Solved [cannot access administator rights & other problems]

dtofmfd · 2007/09/07

[Resolved] [cannot access administator rights & other problems]

I cannot access administator rights any way at all, I do not have control panel, I cannot access register files, and I have a widow that keeps popping up with (WARNING! Potential Spyware Operation blah blah blah... go here to download spyware remover.) I have very limited abilities in regards to computers, so any help would be great. The following is what I get with hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:37 AM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VirusScan\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\ScsiAccess.EXE
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\printer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1167412240\ee\AOLSoftware.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?pr...10530388700000001151452400222&version=g_4.4.2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr221.dll (file missing)
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167412240\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: McAfee Application Installer Cleanup (0225251188235749) (0225251188235749mcinstcleanup) - Unknown owner - C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\0225251188235749mcinst.exe (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11547 bytes

Arie · 2007/09/07

Please follow Posting Rules (#3 - Meaningful Subject) when posting.

I have adjusted your subject.

noahdfear · 2007/09/07

Welcome to WindowsBBS dtofmfd

Possibly a couple different tools needed. Lets start with this one.
Download SmitfraudFix by S!Ri, saving it to the desktop.

Restart the computer in Safe Mode by tapping the F8 key upon startup and selecting Safe Mode from the Advanced Startup Menu. Logon to your account.

Double-click SmitfraudFix.exe to start the tool and press 2, then hit Enter.

You will be prompted 'Do you want to clean the registry?' answer Y (yes) and hit Enter.

If prompted to replace the infected wininet.dll file (if found), answer Y (yes) and hit Enter to restore a clean file.

Reboot to normal mode when the tool completes.

Post the contents of C:\rapport.txt and a fresh HijackThis log.

I'll be away till late tonight.

dtofmfd · 2007/09/07

I must be doing something wrong. I downloaded smitfraudfix and I ran it in safe mode, but I keep getting; access is denied, registry editing has been diabled by your administrator.

noahdfear · 2007/09/07

You're not doing anything wrong. It's from the infection. If you've completed running SmitfraudFix, post the requested logs and we'll go from there.

dtofmfd · 2007/09/07

ok here ya go
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:42 PM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Common Files\AOL\1167412240\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VirusScan\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ScsiAccess.EXE
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\HijackThis\HijackThis.exe
c:\PROGRA~1\mcafee\virusscan\mcvsshld.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167412240\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: system.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31DE7539-ED74-41A0-BF74-0BC77215C406}: NameServer = 205.188.146.145
O23 - Service: McAfee Application Installer Cleanup (0225251188235749) (0225251188235749mcinstcleanup) - Unknown owner - C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\0225251188235749mcinst.exe (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11299 bytes

and this one
SmitFraudFix v2.221

Scan done at 14:44:44.23, Fri 09/07/2007
Run from C:\Documents and Settings\Valued Customer\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

Problem while deleting C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\WinAvXX.exe Deleted
C:\DOCUME~1\VALUED~1\STARTM~1\Programs\Startup\system.exe Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\autorun.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Atheros AR5004G Wireless Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{82F381D2-4B5A-4623-8808-1F77FE44649C}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{82F381D2-4B5A-4623-8808-1F77FE44649C}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{82F381D2-4B5A-4623-8808-1F77FE44649C}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System "=" "

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

I hope this is what you wanted. Thanks

noahdfear · 2007/09/07

Yes, those are the correct logs. Thanks!

Download ComboFix by sUBs from Here or Here, saving the file to your Desktop.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

dtofmfd · 2007/09/08

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:59 AM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VirusScan\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\ScsiAccess.EXE
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Common Files\AOL\1167412240\ee\AOLSoftware.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167412240\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: McAfee Application Installer Cleanup (0225251188235749) (0225251188235749mcinstcleanup) - Unknown owner - C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\0225251188235749mcinst.exe (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10638 bytes

and
ComboFix 07-09-08.7 - "Valued Customer" 2007-09-08 5:18:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.36 [GMT -7:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\autorun.exe
C:\DOCUME~1\VALUED~1\APPLIC~1\16102.exe
C:\DOCUME~1\VALUED~1\APPLIC~1\privprotect.exe
C:\DOCUME~1\VALUED~1\err.log
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\CompWiz.xml
C:\Program Files\Common Files\Companion Wizard\CompWiz.xml
C:\Program Files\Common Files\winantivirus pro 2007
C:\UWA7P
C:\WINDOWS\bobsaver.exe
C:\WINDOWS\bobsaver.scr
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\WinAvXX.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_FOPN
-------\LEGACY_NWSAPAGENT
-------\nm
-------\NwSapAgent

((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
.

2007-09-08 05:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-07 14:16 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-07 06:30 <DIR> d-------- C:\HijackThis
2007-09-05 17:54 <DIR> d-------- C:\DOCUME~1\VALUED~1\APPLIC~1\Lavasoft
2007-09-05 17:53 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-05 16:01 <DIR> d-------- C:\VundoFix Backups
2007-09-05 15:26 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-05 14:04 3,916 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-05 13:27 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-05 13:27 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-05 12:38 <DIR> d-------- C:\Deckard
2007-09-05 11:15 <DIR> d-------- C:\WINDOWS\system32\Logs
2007-09-05 11:15 <DIR> d-------- C:\DOCUME~1\Administrator\WINDOWS
2007-09-05 11:15 <DIR> d-------- C:\DOCUME~1\Administrator\Application Data\toshiba
2007-09-05 11:15 <DIR> d-------- C:\DOCUME~1\Administrator\Application Data\Symantec
2007-09-05 11:15 <DIR> d-------- C:\DOCUME~1\Administrator\Application Data\InterVideo
2007-09-05 11:15 <DIR> d-------- C:\DOCUME~1\Administrator\Application Data\InterTrust
2007-09-05 09:27 <DIR> d-------- C:\Program Files\Support Tools
2007-09-05 09:19 33,792 --a--c--- C:\WINDOWS\system32\dllcache\lmmib2.dll
2007-09-05 09:19 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll
2007-08-29 13:35 <DIR> d-------- C:\Program Files\Viewpoint
2007-08-29 11:59 <DIR> d-------- C:\DOCUME~1\VALUED~1\APPLIC~1\McAfee
2007-08-29 06:50 <DIR> d-------- C:\DOCUME~1\VALUED~1\APPLIC~1\Sereniti
2007-08-22 13:06 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-08-22 13:04 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-08-22 13:04 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-08-22 13:04 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-08-22 13:04 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-08-22 13:04 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-08-22 13:04 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-08-22 13:03 <DIR> d-------- C:\mcafee_mcpr
2007-08-22 13:02 <DIR> d-------- C:\Program Files\McAfee.com
2007-08-22 13:02 <DIR> d-------- C:\Program Files\McAfee
2007-08-22 13:02 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-08-22 12:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-13 19:05 62,976 --a------ C:\DOCUME~1\VALUED~1\wn221.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-07 15:04 --------- d-------- C:\Program Files\America Online 9.0
2007-09-05 11:14 --------- d-------- C:\Program Files\Common Files\aolshare
2007-09-05 11:14 --------- d-------- C:\Program Files\Common Files\AOL
2007-08-27 19:33 --------- d-------- C:\Program Files\XoftSpySE
2007-08-27 17:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-08-27 10:55 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-08-18 16:23 --------- d-------- C:\DOCUME~1\VALUED~1\APPLIC~1\AdobeUM
2007-08-13 19:03 --------- d-------- C:\Program Files\RegCure
2007-08-13 18:58 --------- d-------- C:\DOCUME~1\VALUED~1\APPLIC~1\ultra
2007-08-13 08:32 --------- d-------- C:\Program Files\Taunts
2007-07-13 17:58 --------- d-------- C:\DOCUME~1\VALUED~1\APPLIC~1\AdobeAUM
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-04-07 16:57 153 --a------ C:\DOCUME~1\VALUED~1\APPLIC~1\sysdoctor.exe
2003-08-27 14:19 36963 -ra------ C:\Program Files\Common Files\SM1updtr.dll
2001-10-17 19:37 2365 --a------ C:\Program Files\CLASS.NFO
2001-10-17 13:23 326 --a------ C:\Program Files\FILE_ID.DIZ
2001-10-15 15:50 8337 --a------ C:\Program Files\CAM.NFO
2001-09-15 16:36 2218 --a------ C:\Program Files\dz.nfo
2001-09-01 19:10 1980 --a------ C:\Program Files\ME.nfo
2001-07-17 13:42 1396 --a------ C:\Program Files\Hades.nfo
2001-06-27 22:07 1229 --a------ C:\Program Files\jbf.nfo
2001-03-22 18:54 1784 --a------ C:\Program Files\dls.nfo
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEPOWER "= "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-19 18:14]
"LtMoh "= "C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 15:43]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-02-20 15:00 C:\WINDOWS\agrsmmsg.exe]
"Apoint "= "C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 16:46]
"NDSTray.exe "= "NDSTray.exe" []
"CeEKEY "= "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 15:14]
"PadTouch "= "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 14:47]
"SmoothView "= "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 13:45]
"ZoomingHook "= "c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 16:07]
"TPNF "= "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 16:23]
"Pinger "= "C:\TOSHIBA\IVP\ISM\pinger.exe" [2005-03-17 17:37]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-14 02:05]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2004-08-19 17:44]
"CFSServ.exe "= "CFSServ.exe" []
"HostManager "= "C:\Program Files\Common Files\AOL\1167412240\ee\AOLSoftware.exe" [2006-09-25 17:52]
"ASM "= "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" [2006-11-07 15:11]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-31 19:32]
"AVG7_EMC "= "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" [2007-08-31 19:32]
"AVG7_RegCleaner "= "C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe" [2007-08-31 19:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 03:24]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-08-31 19:32]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-19 16:18:56]

C:\DOCUME~1\VALUED~1\STARTM~1\Programs\Startup\
V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe [2007-01-27 16:04:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync "=0 (0x0)
"SynchronousMachineGroupPolicy "=0 (0x0)
"SynchronousUserGroupPolicy "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical "=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip "=1 (0x1)
"NoRecentDocsHistory "=1 (0x1)
"MemCheckBoxInRunDlg "=0 (0x0)
"NoAutoTrayNotify "=0 (0x0)
"NoResolveTrack "=0 (0x0)
"NoResolveSearch "=1 (0x1)
"NoWelcomeScreen "=1 (0x1)
"NoRecentDocsNetHood "=1 (0x1)
"NoDesktopCleanupWizard "=1 (0x1)
"NoSharedDocuments "=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate "=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll, ntoskrnl.dll, xlibgfl254.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R1 SrvcEKIOMngr;SrvcEKIOMngr;C:\WINDOWS\system32\Drivers\EKIoMngr.sys
R1 SrvcEPECioctl;SrvcEPECioctl;C:\WINDOWS\system32\Drivers\ECioctl.sys
R1 SrvcEPIOMngr;SrvcEPIOMngr;C:\WINDOWS\system32\Drivers\EPIoMngr.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Drivers\SSIoMngr.sys
R1 SrvcTPIOMngr;SrvcTPIOMngr;C:\WINDOWS\system32\Drivers\TPIoMngr.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R3 EPOWER;Compal E-POWER Driver;C:\WINDOWS\system32\Drivers\hkdrv.sys
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S2 0225251188235749mcinstcleanup;McAfee Application Installer Cleanup (0225251188235749);C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\0225251188235749mcinst.exe C:\PROGRA~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
S3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
S3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\sscdserd.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-08-22 20:03:30 C:\WINDOWS\Tasks\McDefragTask.job "
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-08-22 20:03:28 C:\WINDOWS\Tasks\McQcTask.job "
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-08 12:26:54 C:\WINDOWS\Tasks\RegCure Program Check.job "
- C:\Program Files\RegCure\RegCure.exe
"2007-03-24 23:50:01 C:\WINDOWS\Tasks\RegCure.job "
- C:\Program Files\RegCure\RegCure.exe
"2007-09-07 22:58:20 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-09-08 12:26:51 C:\WINDOWS\Tasks\XoftSpySE 2.job "
"2007-03-25 00:12:23 C:\WINDOWS\Tasks\XoftSpySE.job "
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-08 05:29:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-08 5:33:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-08 05:33
.
--- E O F ---
Once again, thanks for the help
Also, I will not be around until next day. HEY I SEE THE CONTROL PANEL!! I will not touch it until I hear back from you.

noahdfear · 2007/09/08

Scan again with HijackThis, place a check next to the following entry, then click Fix Checked.

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -

Close HijackThis.

Open Add/Remove programs and uninstall RegCure if listed.

Delete the following files and folders

C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VCCLSID.exe
C:\Deckard
C:\VundoFix Backups

Copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
File::
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\Tasks\RegCure.job
C:\WINDOWS\system32\xlibgfl254.dll

Folder::
C:\Program Files\RegCure

FileLook::
C:\DOCUME~1\VALUED~1\wn221.exe

DirLook::
C:\WINDOWS\system32\Logs

Driver::
0225251188235749mcinstcleanup

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\[COLOR="black"]control[/COLOR]\securityproviders]
 "SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll "
[HKEY_USERS\.default\software\microsoft\windows\[COLOR="Black"]currentversion[/COLOR]\policies\explorer]
 "NoWindowsUpdate "=-
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

dtofmfd · 2007/09/09

Here ya go:

ComboFix 07-09-08.7 - "Valued Customer" 2007-09-09 6:47:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.50 [GMT -7:00]
* Created a new restore point

FILE::
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\Tasks\RegCure.job
C:\WINDOWS\system32\xlibgfl254.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\RegCure
C:\Program Files\RegCure\0_days.htm
C:\Program Files\RegCure\1_days.htm
C:\Program Files\RegCure\15_days.htm
C:\Program Files\RegCure\2_days.htm
C:\Program Files\RegCure\30_days.htm
C:\Program Files\RegCure\5_days.htm
C:\Program Files\RegCure\Animated-Bar.gif
C:\Program Files\RegCure\AutoUpdate.dll
C:\Program Files\RegCure\Backup\RegCureBak_April_08_07_00_10_55.bak
C:\Program Files\RegCure\Backup\RegCureBak_April_08_07_00_10_55.reg
C:\Program Files\RegCure\Backup\RegCureBak_April_08_07_00_10_55\Butterfly Oasis Preview.lnk
C:\Program Files\RegCure\Backup\RegCureBak_April_08_07_00_10_55\Butterfly Oasis Settings.lnk
C:\Program Files\RegCure\Backup\RegCureBak_April_08_07_00_10_55\Get more Screensavers.lnk
C:\Program Files\RegCure\Backup\RegCureBak_April_08_07_00_10_55\More info at ScreenScenes.com.lnk
C:\Program Files\RegCure\Backup\RegCureBak_April_08_07_00_10_55\Upgrade to Premium version.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_08_32.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_08_33.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_08_33\Sample Music.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_08_33\Sample Pictures.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_13_34.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_13_34.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_13_34\Sample Music.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_13_34\Sample Pictures.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_17_07.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_17_07.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_17_13.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_17_14.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_17_14\Sample Pictures.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_19_37.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_22_18.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_22_18.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_13_07_19_22_25.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_17_23_44.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_17_26_12.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_17_34_39.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_17_37_23.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_17_37_23.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_17_37_38.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_17_37_38.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_17_53_11.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_17_55_26.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_17_58_05.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_18_00_21.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_18_02_29.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_18_24_29.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_18_24_29.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_18_24_38.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_18_27_01.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_18_29_48.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_18_33_17.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_18_33_17.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_18_33_28.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_18_07_18_33_28.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_08_59_31.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_09_03_55.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_09_03_55.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_09_04_10.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_09_04_10.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_10_22_04.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_10_22_04.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_10_22_12.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_10_48_58.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_10_51_13.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_10_54_40.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_10_54_40.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_10_54_45.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_10_57_40.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_10_57_40.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_10_57_46.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_08_53.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_08_53.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_09_01.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_12_09.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_14_50.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_14_50.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_14_54.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_15_24.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_15_24.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_15_31.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_15_31.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_15_53.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_15_53.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_15_56.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_35_35.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_35_35.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_35_38.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_36_04.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_36_04.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_11_36_06.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_18_09.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_18_09.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_18_17.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_21_20.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_22_15.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_22_15.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_22_20.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_23_12.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_23_12.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_23_15.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_23_15.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_23_51.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_23_51.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_24_08.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_24_08.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_34_05.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_34_05.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_29_07_13_34_09.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_31_07_18_43_40.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_31_07_18_43_40.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_31_07_18_43_44.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_31_07_18_48_22.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_31_07_18_48_22.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_31_07_18_48_31.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_31_07_19_06_39.reg
C:\Program Files\RegCure\Backup\RegCureBak_June_09_07_17_56_39.reg
C:\Program Files\RegCure\Backup\RegCureBak_June_09_07_17_56_40.bak
C:\Program Files\RegCure\Backup\RegCureBak_June_09_07_17_56_40\CD Drive (2).lnk
C:\Program Files\RegCure\Backup\RegCureBak_June_09_07_17_56_40\CD Drive.lnk
C:\Program Files\RegCure\Backup\RegCureBak_June_09_07_17_56_40\spint areck.lnk
C:\Program Files\RegCure\Backup\RegCureBak_June_09_07_17_56_40\target.lnk
C:\Program Files\RegCure\Backup\RegCureBak_June_18_07_19_29_34.bak
C:\Program Files\RegCure\Backup\RegCureBak_June_18_07_19_29_34.reg
C:\Program Files\RegCure\Backup\RegCureBak_June_18_07_19_29_48.bak
C:\Program Files\RegCure\Backup\RegCureBak_June_18_07_19_29_48.reg
C:\Program Files\RegCure\Backup\RegCureBak_June_18_07_19_29_48\target.lnk
C:\Program Files\RegCure\Backup\RegCureBak_March_24_07_16_20_56.bak
C:\Program Files\RegCure\Backup\RegCureBak_March_24_07_16_23_33.bak
C:\Program Files\RegCure\Backup\RegCureBak_March_24_07_16_25_54.bak
C:\Program Files\RegCure\Backup\RegCureBak_March_24_07_16_37_31.reg
C:\Program Files\RegCure\Backup\RegCureBak_March_24_07_16_37_54.reg
C:\Program Files\RegCure\Backup\RegCureBak_March_24_07_16_38_00.reg
C:\Program Files\RegCure\Backup\RegCureBak_March_24_07_16_38_05.reg
C:\Program Files\RegCure\Backup\RegCureBak_March_24_07_16_38_10.reg
C:\Program Files\RegCure\Backup\RegCureBak_March_24_07_16_38_36.reg
C:\Program Files\RegCure\buttonfill.jpg
C:\Program Files\RegCure\buttonfill_expire.jpg
C:\Program Files\RegCure\buttonfill_mo.jpg
C:\Program Files\RegCure\buttonfill_mo_expire.jpg
C:\Program Files\RegCure\config.xml
C:\Program Files\RegCure\contentwrapper.gif
C:\Program Files\RegCure\expire.css
C:\Program Files\RegCure\footerbar.gif
C:\Program Files\RegCure\help.chm
C:\Program Files\RegCure\info_bubble.jpg
C:\Program Files\RegCure\Logs\Regcure-13-08-07-19-08-56.zip
C:\Program Files\RegCure\Logs\Regcure-13-08-07-19-13-54.zip
C:\Program Files\RegCure\Logs\Regcure-13-08-07-19-17-28.zip
C:\Program Files\RegCure\Logs\Regcure-13-08-07-19-17-32.zip
C:\Program Files\RegCure\Logs\Regcure-13-08-07-19-19-51.zip
C:\Program Files\RegCure\Logs\Regcure-13-08-07-19-22-38.zip
C:\Program Files\RegCure\Logs\Regcure-13-08-07-19-22-43.zip
C:\Program Files\RegCure\Logs\Regcure-18-06-07-19-29-50.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-17-23-59.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-17-26-25.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-17-34-56.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-17-37-39.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-17-53-26.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-17-55-40.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-17-58-20.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-18-00-36.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-18-02-44.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-18-24-52.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-18-24-58.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-18-27-15.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-18-30-02.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-18-33-35.zip
C:\Program Files\RegCure\Logs\Regcure-18-08-07-18-33-45.log
C:\Program Files\RegCure\Logs\Regcure-29-08-07-08-59-59.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-09-04-34.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-10-22-36.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-10-49-24.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-10-51-27.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-10-55-06.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-10-55-11.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-10-58-05.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-10-58-10.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-11-09-21.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-11-09-26.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-11-12-23.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-11-15-09.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-11-15-12.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-11-15-44.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-11-15-50.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-11-16-10.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-11-16-12.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-11-35-56.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-11-36-22.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-11-36-23.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-13-18-43.log
C:\Program Files\RegCure\Logs\Regcure-29-08-07-13-18-43.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-13-21-37.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-13-22-56.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-13-23-44.zip
C:\Program Files\RegCure\Logs\Regcure-29-08-07-13-34-26.zip
C:\Program Files\RegCure\Logs\Regcure-31-08-07-18-44-03.zip
C:\Program Files\RegCure\Logs\Regcure-31-08-07-18-48-57.zip
C:\Program Files\RegCure\Logs\Regcure-31-08-07-19-07-57.zip
C:\Program Files\RegCure\Logs\Regcure.log
C:\Program Files\RegCure\Logs\SystemInfo.zip
C:\Program Files\RegCure\LogSettings.xml
C:\Program Files\RegCure\main.css
C:\Program Files\RegCure\process-animation.gif
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\RegCure\settings.xml
C:\Program Files\RegCure\subtitlebar.gif
C:\Program Files\RegCure\tile_titlebar.jpg
C:\Program Files\RegCure\Tip1.html
C:\Program Files\RegCure\Tip10.html
C:\Program Files\RegCure\Tip11.html
C:\Program Files\RegCure\Tip12.html
C:\Program Files\RegCure\Tip13.html
C:\Program Files\RegCure\Tip14.html
C:\Program Files\RegCure\Tip15.html
C:\Program Files\RegCure\Tip2.html
C:\Program Files\RegCure\Tip3.html
C:\Program Files\RegCure\Tip4.html
C:\Program Files\RegCure\Tip5.html
C:\Program Files\RegCure\Tip6.html
C:\Program Files\RegCure\Tip7.html
C:\Program Files\RegCure\Tip8.html
C:\Program Files\RegCure\Tip9.html
C:\Program Files\RegCure\uninst.exe
C:\Program Files\RegCure\whitelist.dat
C:\Program Files\RegCure\zlibwapi.dll
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\Tasks\RegCure.job

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_0225251188235749MCINSTCLEANUP
-------\0225251188235749mcinstcleanup

((((((((((((((((((((((((( Files Created from 2007-08-09 to 2007-09-09 )))))))))))))))))))))))))))))))
.

2007-09-08 05:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-07 06:30 <DIR> d-------- C:\HijackThis
2007-09-05 17:54 <DIR> d-------- C:\DOCUME~1\VALUED~1\APPLIC~1\Lavasoft
2007-09-05 17:53 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-05 15:26 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-05 11:15 <DIR> d-------- C:\WINDOWS\system32\Logs
2007-09-05 11:15 <DIR> d-------- C:\DOCUME~1\Administrator\WINDOWS
2007-09-05 11:15 <DIR> d-------- C:\DOCUME~1\Administrator\Application Data\toshiba
2007-09-05 11:15 <DIR> d-------- C:\DOCUME~1\Administrator\Application Data\Symantec
2007-09-05 11:15 <DIR> d-------- C:\DOCUME~1\Administrator\Application Data\InterVideo
2007-09-05 11:15 <DIR> d-------- C:\DOCUME~1\Administrator\Application Data\InterTrust
2007-09-05 09:27 <DIR> d-------- C:\Program Files\Support Tools
2007-09-05 09:19 33,792 --a--c--- C:\WINDOWS\system32\dllcache\lmmib2.dll
2007-09-05 09:19 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll
2007-08-29 13:35 <DIR> d-------- C:\Program Files\Viewpoint
2007-08-29 11:59 <DIR> d-------- C:\DOCUME~1\VALUED~1\APPLIC~1\McAfee
2007-08-29 06:50 <DIR> d-------- C:\DOCUME~1\VALUED~1\APPLIC~1\Sereniti
2007-08-22 13:06 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-08-22 13:04 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-08-22 13:04 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-08-22 13:04 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-08-22 13:04 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-08-22 13:04 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-08-22 13:04 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-08-22 13:03 <DIR> d-------- C:\mcafee_mcpr
2007-08-22 13:02 <DIR> d-------- C:\Program Files\McAfee.com
2007-08-22 13:02 <DIR> d-------- C:\Program Files\McAfee
2007-08-22 13:02 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-08-22 12:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-13 19:05 62,976 --a------ C:\DOCUME~1\VALUED~1\wn221.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-08 05:38 --------- d-------- C:\Program Files\America Online 9.0
2007-09-05 11:14 --------- d-------- C:\Program Files\Common Files\aolshare
2007-09-05 11:14 --------- d-------- C:\Program Files\Common Files\AOL
2007-08-27 19:33 --------- d-------- C:\Program Files\XoftSpySE
2007-08-27 17:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-08-27 10:55 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-08-18 16:23 --------- d-------- C:\DOCUME~1\VALUED~1\APPLIC~1\AdobeUM
2007-08-13 18:58 --------- d-------- C:\DOCUME~1\VALUED~1\APPLIC~1\ultra
2007-08-13 08:32 --------- d-------- C:\Program Files\Taunts
2007-07-13 17:58 --------- d-------- C:\DOCUME~1\VALUED~1\APPLIC~1\AdobeAUM
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-04-07 16:57 153 --a------ C:\DOCUME~1\VALUED~1\APPLIC~1\sysdoctor.exe
2003-08-27 14:19 36963 -ra------ C:\Program Files\Common Files\SM1updtr.dll
2001-10-17 19:37 2365 --a------ C:\Program Files\CLASS.NFO
2001-10-17 13:23 326 --a------ C:\Program Files\FILE_ID.DIZ
2001-10-15 15:50 8337 --a------ C:\Program Files\CAM.NFO
2001-09-15 16:36 2218 --a------ C:\Program Files\dz.nfo
2001-09-01 19:10 1980 --a------ C:\Program Files\ME.nfo
2001-07-17 13:42 1396 --a------ C:\Program Files\Hades.nfo
2001-06-27 22:07 1229 --a------ C:\Program Files\jbf.nfo
2001-03-22 18:54 1784 --a------ C:\Program Files\dls.nfo
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

- Unable to find Resource table header in file.

---- Directory of C:\WINDOWS\system32\Logs ----

((((((((((((((((((((((((((((( snapshot_2007-09-08_ 53242.96 )))))))))))))))))))))))))))))))))))))))))
.
----atw 16,384 2007-09-09 14:02:28 C:\WINDOWS\Temp\Perflib_Perfdata_e2c.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEPOWER "= "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-19 18:14]
"LtMoh "= "C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 15:43]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-02-20 15:00 C:\WINDOWS\agrsmmsg.exe]
"Apoint "= "C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 16:46]
"NDSTray.exe "= "NDSTray.exe" []
"CeEKEY "= "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 15:14]
"PadTouch "= "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 14:47]
"SmoothView "= "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 13:45]
"ZoomingHook "= "c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 16:07]
"TPNF "= "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 16:23]
"Pinger "= "C:\TOSHIBA\IVP\ISM\pinger.exe" [2005-03-17 17:37]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-14 02:05]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2004-08-19 17:44]
"CFSServ.exe "= "CFSServ.exe" []
"HostManager "= "C:\Program Files\Common Files\AOL\1167412240\ee\AOLSoftware.exe" [2006-09-25 17:52]
"ASM "= "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" [2006-11-07 15:11]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-31 19:32]
"AVG7_EMC "= "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" [2007-08-31 19:32]
"AVG7_RegCleaner "= "C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe" [2007-08-31 19:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 03:24]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-08-31 19:32]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-19 16:18:56]

C:\DOCUME~1\VALUED~1\STARTM~1\Programs\Startup\
V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe [2007-01-27 16:04:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync "=0 (0x0)
"SynchronousMachineGroupPolicy "=0 (0x0)
"SynchronousUserGroupPolicy "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical "=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip "=1 (0x1)
"NoRecentDocsHistory "=1 (0x1)
"MemCheckBoxInRunDlg "=0 (0x0)
"NoAutoTrayNotify "=0 (0x0)
"NoResolveTrack "=0 (0x0)
"NoResolveSearch "=1 (0x1)
"NoWelcomeScreen "=1 (0x1)
"NoRecentDocsNetHood "=1 (0x1)
"NoDesktopCleanupWizard "=1 (0x1)
"NoSharedDocuments "=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R1 SrvcEKIOMngr;SrvcEKIOMngr;C:\WINDOWS\system32\Drivers\EKIoMngr.sys
R1 SrvcEPECioctl;SrvcEPECioctl;C:\WINDOWS\system32\Drivers\ECioctl.sys
R1 SrvcEPIOMngr;SrvcEPIOMngr;C:\WINDOWS\system32\Drivers\EPIoMngr.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Drivers\SSIoMngr.sys
R1 SrvcTPIOMngr;SrvcTPIOMngr;C:\WINDOWS\system32\Drivers\TPIoMngr.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R3 EPOWER;Compal E-POWER Driver;C:\WINDOWS\system32\Drivers\hkdrv.sys
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
S3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
S3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\sscdserd.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-08-22 20:03:30 C:\WINDOWS\Tasks\McDefragTask.job "
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-08-22 20:03:28 C:\WINDOWS\Tasks\McQcTask.job "
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-07 22:58:20 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-09-09 13:56:29 C:\WINDOWS\Tasks\XoftSpySE 2.job "
"2007-03-25 00:12:23 C:\WINDOWS\Tasks\XoftSpySE.job "
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-09 06:57:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-09 7:03:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-09 07:03
C:\ComboFix2.txt ... 2007-09-08 05:33
.
--- E O F ---

noahdfear · 2007/09/09

This file looks suspicious to me, and ComboFix was unable to show us any details.

C:\Documents and Settings\Valued Customer\wn221.exe

Please check the properties of that file and let me know if there's any info, eg; company, version, etc. If nothing, submit it for analysis at jotti and post the results here.

Log looks good otherwise.

dtofmfd · 2007/09/09

This is what I saw after the scan and I do not see anything in the properties of the file:

Scan taken on 09 Sep 2007 14:42:21 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.XPACK.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.Packed.120
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-AV
VirusBuster Found nothing
VBA32 Found Trojan.Packed.120

noahdfear · 2007/09/09

Unless you know it to be a legitimate good file, I'd recommend you delete it.

Delete all of the following tools we have used, and the files/folders they created.

C:\QOOBOX
C:\WINDOWS\nircmd.exe
combofix.exe
SmitfraudFix.exe and the SmitfraudFix folder
all combofix and SmitfraudFix logs

Download ATF Cleaner by Atribune and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot.

I recommend you do an online virus scan to make sure we haven't overlooked something.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.

Post the Kaspersky log and one more fresh HijackThis log.

dtofmfd · 2007/09/09

Logfile of HijackThis v1.99.1
Scan saved at 2:13:51 PM, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VirusScan\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\ScsiAccess.EXE
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1167412240\ee\AOLSoftware.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\system32\RAMASST.exe
C:\DOCUME~1\damo\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167412240\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

and
tings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped਍ഀ
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{2490E188-A327-4EDA-B436-1B39F1295A16}.log Object is locked skipped਍ഀ
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{5F216A6B-C277-4FBC-A1F7-40E3465F2911}.log Object is locked skipped਍ഀ
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{CC278290-BE85-438A-B427-C326972A9DA6}.log Object is locked skipped਍ഀ
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped਍ഀ
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped਍ഀ
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped਍ഀ
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\a59f25545b42ffa34445066dd799da38_149e3045-e021-4b00-b74a-25fea3c66bad Object is locked skipped਍ഀ
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d7ad45cdfd47b65e04abd9df3987f7d_149e3045-e021-4b00-b74a-25fea3c66bad Object is locked skipped਍ഀ
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d953eda3e26304d35e06e3f99844845b_149e3045-e021-4b00-b74a-25fea3c66bad Object is locked skipped਍ഀ
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped਍ഀ
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped਍ഀ
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped਍ഀ
C:\Documents and Settings\damo\Cookies\index.dat Object is locked skipped਍ഀ
C:\Documents and Settings\damo\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped਍ഀ
C:\Documents and Settings\damo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped਍ഀ
C:\Documents and Settings\damo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped਍ഀ
C:\Documents and Settings\damo\Local Settings\History\History.IE5\index.dat Object is locked skipped਍ഀ
C:\Documents and Settings\damo\Local Settings\History\History.IE5\MSHist012007090920070910\index.dat Object is locked skipped਍ഀ
C:\Documents and Settings\damo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped਍ഀ
C:\Documents and Settings\damo\NTUSER.DAT Object is locked skipped਍ഀ
C:\Documents and Settings\damo\ntuser.dat.LOG Object is locked skipped਍ഀ
C:\Documents and Settings\damo\UserData\index.dat Object is locked skipped਍ഀ
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped਍ഀ
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped਍ഀ
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped਍ഀ
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped਍ഀ
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped਍ഀ
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped਍ഀ
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped਍ഀ
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped਍ഀ
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\digt0g67.default\Cache\63329BDCd01/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped਍ഀ
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\digt0g67.default\Cache\63329BDCd01/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped਍ഀ
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\digt0g67.default\Cache\63329BDCd01 RarSFX: infected - 2 skipped਍ഀ
C:\Documents and Settings\Valued Customer\NTUSER.DAT Object is locked skipped਍ഀ
C:\Documents and Settings\Valued Customer\ntuser.dat.LOG Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\agent.log Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\busyprs.log Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\BWLocalWebListener.log Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\FileDL.log Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000013.FCS Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\report.log Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\RG.log Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\scheddbg.log Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped਍ഀ
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped਍ഀ
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP160\A0056721.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.j skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP164\A0057008.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.g skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP164\A0057016.exe Infected: Trojan-Dropper.Win32.Agent.bol skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP165\A0057149.exe Infected: Trojan-Dropper.Win32.Agent.bol skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP175\A0063854.dll Infected: Trojan-Downloader.Win32.Agent.bxx skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP175\A0063897.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP175\A0063897.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP175\A0063897.exe RarSFX: infected - 2 skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP175\A0063898.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP175\A0063898.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP175\A0063898.exe RarSFX: infected - 2 skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP175\A0064039.exe Object is locked skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP177\A0064304.exe Infected: not-a-virusownloader.Win32.WinFixer.y skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP179\A0064924.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP179\A0064924.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP179\A0064924.exe RarSFX: infected - 2 skipped਍ഀ
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP179\change.log Object is locked skipped਍ഀ
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped਍ഀ
C:\WINDOWS\Downloaded Program Files\HDPlugin1101.inf Object is locked skipped਍ഀ
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped਍ഀ
C:\WINDOWS\SchedLgU.Txt Object is locked skipped਍ഀ
C:\WINDOWS\SoftwareDistribution\EventCache\{840E258A-7A83-4450-9DB3-C16454A32629}.bin Object is locked skipped਍ഀ
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped਍ഀ
C:\WINDOWS\Sti_Trace.log Object is locked skipped਍ഀ
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped਍ഀ
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\default Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\default.LOG Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\SAM Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\SECURITY Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\software Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\software.LOG Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\system Object is locked skipped਍ഀ
C:\WINDOWS\system32\config\system.LOG Object is locked skipped਍ഀ
C:\WINDOWS\system32\h323log.txt Object is locked skipped਍ഀ
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped਍ഀ
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped਍ഀ
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped਍ഀ
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped਍ഀ
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped਍ഀ
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped਍ഀ
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped਍ഀ
C:\WINDOWS\Temp\mcmsc_2IDbg2xQ9kSpNPD Object is locked skipped਍ഀ
C:\WINDOWS\Temp\mcmsc_78aRt23q2eBZS9K Object is locked skipped਍ഀ
C:\WINDOWS\Temp\mcmsc_COMLR0Xhab2G1mK Object is locked skipped਍ഀ
C:\WINDOWS\Temp\mcmsc_QIuxyWxOy4Sfme3 Object is locked skipped਍ഀ
C:\WINDOWS\Temp\mcmsc_TJcDXEUEFM8k8ej Object is locked skipped਍ഀ
C:\WINDOWS\Temp\mcmsc_ZSV9iOVV8rma00z Object is locked skipped਍ഀ
C:\WINDOWS\wiadebug.log Object is locked skipped਍ഀ
C:\WINDOWS\wiaservc.log Object is locked skipped਍ഀ
C:\WINDOWS\WindowsUpdate.log Object is locked skipped਍ഀ
਍ഀ
Scan process completed.਍ഀ

noahdfear · 2007/09/09

Looks Great!

Clear your Firefox temporary internet files.

If you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

Your computer is now clean! Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showpost.php?p=356653&postcount=49

Surf safe!

dtofmfd · 2007/09/09

Man Thanks, I owe ya and I am glad you took your time to help me. I know others with similar problems and I will direct them to this site. Have a good day.

noahdfear · 2007/09/09

You're very welcome. Glad I could help!

Log in or Sign up

Solved [cannot access administator rights & other problems]

dtofmfd Inactive Thread Starter

Arie Administrator Administrator Staff

noahdfear Inactive

dtofmfd Inactive Thread Starter

noahdfear Inactive

dtofmfd Inactive Thread Starter

noahdfear Inactive

dtofmfd Inactive Thread Starter

noahdfear Inactive

dtofmfd Inactive Thread Starter

noahdfear Inactive

dtofmfd Inactive Thread Starter

noahdfear Inactive

dtofmfd Inactive Thread Starter

noahdfear Inactive

dtofmfd Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved [cannot access administator rights & other problems]

dtofmfd Inactive Thread Starter

Arie Administrator Administrator Staff

noahdfear Inactive

dtofmfd Inactive Thread Starter

noahdfear Inactive

dtofmfd Inactive Thread Starter

noahdfear Inactive

dtofmfd Inactive Thread Starter

noahdfear Inactive

dtofmfd Inactive Thread Starter

noahdfear Inactive

dtofmfd Inactive Thread Starter

noahdfear Inactive

dtofmfd Inactive Thread Starter

noahdfear Inactive

dtofmfd Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches