Before You Post...need help please

HJT Log from after run of Kaspersky Online Scanner

Logfile of HijackThis v1.99.1
Scan saved at 3:00:30 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\system32\CAPM3RSK.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Canon PC1200 iC D700 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {03A89EFD-E023-8500-A22D-45F77558EB4C} (ILINCInstall85 Class) - https://content.ilinc.com/clientdownload/download/ilinci85.dll
O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.com/resources/neutral/controls/MsnPPick.cab?10,0,910,0
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/toolbar/webinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134681870775
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\PROGRA~1\NETEXC~1.0\FlowHook.dll
O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
HJT Log from after run of Kaspersky Online Scanner

Logfile of HijackThis v1.99.1
Scan saved at 3:00:30 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\system32\CAPM3RSK.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Canon PC1200 iC D700 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {03A89EFD-E023-8500-A22D-45F77558EB4C} (ILINCInstall85 Class) - https://content.ilinc.com/clientdownload/download/ilinci85.dll
O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.com/resources/neutral/controls/MsnPPick.cab?10,0,910,0
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/toolbar/webinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134681870775
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\PROGRA~1\NETEXC~1.0\FlowHook.dll
O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
Hi

Please download ATF Cleaner by Atribune and save
it to desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

Empty these folders:

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine
C:\QooBox\Quarantine
K:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\
C:\VundoFix Backups\
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp

Delete these:

K:\Program Files\NetMeeting\mewofyly83122.dll
K:\WINDOWS\system32\dsbglhae.dll
K:\WINDOWS\system32\gebcd.dll
K:\WINDOWS\system32\igxyjssk.dll
K:\WINDOWS\system32\ivlgrefa.dll
K:\WINDOWS\system32\tfnwwhds.dll
K:\WINDOWS\system32\X2
K:\WINDOWS\system32\X3
K:\WINDOWS\system32\X4
K:\WINDOWS\system32\yjxafaxu.dll

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
Firefox & Opera Browsers ???

Hi Shaba ~

Okay, I'm doing everything you sent me in the last post, but I have no idea what Firefox or Opera Browsers are. I'm assuming that this means I don't use either of them...but you know what they say about assuming... If you could just get back to me on that one thing to let me know whether or not I need to worry about it. I will continue with everything else until I hear back from you.

Thanks!
Stace :red:
 
Hi

If you don't use Firefox or Opera then just skip that step and move on, please :)
 
Kaspersky Scan Log (Part I)

Hi Shaba ~ It does take a long time for the Kaspersky Scan to run, but it looks like we are getting better...down from 16 and 240 to 10 and 55!!! :bigthumb:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 11, 2007 2:02:45 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 11/07/2007
Kaspersky Anti-Virus database records: 361185
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\
S:\

Scan Statistics:
Total number of scanned objects: 300936
Number of viruses found: 10
Number of infected objects: 55
Number of suspicious objects: 0
Duration of the scan process: 04:44:52

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33f607681529cc2066e7ff1f42738a54_0697b67b-72ae-404a-8241-9abe8e9b3c10 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12182006-134626.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/25 Oct 2005 17:58 from eBay Inc:Verify your data with eBay [Tue,.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: infected - 1 skipped
C:\Documents and Settings\Rebecca J. Liebel\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B6BF2A64-6442-4F0A-8BA9-6B3E02DA91C4} Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\History\History.IE5\MSHist012007071120070712\index.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\ntuser.dat.LOG Object is locked skipped
 
Kaspersky Scan (Part II)

C:\Program Files\Citrix\GoToMyPC\g2host.log Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2svc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0416NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0843NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1087\A0099440.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1087\A0099654.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1087\A0099674.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1088\A0099704.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1088\A0099705.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1090\A0099712.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0099888.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0099900.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0099909.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0099941.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0100024.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0100033.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0100042.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0100048.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1093\A0100062.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1093\A0100074.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1093\A0100090.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1093\A0100099.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1095\A0101253.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1095\A0101256.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1095\A0101261.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1095\A0101267.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101276.dll Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101319.exe Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101320.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101321.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101321.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101322.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\gotomon.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_534.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
K:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/25 Oct 2005 17:58 from eBay Inc:Verify your data with eBay [Tue,.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
K:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: infected - 1 skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\agnxfqlx.exe Infected: Trojan.Win32.Agent.aoy skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\cqncwgxt.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\ddjvobiw.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\fwaqyyua.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\jevqlxhg.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\pdeugojl.exe Infected: Trojan.Win32.Agent.aoy skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\qujlwncg.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\tjrmmwht.exe Infected: Trojan.Win32.Agent.aoy skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\tlecabmk.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\vhlhsdku.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\yqddmags.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\yttysgjy.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101341.dll Infected: not-a-virus:AdWare.Win32.TTC.c skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101342.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101343.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101344.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101345.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101346.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101347.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101348.exe Infected: Trojan-Dropper.Win32.Agent.bfr skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101349.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101350.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101350.exe NSIS: infected - 1 skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\change.log Object is locked skipped

Scan process completed.
 
HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 2:03:57 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\system32\CAPM3RSK.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\scanner.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Canon PC1200 iC D700 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {03A89EFD-E023-8500-A22D-45F77558EB4C} (ILINCInstall85 Class) - https://content.ilinc.com/clientdownload/download/ilinci85.dll
O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.com/resources/neutral/controls/MsnPPick.cab?10,0,910,0
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/toolbar/webinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134681870775
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\PROGRA~1\NETEXC~1.0\FlowHook.dll
O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
Hi

Yes, major improvement :)

Delete this email via outlook:

K:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/25 Oct 2005 17:58 from eBay Inc:Verify your data with eBay [Tue,.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped

Copy text below to Notepad and save it as deltemps.bat (save it as all files, *.*)

@ECHO OFF
attrib -r -h K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\*.*
del /a /f /q K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\*.*

It should look like this ->
bat.JPG


Doubleclick deltemps.bat; black dos windows will flash, that's normal.

(In case you are unsure how to create a bat file, take a look here with screenshots.)

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
Problem removing Outlook file

Hi Shaba ~

I can't delete the following file from Outlook

K:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/25 Oct 2005 17:58 from eBay Inc:Verify your data with eBay [Tue,.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped

I've tried to have it find using the search feature and it is not coming up. BUT, the K:\ drive is an external hard drive on my computer that I use for a back-up. Of course I tried getting to the file on the K:\ drive, but got stopped at archive.pst.

Since the K:\ drive is just for back-up purposes, could we just delete the archives.pst file from that drive or ??? :scratch:

I'm going to wait to hear back from you before I proceed any further. I'll just finish my morning coffee! :coffee:

Thanks!
Stace
 
Hi

"BUT, the K:\ drive is an external hard drive on my computer that I use for a back-up."

Thanks for info :)

"Since the K:\ drive is just for back-up purposes, could we just delete the archives.pst file from that drive or ???"

Yes unless there are some mails in archives.pst you would like to keep.
 
Kaspersky Scan Log (Part I)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 12, 2007 10:10:51 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 12/07/2007
Kaspersky Anti-Virus database records: 361645
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\
S:\

Scan Statistics:
Total number of scanned objects: 301155
Number of viruses found: 10
Number of infected objects: 53
Number of suspicious objects: 0
Duration of the scan process: 04:26:04

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33f607681529cc2066e7ff1f42738a54_0697b67b-72ae-404a-8241-9abe8e9b3c10 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12182006-134626.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/25 Oct 2005 17:58 from eBay Inc:Verify your data with eBay [Tue,.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: infected - 1 skipped
C:\Documents and Settings\Rebecca J. Liebel\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{BEDE4474-FE46-4A53-BF7D-E993767B2A53} Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\History\History.IE5\MSHist012007071220070713\index.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2host.log Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2svc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0581NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0963NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1087\A0099440.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1087\A0099654.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1087\A0099674.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1088\A0099704.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1088\A0099705.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1090\A0099712.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0099888.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0099900.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0099909.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0099941.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0100024.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0100033.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0100042.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0100048.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1093\A0100062.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1093\A0100074.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1093\A0100090.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1093\A0100099.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1095\A0101253.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1095\A0101256.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1095\A0101261.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1095\A0101267.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101276.dll Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101319.exe Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101320.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101321.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101321.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101322.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1099\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\gotomon.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_1c4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\agnxfqlx.exe Infected: Trojan.Win32.Agent.aoy skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\cqncwgxt.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\ddjvobiw.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\fwaqyyua.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\jevqlxhg.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\pdeugojl.exe Infected: Trojan.Win32.Agent.aoy skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\qujlwncg.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\tjrmmwht.exe Infected: Trojan.Win32.Agent.aoy skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\tlecabmk.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\vhlhsdku.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\yqddmags.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\yttysgjy.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101341.dll Infected: not-a-virus:AdWare.Win32.TTC.c skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101342.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101343.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101344.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101345.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101346.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101347.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101348.exe Infected: Trojan-Dropper.Win32.Agent.bfr skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101349.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101350.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101350.exe NSIS: infected - 1 skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1099\change.log Object is locked skipped

Scan process completed.
 
HJT Log

Shaba ... there is only one post for the Kaspersky Scan Log...I know it says (Part I)...I was suprised that it all fit in one post! Below is the new HJT log. Thanks! ~ Stace

Logfile of HijackThis v1.99.1
Scan saved at 10:11:48 AM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\system32\CAPM3RSK.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\Program Files\HijackThis\scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Canon PC1200 iC D700 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {03A89EFD-E023-8500-A22D-45F77558EB4C} (ILINCInstall85 Class) - https://content.ilinc.com/clientdownload/download/ilinci85.dll
O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.com/resources/neutral/controls/MsnPPick.cab?10,0,910,0
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/toolbar/webinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134681870775
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\PROGRA~1\NETEXC~1.0\FlowHook.dll
O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
Hi

Please download the Killbox.
Save it to the desktop.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\agnxfqlx.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\cqncwgxt.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\ddjvobiw.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\fwaqyyua.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\jevqlxhg.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\pdeugojl.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\qujlwncg.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\tjrmmwht.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\tlecabmk.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\vhlhsdku.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\yqddmags.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\yttysgjy.exe

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Empty this folder:

C:\!KillBox

Empty Recycle Bin

Re-scan with kaspersky

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
Just Double Checking...

Shaba said:
Empty Recycle Bin

Re-scan with kaspersky

Re-scan with kaspersky
Click to expand...

Hi Shaba ~

Just double checking that you want me to re-scan with kaspersky twice. Since it's almost a 5 hour process I wanted to make sure. Well, I guess it's probably good night on your side of the world. I'll have new logs for you tomorrow. Thanks again!

~ Stace :red:
 
Kaspersky Scan Log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 12, 2007 3:10:57 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 12/07/2007
Kaspersky Anti-Virus database records: 361785
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\
S:\

Scan Statistics:
Total number of scanned objects: 301205
Number of viruses found: 10
Number of infected objects: 53
Number of suspicious objects: 0
Duration of the scan process: 04:40:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33f607681529cc2066e7ff1f42738a54_0697b67b-72ae-404a-8241-9abe8e9b3c10 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12182006-134626.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/25 Oct 2005 17:58 from eBay Inc:Verify your data with eBay [Tue,.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: infected - 1 skipped
C:\Documents and Settings\Rebecca J. Liebel\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{40225439-540D-4934-A69C-4536E2827A51} Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\History\History.IE5\MSHist012007071220070713\index.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\~DF3AE4.tmp Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\~DF3AFF.tmp Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Rebecca J. Liebel\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2host.log Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2svc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0080NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0432NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1087\A0099440.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1087\A0099654.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1087\A0099674.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1088\A0099704.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1088\A0099705.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1090\A0099712.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0099888.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0099900.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0099909.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0099941.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0100024.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0100033.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0100042.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1091\A0100048.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1093\A0100062.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1093\A0100074.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1093\A0100090.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1093\A0100099.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1095\A0101253.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1095\A0101256.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1095\A0101261.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1095\A0101267.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101276.dll Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101319.exe Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101320.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101321.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101321.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1096\A0101322.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1099\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{DDB329AF-3448-4031-8BBD-2A114AFF00FC}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gotomon.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_53c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\agnxfqlx.exe Infected: Trojan.Win32.Agent.aoy skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\cqncwgxt.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\ddjvobiw.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\fwaqyyua.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\jevqlxhg.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\pdeugojl.exe Infected: Trojan.Win32.Agent.aoy skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\qujlwncg.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\tjrmmwht.exe Infected: Trojan.Win32.Agent.aoy skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\tlecabmk.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\vhlhsdku.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\yqddmags.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\yttysgjy.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101341.dll Infected: not-a-virus:AdWare.Win32.TTC.c skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101342.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101343.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101344.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101345.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101346.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101347.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101348.exe Infected: Trojan-Dropper.Win32.Agent.bfr skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101349.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101350.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1098\A0101350.exe NSIS: infected - 1 skipped
K:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP1099\change.log Object is locked skipped

Scan process completed.
 
New HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 3:11:23 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CAPM3RSK.EXE
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\Program Files\HijackThis\scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Canon PC1200 iC D700 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {03A89EFD-E023-8500-A22D-45F77558EB4C} (ILINCInstall85 Class) - https://content.ilinc.com/clientdownload/download/ilinci85.dll
O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.com/resources/neutral/controls/MsnPPick.cab?10,0,910,0
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/toolbar/webinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134681870775
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\PROGRA~1\NETEXC~1.0\FlowHook.dll
O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
K:\ Drive

Which files? The archive.pst file? Or the ones that were supposed to be removed by Killbox?

The following were supposed to be removed by Killbox:
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\agnxfqlx.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\cqncwgxt.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\ddjvobiw.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\fwaqyyua.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\jevqlxhg.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\pdeugojl.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\qujlwncg.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\tjrmmwht.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\tlecabmk.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\vhlhsdku.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\yqddmags.exe
K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\yttysgjy.exe

Of all of these, when I manually go to the K:\ drive and look the only one I found still there was ...

K:\Documents and Settings\Rebecca J. Liebel\Local Settings\Temp\agnxfqlx.exe

I deleted it and emptied the recycle bin. I'm going to reboot now.

Do you want me to run another scan and HJT?
 
You must log in or register to reply here.
Back
Top