mobo here it is

[sweetpea]

Logfile of HijackThis v1.99.0
Scan saved at 1:44:01 PM, on 1/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINXP\system32\MSNMSGS.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.ex e
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINXP\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINXP\System32\ScsiAccess.EXE
C:\WINXP\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user.USER-DJZ8JW8GMQ\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.ex e
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINXP\System32\spool\drivers\w32x86\3\hpztsb02. exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Search - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: RaptisoftGameLoader - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {19B6C07F-7AA5-4170-88A9-EF184DC2EC40} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0F87EF0-D504-41AD-8E0A-83BBED5A6F25}: NameServer = 142.177.1.2 142.177.129.11
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINXP\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINXP\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.ex e
O23 - Service: ScsiAccess - Unknown - C:\WINXP\System32\ScsiAccess.EXE
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

[Mobo]

Now Ii want you to rescan again with hijackthis, insert a check next to each of the following enteries, then close all other opened windows and click "fix checked"

R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe

O16 - DPF: {19B6C07F-7AA5-4170-88A9-EF184DC2EC40} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]



Then

navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin

Then


Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn off System restore on all Drives.


Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Reboot the system


Now click [Only Registered and Activated Users Can See Links. Click Here To Register...] and run a full system virus scan. Be sure to tick the delete viruses option.

Then come back here with the results.

[sweetpea]

okay....did everything you told me to do but I ran into a problem whenI tried to select all the temporary files and delete them. there were five files that I couldn't delete. I was prompted with a message saying access was denied or the program was being used by another person or program. I continued with everything else you told me to do and when I did the virus scan Ifound six viruses - 3 could be deleted while the other three couldn't. Cannot Access was the message. The viruses were
JAVA BYTEVER.A
TROJ SCKEYLOGP

wHAT SHOULD i DO NEXT? Obviously I still have viruses in my pc. Help!!

[Mobo]

First go here and click yes to the screen theat pops up. Then run the scan and see if it detects the TROJ SCKEYLOGP.

[Only Registered and Activated Users Can See Links. Click Here To Register...]

[Mobo]

Also fro the java bytever I want you to click start / control panel / then double click the java Icon. open it and click on the cache tab. Then look on the screen for the option to clear the cache.

Also open start / search and paste this in the available space. [b] kl.dll{/b]
Set the search options to hidden files and folders then search. When/if found, right click and delete

Empty the recycle bin.

[sweetpea]

when I went to the control panel and opened the java iconthere was no cache tab.....I didn't find what we were looking to delete. No files were found so I couldn't delete and then empty the recycle bin. What should I do next? maybe I should just drop the tower off at your house and let you take control.

You going to be over this way this week ?

[sweetpea]

I am over in North Sydney on Thursday, but my office is in Sydney River. Maybe I'll try to drop it off to you sometime this week.

[Mobo]

It (jave Bytever) isnt really a trojan but rather a java exploit anyway. What you can do is go to add/remove programs and remove the java then download and install this latest release for better security in that area. [Only Registered and Activated Users Can See Links. Click Here To Register...]

That should take care of that issue as well. Then rescan with the virus scanner from before [Only Registered and Activated Users Can See Links. Click Here To Register...]

[sweetpea]

okay I'll try that but if this doesn't work can I drop it off toyou. Obviously you have a better idea of what it is you are doing

[Mobo]

Of course you can, i'm home all week this week so anytime. imp: