Smitfraud-C.Toolbar888

J

jancar

New member
Oh boy.

Think I'm infected bad (lots of pop ups, etc.).
I have read all other threads and have tried: Adaware, smitfraudfix (in safe mode), combo fix, and others, but I think I need help. I'll just show the latest highjack report and start there. Let me know if you need more info.

Thank you for being there......!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:20:02 AM, on 6/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\NILaunch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\VoSKY Call Center\USBVoSKY.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\VoSKY Call Center\USBDRAM.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\carpenter_jan\Desktop\HiJackThis_v2\HiJackThis_v2.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\CARPENTER_JAN\Application Data\Mozilla\Profiles\default\rh6l5xph.slt\prefs.js)
O1 - Hosts: 63.240.6.184
O1 - Hosts: MI8NYCMAIL34 MI8NYCMAIL34.MI8.COM
O1 - Hosts: 63.240.6.24
O1 - Hosts: MI8NYCMAIL13 MI8NYCMAIL13.MI8.COM
O1 - Hosts: 63.240.6.190
O1 - Hosts: MI8NYCMAIL40 MI8NYCMAIL40.MI8.COM
O1 - Hosts: 63.240.6.189
O1 - Hosts: MI8NYCMAIL39 MI8NYCMAIL39.MI8.COM
O1 - Hosts: 63.240.6.176
O1 - Hosts: MI8NYCMAIL26 MI8NYCMAIL26.MI8.COM
O1 - Hosts: 63.240.6.16
O1 - Hosts: MI8NYCMAIL05 MI8NYCMAIL05.MI8.COM
O1 - Hosts: 63.240.6.182
O1 - Hosts: MI8NYCMAIL32 MI8NYCMAIL32.MI8.COM
O1 - Hosts: 63.240.6.168
O1 - Hosts: MI8NYCMAIL18 MI8NYCMAIL18.MI8.COM
O1 - Hosts: 63.240.6.174
O1 - Hosts: MI8NYCMAIL24 MI8NYCMAIL24.MI8.COM
O1 - Hosts: 63.240.6.22
O1 - Hosts: MI8NYCMAIL11 MI8NYCMAIL11.MI8.COM
O1 - Hosts: 63.240.6.187
O1 - Hosts: MI8NYCMAIL37 MI8NYCMAIL37.MI8.COM
O1 - Hosts: 63.240.6.166
O1 - Hosts: MI8NYCMAIL16 MI8NYCMAIL16.MI8.COM
O1 - Hosts: 63.240.6.27
O1 - Hosts: MI8NYCMAIL03 MI8NYCMAIL03.MI8.COM
O1 - Hosts: 63.240.6.180
O1 - Hosts: MI8NYCMAIL30 MI8NYCMAIL30.MI8.COM
O1 - Hosts: 63.240.6.179
O1 - Hosts: MI8NYCMAIL29 MI8NYCMAIL29.MI8.COM
O1 - Hosts: 63.240.6.19
O1 - Hosts: MI8NYCMAIL08 MI8NYCMAIL08.MI8.COM
O1 - Hosts: 63.240.6.172
O1 - Hosts: MI8NYCMAIL22 MI8NYCMAIL22.MI8.COM
O1 - Hosts: 63.240.6.185
O1 - Hosts: MI8NYCMAIL35 MI8NYCMAIL35.MI8.COM
O1 - Hosts: 63.240.6.61
O1 - Hosts: MI8NYCMAIL14 MI8NYCMAIL14.MI8.COM
O1 - Hosts: 63.240.6.25
O1 - Hosts: MI8NYCMAIL01 MI8NYCMAIL01.MI8.COM
O1 - Hosts: 63.240.6.177
O1 - Hosts: MI8NYCMAIL27 MI8NYCMAIL27.MI8.COM
O1 - Hosts: 63.240.6.17
O1 - Hosts: MI8NYCMAIL06 MI8NYCMAIL06.MI8.COM
O1 - Hosts: 63.240.6.170
O1 - Hosts: MI8NYCMAIL20 MI8NYCMAIL20.MI8.COM
O1 - Hosts: 63.240.6.169
O1 - Hosts: MI8NYCMAIL19 MI8NYCMAIL19.MI8.COM
O1 - Hosts: 63.240.6.183
O1 - Hosts: MI8NYCMAIL33 MI8NYCMAIL33.MI8.COM
O1 - Hosts: 63.240.6.23
O1 - Hosts: MI8NYCMAIL12 MI8NYCMAIL12.MI8.COM
O1 - Hosts: 63.240.6.188
O1 - Hosts: MI8NYCMAIL38 MI8NYCMAIL38.MI8.COM
O1 - Hosts: 63.240.6.175
O1 - Hosts: MI8NYCMAIL25 MI8NYCMAIL25.MI8.COM
O1 - Hosts: 63.240.6.15
O1 - Hosts: MI8NYCMAIL04 MI8NYCMAIL04.MI8.COM
O1 - Hosts: 63.240.6.181
O1 - Hosts: MI8NYCMAIL31 MI8NYCMAIL31.MI8.COM
O1 - Hosts: 63.240.6.167
O1 - Hosts: MI8NYCMAIL17 MI8NYCMAIL17.MI8.COM
O1 - Hosts: 63.240.6.173
O1 - Hosts: MI8NYCMAIL23 MI8NYCMAIL23.MI8.COM
O1 - Hosts: 63.240.6.21
O1 - Hosts: MI8NYCMAIL10 MI8NYCMAIL10.MI8.COM
O1 - Hosts: 63.240.6.20
O1 - Hosts: MI8NYCMAIL09 MI8NYCMAIL09.MI8.COM
O1 - Hosts: 63.240.6.186
O1 - Hosts: MI8NYCMAIL36 MI8NYCMAIL36.MI8.COM
O1 - Hosts: 63.240.6.62
O1 - Hosts: MI8NYCMAIL15 MI8NYCMAIL15.MI8.COM
O1 - Hosts: 63.240.6.26
O1 - Hosts: MI8NYCMAIL02 MI8NYCMAIL02.MI8.COM
O1 - Hosts: 63.240.6.178
O1 - Hosts: MI8NYCMAIL28 MI8NYCMAIL28.MI8.COM
O1 - Hosts: 63.240.6.18
O1 - Hosts: MI8NYCMAIL07 MI8NYCMAIL07.MI8.COM
O1 - Hosts: 63.240.6.171
O1 - Hosts: MI8NYCMAIL21 MI8NYCMAIL21.MI8.COM
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {c70935dc-f24e-435a-b10c-6f17b8236027} - C:\WINDOWS\system32\loge-1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [GNP Generic Host Process] C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\taskmgr.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoKU Call Center] C:\Program Files\VoSKY Call Center\USBVoSKY.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [FWBootup] C:\Program Files\VoSKY Call Center\USBDRAM.exe
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SysTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: loge-1 - C:\WINDOWS\SYSTEM32\loge-1.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14936 bytes
 
Forgot scan log file

Sorry - I forgot to report the results of the online scan.

I could not see a "log file" when I did the on line scan, but I copy/pasted the resulting page below.


Start Scan


Stop Scan


Cure Files


Delete Files


Reply email address for the file submission: Scanner Help


Virus scan finished. 1 virus found.
Scan Results: 109832 files scanned. 1 virus was detected.

File Infection Status Path
mirc.ini MIRC/IRCFlood cannot cure C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\
 
sorry - one more piece of info!

sorry - as I'm waiting for a response, I keep running programs to try to fix this thing! (I'll stop now and wait for a response)....

but - here is the latest hijack log after running spybot in safe mode (found 14 problems - but then 0 the next time).

Thanks!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:01:17 PM, on 6/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\VoSKY Call Center\USBVoSKY.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\VoSKY Call Center\USBDRAM.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\carpenter_jan\Desktop\HiJackThis_v2\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\CARPENTER_JAN\Application Data\Mozilla\Profiles\default\rh6l5xph.slt\prefs.js)
O1 - Hosts: 63.240.6.184
O1 - Hosts: MI8NYCMAIL34 MI8NYCMAIL34.MI8.COM
O1 - Hosts: 63.240.6.24
O1 - Hosts: MI8NYCMAIL13 MI8NYCMAIL13.MI8.COM
O1 - Hosts: 63.240.6.190
O1 - Hosts: MI8NYCMAIL40 MI8NYCMAIL40.MI8.COM
O1 - Hosts: 63.240.6.189
O1 - Hosts: MI8NYCMAIL39 MI8NYCMAIL39.MI8.COM
O1 - Hosts: 63.240.6.176
O1 - Hosts: MI8NYCMAIL26 MI8NYCMAIL26.MI8.COM
O1 - Hosts: 63.240.6.16
O1 - Hosts: MI8NYCMAIL05 MI8NYCMAIL05.MI8.COM
O1 - Hosts: 63.240.6.182
O1 - Hosts: MI8NYCMAIL32 MI8NYCMAIL32.MI8.COM
O1 - Hosts: 63.240.6.168
O1 - Hosts: MI8NYCMAIL18 MI8NYCMAIL18.MI8.COM
O1 - Hosts: 63.240.6.174
O1 - Hosts: MI8NYCMAIL24 MI8NYCMAIL24.MI8.COM
O1 - Hosts: 63.240.6.22
O1 - Hosts: MI8NYCMAIL11 MI8NYCMAIL11.MI8.COM
O1 - Hosts: 63.240.6.187
O1 - Hosts: MI8NYCMAIL37 MI8NYCMAIL37.MI8.COM
O1 - Hosts: 63.240.6.166
O1 - Hosts: MI8NYCMAIL16 MI8NYCMAIL16.MI8.COM
O1 - Hosts: 63.240.6.27
O1 - Hosts: MI8NYCMAIL03 MI8NYCMAIL03.MI8.COM
O1 - Hosts: 63.240.6.180
O1 - Hosts: MI8NYCMAIL30 MI8NYCMAIL30.MI8.COM
O1 - Hosts: 63.240.6.179
O1 - Hosts: MI8NYCMAIL29 MI8NYCMAIL29.MI8.COM
O1 - Hosts: 63.240.6.19
O1 - Hosts: MI8NYCMAIL08 MI8NYCMAIL08.MI8.COM
O1 - Hosts: 63.240.6.172
O1 - Hosts: MI8NYCMAIL22 MI8NYCMAIL22.MI8.COM
O1 - Hosts: 63.240.6.185
O1 - Hosts: MI8NYCMAIL35 MI8NYCMAIL35.MI8.COM
O1 - Hosts: 63.240.6.61
O1 - Hosts: MI8NYCMAIL14 MI8NYCMAIL14.MI8.COM
O1 - Hosts: 63.240.6.25
O1 - Hosts: MI8NYCMAIL01 MI8NYCMAIL01.MI8.COM
O1 - Hosts: 63.240.6.177
O1 - Hosts: MI8NYCMAIL27 MI8NYCMAIL27.MI8.COM
O1 - Hosts: 63.240.6.17
O1 - Hosts: MI8NYCMAIL06 MI8NYCMAIL06.MI8.COM
O1 - Hosts: 63.240.6.170
O1 - Hosts: MI8NYCMAIL20 MI8NYCMAIL20.MI8.COM
O1 - Hosts: 63.240.6.169
O1 - Hosts: MI8NYCMAIL19 MI8NYCMAIL19.MI8.COM
O1 - Hosts: 63.240.6.183
O1 - Hosts: MI8NYCMAIL33 MI8NYCMAIL33.MI8.COM
O1 - Hosts: 63.240.6.23
O1 - Hosts: MI8NYCMAIL12 MI8NYCMAIL12.MI8.COM
O1 - Hosts: 63.240.6.188
O1 - Hosts: MI8NYCMAIL38 MI8NYCMAIL38.MI8.COM
O1 - Hosts: 63.240.6.175
O1 - Hosts: MI8NYCMAIL25 MI8NYCMAIL25.MI8.COM
O1 - Hosts: 63.240.6.15
O1 - Hosts: MI8NYCMAIL04 MI8NYCMAIL04.MI8.COM
O1 - Hosts: 63.240.6.181
O1 - Hosts: MI8NYCMAIL31 MI8NYCMAIL31.MI8.COM
O1 - Hosts: 63.240.6.167
O1 - Hosts: MI8NYCMAIL17 MI8NYCMAIL17.MI8.COM
O1 - Hosts: 63.240.6.173
O1 - Hosts: MI8NYCMAIL23 MI8NYCMAIL23.MI8.COM
O1 - Hosts: 63.240.6.21
O1 - Hosts: MI8NYCMAIL10 MI8NYCMAIL10.MI8.COM
O1 - Hosts: 63.240.6.20
O1 - Hosts: MI8NYCMAIL09 MI8NYCMAIL09.MI8.COM
O1 - Hosts: 63.240.6.186
O1 - Hosts: MI8NYCMAIL36 MI8NYCMAIL36.MI8.COM
O1 - Hosts: 63.240.6.62
O1 - Hosts: MI8NYCMAIL15 MI8NYCMAIL15.MI8.COM
O1 - Hosts: 63.240.6.26
O1 - Hosts: MI8NYCMAIL02 MI8NYCMAIL02.MI8.COM
O1 - Hosts: 63.240.6.178
O1 - Hosts: MI8NYCMAIL28 MI8NYCMAIL28.MI8.COM
O1 - Hosts: 63.240.6.18
O1 - Hosts: MI8NYCMAIL07 MI8NYCMAIL07.MI8.COM
O1 - Hosts: 63.240.6.171
O1 - Hosts: MI8NYCMAIL21 MI8NYCMAIL21.MI8.COM
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\tmpE.tmp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {c70935dc-f24e-435a-b10c-6f17b8236027} - C:\WINDOWS\system32\loge-1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [GNP Generic Host Process] C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\taskmgr.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\ddawxv.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoKU Call Center] C:\Program Files\VoSKY Call Center\USBVoSKY.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [FWBootup] C:\Program Files\VoSKY Call Center\USBDRAM.exe
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SysTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: loge-1 - C:\WINDOWS\SYSTEM32\loge-1.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15031 bytes
 
Hi jancar

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
 
New Logs Attached! Thanks!

Thanks so much for helping me!

I've done as you requested and the results are below (2 logs - vundo and hijack).

I haven't seen any pop ups since running this, but I do seem to "lose control" of the keyboard when trying to type this message - so I'm not sure what that's all about.

In any case, let me know next steps.

Thanks again.

ps - this quote:

"Please don't use PMs for requesting help. The Forums are there for a reason"

Is that meant for me? If so, I'm not sure I understand what it means (what is a PMs?) Sorry - don't mean to be stupid. Just trying to learn and make it easiest for you!


vundo log:

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.11

Scan started at 8:42:33 AM 6/1/2007

Listing files found while scanning....


VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.11

Scan started at 3:51:12 PM 6/5/2007

Listing files found while scanning....

C:\WINDOWS\dccdgh.ini
C:\WINDOWS\hgdccd.dll
C:\WINDOWS\system32\tmpC.tmp.dll
C:\WINDOWS\system32\tmpE.tmp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\dccdgh.ini
C:\WINDOWS\dccdgh.ini Has been deleted!

Attempting to delete C:\WINDOWS\hgdccd.dll
C:\WINDOWS\hgdccd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmpC.tmp.dll
C:\WINDOWS\system32\tmpC.tmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmpE.tmp.dll
C:\WINDOWS\system32\tmpE.tmp.dll Has been deleted!

Performing Repairs to the registry.
Done!


hijack log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:13:32 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\VoSKY Call Center\USBVoSKY.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\VoSKY Call Center\USBDRAM.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\carpenter_jan\Desktop\HiJackThis_v2\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\CARPENTER_JAN\Application Data\Mozilla\Profiles\default\rh6l5xph.slt\prefs.js)
O1 - Hosts: 63.240.6.184
O1 - Hosts: MI8NYCMAIL34 MI8NYCMAIL34.MI8.COM
O1 - Hosts: 63.240.6.24
O1 - Hosts: MI8NYCMAIL13 MI8NYCMAIL13.MI8.COM
O1 - Hosts: 63.240.6.190
O1 - Hosts: MI8NYCMAIL40 MI8NYCMAIL40.MI8.COM
O1 - Hosts: 63.240.6.189
O1 - Hosts: MI8NYCMAIL39 MI8NYCMAIL39.MI8.COM
O1 - Hosts: 63.240.6.176
O1 - Hosts: MI8NYCMAIL26 MI8NYCMAIL26.MI8.COM
O1 - Hosts: 63.240.6.16
O1 - Hosts: MI8NYCMAIL05 MI8NYCMAIL05.MI8.COM
O1 - Hosts: 63.240.6.182
O1 - Hosts: MI8NYCMAIL32 MI8NYCMAIL32.MI8.COM
O1 - Hosts: 63.240.6.168
O1 - Hosts: MI8NYCMAIL18 MI8NYCMAIL18.MI8.COM
O1 - Hosts: 63.240.6.174
O1 - Hosts: MI8NYCMAIL24 MI8NYCMAIL24.MI8.COM
O1 - Hosts: 63.240.6.22
O1 - Hosts: MI8NYCMAIL11 MI8NYCMAIL11.MI8.COM
O1 - Hosts: 63.240.6.187
O1 - Hosts: MI8NYCMAIL37 MI8NYCMAIL37.MI8.COM
O1 - Hosts: 63.240.6.166
O1 - Hosts: MI8NYCMAIL16 MI8NYCMAIL16.MI8.COM
O1 - Hosts: 63.240.6.27
O1 - Hosts: MI8NYCMAIL03 MI8NYCMAIL03.MI8.COM
O1 - Hosts: 63.240.6.180
O1 - Hosts: MI8NYCMAIL30 MI8NYCMAIL30.MI8.COM
O1 - Hosts: 63.240.6.179
O1 - Hosts: MI8NYCMAIL29 MI8NYCMAIL29.MI8.COM
O1 - Hosts: 63.240.6.19
O1 - Hosts: MI8NYCMAIL08 MI8NYCMAIL08.MI8.COM
O1 - Hosts: 63.240.6.172
O1 - Hosts: MI8NYCMAIL22 MI8NYCMAIL22.MI8.COM
O1 - Hosts: 63.240.6.185
O1 - Hosts: MI8NYCMAIL35 MI8NYCMAIL35.MI8.COM
O1 - Hosts: 63.240.6.61
O1 - Hosts: MI8NYCMAIL14 MI8NYCMAIL14.MI8.COM
O1 - Hosts: 63.240.6.25
O1 - Hosts: MI8NYCMAIL01 MI8NYCMAIL01.MI8.COM
O1 - Hosts: 63.240.6.177
O1 - Hosts: MI8NYCMAIL27 MI8NYCMAIL27.MI8.COM
O1 - Hosts: 63.240.6.17
O1 - Hosts: MI8NYCMAIL06 MI8NYCMAIL06.MI8.COM
O1 - Hosts: 63.240.6.170
O1 - Hosts: MI8NYCMAIL20 MI8NYCMAIL20.MI8.COM
O1 - Hosts: 63.240.6.169
O1 - Hosts: MI8NYCMAIL19 MI8NYCMAIL19.MI8.COM
O1 - Hosts: 63.240.6.183
O1 - Hosts: MI8NYCMAIL33 MI8NYCMAIL33.MI8.COM
O1 - Hosts: 63.240.6.23
O1 - Hosts: MI8NYCMAIL12 MI8NYCMAIL12.MI8.COM
O1 - Hosts: 63.240.6.188
O1 - Hosts: MI8NYCMAIL38 MI8NYCMAIL38.MI8.COM
O1 - Hosts: 63.240.6.175
O1 - Hosts: MI8NYCMAIL25 MI8NYCMAIL25.MI8.COM
O1 - Hosts: 63.240.6.15
O1 - Hosts: MI8NYCMAIL04 MI8NYCMAIL04.MI8.COM
O1 - Hosts: 63.240.6.181
O1 - Hosts: MI8NYCMAIL31 MI8NYCMAIL31.MI8.COM
O1 - Hosts: 63.240.6.167
O1 - Hosts: MI8NYCMAIL17 MI8NYCMAIL17.MI8.COM
O1 - Hosts: 63.240.6.173
O1 - Hosts: MI8NYCMAIL23 MI8NYCMAIL23.MI8.COM
O1 - Hosts: 63.240.6.21
O1 - Hosts: MI8NYCMAIL10 MI8NYCMAIL10.MI8.COM
O1 - Hosts: 63.240.6.20
O1 - Hosts: MI8NYCMAIL09 MI8NYCMAIL09.MI8.COM
O1 - Hosts: 63.240.6.186
O1 - Hosts: MI8NYCMAIL36 MI8NYCMAIL36.MI8.COM
O1 - Hosts: 63.240.6.62
O1 - Hosts: MI8NYCMAIL15 MI8NYCMAIL15.MI8.COM
O1 - Hosts: 63.240.6.26
O1 - Hosts: MI8NYCMAIL02 MI8NYCMAIL02.MI8.COM
O1 - Hosts: 63.240.6.178
O1 - Hosts: MI8NYCMAIL28 MI8NYCMAIL28.MI8.COM
O1 - Hosts: 63.240.6.18
O1 - Hosts: MI8NYCMAIL07 MI8NYCMAIL07.MI8.COM
O1 - Hosts: 63.240.6.171
O1 - Hosts: MI8NYCMAIL21 MI8NYCMAIL21.MI8.COM
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {c70935dc-f24e-435a-b10c-6f17b8236027} - C:\WINDOWS\system32\loge-1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [GNP Generic Host Process] C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\taskmgr.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoKU Call Center] C:\Program Files\VoSKY Call Center\USBVoSKY.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [FWBootup] C:\Program Files\VoSKY Call Center\USBDRAM.exe
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SysTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: loge-1 - C:\WINDOWS\SYSTEM32\loge-1.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14835 bytes
 
Hi

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once the scan is complete, Right Click inside the listbox (white box) and click add more files
  • Copy&Paste the 2 entries below into the top 2 boxes

    C:\WINDOWS\system32\loge-1.dll
    C:\WINDOWS\system32\1-egol.*

  • Click Add Files and Click Close Window
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.[/list]
 
Latest Logs - Thanks!

VundoFix V6.4.2

Vundo log:
Checking Java version...

Java version is 1.5.0.11

Scan started at 6:31:44 AM 6/6/2007

Listing files found while scanning....

C:\WINDOWS\ijlmlm.ini
C:\WINDOWS\mlmlji.dll
C:\WINDOWS\system32\tmp1DF.tmp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\ijlmlm.ini
C:\WINDOWS\ijlmlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\mlmlji.dll
C:\WINDOWS\mlmlji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\loge-1.dll
C:\WINDOWS\system32\loge-1.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmp1DF.tmp.dll
C:\WINDOWS\system32\tmp1DF.tmp.dll Has been deleted!

Performing Repairs to the registry.
Done!


HiJackThis log:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:49:08 AM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\VoSKY Call Center\USBVoSKY.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\VoSKY Call Center\USBDRAM.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\carpenter_jan\Desktop\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\CARPENTER_JAN\Application Data\Mozilla\Profiles\default\rh6l5xph.slt\prefs.js)
O1 - Hosts: 63.240.6.184
O1 - Hosts: MI8NYCMAIL34 MI8NYCMAIL34.MI8.COM
O1 - Hosts: 63.240.6.24
O1 - Hosts: MI8NYCMAIL13 MI8NYCMAIL13.MI8.COM
O1 - Hosts: 63.240.6.190
O1 - Hosts: MI8NYCMAIL40 MI8NYCMAIL40.MI8.COM
O1 - Hosts: 63.240.6.189
O1 - Hosts: MI8NYCMAIL39 MI8NYCMAIL39.MI8.COM
O1 - Hosts: 63.240.6.176
O1 - Hosts: MI8NYCMAIL26 MI8NYCMAIL26.MI8.COM
O1 - Hosts: 63.240.6.16
O1 - Hosts: MI8NYCMAIL05 MI8NYCMAIL05.MI8.COM
O1 - Hosts: 63.240.6.182
O1 - Hosts: MI8NYCMAIL32 MI8NYCMAIL32.MI8.COM
O1 - Hosts: 63.240.6.168
O1 - Hosts: MI8NYCMAIL18 MI8NYCMAIL18.MI8.COM
O1 - Hosts: 63.240.6.174
O1 - Hosts: MI8NYCMAIL24 MI8NYCMAIL24.MI8.COM
O1 - Hosts: 63.240.6.22
O1 - Hosts: MI8NYCMAIL11 MI8NYCMAIL11.MI8.COM
O1 - Hosts: 63.240.6.187
O1 - Hosts: MI8NYCMAIL37 MI8NYCMAIL37.MI8.COM
O1 - Hosts: 63.240.6.166
O1 - Hosts: MI8NYCMAIL16 MI8NYCMAIL16.MI8.COM
O1 - Hosts: 63.240.6.27
O1 - Hosts: MI8NYCMAIL03 MI8NYCMAIL03.MI8.COM
O1 - Hosts: 63.240.6.180
O1 - Hosts: MI8NYCMAIL30 MI8NYCMAIL30.MI8.COM
O1 - Hosts: 63.240.6.179
O1 - Hosts: MI8NYCMAIL29 MI8NYCMAIL29.MI8.COM
O1 - Hosts: 63.240.6.19
O1 - Hosts: MI8NYCMAIL08 MI8NYCMAIL08.MI8.COM
O1 - Hosts: 63.240.6.172
O1 - Hosts: MI8NYCMAIL22 MI8NYCMAIL22.MI8.COM
O1 - Hosts: 63.240.6.185
O1 - Hosts: MI8NYCMAIL35 MI8NYCMAIL35.MI8.COM
O1 - Hosts: 63.240.6.61
O1 - Hosts: MI8NYCMAIL14 MI8NYCMAIL14.MI8.COM
O1 - Hosts: 63.240.6.25
O1 - Hosts: MI8NYCMAIL01 MI8NYCMAIL01.MI8.COM
O1 - Hosts: 63.240.6.177
O1 - Hosts: MI8NYCMAIL27 MI8NYCMAIL27.MI8.COM
O1 - Hosts: 63.240.6.17
O1 - Hosts: MI8NYCMAIL06 MI8NYCMAIL06.MI8.COM
O1 - Hosts: 63.240.6.170
O1 - Hosts: MI8NYCMAIL20 MI8NYCMAIL20.MI8.COM
O1 - Hosts: 63.240.6.169
O1 - Hosts: MI8NYCMAIL19 MI8NYCMAIL19.MI8.COM
O1 - Hosts: 63.240.6.183
O1 - Hosts: MI8NYCMAIL33 MI8NYCMAIL33.MI8.COM
O1 - Hosts: 63.240.6.23
O1 - Hosts: MI8NYCMAIL12 MI8NYCMAIL12.MI8.COM
O1 - Hosts: 63.240.6.188
O1 - Hosts: MI8NYCMAIL38 MI8NYCMAIL38.MI8.COM
O1 - Hosts: 63.240.6.175
O1 - Hosts: MI8NYCMAIL25 MI8NYCMAIL25.MI8.COM
O1 - Hosts: 63.240.6.15
O1 - Hosts: MI8NYCMAIL04 MI8NYCMAIL04.MI8.COM
O1 - Hosts: 63.240.6.181
O1 - Hosts: MI8NYCMAIL31 MI8NYCMAIL31.MI8.COM
O1 - Hosts: 63.240.6.167
O1 - Hosts: MI8NYCMAIL17 MI8NYCMAIL17.MI8.COM
O1 - Hosts: 63.240.6.173
O1 - Hosts: MI8NYCMAIL23 MI8NYCMAIL23.MI8.COM
O1 - Hosts: 63.240.6.21
O1 - Hosts: MI8NYCMAIL10 MI8NYCMAIL10.MI8.COM
O1 - Hosts: 63.240.6.20
O1 - Hosts: MI8NYCMAIL09 MI8NYCMAIL09.MI8.COM
O1 - Hosts: 63.240.6.186
O1 - Hosts: MI8NYCMAIL36 MI8NYCMAIL36.MI8.COM
O1 - Hosts: 63.240.6.62
O1 - Hosts: MI8NYCMAIL15 MI8NYCMAIL15.MI8.COM
O1 - Hosts: 63.240.6.26
O1 - Hosts: MI8NYCMAIL02 MI8NYCMAIL02.MI8.COM
O1 - Hosts: 63.240.6.178
O1 - Hosts: MI8NYCMAIL28 MI8NYCMAIL28.MI8.COM
O1 - Hosts: 63.240.6.18
O1 - Hosts: MI8NYCMAIL07 MI8NYCMAIL07.MI8.COM
O1 - Hosts: 63.240.6.171
O1 - Hosts: MI8NYCMAIL21 MI8NYCMAIL21.MI8.COM
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {c70935dc-f24e-435a-b10c-6f17b8236027} - C:\WINDOWS\system32\loge-1.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [GNP Generic Host Process] C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\taskmgr.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoKU Call Center] C:\Program Files\VoSKY Call Center\USBVoSKY.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [FWBootup] C:\Program Files\VoSKY Call Center\USBDRAM.exe
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SysTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14737 bytes
 
Hi

First, I would like you to upload this file to uploadmalware

C:\WINDOWS\system32\loge-1.dll.bad (may just look like loge-1)

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.
Click to expand...
Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  4. Do the same for each Viewpoint component.

Open HijackThis, click do a system scan only and checkmark this:

O2 - BHO: (no name) - {c70935dc-f24e-435a-b10c-6f17b8236027} - C:\WINDOWS\system32\loge-1.dll (file missing)

Close all windows including browser and press fix checked.

Reboot.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Post:

- a fresh HijackThis log
- kaspersky report
 
Next Steps Completed

Moving right along.....

1. The file you asked to be uploaded to uploadmalware was not found in the windows\system32 folder. But, I did find it in the VundoFixBackups folder. So, I did upload it. Hopefully that was correct.

2. Viewpoint - ugh. Uninstalled Viewpoint Manager (which was the only program apparently installed). Gone (hopefully).

3. Ran HiJackThis and checkmarked the file you asked me to checkmark and pressed fix.

4. Kaspersky Online Scanner - ran it. Got the log and saved it in the expanded and collapsed format. I'll show both below (just in case you get more info from the expanded version).

5. HiJackThis log - new one show below.

6. Just found out that the text I'm posting is too long - so I'll have to finish the attachments in another thread.

Thank you once more.

Kaspersky Report (collapsed):
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 06, 2007 1:00:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 6/06/2007
Kaspersky Anti-Virus database records: 340946
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 128310
Number of viruses found: 14
Number of infected objects: 63
Number of suspicious objects: 1
Duration of the scan process: 01:44:53

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\rh6l5xph.slt\parent.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05302007-093209.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\14\1907720e-1ab9191c/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\14\1907720e-1ab9191c/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\14\1907720e-1ab9191c/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\14\1907720e-1ab9191c ZIP: infected - 3 skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\55\69a48f37-244ab462/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\55\69a48f37-244ab462/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\55\69a48f37-244ab462/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\55\69a48f37-244ab462 ZIP: infected - 3 skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp1DF.tmp.exe Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp1E5.tmp.exe Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp20.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp25.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp2A.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp32.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp37.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp3E.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp4.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmpF1C.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\carpenter_jan\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\carpenter_jan\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\4AFDZXR6\arr[1].ani Suspicious: Exploit.Win32.IMG-ANI.gen skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\C5HPV6DX\class4[1].htm Infected: Trojan-Downloader.VBS.Agent.au skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\F8SOVPES\koocwolla_20070601[1] Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\LYS70X0Z\404-6[1].htm Infected: Exploit.HTML.IESlice.l skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\Q4Y3BDN5\nauj[1] Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\VOCIDO36\index[1].htm Infected: Trojan-Downloader.JS.Psyme.gy skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\YOJO9EP4\index[1].htm Infected: Trojan-Downloader.VBS.Psyme.gx skipped
C:\Documents and Settings\carpenter_jan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\carpenter_jan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.log Object is locked skipped
C:\Program Files\Netscape\Users\janc\Mail\Trash/[From Monterey Bay Clothing Company <specials@shopthebay.com>][Date Thu, 25 Nov 2004 00:57:19 -0700 (GMT-07:00)]/UNNAMED/[From "PayPal Team" <support@paypal.com>][Date Thu, 25 Nov 2004 12:27:45 +0200]/html Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Program Files\Netscape\Users\janc\Mail\Trash/[From Monterey Bay Clothing Company <specials@shopthebay.com>][Date Thu, 25 Nov 2004 00:57:19 -0700 (GMT-07:00)]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Program Files\Netscape\Users\janc\Mail\Trash Mail Berkeley mbox: infected - 2 skipped
C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\sup.exe/BAT Infected: Trojan.BAT.Starter.k skipped
C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\sup.exe QuickBatch: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP790\A0148221.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP791\A0148258.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP796\A0149672.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP801\A0150328.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP802\A0150338.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP803\A0152362.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP805\A0153002.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP805\A0153005.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153368.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153376.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153413.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153554.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153557.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153559.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153560.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153563.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153589.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153733.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153734.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153735.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153736.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153737.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153738.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153739.exe Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153740.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153764.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153765.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153772.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153801.exe Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153803.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\oppmnmn.dll Infected: Trojan-Downloader.Win32.ConHook.ah skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Kaspersky Expanded

Here's the other Kaspersky log file


Kaspersky Expanded:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 06, 2007 1:02:08 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 6/06/2007
Kaspersky Anti-Virus database records: 340946
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 128310
Number of viruses found: 14
Number of infected objects: 63
Number of suspicious objects: 1
Duration of the scan process: 01:44:53

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\rh6l5xph.slt\parent.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05302007-093209.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\14\1907720e-1ab9191c/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\14\1907720e-1ab9191c/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\14\1907720e-1ab9191c/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\14\1907720e-1ab9191c ZIP: infected - 3 skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\55\69a48f37-244ab462/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\55\69a48f37-244ab462/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\55\69a48f37-244ab462/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache\6.0\55\69a48f37-244ab462 ZIP: infected - 3 skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp1DF.tmp.exe Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp1E5.tmp.exe Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp20.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp25.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp2A.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp32.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp37.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp3E.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmp4.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Application Data\tmpF1C.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\carpenter_jan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\carpenter_jan\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\carpenter_jan\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\4AFDZXR6\arr[1].ani Suspicious: Exploit.Win32.IMG-ANI.gen skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\C5HPV6DX\class4[1].htm Infected: Trojan-Downloader.VBS.Agent.au skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\F8SOVPES\koocwolla_20070601[1] Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\LYS70X0Z\404-6[1].htm Infected: Exploit.HTML.IESlice.l skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\Q4Y3BDN5\nauj[1] Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\VOCIDO36\index[1].htm Infected: Trojan-Downloader.JS.Psyme.gy skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\YOJO9EP4\index[1].htm Infected: Trojan-Downloader.VBS.Psyme.gx skipped
C:\Documents and Settings\carpenter_jan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\carpenter_jan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.log Object is locked skipped
C:\Program Files\Netscape\Users\janc\Mail\Trash/[From Monterey Bay Clothing Company <specials@shopthebay.com>][Date Thu, 25 Nov 2004 00:57:19 -0700 (GMT-07:00)]/UNNAMED/[From "PayPal Team" <support@paypal.com>][Date Thu, 25 Nov 2004 12:27:45 +0200]/html Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Program Files\Netscape\Users\janc\Mail\Trash/[From Monterey Bay Clothing Company <specials@shopthebay.com>][Date Thu, 25 Nov 2004 00:57:19 -0700 (GMT-07:00)]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Program Files\Netscape\Users\janc\Mail\Trash Mail Berkeley mbox: infected - 2 skipped
C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\sup.exe/BAT Infected: Trojan.BAT.Starter.k skipped
C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\sup.exe QuickBatch: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP790\A0148221.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP791\A0148258.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP796\A0149672.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP801\A0150328.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP802\A0150338.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP803\A0152362.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP805\A0153002.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP805\A0153005.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153368.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153376.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153413.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153554.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153557.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153559.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153560.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153563.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153589.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153733.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153734.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153735.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153736.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153737.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153738.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153739.exe Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153740.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153764.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153765.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153772.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153801.exe Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153803.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\oppmnmn.dll Infected: Trojan-Downloader.Win32.ConHook.ah skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


--
End of file - 14595 bytes
 
HiJackThis Log File

Here's the final log file you requested:

HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:03:05 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\VoSKY Call Center\USBVoSKY.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\VoSKY Call Center\USBDRAM.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\carpenter_jan\Desktop\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\CARPENTER_JAN\Application Data\Mozilla\Profiles\default\rh6l5xph.slt\prefs.js)
O1 - Hosts: 63.240.6.184
O1 - Hosts: MI8NYCMAIL34 MI8NYCMAIL34.MI8.COM
O1 - Hosts: 63.240.6.24
O1 - Hosts: MI8NYCMAIL13 MI8NYCMAIL13.MI8.COM
O1 - Hosts: 63.240.6.190
O1 - Hosts: MI8NYCMAIL40 MI8NYCMAIL40.MI8.COM
O1 - Hosts: 63.240.6.189
O1 - Hosts: MI8NYCMAIL39 MI8NYCMAIL39.MI8.COM
O1 - Hosts: 63.240.6.176
O1 - Hosts: MI8NYCMAIL26 MI8NYCMAIL26.MI8.COM
O1 - Hosts: 63.240.6.16
O1 - Hosts: MI8NYCMAIL05 MI8NYCMAIL05.MI8.COM
O1 - Hosts: 63.240.6.182
O1 - Hosts: MI8NYCMAIL32 MI8NYCMAIL32.MI8.COM
O1 - Hosts: 63.240.6.168
O1 - Hosts: MI8NYCMAIL18 MI8NYCMAIL18.MI8.COM
O1 - Hosts: 63.240.6.174
O1 - Hosts: MI8NYCMAIL24 MI8NYCMAIL24.MI8.COM
O1 - Hosts: 63.240.6.22
O1 - Hosts: MI8NYCMAIL11 MI8NYCMAIL11.MI8.COM
O1 - Hosts: 63.240.6.187
O1 - Hosts: MI8NYCMAIL37 MI8NYCMAIL37.MI8.COM
O1 - Hosts: 63.240.6.166
O1 - Hosts: MI8NYCMAIL16 MI8NYCMAIL16.MI8.COM
O1 - Hosts: 63.240.6.27
O1 - Hosts: MI8NYCMAIL03 MI8NYCMAIL03.MI8.COM
O1 - Hosts: 63.240.6.180
O1 - Hosts: MI8NYCMAIL30 MI8NYCMAIL30.MI8.COM
O1 - Hosts: 63.240.6.179
O1 - Hosts: MI8NYCMAIL29 MI8NYCMAIL29.MI8.COM
O1 - Hosts: 63.240.6.19
O1 - Hosts: MI8NYCMAIL08 MI8NYCMAIL08.MI8.COM
O1 - Hosts: 63.240.6.172
O1 - Hosts: MI8NYCMAIL22 MI8NYCMAIL22.MI8.COM
O1 - Hosts: 63.240.6.185
O1 - Hosts: MI8NYCMAIL35 MI8NYCMAIL35.MI8.COM
O1 - Hosts: 63.240.6.61
O1 - Hosts: MI8NYCMAIL14 MI8NYCMAIL14.MI8.COM
O1 - Hosts: 63.240.6.25
O1 - Hosts: MI8NYCMAIL01 MI8NYCMAIL01.MI8.COM
O1 - Hosts: 63.240.6.177
O1 - Hosts: MI8NYCMAIL27 MI8NYCMAIL27.MI8.COM
O1 - Hosts: 63.240.6.17
O1 - Hosts: MI8NYCMAIL06 MI8NYCMAIL06.MI8.COM
O1 - Hosts: 63.240.6.170
O1 - Hosts: MI8NYCMAIL20 MI8NYCMAIL20.MI8.COM
O1 - Hosts: 63.240.6.169
O1 - Hosts: MI8NYCMAIL19 MI8NYCMAIL19.MI8.COM
O1 - Hosts: 63.240.6.183
O1 - Hosts: MI8NYCMAIL33 MI8NYCMAIL33.MI8.COM
O1 - Hosts: 63.240.6.23
O1 - Hosts: MI8NYCMAIL12 MI8NYCMAIL12.MI8.COM
O1 - Hosts: 63.240.6.188
O1 - Hosts: MI8NYCMAIL38 MI8NYCMAIL38.MI8.COM
O1 - Hosts: 63.240.6.175
O1 - Hosts: MI8NYCMAIL25 MI8NYCMAIL25.MI8.COM
O1 - Hosts: 63.240.6.15
O1 - Hosts: MI8NYCMAIL04 MI8NYCMAIL04.MI8.COM
O1 - Hosts: 63.240.6.181
O1 - Hosts: MI8NYCMAIL31 MI8NYCMAIL31.MI8.COM
O1 - Hosts: 63.240.6.167
O1 - Hosts: MI8NYCMAIL17 MI8NYCMAIL17.MI8.COM
O1 - Hosts: 63.240.6.173
O1 - Hosts: MI8NYCMAIL23 MI8NYCMAIL23.MI8.COM
O1 - Hosts: 63.240.6.21
O1 - Hosts: MI8NYCMAIL10 MI8NYCMAIL10.MI8.COM
O1 - Hosts: 63.240.6.20
O1 - Hosts: MI8NYCMAIL09 MI8NYCMAIL09.MI8.COM
O1 - Hosts: 63.240.6.186
O1 - Hosts: MI8NYCMAIL36 MI8NYCMAIL36.MI8.COM
O1 - Hosts: 63.240.6.62
O1 - Hosts: MI8NYCMAIL15 MI8NYCMAIL15.MI8.COM
O1 - Hosts: 63.240.6.26
O1 - Hosts: MI8NYCMAIL02 MI8NYCMAIL02.MI8.COM
O1 - Hosts: 63.240.6.178
O1 - Hosts: MI8NYCMAIL28 MI8NYCMAIL28.MI8.COM
O1 - Hosts: 63.240.6.18
O1 - Hosts: MI8NYCMAIL07 MI8NYCMAIL07.MI8.COM
O1 - Hosts: 63.240.6.171
O1 - Hosts: MI8NYCMAIL21 MI8NYCMAIL21.MI8.COM
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [GNP Generic Host Process] C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\taskmgr.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoKU Call Center] C:\Program Files\VoSKY Call Center\USBVoSKY.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [FWBootup] C:\Program Files\VoSKY Call Center\USBDRAM.exe
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SysTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 14595 bytes
 
HiJackThis Log File

My last message didn't seem to post - so here is the HiJackThis Log file:

HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:03:05 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\VoSKY Call Center\USBVoSKY.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\VoSKY Call Center\USBDRAM.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\carpenter_jan\Desktop\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\CARPENTER_JAN\Application Data\Mozilla\Profiles\default\rh6l5xph.slt\prefs.js)
O1 - Hosts: 63.240.6.184
O1 - Hosts: MI8NYCMAIL34 MI8NYCMAIL34.MI8.COM
O1 - Hosts: 63.240.6.24
O1 - Hosts: MI8NYCMAIL13 MI8NYCMAIL13.MI8.COM
O1 - Hosts: 63.240.6.190
O1 - Hosts: MI8NYCMAIL40 MI8NYCMAIL40.MI8.COM
O1 - Hosts: 63.240.6.189
O1 - Hosts: MI8NYCMAIL39 MI8NYCMAIL39.MI8.COM
O1 - Hosts: 63.240.6.176
O1 - Hosts: MI8NYCMAIL26 MI8NYCMAIL26.MI8.COM
O1 - Hosts: 63.240.6.16
O1 - Hosts: MI8NYCMAIL05 MI8NYCMAIL05.MI8.COM
O1 - Hosts: 63.240.6.182
O1 - Hosts: MI8NYCMAIL32 MI8NYCMAIL32.MI8.COM
O1 - Hosts: 63.240.6.168
O1 - Hosts: MI8NYCMAIL18 MI8NYCMAIL18.MI8.COM
O1 - Hosts: 63.240.6.174
O1 - Hosts: MI8NYCMAIL24 MI8NYCMAIL24.MI8.COM
O1 - Hosts: 63.240.6.22
O1 - Hosts: MI8NYCMAIL11 MI8NYCMAIL11.MI8.COM
O1 - Hosts: 63.240.6.187
O1 - Hosts: MI8NYCMAIL37 MI8NYCMAIL37.MI8.COM
O1 - Hosts: 63.240.6.166
O1 - Hosts: MI8NYCMAIL16 MI8NYCMAIL16.MI8.COM
O1 - Hosts: 63.240.6.27
O1 - Hosts: MI8NYCMAIL03 MI8NYCMAIL03.MI8.COM
O1 - Hosts: 63.240.6.180
O1 - Hosts: MI8NYCMAIL30 MI8NYCMAIL30.MI8.COM
O1 - Hosts: 63.240.6.179
O1 - Hosts: MI8NYCMAIL29 MI8NYCMAIL29.MI8.COM
O1 - Hosts: 63.240.6.19
O1 - Hosts: MI8NYCMAIL08 MI8NYCMAIL08.MI8.COM
O1 - Hosts: 63.240.6.172
O1 - Hosts: MI8NYCMAIL22 MI8NYCMAIL22.MI8.COM
O1 - Hosts: 63.240.6.185
O1 - Hosts: MI8NYCMAIL35 MI8NYCMAIL35.MI8.COM
O1 - Hosts: 63.240.6.61
O1 - Hosts: MI8NYCMAIL14 MI8NYCMAIL14.MI8.COM
O1 - Hosts: 63.240.6.25
O1 - Hosts: MI8NYCMAIL01 MI8NYCMAIL01.MI8.COM
O1 - Hosts: 63.240.6.177
O1 - Hosts: MI8NYCMAIL27 MI8NYCMAIL27.MI8.COM
O1 - Hosts: 63.240.6.17
O1 - Hosts: MI8NYCMAIL06 MI8NYCMAIL06.MI8.COM
O1 - Hosts: 63.240.6.170
O1 - Hosts: MI8NYCMAIL20 MI8NYCMAIL20.MI8.COM
O1 - Hosts: 63.240.6.169
O1 - Hosts: MI8NYCMAIL19 MI8NYCMAIL19.MI8.COM
O1 - Hosts: 63.240.6.183
O1 - Hosts: MI8NYCMAIL33 MI8NYCMAIL33.MI8.COM
O1 - Hosts: 63.240.6.23
O1 - Hosts: MI8NYCMAIL12 MI8NYCMAIL12.MI8.COM
O1 - Hosts: 63.240.6.188
O1 - Hosts: MI8NYCMAIL38 MI8NYCMAIL38.MI8.COM
O1 - Hosts: 63.240.6.175
O1 - Hosts: MI8NYCMAIL25 MI8NYCMAIL25.MI8.COM
O1 - Hosts: 63.240.6.15
O1 - Hosts: MI8NYCMAIL04 MI8NYCMAIL04.MI8.COM
O1 - Hosts: 63.240.6.181
O1 - Hosts: MI8NYCMAIL31 MI8NYCMAIL31.MI8.COM
O1 - Hosts: 63.240.6.167
O1 - Hosts: MI8NYCMAIL17 MI8NYCMAIL17.MI8.COM
O1 - Hosts: 63.240.6.173
O1 - Hosts: MI8NYCMAIL23 MI8NYCMAIL23.MI8.COM
O1 - Hosts: 63.240.6.21
O1 - Hosts: MI8NYCMAIL10 MI8NYCMAIL10.MI8.COM
O1 - Hosts: 63.240.6.20
O1 - Hosts: MI8NYCMAIL09 MI8NYCMAIL09.MI8.COM
O1 - Hosts: 63.240.6.186
O1 - Hosts: MI8NYCMAIL36 MI8NYCMAIL36.MI8.COM
O1 - Hosts: 63.240.6.62
O1 - Hosts: MI8NYCMAIL15 MI8NYCMAIL15.MI8.COM
O1 - Hosts: 63.240.6.26
O1 - Hosts: MI8NYCMAIL02 MI8NYCMAIL02.MI8.COM
O1 - Hosts: 63.240.6.178
O1 - Hosts: MI8NYCMAIL28 MI8NYCMAIL28.MI8.COM
O1 - Hosts: 63.240.6.18
O1 - Hosts: MI8NYCMAIL07 MI8NYCMAIL07.MI8.COM
O1 - Hosts: 63.240.6.171
O1 - Hosts: MI8NYCMAIL21 MI8NYCMAIL21.MI8.COM
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [GNP Generic Host Process] C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\taskmgr.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoKU Call Center] C:\Program Files\VoSKY Call Center\USBVoSKY.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [FWBootup] C:\Program Files\VoSKY Call Center\USBDRAM.exe
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SysTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 14595 bytes
 
Hi

Please download ATF Cleaner by Atribune and save
it to desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

Empty this folder:

C:\Documents and Settings\carpenter_jan\Application Data\Sun\Java\Deployment\cache

Please download the Killbox.
Save it to the desktop.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\carpenter_jan\Application Data\tmp1DF.tmp.exe
C:\Documents and Settings\carpenter_jan\Application Data\tmp1E5.tmp.exe
C:\Documents and Settings\carpenter_jan\Application Data\tmp20.tmp.exe
C:\Documents and Settings\carpenter_jan\Application Data\tmp25.tmp.exe
C:\Documents and Settings\carpenter_jan\Application Data\tmp2A.tmp.exe
C:\Documents and Settings\carpenter_jan\Application Data\tmp32.tmp.exe
C:\Documents and Settings\carpenter_jan\Application Data\tmp37.tmp.exe
C:\Documents and Settings\carpenter_jan\Application Data\tmp3E.tmp.exe
C:\Documents and Settings\carpenter_jan\Application Data\tmp4.tmp.exe
C:\Documents and Settings\carpenter_jan\Application Data\tmpF1C.tmp.exe
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\4AFDZXR6\arr[1].ani
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\C5HPV6DX\class4[1].htm
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\F8SOVPES\koocwolla_20070601[1]
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\LYS70X0Z\404-6[1].htm
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\Q4Y3BDN5\nauj[1]
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\VOCIDO36\index[1].htm
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\YOJO9EP4\index[1].htm C:\WINDOWS\system32\oppmnmn.dll

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Empty this folder:

C:\!KillBox

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
New Logs Kaspersky

I think I did all that you requested in your last message and everything seemed to run as expected. below are latest logs (again need to separate them into two threads)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 06, 2007 5:19:23 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 6/06/2007
Kaspersky Anti-Virus database records: 340971
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 119071
Number of viruses found: 8
Number of infected objects: 59
Number of suspicious objects: 0
Duration of the scan process: 01:33:32

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\rh6l5xph.slt\parent.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05302007-093209.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\carpenter_jan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\carpenter_jan\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\carpenter_jan\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\History\History.IE5\MSHist012007060620070607\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\carpenter_jan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.log Object is locked skipped
C:\Program Files\Netscape\Users\janc\Mail\Trash/[From Monterey Bay Clothing Company <specials@shopthebay.com>][Date Thu, 25 Nov 2004 00:57:19 -0700 (GMT-07:00)]/UNNAMED/[From "PayPal Team" <support@paypal.com>][Date Thu, 25 Nov 2004 12:27:45 +0200]/html Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Program Files\Netscape\Users\janc\Mail\Trash/[From Monterey Bay Clothing Company <specials@shopthebay.com>][Date Thu, 25 Nov 2004 00:57:19 -0700 (GMT-07:00)]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Program Files\Netscape\Users\janc\Mail\Trash Mail Berkeley mbox: infected - 2 skipped
C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\sup.exe/BAT Infected: Trojan.BAT.Starter.k skipped
C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\sup.exe QuickBatch: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP790\A0148221.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP791\A0148258.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP796\A0149672.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP801\A0150328.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP802\A0150338.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP803\A0152362.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP805\A0153002.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP805\A0153005.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153368.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153376.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153413.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153554.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153557.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153559.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153560.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153563.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153589.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153733.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153734.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153735.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153736.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153737.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153738.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153739.exe Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153740.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153764.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153765.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153772.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153801.exe Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153803.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154017.exe Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154018.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154019.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154020.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154021.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154022.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154023.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154024.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154025.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154026.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154044.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154045.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154046.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154047.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154048.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154049.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154050.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154051.exe Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154052.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154053.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{113F2E4A-4794-4853-94F5-3E78F75827D1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\oppmnmn.dll Infected: Trojan-Downloader.Win32.ConHook.ah skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


--
End of file - 14434 bytes
 
New Logs HiJackThis

Here's the HiJackThis log.....

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:20:38 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\VoSKY Call Center\USBVoSKY.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\VoSKY Call Center\USBDRAM.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\carpenter_jan\Desktop\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\CARPENTER_JAN\Application Data\Mozilla\Profiles\default\rh6l5xph.slt\prefs.js)
O1 - Hosts: 63.240.6.184
O1 - Hosts: MI8NYCMAIL34 MI8NYCMAIL34.MI8.COM
O1 - Hosts: 63.240.6.24
O1 - Hosts: MI8NYCMAIL13 MI8NYCMAIL13.MI8.COM
O1 - Hosts: 63.240.6.190
O1 - Hosts: MI8NYCMAIL40 MI8NYCMAIL40.MI8.COM
O1 - Hosts: 63.240.6.189
O1 - Hosts: MI8NYCMAIL39 MI8NYCMAIL39.MI8.COM
O1 - Hosts: 63.240.6.176
O1 - Hosts: MI8NYCMAIL26 MI8NYCMAIL26.MI8.COM
O1 - Hosts: 63.240.6.16
O1 - Hosts: MI8NYCMAIL05 MI8NYCMAIL05.MI8.COM
O1 - Hosts: 63.240.6.182
O1 - Hosts: MI8NYCMAIL32 MI8NYCMAIL32.MI8.COM
O1 - Hosts: 63.240.6.168
O1 - Hosts: MI8NYCMAIL18 MI8NYCMAIL18.MI8.COM
O1 - Hosts: 63.240.6.174
O1 - Hosts: MI8NYCMAIL24 MI8NYCMAIL24.MI8.COM
O1 - Hosts: 63.240.6.22
O1 - Hosts: MI8NYCMAIL11 MI8NYCMAIL11.MI8.COM
O1 - Hosts: 63.240.6.187
O1 - Hosts: MI8NYCMAIL37 MI8NYCMAIL37.MI8.COM
O1 - Hosts: 63.240.6.166
O1 - Hosts: MI8NYCMAIL16 MI8NYCMAIL16.MI8.COM
O1 - Hosts: 63.240.6.27
O1 - Hosts: MI8NYCMAIL03 MI8NYCMAIL03.MI8.COM
O1 - Hosts: 63.240.6.180
O1 - Hosts: MI8NYCMAIL30 MI8NYCMAIL30.MI8.COM
O1 - Hosts: 63.240.6.179
O1 - Hosts: MI8NYCMAIL29 MI8NYCMAIL29.MI8.COM
O1 - Hosts: 63.240.6.19
O1 - Hosts: MI8NYCMAIL08 MI8NYCMAIL08.MI8.COM
O1 - Hosts: 63.240.6.172
O1 - Hosts: MI8NYCMAIL22 MI8NYCMAIL22.MI8.COM
O1 - Hosts: 63.240.6.185
O1 - Hosts: MI8NYCMAIL35 MI8NYCMAIL35.MI8.COM
O1 - Hosts: 63.240.6.61
O1 - Hosts: MI8NYCMAIL14 MI8NYCMAIL14.MI8.COM
O1 - Hosts: 63.240.6.25
O1 - Hosts: MI8NYCMAIL01 MI8NYCMAIL01.MI8.COM
O1 - Hosts: 63.240.6.177
O1 - Hosts: MI8NYCMAIL27 MI8NYCMAIL27.MI8.COM
O1 - Hosts: 63.240.6.17
O1 - Hosts: MI8NYCMAIL06 MI8NYCMAIL06.MI8.COM
O1 - Hosts: 63.240.6.170
O1 - Hosts: MI8NYCMAIL20 MI8NYCMAIL20.MI8.COM
O1 - Hosts: 63.240.6.169
O1 - Hosts: MI8NYCMAIL19 MI8NYCMAIL19.MI8.COM
O1 - Hosts: 63.240.6.183
O1 - Hosts: MI8NYCMAIL33 MI8NYCMAIL33.MI8.COM
O1 - Hosts: 63.240.6.23
O1 - Hosts: MI8NYCMAIL12 MI8NYCMAIL12.MI8.COM
O1 - Hosts: 63.240.6.188
O1 - Hosts: MI8NYCMAIL38 MI8NYCMAIL38.MI8.COM
O1 - Hosts: 63.240.6.175
O1 - Hosts: MI8NYCMAIL25 MI8NYCMAIL25.MI8.COM
O1 - Hosts: 63.240.6.15
O1 - Hosts: MI8NYCMAIL04 MI8NYCMAIL04.MI8.COM
O1 - Hosts: 63.240.6.181
O1 - Hosts: MI8NYCMAIL31 MI8NYCMAIL31.MI8.COM
O1 - Hosts: 63.240.6.167
O1 - Hosts: MI8NYCMAIL17 MI8NYCMAIL17.MI8.COM
O1 - Hosts: 63.240.6.173
O1 - Hosts: MI8NYCMAIL23 MI8NYCMAIL23.MI8.COM
O1 - Hosts: 63.240.6.21
O1 - Hosts: MI8NYCMAIL10 MI8NYCMAIL10.MI8.COM
O1 - Hosts: 63.240.6.20
O1 - Hosts: MI8NYCMAIL09 MI8NYCMAIL09.MI8.COM
O1 - Hosts: 63.240.6.186
O1 - Hosts: MI8NYCMAIL36 MI8NYCMAIL36.MI8.COM
O1 - Hosts: 63.240.6.62
O1 - Hosts: MI8NYCMAIL15 MI8NYCMAIL15.MI8.COM
O1 - Hosts: 63.240.6.26
O1 - Hosts: MI8NYCMAIL02 MI8NYCMAIL02.MI8.COM
O1 - Hosts: 63.240.6.178
O1 - Hosts: MI8NYCMAIL28 MI8NYCMAIL28.MI8.COM
O1 - Hosts: 63.240.6.18
O1 - Hosts: MI8NYCMAIL07 MI8NYCMAIL07.MI8.COM
O1 - Hosts: 63.240.6.171
O1 - Hosts: MI8NYCMAIL21 MI8NYCMAIL21.MI8.COM
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [GNP Generic Host Process] C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\taskmgr.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoKU Call Center] C:\Program Files\VoSKY Call Center\USBVoSKY.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [FWBootup] C:\Program Files\VoSKY Call Center\USBDRAM.exe
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SysTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 14434 bytes
 
Hi

Empty trash folder in here:

C:\Program Files\Netscape\Users\janc\Mail\Trash

Double-click Killbox.exe to run it.

Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\WINDOWS\system32\oppmnmn.dll
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.

Empty this folder:

C:\!KillBox

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
New Kaspersky Report

Below:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 07, 2007 8:22:18 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 7/06/2007
Kaspersky Anti-Virus database records: 341249
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 119386
Number of viruses found: 8
Number of infected objects: 60
Number of suspicious objects: 0
Duration of the scan process: 01:35:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\rh6l5xph.slt\parent.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05302007-093209.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\carpenter_jan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\carpenter_jan\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\carpenter_jan\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\History\History.IE5\MSHist012007060720070608\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\carpenter_jan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\carpenter_jan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.log Object is locked skipped
C:\Program Files\Netscape\Users\janc\Mail\Trash/[From Monterey Bay Clothing Company <specials@shopthebay.com>][Date Thu, 25 Nov 2004 00:57:19 -0700 (GMT-07:00)]/UNNAMED/[From "PayPal Team" <support@paypal.com>][Date Thu, 25 Nov 2004 12:27:45 +0200]/html Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Program Files\Netscape\Users\janc\Mail\Trash/[From Monterey Bay Clothing Company <specials@shopthebay.com>][Date Thu, 25 Nov 2004 00:57:19 -0700 (GMT-07:00)]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Program Files\Netscape\Users\janc\Mail\Trash Mail Berkeley mbox: infected - 2 skipped
C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\sup.exe/BAT Infected: Trojan.BAT.Starter.k skipped
C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\sup.exe QuickBatch: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP790\A0148221.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP791\A0148258.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP796\A0149672.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP801\A0150328.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP802\A0150338.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP803\A0152362.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP805\A0153002.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP805\A0153005.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153368.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153376.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153413.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153554.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153557.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153559.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153560.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153563.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP807\A0153589.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153733.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153734.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153735.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153736.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153737.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153738.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153739.exe Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153740.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153764.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153765.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153772.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153801.exe Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP809\A0153803.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154017.exe Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154018.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154019.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154020.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154021.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154022.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154023.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154024.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154025.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154026.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154044.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154045.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154046.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154047.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154048.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154049.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154050.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154051.exe Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154052.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0154053.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0155038.dll Infected: Trojan-Downloader.Win32.ConHook.ah skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\A0155053.dll Infected: Trojan-Downloader.Win32.ConHook.ah skipped
C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP811\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{AF0397BA-88C4-4986-9D81-B51C030048AF}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
New HiJackThis Log

Below:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:22:55 AM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\VoSKY Call Center\USBVoSKY.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\VoSKY Call Center\USBDRAM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\carpenter_jan\Desktop\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\CARPENTER_JAN\Application Data\Mozilla\Profiles\default\rh6l5xph.slt\prefs.js)
O1 - Hosts: 63.240.6.184
O1 - Hosts: MI8NYCMAIL34 MI8NYCMAIL34.MI8.COM
O1 - Hosts: 63.240.6.24
O1 - Hosts: MI8NYCMAIL13 MI8NYCMAIL13.MI8.COM
O1 - Hosts: 63.240.6.190
O1 - Hosts: MI8NYCMAIL40 MI8NYCMAIL40.MI8.COM
O1 - Hosts: 63.240.6.189
O1 - Hosts: MI8NYCMAIL39 MI8NYCMAIL39.MI8.COM
O1 - Hosts: 63.240.6.176
O1 - Hosts: MI8NYCMAIL26 MI8NYCMAIL26.MI8.COM
O1 - Hosts: 63.240.6.16
O1 - Hosts: MI8NYCMAIL05 MI8NYCMAIL05.MI8.COM
O1 - Hosts: 63.240.6.182
O1 - Hosts: MI8NYCMAIL32 MI8NYCMAIL32.MI8.COM
O1 - Hosts: 63.240.6.168
O1 - Hosts: MI8NYCMAIL18 MI8NYCMAIL18.MI8.COM
O1 - Hosts: 63.240.6.174
O1 - Hosts: MI8NYCMAIL24 MI8NYCMAIL24.MI8.COM
O1 - Hosts: 63.240.6.22
O1 - Hosts: MI8NYCMAIL11 MI8NYCMAIL11.MI8.COM
O1 - Hosts: 63.240.6.187
O1 - Hosts: MI8NYCMAIL37 MI8NYCMAIL37.MI8.COM
O1 - Hosts: 63.240.6.166
O1 - Hosts: MI8NYCMAIL16 MI8NYCMAIL16.MI8.COM
O1 - Hosts: 63.240.6.27
O1 - Hosts: MI8NYCMAIL03 MI8NYCMAIL03.MI8.COM
O1 - Hosts: 63.240.6.180
O1 - Hosts: MI8NYCMAIL30 MI8NYCMAIL30.MI8.COM
O1 - Hosts: 63.240.6.179
O1 - Hosts: MI8NYCMAIL29 MI8NYCMAIL29.MI8.COM
O1 - Hosts: 63.240.6.19
O1 - Hosts: MI8NYCMAIL08 MI8NYCMAIL08.MI8.COM
O1 - Hosts: 63.240.6.172
O1 - Hosts: MI8NYCMAIL22 MI8NYCMAIL22.MI8.COM
O1 - Hosts: 63.240.6.185
O1 - Hosts: MI8NYCMAIL35 MI8NYCMAIL35.MI8.COM
O1 - Hosts: 63.240.6.61
O1 - Hosts: MI8NYCMAIL14 MI8NYCMAIL14.MI8.COM
O1 - Hosts: 63.240.6.25
O1 - Hosts: MI8NYCMAIL01 MI8NYCMAIL01.MI8.COM
O1 - Hosts: 63.240.6.177
O1 - Hosts: MI8NYCMAIL27 MI8NYCMAIL27.MI8.COM
O1 - Hosts: 63.240.6.17
O1 - Hosts: MI8NYCMAIL06 MI8NYCMAIL06.MI8.COM
O1 - Hosts: 63.240.6.170
O1 - Hosts: MI8NYCMAIL20 MI8NYCMAIL20.MI8.COM
O1 - Hosts: 63.240.6.169
O1 - Hosts: MI8NYCMAIL19 MI8NYCMAIL19.MI8.COM
O1 - Hosts: 63.240.6.183
O1 - Hosts: MI8NYCMAIL33 MI8NYCMAIL33.MI8.COM
O1 - Hosts: 63.240.6.23
O1 - Hosts: MI8NYCMAIL12 MI8NYCMAIL12.MI8.COM
O1 - Hosts: 63.240.6.188
O1 - Hosts: MI8NYCMAIL38 MI8NYCMAIL38.MI8.COM
O1 - Hosts: 63.240.6.175
O1 - Hosts: MI8NYCMAIL25 MI8NYCMAIL25.MI8.COM
O1 - Hosts: 63.240.6.15
O1 - Hosts: MI8NYCMAIL04 MI8NYCMAIL04.MI8.COM
O1 - Hosts: 63.240.6.181
O1 - Hosts: MI8NYCMAIL31 MI8NYCMAIL31.MI8.COM
O1 - Hosts: 63.240.6.167
O1 - Hosts: MI8NYCMAIL17 MI8NYCMAIL17.MI8.COM
O1 - Hosts: 63.240.6.173
O1 - Hosts: MI8NYCMAIL23 MI8NYCMAIL23.MI8.COM
O1 - Hosts: 63.240.6.21
O1 - Hosts: MI8NYCMAIL10 MI8NYCMAIL10.MI8.COM
O1 - Hosts: 63.240.6.20
O1 - Hosts: MI8NYCMAIL09 MI8NYCMAIL09.MI8.COM
O1 - Hosts: 63.240.6.186
O1 - Hosts: MI8NYCMAIL36 MI8NYCMAIL36.MI8.COM
O1 - Hosts: 63.240.6.62
O1 - Hosts: MI8NYCMAIL15 MI8NYCMAIL15.MI8.COM
O1 - Hosts: 63.240.6.26
O1 - Hosts: MI8NYCMAIL02 MI8NYCMAIL02.MI8.COM
O1 - Hosts: 63.240.6.178
O1 - Hosts: MI8NYCMAIL28 MI8NYCMAIL28.MI8.COM
O1 - Hosts: 63.240.6.18
O1 - Hosts: MI8NYCMAIL07 MI8NYCMAIL07.MI8.COM
O1 - Hosts: 63.240.6.171
O1 - Hosts: MI8NYCMAIL21 MI8NYCMAIL21.MI8.COM
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [GNP Generic Host Process] C:\RECYCLER\RS-1-5-21-606747145-1085031214-725345543-500\taskmgr.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoKU Call Center] C:\Program Files\VoSKY Call Center\USBVoSKY.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [FWBootup] C:\Program Files\VoSKY Call Center\USBDRAM.exe
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SysTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 14595 bytes
 
Hi

Delete these mails:

C:\Program Files\Netscape\Users\janc\Mail\Trash/[From Monterey Bay Clothing Company <specials@shopthebay.com>][Date Thu, 25 Nov 2004 00:57:19 -0700 (GMT-07:00)]/UNNAMED/[From "PayPal Team" <support@paypal.com>][Date Thu, 25 Nov 2004 12:27:45 +0200]/html Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Program Files\Netscape\Users\janc\Mail\Trash/[From Monterey Bay Clothing Company <specials@shopthebay.com>][Date Thu, 25 Nov 2004 00:57:19 -0700 (GMT-07:00)]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.bg skipped

Otherwise looking good :)

Still problems?
 
Wow

I just deleted that whole folder as it's really old and I don't need to keep that stuff anymore.

I haven't seen any pop ups in a while, but admittedly, I have completely stayed away from the internet for most of the time because of the problems. I will definietely keep an eye out and let you know of any problems that I see.

One question: I am going out of town for a few days and won't have access to my computer - so it's possible that if I have problems, I won't even know it until my return next week.

If that is the case (let's hope not), will this thread still be here or would I just start a new one?

Just let me know proper protocol on that, but if all is well, I must thank you SO PROFUSELY for all your help. You are truly a lifesaver. What does one do to thank you all properly?
 
You must log in or register to reply here.
Back
Top