Hi Mr_Jak3
I followed your instructions, and here are the scan and hijackthis logs. How's it looking now?
Steve
=============================
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, May 24, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, May 24, 2009 16:28:49
Records in database: 2234316
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics:
Files scanned: 565085
Threat name: 13
Infected objects: 34
Suspicious objects: 0
Duration of the scan: 06:13:23
File name / Threat name / Threats count
C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-4a03e20f Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-7a73e55c Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-148d63e7 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\52\7c5dd1b4-72dc4052 Infected: Trojan.Java.ClassLoader.ao 1
C:\Documents and Settings\Steve\Desktop\AV Tools\regtools.vbs Infected: not-a-virus:RiskTool.VBS.DisReg.a 1
C:\Documents and Settings\Steve\Desktop\To Sort Later\Anti-Spyware\backups\backup-20080113-173930-245-source.html Infected: Trojan-Clicker.HTML.IFrame.dn 1
C:\Documents and Settings\Steve\Local Settings\Application Data\Identities\{4CB4FC00-E9AC-4FF0-AED9-D91ADB30B9EC}\Microsoft\Outlook Express\BattleBotv8.2 - Deleted Items.dbx Infected: Email-Worm.Win32.NetSky.b 1
C:\Documents and Settings\Steve\Local Settings\Application Data\Identities\{4CB4FC00-E9AC-4FF0-AED9-D91ADB30B9EC}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.NetSky.b 1
C:\Documents and Settings\Steve\Local Settings\Application Data\Identities\{4CB4FC00-E9AC-4FF0-AED9-D91ADB30B9EC}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Steve\Local Settings\Application Data\Identities\{4CB4FC00-E9AC-4FF0-AED9-D91ADB30B9EC}\Microsoft\Outlook Express\Hotmail - Deleted Items.dbx Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Steve\Local Settings\Application Data\Identities\{4CB4FC00-E9AC-4FF0-AED9-D91ADB30B9EC}\Microsoft\Outlook Express\Hotmail - Deleted Items.dbx Infected: Email-Worm.Win32.Bagle.ai 2
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ovfsthdhberunpppqjtkrdqimylcfyhtpkcbfa.sys.vir Infected: Trojan.Win32.Tdss.aalf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthoexqsdnrniyyxyfkkjygtwtjlfjkdsxc.dll.vir Infected: Trojan.Win32.Tdss.aalc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthqbtipejuamkumlrsdnvkffqtmddqhudu.dll.vir Infected: Trojan.Win32.Tdss.aalg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthvhptehqbgkpdtfpphqkwyrvrdrccrukd.dll.vir Infected: Trojan.Win32.Tdss.aald 1
C:\System Volume Information\_restore{2D1BCA4F-B413-410A-8075-A3EFB933AE76}\RP205\A0064885.dll Infected: Trojan.Win32.Tdss.aalc 1
C:\System Volume Information\_restore{2D1BCA4F-B413-410A-8075-A3EFB933AE76}\RP205\A0064886.dll Infected: Trojan.Win32.Tdss.aalg 1
C:\System Volume Information\_restore{2D1BCA4F-B413-410A-8075-A3EFB933AE76}\RP205\A0064887.dll Infected: Trojan.Win32.Tdss.aald 1
C:\System Volume Information\_restore{81DEB3A1-32F6-47DA-814F-CC9817B6BB5D}\RP266\A0210613.sys Infected: Trojan.Win32.Tdss.aalf 1
C:\System Volume Information\_restore{81DEB3A1-32F6-47DA-814F-CC9817B6BB5D}\RP266\A0210614.dll Infected: Trojan.Win32.Tdss.aalc 1
C:\System Volume Information\_restore{81DEB3A1-32F6-47DA-814F-CC9817B6BB5D}\RP266\A0210615.dll Infected: Trojan.Win32.Tdss.aalg 1
C:\System Volume Information\_restore{81DEB3A1-32F6-47DA-814F-CC9817B6BB5D}\RP266\A0210616.dll Infected: Trojan.Win32.Tdss.aald 1
C:\WINDOWS\system32\pofegohu(junk).dllllll Infected: Packed.Win32.Krap.q 1
E:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-11267197.zip Infected: Exploit.Java.Gimsh.b 1
E:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-400827c9.zip Infected: Exploit.Java.Gimsh.b 1
E:\Documents and Settings\Steve\Local Settings\Application Data\Identities\{4CB4FC00-E9AC-4FF0-AED9-D91ADB30B9EC}\Microsoft\Outlook Express\BattleBotv8.2 - Deleted Items.dbx Infected: Email-Worm.Win32.NetSky.b 1
E:\Documents and Settings\Steve\Local Settings\Application Data\Identities\{4CB4FC00-E9AC-4FF0-AED9-D91ADB30B9EC}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.NetSky.b 1
E:\Documents and Settings\Steve\Local Settings\Application Data\Identities\{4CB4FC00-E9AC-4FF0-AED9-D91ADB30B9EC}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.NetSky.q 1
E:\Documents and Settings\Steve\Local Settings\Application Data\Identities\{4CB4FC00-E9AC-4FF0-AED9-D91ADB30B9EC}\Microsoft\Outlook Express\Hotmail - Deleted Items.dbx Infected: Email-Worm.Win32.NetSky.q 1
E:\Documents and Settings\Steve\Local Settings\Application Data\Identities\{4CB4FC00-E9AC-4FF0-AED9-D91ADB30B9EC}\Microsoft\Outlook Express\Hotmail - Deleted Items.dbx Infected: Email-Worm.Win32.Bagle.ai 2
H:\regtools.vbs Infected: not-a-virus:RiskTool.VBS.DisReg.a 1
The selected area was scanned.
================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:51 PM, on 5/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\games\steam\steam.exe
C:\Program Files\Executor\executor.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
G:\AWC (Auto Wallpaper Changer)\AWC.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Stardock\Impulse\Impulse.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wrinsiders.com/Teens/?RP=SignIn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\executor.exe" -s
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: AWC.lnk = G:\AWC (Auto Wallpaper Changer)\AWC.exe
O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Mozilla Sunbird.lnk = C:\Program Files\Mozilla Sunbird\sunbird.exe
O4 - Startup: Shortcut to Ut3 Map TO DOs.lnk = ?
O4 - Startup: Sins of a Solar Empire Launcher.lnk = D:\Games\Sins of a Solar Empire\Stardock Games\Sins of a Solar Empire\SINS_Launcher.exe
O4 - Startup: Ventrilo Server.lnk = C:\Program Files\Ventrilo\Ventrilo Server\ventrilo_srv.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
--
End of file - 5078 bytes
==========================================