need help eliminating spyware

carlosserrano63 · 2008/02/22

hello I am new to this forum, i dont know if i am posting at the right forum
anyways here is my problem trying to clean up spyware from a computer, but i can not turn off the system restore, regedit is restricted, i dont see the control panel in the startup is gone, please help here is copy of the scan from hijack this
please help, thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:21 PM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Freeze.com Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe "
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,RunDLLEntry
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nick\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hadjajr.ini C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: awtromn - awtromn.dll (file missing)
O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0194031168125934) (0194031168125934mcinstcleanup) - Unknown owner - C:\DOCUME~1\Andy\LOCALS~1\Temp\019403~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9372 bytes

Geri · 2008/02/23

Hi carlosserrano63
Welcome to Windowsbbs.

I still see some problems, so please do the following in the order given.

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - Winlogon Notify: awtromn - awtromn.dll (file missing)
O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

Please download SmitfraudFix (by S!Ri) to your Desktop.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter ".

Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ? "; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter ".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
Note: You must be logged onto an account with administrator privileges to complete the following.

Close all other windows before proceeding.

Double-click on dss.exe and follow the prompts.

When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy and then paste the contents of main.txt and extra.txt in your next reply.

Please post the “main.txt” log only for now.

Please post the smitfraud log and the dss main txt log.

Thanks
Geri

carlosserrano63 · 2008/02/23

thanks gery

thanks a million gery, that took care of the problem, wow i really, really appreciated here is a copy of the rapport i got by following your instructions

SmitFraudFix v2.294

Scan done at 0:56:02.76, Sat 02/23/2008
Run from C:\Documents and Settings\Nick\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Documents and Settings\Nick\Application Data\AdProtect NoSpam\ Deleted
C:\DOCUME~1\Nick\STARTM~1\ContraVirus 2.0.lnk Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9EF05DDC-DE75-4A15-AB1F-FF4225D540FB}: DhcpNameServer=192.168.5.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9EF05DDC-DE75-4A15-AB1F-FF4225D540FB}: DhcpNameServer=192.168.5.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9EF05DDC-DE75-4A15-AB1F-FF4225D540FB}: DhcpNameServer=192.168.5.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.5.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.5.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.5.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System "=" "

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

carlosserrano63 · 2008/02/23

here is a copy of extra tex

hi again gery, here is a copy of extra.tex file, thanks again for all your help

Deckard's System Scanner v20071014.68
Run by Cynthina on 2008-02-23 01:52:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).

-- Last 5 Restore Point(s) --
8: 2008-02-22 18:57:39 UTC - RP8 - Software Distribution Service 3.0
7: 2008-02-22 15:35:19 UTC - RP7 - Installed Kaspersky Internet Security 7.0.
6: 2008-02-22 15:30:18 UTC - RP6 - Removed Kaspersky Anti-Virus 8.0 Beta.
5: 2008-02-22 14:57:02 UTC - RP5 - Installed Kaspersky Anti-Virus 8.0 Beta.
4: 2008-02-22 11:00:48 UTC - RP4 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-02-22 08:01:39 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as Cynthina.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:03 AM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Cynthina\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Cynthina.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nick\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: McAfee Application Installer Cleanup (0194031168125934) (0194031168125934mcinstcleanup) - Unknown owner - C:\DOCUME~1\Andy\LOCALS~1\Temp\019403~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\rteqenamal.html

--
End of file - 6572 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080223-004540-121 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080223-004540-203 O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)
backup-20080223-004540-726 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
backup-20080223-004540-758 O20 - Winlogon Notify: awtromn - awtromn.dll (file missing)
backup-20080223-004540-808 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20080223-004540-935 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080223-004540-946 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S1 core - c:\windows\system32\drivers\core.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 TnIDriver - c:\docume~1\nick\locals~1\temp\tni4c.tmp (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 0194031168125934mcinstcleanup (McAfee Application Installer Cleanup (0194031168125934)) - c:\docume~1\andy\locals~1\temp\019403~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S2 Creative Service for CDROM Access - c:\windows\system32\ctsvccda.exe (file missing)
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 LiveUpdate - "c:\progra~1\symantec\liveup~1\lucoms~1.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-02-22 20:53:38 398 --ah----- C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_D5N68Q91_Matthew.job
2008-02-22 17:15:00 374 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-02-07 20:55:00 434 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job
2008-02-02 17:35:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-01-23 and 2008-02-23 -----------------------------

2008-02-23 01:29:13 0 d-------- C:\Documents and Settings\Andy\Application Data\Spyware Terminator
2008-02-23 01:26:47 0 d-------- C:\Documents and Settings\Nick\Application Data\U3
2008-02-23 01:13:47 0 d-------- C:\Documents and Settings\Matthew\Application Data\Spyware Terminator
2008-02-23 00:56:12 1504 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-23 00:27:14 0 d-------- C:\Documents and Settings\Nick\Application Data\Spyware Terminator
2008-02-23 00:01:38 0 d-------- C:\Documents and Settings\Cynthina\Application Data\TuneUp Software
2008-02-22 21:38:40 0 d-------- C:\Documents and Settings\Cynthina\.housecall6.6
2008-02-22 21:34:37 0 d-------- C:\WINDOWS\CSC
2008-02-22 21:26:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-02-22 20:31:15 0 d-------- C:\Program Files\Crawler
2008-02-22 20:27:25 138752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-22 20:27:23 0 d-------- C:\Documents and Settings\Cynthina\Application Data\Spyware Terminator
2008-02-22 20:27:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-22 20:27:19 0 d-------- C:\Program Files\Spyware Terminator
2008-02-22 17:36:53 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-22 14:05:01 0 d-------- C:\Program Files\Trend Micro
2008-02-22 07:35:50 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-22 07:35:50 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-22 07:35:26 0 d-------- C:\Program Files\Kaspersky Lab
2008-02-22 07:35:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-22 07:35:24 23328 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-22 07:35:24 3578656 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-22 06:22:44 0 d-------- C:\Documents and Settings\Matthew\.housecall6.6
2008-02-21 23:20:40 0 d-------- C:\Documents and Settings\Matthew\Application Data\TuneUp Software
2008-02-21 22:18:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-21 22:17:56 0 d-------- C:\Program Files\Dell Support Center
2008-02-21 22:17:52 0 d-------- C:\Program Files\Common Files\supportsoft
2008-02-21 22:07:35 0 d-------- C:\Documents and Settings\Nick\Application Data\TuneUp Software
2008-02-21 22:07:11 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-21 22:07:02 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-21 22:06:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 21:16:01 0 dr-h----- C:\Documents and Settings\Cynthina\Recent
2008-02-04 12:29:32 0 dr-h----- C:\Documents and Settings\Andy\Recent
2008-01-24 16:00:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell

-- Find3M Report ---------------------------------------------------------------

2008-02-23 00:25:58 0 d-------- C:\Documents and Settings\Cynthina\Application Data\U3
2008-02-23 00:16:39 6998 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-23 00:16:37 104 -r-hs---- C:\WINDOWS\system32\C4700704F4.sys
2008-02-22 13:01:04 0 d-------- C:\Program Files\Online Services
2008-02-22 06:55:02 0 d-------- C:\Program Files\CCleaner
2008-02-22 00:10:18 0 d-------- C:\Program Files\Google
2008-02-21 23:26:50 105743 --a------ C:\logfile
2008-02-21 22:06:22 0 d-a------ C:\Program Files\Common Files
2008-02-21 19:56:42 0 d-------- C:\Program Files\Alwil Software
2008-02-17 20:13:38 0 d-------- C:\Program Files\Dl_cats
2008-02-10 21:09:37 930 --a------ C:\WINDOWS\system32\winpfz32.sys
2008-01-06 21:27:29 0 d-------- C:\Program Files\AIM6
2008-01-06 10:59:54 0 d-------- C:\Program Files\LimeWire
2007-12-29 01:20:13 0 d-------- C:\Program Files\Steam
2007-12-27 21:00:49 0 d-------- C:\Program Files\Kodak
2007-12-27 20:59:25 0 d-------- C:\Program Files\Common Files\Kodak
2007-12-25 09:11:40 0 d-------- C:\Program Files\iTunes
2007-12-25 09:11:26 0 d-------- C:\Program Files\iPod
2007-12-25 09:06:45 0 d-------- C:\Program Files\QuickTime

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator "= "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [02/22/2008 08:27 PM]
"AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator "=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Online Services\rteqenamal.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\nwinplds.exe SKY003

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1143830436\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jaohyzqA]
C:\WINDOWS\jaohyzqA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\7.bin\m3SrchMn.exe" /m=2 /w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Checkup]
"C:\Program Files\Speeditup Free\PCCheckup\PCCheckUp.exe" -mini

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\system32\yeurgpnl.dll ",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiSpyware 2007 Free]
"C:\Program Files\WinAntiSpyware 2007\was7.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]
C:\WINDOWS\system32\WinAvXX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1B-B1-18-8F-ZN}]
c:\windows\system32\kodsregp.exe SKY003

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]
C:\WINDOWS\itpb_11.exe SKY003

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor "=2 (0x2)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{464e4bc6-e153-11dc-b15a-001320d5040f}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{464e4bc7-e153-11dc-b15a-001320d5040f}]
AutoRun\command- setupSNK.exe

-- End of Deckard's System Scanner: finished at 2008-02-23 01:54:56 ------------

Geri · 2008/02/23

Hi carlosserrano63

Now do this.

Download ComboFix from [color= "Red"]Here[/color] to your Desktop.
It's best to disable realtime protection applications as they sometimes interfere with the tool. Check this link for any applicable programs you may have.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

Vista users right click Combofix.exe and select Run As Administrator.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please post the Combofix log.

Thanks
Geri

carlosserrano63 · 2008/02/23

here it is

here is the text file from combo fix

ComboFix 08-02-24 - Cynthina 2008-02-23 12:40:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.245 [GMT -8:00]
Running from: C:\Documents and Settings\Cynthina\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\Andy\Application Data\ShoppingReport
C:\Documents and Settings\Andy\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Andy\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Andy\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Andy\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Andy\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Andy\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Andy\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Andy\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\Andy\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\Andy\err.log
C:\Documents and Settings\Andy\Start Menu\Programs\Startup\think-adz.lnk
C:\Documents and Settings\Cynthina\Application Data\AVSystemCare
C:\Documents and Settings\Cynthina\Application Data\AVSystemCare\avtasks.dat
C:\Documents and Settings\Cynthina\Application Data\AVSystemCare\Logs\av.log
C:\Documents and Settings\Cynthina\Application Data\AVSystemCare\Logs\ga6Support.log
C:\Documents and Settings\Cynthina\Application Data\AVSystemCare\Logs\update.log
C:\Documents and Settings\Cynthina\Application Data\inst.exe
C:\Documents and Settings\Cynthina\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\Cynthina\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\Cynthina\err.log
C:\Documents and Settings\Cynthina\My Documents\MCROSO~1.NET
C:\Documents and Settings\Cynthina\ResErrors.log
C:\Documents and Settings\Matthew\Application Data\ShoppingReport
C:\Documents and Settings\Matthew\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Matthew\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Matthew\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Matthew\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Matthew\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Matthew\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Matthew\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Matthew\err.log
C:\Documents and Settings\Matthew\ResErrors.log
C:\Documents and Settings\Nick\Application Data\FunWebProducts
C:\Documents and Settings\Nick\Application Data\FunWebProducts\Data\Nick\avatar.dat
C:\Documents and Settings\Nick\Application Data\FunWebProducts\Data\Nick\register.dat
C:\Documents and Settings\Nick\Application Data\FunWebProducts\Data\Nick\zbucks.dat
C:\Documents and Settings\Nick\Application Data\ShoppingReport
C:\Documents and Settings\Nick\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Nick\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Nick\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Nick\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Nick\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Nick\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Nick\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Nick\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\Nick\Application Data\winantispyware 2007\Logs\update.log
C:\Documents and Settings\Nick\err.log
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\popcorn Terms.html
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\temp\tn3\AppManager.xml
C:\UGA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(11).dsk
C:\WINDOWS\system32\drivers\core.cache(12).dsk
C:\WINDOWS\system32\drivers\core.cache(13).dsk
C:\WINDOWS\system32\drivers\core.cache(14).dsk
C:\WINDOWS\system32\drivers\core.cache(15).dsk
C:\WINDOWS\system32\drivers\core.cache(16).dsk
C:\WINDOWS\system32\drivers\core.cache(17).dsk
C:\WINDOWS\system32\drivers\core.cache(18).dsk
C:\WINDOWS\system32\drivers\core.cache(19).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(20).dsk
C:\WINDOWS\system32\drivers\core.cache(21).dsk
C:\WINDOWS\system32\drivers\core.cache(22).dsk
C:\WINDOWS\system32\drivers\core.cache(23).dsk
C:\WINDOWS\system32\drivers\core.cache(24).dsk
C:\WINDOWS\system32\drivers\core.cache(25).dsk
C:\WINDOWS\system32\drivers\core.cache(26).dsk
C:\WINDOWS\system32\drivers\core.cache(27).dsk
C:\WINDOWS\system32\drivers\core.cache(28).dsk
C:\WINDOWS\system32\drivers\core.cache(29).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(30).dsk
C:\WINDOWS\system32\drivers\core.cache(31).dsk
C:\WINDOWS\system32\drivers\core.cache(32).dsk
C:\WINDOWS\system32\drivers\core.cache(33).dsk
C:\WINDOWS\system32\drivers\core.cache(34).dsk
C:\WINDOWS\system32\drivers\core.cache(35).dsk
C:\WINDOWS\system32\drivers\core.cache(36).dsk
C:\WINDOWS\system32\drivers\core.cache(37).dsk
C:\WINDOWS\system32\drivers\core.cache(38).dsk
C:\WINDOWS\system32\drivers\core.cache(39).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(40).dsk
C:\WINDOWS\system32\drivers\core.cache(41).dsk
C:\WINDOWS\system32\drivers\core.cache(42).dsk
C:\WINDOWS\system32\drivers\core.cache(43).dsk
C:\WINDOWS\system32\drivers\core.cache(44).dsk
C:\WINDOWS\system32\drivers\core.cache(45).dsk
C:\WINDOWS\system32\drivers\core.cache(46).dsk
C:\WINDOWS\system32\drivers\core.cache(47).dsk
C:\WINDOWS\system32\drivers\core.cache(48).dsk
C:\WINDOWS\system32\drivers\core.cache(49).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(50).dsk
C:\WINDOWS\system32\drivers\core.cache(51).dsk
C:\WINDOWS\system32\drivers\core.cache(52).dsk
C:\WINDOWS\system32\drivers\core.cache(53).dsk
C:\WINDOWS\system32\drivers\core.cache(54).dsk
C:\WINDOWS\system32\drivers\core.cache(55).dsk
C:\WINDOWS\system32\drivers\core.cache(56).dsk
C:\WINDOWS\system32\drivers\core.cache(57).dsk
C:\WINDOWS\system32\drivers\core.cache(58).dsk
C:\WINDOWS\system32\drivers\core.cache(59).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(60).dsk
C:\WINDOWS\system32\drivers\core.cache(61).dsk
C:\WINDOWS\system32\drivers\core.cache(62).dsk
C:\WINDOWS\system32\drivers\core.cache(63).dsk
C:\WINDOWS\system32\drivers\core.cache(64).dsk
C:\WINDOWS\system32\drivers\core.cache(65).dsk
C:\WINDOWS\system32\drivers\core.cache(66).dsk
C:\WINDOWS\system32\drivers\core.cache(67).dsk
C:\WINDOWS\system32\drivers\core.cache(68).dsk
C:\WINDOWS\system32\drivers\core.cache(69).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(70).dsk
C:\WINDOWS\system32\drivers\core.cache(71).dsk
C:\WINDOWS\system32\drivers\core.cache(72).dsk
C:\WINDOWS\system32\drivers\core.cache(73).dsk
C:\WINDOWS\system32\drivers\core.cache(74).dsk
C:\WINDOWS\system32\drivers\core.cache(75).dsk
C:\WINDOWS\system32\drivers\core.cache(76).dsk
C:\WINDOWS\system32\drivers\core.cache(77).dsk
C:\WINDOWS\system32\drivers\core.cache(78).dsk
C:\WINDOWS\system32\drivers\core.cache(79).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(80).dsk
C:\WINDOWS\system32\drivers\core.cache(81).dsk
C:\WINDOWS\system32\drivers\core.cache(82).dsk
C:\WINDOWS\system32\drivers\core.cache(83).dsk
C:\WINDOWS\system32\drivers\core.cache(84).dsk
C:\WINDOWS\system32\drivers\core.cache(85).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\F1
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\F4
C:\WINDOWS\system32\F9
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FMTR
-------\LEGACY_FOPN
-------\core

((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.

2008-02-23 09:29 . 2008-02-23 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-02-23 09:12 . 2008-02-23 09:45 <DIR> d-------- C:\Program Files\Corel
2008-02-23 09:12 . 2008-02-23 09:12 <DIR> d-------- C:\Documents and Settings\Cynthina\Application Data\InstallShield
2008-02-23 07:41 . 2008-02-23 07:41 <DIR> d-------- C:\Program Files\MSBuild
2008-02-23 07:41 . 2008-02-23 07:41 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-23 07:39 . 2008-02-23 07:39 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-23 07:33 . 2008-02-23 07:33 <DIR> dr-h----- C:\MSOCache
2008-02-23 07:33 . 2008-02-23 07:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-23 06:59 . 2008-02-23 06:59 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-02-23 01:47 . 2008-02-23 01:47 <DIR> d-------- C:\Deckard
2008-02-23 01:29 . 2008-02-23 01:31 <DIR> d-------- C:\Documents and Settings\Andy\Application Data\Spyware Terminator
2008-02-23 01:26 . 2008-02-23 01:26 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\U3
2008-02-23 01:13 . 2008-02-23 01:13 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\Spyware Terminator
2008-02-23 00:56 . 2008-02-23 08:04 1,328 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-23 00:27 . 2008-02-23 00:27 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Spyware Terminator
2008-02-23 00:01 . 2008-02-23 00:01 <DIR> d-------- C:\Documents and Settings\Cynthina\Application Data\TuneUp Software
2008-02-22 21:38 . 2008-02-22 23:33 <DIR> d-------- C:\Documents and Settings\Cynthina\.housecall6.6
2008-02-22 21:26 . 2008-02-22 21:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-02-22 20:31 . 2008-02-23 08:53 <DIR> d-------- C:\Program Files\Crawler
2008-02-22 20:27 . 2008-02-24 12:41 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-22 20:27 . 2008-02-24 12:41 <DIR> d-------- C:\Documents and Settings\Cynthina\Application Data\Spyware Terminator
2008-02-22 20:27 . 2008-02-23 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-22 20:27 . 2008-02-22 20:27 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-22 17:36 . 2008-02-22 17:36 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-22 14:05 . 2008-02-22 14:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-22 07:35 . 2008-02-22 07:35 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-22 07:35 . 2008-02-24 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-22 07:35 . 2008-02-24 13:05 4,825,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-22 07:35 . 2008-02-24 13:05 151,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-22 07:35 . 2008-02-22 07:49 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-22 07:35 . 2008-02-22 07:49 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-22 07:35 . 2008-02-24 13:02 66,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-22 07:35 . 2008-02-24 13:02 16,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-22 06:22 . 2008-02-22 06:22 <DIR> d-------- C:\Documents and Settings\Matthew\.housecall6.6
2008-02-21 23:20 . 2008-02-21 23:20 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\TuneUp Software
2008-02-21 22:18 . 2008-02-21 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-21 22:17 . 2008-02-21 22:18 <DIR> d-------- C:\Program Files\Dell Support Center
2008-02-21 22:17 . 2008-02-21 22:17 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-02-21 22:07 . 2008-02-23 11:43 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-21 22:07 . 2008-02-21 22:07 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\TuneUp Software
2008-02-21 22:07 . 2008-02-21 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-21 22:07 . 2008-02-21 22:07 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-21 22:07 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-21 22:06 . 2008-02-21 22:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 16:00 . 2008-01-24 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 17:45 --------- d-----w C:\Program Files\Common Files\Corel
2008-02-23 17:45 --------- d-----w C:\Documents and Settings\Cynthina\Application Data\Corel
2008-02-23 16:48 --------- d-----w C:\Documents and Settings\Cynthina\Application Data\U3
2008-02-23 16:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-23 16:18 --------- d-----w C:\Documents and Settings\Cynthina\Application Data\Vso
2008-02-23 14:59 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-23 14:59 47,360 ----a-w C:\Documents and Settings\Cynthina\Application Data\pcouffin.sys
2008-02-23 14:56 87,608 ----a-w C:\Documents and Settings\Cynthina\Application Data\ezpinst.exe
2008-02-23 04:26 --------- d-----w C:\Documents and Settings\Matthew\Application Data\Lavasoft
2008-02-22 14:55 --------- d-----w C:\Program Files\CCleaner
2008-02-22 14:53 --------- d-----w C:\Documents and Settings\Matthew\Application Data\U3
2008-02-22 14:16 --------- d-----w C:\Documents and Settings\Matthew\Application Data\Yahoo!
2008-02-22 08:10 --------- d-----w C:\Program Files\Google
2008-02-22 03:56 --------- d-----w C:\Program Files\Alwil Software
2008-02-18 04:13 --------- d-----w C:\Program Files\Dl_cats
2008-01-07 05:27 --------- d-----w C:\Program Files\AIM6
2008-01-07 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-06 18:59 --------- d-----w C:\Program Files\LimeWire
2007-12-29 09:20 --------- d-----w C:\Program Files\Steam
2007-12-28 05:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-28 05:00 --------- d-----w C:\Program Files\Kodak
2007-12-28 04:59 --------- d-----w C:\Program Files\Common Files\Kodak
2007-12-25 17:11 --------- d-----w C:\Program Files\iTunes
2007-12-25 17:11 --------- d-----w C:\Program Files\iPod
2007-12-25 17:06 --------- d-----w C:\Program Files\QuickTime
2007-10-04 21:45 1,494,179 -csha-w C:\WINDOWS\system32\ilnmp.bak1
2007-10-04 21:45 1,493,499 --sha-w C:\WINDOWS\system32\ilnmp.bak2
2007-08-19 17:58 1,643,506 --sh--w C:\WINDOWS\system32\ilnmp.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator "= "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-22 20:27 2957824]
"AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-06 23:33 8720384]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2004-08-10 03:00 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Online Services\rteqenamal.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-05-09 16:24 50760 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 03:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a--c--- 2005-09-08 03:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\nwinplds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a--c--- 2006-03-24 23:48 169472 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 16:24 50760 C:\Program Files\Common Files\AOL\1143830436\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-10-14 18:46 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-10-14 18:50 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a--c--- 2005-10-14 18:49 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 08:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 08:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jaohyzqA]
C:\WINDOWS\jaohyzqA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a--c--- 2006-09-18 13:46 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a--c--- 2006-09-18 13:46 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\7.bin\m3SrchMn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Checkup]
C:\Program Files\Speeditup Free\PCCheckup\PCCheckUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
C:\WINDOWS\system32\yeurgpnl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2006-11-16 15:42 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiSpyware 2007 Free]
C:\Program Files\WinAntiSpyware 2007\was7.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]
C:\WINDOWS\system32\WinAvXX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1B-B1-18-8F-ZN}]
c:\windows\system32\kodsregp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]
C:\WINDOWS\itpb_11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe "=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe "=
"C:\\Program Files\\Common Files\\AOL\\1143830436\\EE\\AOLServiceHost.exe "=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "=
"C:\\Program Files\\Common Files\\AOL\\1143830436\\EE\\aolsoftware.exe "=
"C:\\Program Files\\Common Files\\AOL\\1143830436\\EE\\aim6.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\LimeWire\\LimeWire.exe "=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-22 20:27]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-10 03:00]
R2 Viewpoint Manager Service;Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 0194031168125934mcinstcleanup;McAfee Application Installer Cleanup (0194031168125934);C:\DOCUME~1\Andy\LOCALS~1\Temp\019403~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-21 22:07]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{464e4bc6-e153-11dc-b15a-001320d5040f}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{464e4bc7-e153-11dc-b15a-001320d5040f}]
\Shell\AutoRun\command - setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 01:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job "
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-03 01:35:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-08 04:55:00 C:\WINDOWS\Tasks\EasyShare Registration Task.job "
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-23 18:18:46 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_D5N68Q91_Matthew.job "
- C:\WINDOWS\system32\mobsync.exeE /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 13:05:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-24 13:12:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-24 21:12:54
.
2008-02-23 14:51:21 --- E O F ---

and here is the one from hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:53 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nick\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: McAfee Application Installer Cleanup (0194031168125934) (0194031168125934mcinstcleanup) - Unknown owner - C:\DOCUME~1\Andy\LOCALS~1\Temp\019403~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\rteqenamal.html

--
End of file - 6648 bytes

for some reason i can not upgrade to IE7
do you see anything wrong in the text files thanks again for your help

Geri · 2008/02/24

Hi

for some reason i can not upgrade to IE7
Click to expand...

It could be any number of the infections on the machine that is stopping it, lets get the system clean then see what happens.
Please do not do it until you're clean.

I see other user accounts on the computer, each one will need to be cleaned separately.

Having any p2p file sharing apps such as Limewire, BitTorrent uTorrent etc.. is almost like inviting malware into your computer. There is absolutely no way for you to know which of the hundreds of thousands of users you are sharing files with are infected or not.
I strongly recommend removing any P2P applications.

Now please do this.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
Code:
File::
C:\WINDOWS\system32\nwinplds.exe
C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.ini2
C:\Program Files\Online Services\rteqenamal.html
C:\WINDOWS\jaohyzqA.exe
C:\WINDOWS\system32\WinAvXX.exe
C:\WINDOWS\system32\yeurgpnl.dll
c:\windows\system32\kodsregp.exe
C:\WINDOWS\itpb_11.exe

Folder::
C:\PROGRAM FILES\MYWEBSEARCH
C:\Program Files\WinAntiSpyware 2007

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jaohyzqA]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiSpyware 2007 Free]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1B-B1-18-8F-ZN}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX] 
Please post the CFScript log.

Thanks
Geri

carlosserrano63 · 2008/02/24

hello again gery

here is the file, this is after following the instruction you gave me let me know if you see anything strange, i am not going to try installing ie7 anymore i will just use firefox better

ComboFix 08-02-24 - Cynthina 2008-02-25 21:21:21.6 - NTFSx86
Running from: C:\Documents and Settings\Cynthina\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Cynthina\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Online Services\rteqenamal.html
C:\WINDOWS\itpb_11.exe
C:\WINDOWS\jaohyzqA.exe
C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.ini2
c:\windows\system32\kodsregp.exe
C:\WINDOWS\system32\nwinplds.exe
C:\WINDOWS\system32\WinAvXX.exe
C:\WINDOWS\system32\yeurgpnl.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.ini2

.
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-25 21:07 . 2008-02-25 21:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-25 21:07 . 2008-02-25 21:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-25 07:50 . 2008-02-25 08:12 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-25 07:50 . 2008-02-25 08:27 4,644 --a------ C:\WINDOWS\unins000.dat
2008-02-24 23:21 . 2008-02-24 23:21 <DIR> d-------- C:\Program Files\iTunes
2008-02-24 23:19 . 2008-02-24 23:19 <DIR> d-------- C:\Program Files\Bonjour
2008-02-24 23:18 . 2008-02-24 23:19 <DIR> d-------- C:\Program Files\QuickTime
2008-02-24 21:00 . 2008-02-24 21:08 <DIR> d-------- C:\Program Files\Microsoft Digital Image 10
2008-02-24 17:45 . 2008-02-24 17:45 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\InstallShield
2008-02-24 14:42 . 2008-02-24 14:42 <DIR> d-------- C:\Documents and Settings\Cynthina\Application Data\Ahead
2008-02-24 14:42 . 2008-02-24 16:15 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-24 14:10 . 2005-07-29 07:12 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2008-02-24 14:10 . 2006-02-17 10:51 49,870 --------- C:\WINDOWS\UNNMP.cfg
2008-02-24 14:06 . 2008-02-24 14:06 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-24 14:03 . 2008-02-24 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-24 14:03 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-02-24 14:03 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-02-24 14:03 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-02-24 14:03 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-02-24 14:03 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-02-24 13:31 . 2008-02-24 13:32 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-02-24 13:31 . 2008-02-24 13:32 <DIR> d-------- C:\Program Files\AVSMedia
2008-02-23 09:29 . 2008-02-23 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-02-23 09:12 . 2008-02-24 19:48 <DIR> d-------- C:\Program Files\Corel
2008-02-23 09:12 . 2008-02-23 09:12 <DIR> d-------- C:\Documents and Settings\Cynthina\Application Data\InstallShield
2008-02-23 07:41 . 2008-02-23 07:41 <DIR> d-------- C:\Program Files\MSBuild
2008-02-23 07:41 . 2008-02-23 07:41 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-23 07:39 . 2008-02-23 07:39 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-23 07:33 . 2008-02-23 07:33 <DIR> dr-h----- C:\MSOCache
2008-02-23 07:33 . 2008-02-23 07:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-23 06:59 . 2008-02-23 06:59 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-02-23 01:47 . 2008-02-23 01:47 <DIR> d-------- C:\Deckard
2008-02-23 01:29 . 2008-02-25 11:29 <DIR> d-------- C:\Documents and Settings\Andy\Application Data\Spyware Terminator
2008-02-23 01:26 . 2008-02-23 01:26 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\U3
2008-02-23 01:13 . 2008-02-24 17:55 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\Spyware Terminator
2008-02-23 00:56 . 2008-02-25 10:47 1,832 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-23 00:27 . 2008-02-25 20:56 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Spyware Terminator
2008-02-23 00:01 . 2008-02-23 00:01 <DIR> d-------- C:\Documents and Settings\Cynthina\Application Data\TuneUp Software
2008-02-22 21:38 . 2008-02-22 23:33 <DIR> d-------- C:\Documents and Settings\Cynthina\.housecall6.6
2008-02-22 21:26 . 2008-02-22 21:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-02-22 20:31 . 2008-02-25 21:08 <DIR> d-------- C:\Program Files\Crawler
2008-02-22 20:27 . 2008-02-24 16:23 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-22 20:27 . 2008-02-25 08:50 <DIR> d-------- C:\Documents and Settings\Cynthina\Application Data\Spyware Terminator
2008-02-22 20:27 . 2008-02-23 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-22 20:27 . 2008-02-22 20:27 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-22 17:36 . 2008-02-22 17:36 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-22 14:05 . 2008-02-22 14:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-22 07:35 . 2008-02-22 07:35 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-22 07:35 . 2008-02-25 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-22 07:35 . 2008-02-25 21:11 7,700,256 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-22 07:35 . 2008-02-25 21:09 469,024 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-22 07:35 . 2008-02-25 19:23 101,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-22 07:35 . 2008-02-22 07:49 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-22 07:35 . 2008-02-22 07:49 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-22 07:35 . 2008-02-25 19:23 45,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-22 06:22 . 2008-02-22 06:22 <DIR> d-------- C:\Documents and Settings\Matthew\.housecall6.6
2008-02-21 23:20 . 2008-02-21 23:20 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\TuneUp Software
2008-02-21 22:18 . 2008-02-21 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-21 22:17 . 2008-02-21 22:18 <DIR> d-------- C:\Program Files\Dell Support Center
2008-02-21 22:17 . 2008-02-21 22:17 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-02-21 22:07 . 2008-02-23 11:43 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-21 22:07 . 2008-02-21 22:07 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\TuneUp Software
2008-02-21 22:07 . 2008-02-21 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-21 22:07 . 2008-02-21 22:07 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-21 22:07 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-21 22:06 . 2008-02-21 22:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 18:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-25 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 15:44 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-25 07:21 --------- d-----w C:\Program Files\iPod
2008-02-25 03:49 --------- d-----w C:\Program Files\Common Files\Corel
2008-02-25 03:48 --------- d-----w C:\Documents and Settings\Cynthina\Application Data\Corel
2008-02-25 02:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-02-25 02:31 --------- d-----w C:\Program Files\Kodak
2008-02-25 02:06 --------- d-----w C:\Documents and Settings\Matthew\Application Data\Corel
2008-02-24 22:10 --------- d-----w C:\Program Files\Ahead
2008-02-23 16:48 --------- d-----w C:\Documents and Settings\Cynthina\Application Data\U3
2008-02-23 16:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-23 16:18 --------- d-----w C:\Documents and Settings\Cynthina\Application Data\Vso
2008-02-23 15:59 6,998 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-23 14:59 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-23 14:59 47,360 ----a-w C:\Documents and Settings\Cynthina\Application Data\pcouffin.sys
2008-02-23 14:56 87,608 ----a-w C:\Documents and Settings\Cynthina\Application Data\ezpinst.exe
2008-02-23 04:26 --------- d-----w C:\Documents and Settings\Matthew\Application Data\Lavasoft
2008-02-22 14:55 --------- d-----w C:\Program Files\CCleaner
2008-02-22 14:53 --------- d-----w C:\Documents and Settings\Matthew\Application Data\U3
2008-02-22 14:16 --------- d-----w C:\Documents and Settings\Matthew\Application Data\Yahoo!
2008-02-22 08:10 --------- d-----w C:\Program Files\Google
2008-02-22 03:56 --------- d-----w C:\Program Files\Alwil Software
2008-02-18 04:13 --------- d-----w C:\Program Files\Dl_cats
2008-01-25 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-07 05:27 --------- d-----w C:\Program Files\AIM6
2008-01-07 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-06 18:59 --------- d-----w C:\Program Files\LimeWire
2007-12-29 09:20 --------- d-----w C:\Program Files\Steam
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator "= "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-22 20:27 2957824]
"AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-06 23:33 8720384]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2004-08-10 03:00 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-05-09 16:24 50760 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 03:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a--c--- 2005-09-08 03:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a--c--- 2006-03-24 23:48 169472 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 16:24 50760 C:\Program Files\Common Files\AOL\1143830436\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-10-14 18:46 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-10-14 18:50 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a--c--- 2005-10-14 18:49 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 08:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 08:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a--c--- 2006-09-18 13:46 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a--c--- 2006-09-18 13:46 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Checkup]
C:\Program Files\Speeditup Free\PCCheckup\PCCheckUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2006-11-16 15:42 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe "=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe "=
"C:\\Program Files\\Common Files\\AOL\\1143830436\\EE\\AOLServiceHost.exe "=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "=
"C:\\Program Files\\Common Files\\AOL\\1143830436\\EE\\aolsoftware.exe "=
"C:\\Program Files\\Common Files\\AOL\\1143830436\\EE\\aim6.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\LimeWire\\LimeWire.exe "=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-22 20:27]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-10 03:00]
R2 Viewpoint Manager Service;Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 0194031168125934mcinstcleanup;McAfee Application Installer Cleanup (0194031168125934);C:\DOCUME~1\Andy\LOCALS~1\Temp\019403~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-21 22:07]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 01:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job "
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-03 01:35:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-26 04:22:49 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_D5N68Q91_Matthew.job "
- C:\WINDOWS\system32\mobsync.exeE /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 21:25:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-25 21:28:35
ComboFix-quarantined-files.txt 2008-02-26 05:28:17
ComboFix2.txt 2008-02-26 05:04:42
ComboFix3.txt 2008-02-26 03:57:38
ComboFix4.txt 2008-02-26 03:32:46
ComboFix5.txt 2008-02-26 03:20:35
.
2008-02-26 05:10:08 --- E O F ---

Geri · 2008/02/25

Hi carlosserrano63

Things are looking good.

Please do the following.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for

Please download, update and run.
Ad-Aware

Quarantine/delete anything if finds.

Now do this.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please do the FireFox instructions for ATF also.

Now lets get a on-line scan, you will need to use IE to get the scan.

Please do an online scan with Kaspersky WebScanner

Click on "Accept" If your pop "“up blocker blocks the ActiveX download, allow it, click on "Accept" again

You will be promted to install an ActiveX component from Kaspersky, Click Yes or Install.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will start the program and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.

Please post the Kaspersky scan.

Thanks
Geri

carlosserrano63 · 2008/02/26

hello

hi gary, i removed the files you asked me to, and also did atf cleaner, i forgot to tell you i have kaperski anti virus on this system, do i still need to do the scaning online, the instructions on line says it only works with mi6 or above and i can not get mi to upgrade or when i try to open it my computer hangs, thanks again for all your help, is greatly appreciated

Geri · 2008/02/26

Hi
You said this earlier

i am not going to try installing ie7 anymore i will just use firefox better
Click to expand...

So I guess not.

Make sure Kaspersky is updated and run a full scan on your computer.

Let me know what it finds, if anything.

I will need the file path and infection name if anything is found.

Geri

carlosserrano63 · 2008/02/27

hi again gary

hi Gary I run kaperski anti virus and did not find anything, it looks like all the virus and spyware has been removed, thanks a million for all your help, you guys really make all the difference to beginners like me,
once again thanks for all your help.

Geri · 2008/02/27

Hi carlosserrano63

You're welcome, Glad to be of help.

There are just a few things left to do.
You can delete any tools you were asked to download and the files/folders or logs they created, There will be newer versions if ever needed again any way.

Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.

Delete these tools.
Smitfraudfix.exe
dss.exe

Empty your recycle bin.

This would be a good time to set a new system restore point for your machine.
Set New System Restore Point Windows XP. - Set New System Restore Point Windows Vista
Do not do this unless there are no other user accounts to be diagnosed.

If there are any other user accounts on this machine, they too, must be checked for infections, Download and run Decker System scanner while logged into that account and post the main txt log. Not all infections are global, nor are all fixes global.
Post each user account here into this thread, but please, do only one at a time to avoid confusion. Please let us know that it is a different account.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forms.
http://www.windowsbbs.com/showthread.php?t=67958

Let me know that everything is running Ok and I'll mark this one resolved.

Surf Safely
Geri

Log in or Sign up

need help eliminating spyware

carlosserrano63 Inactive Thread Starter

Geri Inactive Alumni

carlosserrano63 Inactive Thread Starter

carlosserrano63 Inactive Thread Starter

Geri Inactive Alumni

carlosserrano63 Inactive Thread Starter

Geri Inactive Alumni

carlosserrano63 Inactive Thread Starter

Geri Inactive Alumni

carlosserrano63 Inactive Thread Starter

Geri Inactive Alumni

carlosserrano63 Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Log in or Sign up

need help eliminating spyware

carlosserrano63 Inactive Thread Starter

Geri Inactive Alumni

carlosserrano63 Inactive Thread Starter

carlosserrano63 Inactive Thread Starter

Geri Inactive Alumni

carlosserrano63 Inactive Thread Starter

Geri Inactive Alumni

carlosserrano63 Inactive Thread Starter

Geri Inactive Alumni

carlosserrano63 Inactive Thread Starter

Geri Inactive Alumni

carlosserrano63 Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Useful Searches