kukkakreck virus need help!

Hello rockhopper224 and welcome,

We prefer a more comprehensive set of logs to assist in detecting any malware that may be present.

As noted in the final step (Step 5) of our sticky topic IMPORTANT - Read This Before Posting For Malware Removal Help....

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review.
• DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:
   C:\Deckard\System Scanner\extra.txt
   ​
3. Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt

Deckard's System Scanner v20071014.68
Run by katelamantia on 2008-06-26 22:47:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 495 MiB (512 MiB recommended).


-- HijackThis (run as katelamantia.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50: VIRUS ALERT!, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\katelamantia\Local Settings\Temporary Internet Files\Content.IE5\LH33R5A3\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\katelamantia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1188035F-16EC-41B7-AC69-A3913ADDB96F} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: (no name) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: {e56169e2-4fcd-99f9-5a44-98798f4c4437} - {7344c4f8-9789-44a5-9f99-dcf42e96165e} - C:\WINDOWS\system32\lmdtsiha.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7F4C33B3-863A-4B03-A39A-71F3390CC403} - C:\WINDOWS\Fonts\tfpnifo.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2836666134-4108312801-1691741306-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - S-1-5-21-2836666134-4108312801-1691741306-1006 Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe (User '?')
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\KATE\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154209090609
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://star2a.centuryltd.com/forms/jinitiator/jinit.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O20 - Winlogon Notify: gruthagy - gruthagy.dll (file missing)
O20 - Winlogon Notify: tfpnifo - C:\WINDOWS\Fonts\tfpnifo.dll (file missing)
O21 - SSODL: xvorfwbd - {E3074847-B9DB-44E6-AFEE-1299675BBF7F} - C:\WINDOWS\xvorfwbd.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 13422 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080625-205512-111 O15 - Trusted Zone: *.whataboutadog.com
backup-20080625-212102-740 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 EraserUtilDrv10614 - c:\program files\common files\symantec shared\eengine\eraserutildrv10614.sys (file missing)
2 MDC8021X (WPA Security Protocol (IEEE 802.1x) v2.2.0.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsushita Electric Industrial Co.,Ltd.; >
2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
2 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
3 tsdhd (TOSHIBA SD Card Host Controller Driver) - c:\windows\system32\drivers\tsdhd.sys <Not Verified; TOSHIBA Corporation; SD Card Driver Set>
0 TVALZ (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalz.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Common Modules>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 Apple Mobile Device - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsushita Electric Industrial Co., Ltd.; >
3 SavRoam - c:\program files\symantec antivirus\savroam.exe
2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
2 Symantec AntiVirus - c:\program files\symantec antivirus\rtvscan.exe
2 Viewpoint Manager Service - c:\program files\viewpoint\common\viewpointservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-29 13:01:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-03 06:00:00 266 --a------ C:\WINDOWS\Tasks\dfrg.job
2008-03-03 04:00:00 274 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job


-- Files created between 2008-05-26 and 2008-06-26 -----------------------------

2008-06-25 20:54:21 0 d-------- C:\Program Files\Trend Micro
2008-06-24 06:05:05 0 d-------- C:\WINDOWS\privacy_danger
2008-06-23 00:34:56 0 dr-h----- C:\Documents and Settings\katelamantia\Recent
2008-06-22 11:45:19 164 --a------ C:\install.dat
2008-06-20 06:17:52 0 d-------- C:\Program Files\Lavasoft
2008-06-19 23:13:35 0 d-------- C:\Documents and Settings\katelamantia\Application Data\TmpRecentIcons
2008-06-19 23:11:39 180224 --a------ C:\WINDOWS\xvorfwbd.dll
2008-06-19 23:11:39 81920 --a------ C:\WINDOWS\neltabxw.exe
2008-06-19 23:11:35 0 d-------- C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd


-- Find3M Report ---------------------------------------------------------------

2008-06-26 20:28:15 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-23 20:32:03 0 d-------- C:\Documents and Settings\katelamantia\Application Data\Lavasoft
2008-05-13 05:57:16 0 d-------- C:\Program Files\MSN Messenger
2008-05-03 23:12:33 0 d-------- C:\Documents and Settings\katelamantia\Application Data\uTorrent


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1188035F-16EC-41B7-AC69-A3913ADDB96F}]
C:\WINDOWS\system32\vtutu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7344c4f8-9789-44a5-9f99-dcf42e96165e}]
C:\WINDOWS\system32\lmdtsiha.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F4C33B3-863A-4B03-A39A-71F3390CC403}]
C:\WINDOWS\Fonts\tfpnifo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"000StTHK"="000StTHK.exe" [06/24/2001 00:28: VIRUS ALERT! C:\WINDOWS\system32\000StTHK.exe]
"AGRSMMSG"="AGRSMMSG.exe" [04/18/2003 15:20: VIRUS ALERT! C:\WINDOWS\agrsmmsg.exe]
"TFNF5"="TFNF5.exe" [10/15/2003 20:03: VIRUS ALERT! C:\WINDOWS\system32\TFNF5.exe]
"TPSMain"="TPSMain.exe" [11/20/2003 01:15: VIRUS ALERT! C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 19:19: VIRUS ALERT!]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/07/2006 14:02: VIRUS ALERT!]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/17/2006 07:34: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 23:37: VIRUS ALERT!]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56: VIRUS ALERT!]

C:\Documents and Settings\katelamantia\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [11/30/2005 12:32:10 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 5:44:06 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [8/11/2004 2:22:40 AM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 2:12:08 PM]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [3/17/2005 2:06:14 PM]
RAMASST.lnk.disabled [11/20/2003 8:58:57 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2/8/2008 12:10:00 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=0 (0x0)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=
"NoSetFolders"=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xvorfwbd"= {E3074847-B9DB-44E6-AFEE-1299675BBF7F} - C:\WINDOWS\xvorfwbd.dll [06/19/2008 19:15: VIRUS ALERT! 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gruthagy]
gruthagy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tfpnifo]
C:\WINDOWS\Fonts\tfpnifo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WinSpywareProtect"="C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe" /autorun
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Eks"="C:\Program Files\?icrosoft\m?config.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b040f98c-cd0a-11dc-9c16-00038a000015}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-06-26 22:51:19 ------------

Hello rockhopper224,

This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


It's IMPORTANT to carry out the instructions in the sequence listed below.


***************************************************

You currently have 2 Anti Virus programs installed. (Avast and Symantec). While it may seem to be added protection for you, more than 1 Anti Virus can cause conflicts and confusion between the AV programs as well as system slow downs and other forms of instability. Please choose and run only 1 and uninstall the other via the Add/Remove Programs in the Control Panel.

-------------------------------------------------------------------

After you've completed the above...

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Now please download ComboFix.exe from here and save it directly to your desktop.

Do not run it yet.

-------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console on your machine before doing any malware removal.

The Windows recovery console will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named, next to ComboFix.exe.






Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Drag the setup package onto ComboFix.exe and drop it.
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
  
  
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.