalogon.dll.old
2009-04-08 04:03 --d----- c:\windows\system32\CatRoot_bak
2009-04-08 03:56 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-04-08 03:46 2,136,064 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-08 03:46 2,180,352 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-08 03:46 2,057,728 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-08 03:46 2,015,744 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-08 03:45 3,060,224 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-08 03:37 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-04-08 03:36 333,184 -------- c:\windows\system32\dllcache\srv.sys
2009-04-08 03:36 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-04-08 03:35 683,520 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-04-08 03:34 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-04-08 03:33 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2009-04-08 03:33 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-04-08 00:00 26,496 a------- c:\windows\system32\dllcache\usbstor.sys
2009-04-07 23:37 --d----- c:\documents and settings\jet\Bluetooth Software
2009-04-07 23:29 --d----- c:\program files\WIDCOMM
2009-04-07 23:26 27,244 a------- C:\1.py
2009-04-07 23:24 327,680 a------- c:\windows\system32\pythoncom25.dll
2009-04-07 23:24 102,400 a------- c:\windows\system32\pywintypes25.dll
2009-04-07 23:22 --d----- C:\Python25
2009-04-07 09:21 --dsh--- C:\FOUND.000
2009-04-07 07:23 1,685,606 a------- c:\windows\system32\dllcache\sam.spd
2009-04-07 07:23 888 a------- c:\windows\system32\dllcache\sam.sdf
2009-04-07 07:23 643,717 a------- c:\windows\system32\dllcache\ltts1033.lxa
2009-04-07 07:23 605,050 a------- c:\windows\system32\dllcache\r1033tts.lxa
2009-04-07 07:23 36,864 a------- c:\windows\system32\dllcache\sapisvr.exe
2009-04-07 07:23 19,456 a------- c:\windows\system32\dllcache\agt041f.dll
2009-04-07 07:23 19,456 a------- c:\windows\system32\dllcache\agt0419.dll
2009-04-07 07:23 22,016 a------- c:\windows\system32\dllcache\agt0408.dll
2009-04-07 07:23 19,968 a------- c:\windows\system32\dllcache\agt040e.dll
2009-04-07 07:23 19,456 a------- c:\windows\system32\dllcache\agt0415.dll
2009-04-07 07:23 19,456 a------- c:\windows\system32\dllcache\agt0405.dll
2009-04-07 07:22 176,157 a------- c:\windows\system32\dllcache\dgrpsetu.dll
2009-04-07 07:22 85,020 a------- c:\windows\system32\dllcache\dgsetup.dll
2009-04-07 07:22 103,424 a------- c:\windows\system32\dllcache\eqnclass.dll
2009-04-07 07:22 109,456 a------- c:\windows\system32\dllcache\avifile.dll
2009-04-07 07:22 69,584 a------- c:\windows\system32\dllcache\avicap.dll
2009-04-07 07:22 32,816 a------- c:\windows\system32\dllcache\commdlg.dll
2009-04-07 03:45 --d----- c:\program files\Bonjour
2009-04-07 03:32 --d----- c:\program files\common files\Macrovision Shared
2009-04-07 03:26 --d----- c:\program files\Yahoo!
2009-04-07 02:47 --d----- c:\windows\system32\PreInstall
2009-04-07 02:47 --d-h--- c:\windows\$hf_mig$
2009-04-07 02:41 --d----- c:\windows\system32\SoftwareDistribution
2009-04-07 02:33 --d-h--- c:\windows\system32\GroupPolicy
2009-04-07 01:43 316,640 a------- c:\windows\WMSysPr9.prx
2009-04-07 01:34 96,768 -------- c:\windows\system32\dllcache\dpcdll.dll
2009-04-07 01:29 --d----- c:\windows\ServicePackFiles
2009-04-07 01:27 --d----- c:\program files\ESET
2009-04-07 01:26 --d----- c:\program files\Xilisoft
2009-04-07 01:25 2,897,920 -------- c:\windows\system32\xpsp2res.dll
2009-04-07 01:24 608,448 a------- c:\windows\system32\comctl32.ocx
2009-04-07 01:24 --d----- c:\program files\Total Video Converter
2009-04-07 01:23 19,528 a------- c:\windows\002237_.tmp
2009-04-07 01:23 22,752 a------- c:\windows\system32\spupdsvc.exe
2009-04-07 01:21 --d----- c:\windows\EHome
2009-04-07 01:18 --d----- c:\program files\Boilsoft Video Splitter
2009-04-07 01:15 475,136 a------- c:\windows\system32\SLLights.dll
2009-04-07 01:15 401,408 a------- c:\windows\system32\slcpappl.cpl
2009-04-07 01:15 376,832 a------- c:\windows\system32\slmh.exe
2009-04-07 01:15 351,388 a------- c:\windows\system32\slmh.cab
2009-04-07 01:15 167,936 a------- c:\windows\system32\minirec.exe
2009-04-07 01:15 155,648 a------- c:\windows\system32\amr_cpl.dll
2009-04-07 01:15 138,560 a------- c:\windows\system32\slcpappl.chm
2009-04-07 01:15 135,168 a------- c:\windows\system32\SLMOHServ.dll
2009-04-07 01:15 61,440 a------- c:\windows\SmCfg.exe
2009-04-07 01:15 14,976 a------- c:\windows\system32\drivers\winddx.sys
2009-04-07 01:15 13,776 a------- c:\windows\system32\drivers\RecAgent.sys
2009-04-07 01:15 --d----- c:\windows\Modio
2009-04-07 00:57 --ds---- c:\windows\system32\Microsoft
2009-04-07 00:55 --dsh--- C:\Recycled
2009-04-07 00:54 --d----- c:\windows\system32\ReinstallBackups
2009-04-07 00:52 --dsh--- c:\windows\Installer
2009-04-07 00:51 --d----- c:\documents and settings\jet
2009-04-07 00:40 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-07 00:38 26,112 a------- c:\windows\system32\dllcache\romanime.ime
2009-04-07 00:37 315,452 a------- c:\windows\system32\dllcache\imskf.dll
2009-04-07 00:36 13,312 a------- c:\windows\system32\dllcache\chglogon.exe
2009-04-07 00:35 25,065 a------- c:\windows\system32\wmpscheme.xml
2009-04-07 00:35 23,392 a------- c:\windows\system32\nscompat.tlb
2009-04-07 00:35 16,832 a------- c:\windows\system32\amcompat.tlb
2009-04-07 00:35 299,552 a------- c:\windows\WMSysPrx.prx
2009-04-07 00:34 --dsh--- c:\documents and settings\all users\DRM
2009-04-07 00:34 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-04-07 00:34 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-04-07 00:34 --ds---- c:\windows\Downloaded Program Files
2009-04-07 00:34 --d--r-- c:\windows\Offline Web Pages
2009-04-07 00:34 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-04-07 00:34 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-07 00:34 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-04-07 00:34 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-04-07 00:34 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-04-07 00:34 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-04-07 00:34 4,399,505 a------- c:\windows\system32\dllcache\nls302en.lex
2009-04-07 00:34 --d----- c:\windows\system32\DirectX
2009-04-07 00:33 --d----- c:\program files\common files\MSSoap
2009-04-07 00:31 --d-h--- c:\program files\WindowsUpdate
2009-04-07 00:31 --d----- c:\program files\Online Services
2009-04-07 00:31 --d----- c:\program files\Messenger
2009-04-07 00:31 --d----- c:\program files\MSN Gaming Zone
2009-04-07 00:30 --d----- c:\program files\Windows NT
2009-04-07 00:23 --d----- c:\program files\common files\ODBC
2009-04-07 00:23 --d----- c:\program files\common files\SpeechEngines
2009-04-07 00:22 --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-04-07 01:38 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-07 00:31 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-09 17:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 17:19 1,846,272 -------- c:\windows\system32\dllcache\win32k.sys

============= FINISH: 1:10:44.54 ===============

Hello. Before I remove the one malicious file showing, I need some information on somethings.

You are running two AV's, this is a bad idea as they can conflict and cause problems. I see Nod32 and Avast.
I would recommend that you remove Avast! to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• avast! Antivirus
  

One avast! is gone, answer me these questions.

1.

Do you know what this IP is?
202.134.2.5

The IP traces back to Indonesia, is your ISP telkom?

2.

Do you know what this file is?
C:\1.py

I guess you should know because it looks like you have a Python scripter software on the machine.

3.

Have you recently installed any cracks for the geniune advantage? DDS shows the file for WGA (Windows Genuine Advantage), but the files have .old file extension. I usually see that when someone's tried to use an illegal crack or patch.

Let me know about the 3 questions.

1. I don't know what that IP, but yes that ip telkom
2. yes, I have 1.py file just install it see from another forum
3. maybe i get it from wga, I re-install windows sp1 first, cause my driver vvga can't compatible when I try to install with sp2.

Thanks. You have SP2 installed right now according to Hijack This.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  C:\Documents and Settings\jet\Desktop\dds.scr
  c:\windows\system32\drivers\3570682.sys
  c:\windows\system32\SelfDel.bat
  c:\windows\002237_.tmp
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04122009_013757

You missed :files off as the top line above the list of files.
Make sure :files is there and re-run it.

I can't copy files coz the reboot log show

Huh? What reboot log?

sorry i just reboot...to slow my com to reboot
========== FILES ==========
C:\Documents and Settings\jet\Desktop\dds.scr moved successfully.
File move failed. c:\windows\system32\drivers\3570682.sys scheduled to be moved on reboot.
c:\windows\system32\SelfDel.bat moved successfully.
c:\windows\002237_.tmp moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04122009_014205

Files moved on Reboot...
File c:\windows\system32\drivers\3570682.sys not found!

Hello.
How is the machine now?

nod32 "unable to clean win32/agent.ODG virus

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

sorry com start very slow

here :

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "aswtdi" found!
Hidden driver "ovfsthxnqvmwxvnrvamttimrmspdpxylecfqjr" found!
ImagePath: \systemroot\system32\drivers\ovfsthmasvlvrsiuyfqxnuxthwhosiplcabtex.sys
Start Type: 1 (System)

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to disable:
aswtdi
ovfsthxnqvmwxvnrvamttimrmspdpxylecfqjr

Drivers to delete:
aswtdi
ovfsthxnqvmwxvnrvamttimrmspdpxylecfqjr

Files to delete:
C:\WINDOWS\system32\drivers\ovfsthmasvlvrsiuyfqxnuxthwhosiplcabtex.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "ovfsthxnqvmwxvnrvamttimrmspdpxylecfqjr" found!
ImagePath: \systemroot\system32\drivers\ovfsthmasvlvrsiuyfqxnuxthwhosiplcabtex.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

its like that log show??
and I note nod32 don't show the massage "win32/agent.ODG virus unable" to clean anymore.
it's that mean done??

I think my com it's clear now...
even very complicated, but very nice..
can fix my com...
thx alot moderator...
i will recommendations to my friend...
I have to sleep now...c u next time

Cya in the morning.
Run MBAM again in the morning please.

im having the same problem. But my nod32 says
"Operating memory - Win32/Agent.ODG virus - unable to clean"
hope this problem is resolved soon