# Internet shuts off...I need some help!



## spyroflame0487 (Feb 2, 2009)

Hey there! I previously tried to post this message, but the internet shuts off randomly.

I recently did a scan with "Root Repeal" which said that there was some sort of add on. The first name was "Seneka", which I've looked around and have found that it is infact a virus.

Which brought me here. I'm afraid I can't really find anything that will help me remove it. I've read previous posts on various forums, but they seem to apply more to a certain user to myself, so..I was hoping I could get some help.

My Internet Explorer- IE 7 sometimes shuts off, with a pop up saying that there was a error, and IE needs to close. Occasionally, another pop up opens saying that there was a problem with a App..but I have no idea what it is. I'm not sure if it's related, but it's a problem, and figured I would include it.
Here's the logs from 2 scans. One from Malwarebytes (From 1-30-09), and the other from HijackThis (A few minutes ago)-

*Malwarebytes' Anti-Malware 1.31
*Database version: 1456
Windows 5.1.2600 Service Pack 3
1/30/2009 9:52:54 PM
mbam-log-2009-01-30 (21-52-54).txt
Scan type: Quick Scan
Objects scanned: 69591
Time elapsed: 28 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\rc.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmds.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alog.txt (Stolen.Data) -> Quarantined and deleted successfully.

*Logfile of Trend Micro HijackThis v2.0.2
*Scan saved at 6:52:44 PM, on 2/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\116811~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\116811~1\EE\AOLServiceHost.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=47689
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Google plugin - {5CC2F638-99FF-45d2-97C7-E30E83CF04D2} - ipv6sp.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168114808\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173541748343
O18 - Filter hijack: text/html - {ddc4f45c-f63d-4cac-b07f-64047d003a6f} - (no file)
O20 - AppInit_DLLs: karna.dat mhpvcn.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://www.cartoonnetwork.com/tv_shows/ben10af/medias/wallpapers/800_600/ben_800_600.jpg
O24 - Desktop Component 1: (no name) - http://fc02.deviantart.com/fs11/i/2006/167/b/c/Upgrade_by_Mr_M7.jpg
--
End of file - 6547 bytes

Hope this helps with helping me figure out what to do. I really appriciate any and all help I can get!
-Spyro


----------



## spyroflame0487 (Feb 2, 2009)

er...hey again.

I havn't been answered, so, here's the 24 hour reply.

I've still been checking through the Malwarebytes, and the problem is still there. The Internet is shutting off a bit more frequently..almost every 10 minutes..

I know everyone it busy! That's perfectly alright..but I could definatly use the help! 

Thanks again!
-Spyro


----------



## spyroflame0487 (Feb 2, 2009)

XP...Hey again.

The problem is still there, and the internet shuts off still too. 

It's been over 24 hours since the last post, but I figure I'd post again to bump it up.

I know you guys are busy too, so..I'll just wait!

Thanks again!
-Spyro


----------



## spyroflame0487 (Feb 2, 2009)

..Eh...Hey again.

Problems are still there, and getting more persistant. I could really use the help since, I'll be needing the computer this weekend, and if it shuts off the internet, it might delete my work for school.

I've also noticed that when it does log off the internet, it also logs me out of any forum or other websites that I'm logged into (Including this one).

ANy help is greatly appriciated. Thanks again!

EDIT:
If this helps at all, here's the latest HijackThis Log-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:05 PM, on 2/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\116811~1\EE\AOLHOS~1.EXE
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\COMMON~1\AOL\116811~1\EE\AOLServiceHost.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=47689
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: Google plugin - {5CC2F638-99FF-45d2-97C7-E30E83CF04D2} - ipv6sp.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168114808\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173541748343
O18 - Filter hijack: text/html - {ddc4f45c-f63d-4cac-b07f-64047d003a6f} - (no file)
O20 - AppInit_DLLs: karna.dat mhpvcn.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://www.cartoonnetwork.com/tv_shows/ben10af/medias/wallpapers/800_600/ben_800_600.jpg
O24 - Desktop Component 1: (no name) - http://fc02.deviantart.com/fs11/i/2006/167/b/c/Upgrade_by_Mr_M7.jpg
--
End of file - 6748 bytes

(I'll add the Malwarebytes file when I edit this post again..)


----------



## dvk01 (Dec 14, 2002)

Download ComboFix from *Here* to your Desktop.

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_
Click on *this link* to see instructions on how to temporarily disable many security programs while running combofix. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this 
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything unless told to do so while we are fixing your problem. *


----------



## spyroflame0487 (Feb 2, 2009)

Thanks for your help dvk01! Ok, I ran Combofix. *Here's that scan*-

ComboFix 09-02-06.04 - Ben 10 2009-02-07 17:01:16.2 - NTFSx86
Running from: c:\documents and settings\Ben 10\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.
2009-02-05 19:03 . 2009-02-05 21:14 d--hs---- c:\windows\system32\twain32
2009-02-02 18:11 . 2009-02-02 18:11 d-------- c:\program files\Trend Micro
2009-01-29 18:45 . 2009-01-29 18:45 d-------- C:\e57c6b40b3ba3fb4284329ea6e94
2009-01-29 18:41 . 2009-01-29 18:41 d-------- c:\windows\system32\XPSViewer
2009-01-29 18:41 . 2009-01-29 18:41 d-------- c:\program files\Reference Assemblies
2009-01-29 18:41 . 2009-01-29 18:41 d-------- c:\program files\MSBuild
2009-01-29 18:40 . 2009-01-29 18:40 d-------- C:\9ab530a6b564b66eb5dde9
2009-01-29 18:40 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-29 18:40 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-29 18:40 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-29 18:40 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-29 18:40 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-29 18:40 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-29 18:40 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-29 18:39 . 2009-01-29 19:39 d-------- c:\windows\SxsCaPendDel
2009-01-28 21:35 . 2009-01-28 21:35 d-------- c:\windows\system32\scripting
2009-01-28 21:35 . 2009-01-28 21:35 d-------- c:\windows\system32\en
2009-01-28 21:35 . 2009-01-28 21:35 d-------- c:\windows\system32\bits
2009-01-28 21:35 . 2009-01-28 21:35 d-------- c:\windows\l2schemas
2009-01-28 21:32 . 2009-01-28 21:35 d-------- c:\windows\ServicePackFiles
2009-01-28 21:24 . 2009-01-28 21:24 d-------- c:\windows\EHome
2009-01-28 15:00 . 2009-01-28 15:00 44,032 --a------ c:\windows\inform.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 16:18 22,792 ----a-w c:\documents and settings\Ben 10\Application Data\wklnhst.dat
2009-01-31 01:26 --------- d-----w c:\program files\DNA
2009-01-29 04:47 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-11 23:00 --------- d-----w c:\program files\Norton Security Scan
2009-01-07 23:02 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-13 15:54 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 18:53 --------- d-----w c:\program files\7-Zip
2008-11-16 18:21 19,614 ----a-w c:\documents and settings\All Users\Application Data\ifyviden.scr
2008-11-16 18:21 19,107 ----a-w c:\program files\Common Files\anob._sy
2008-11-16 18:21 15,857 ----a-w c:\program files\Common Files\olabozuke.com
2008-11-16 18:21 15,829 ----a-w c:\windows\asasapyb.pif
2008-11-16 18:21 15,656 ----a-w c:\documents and settings\Ben 10\Application Data\bogyxutor.sys
2008-11-16 18:21 13,592 ----a-w c:\windows\leqof.reg
2008-11-16 18:21 11,853 ----a-w c:\windows\izuxocire.dll
2008-11-16 18:21 11,410 ----a-w c:\documents and settings\Ben 10\Application Data\aqaxa.pif
2008-11-16 18:21 11,130 ----a-w c:\documents and settings\Ben 10\Application Data\sudinicu.bat
2008-11-16 18:21 10,756 ----a-w c:\documents and settings\Ben 10\Application Data\ybexe.scr
2008-11-16 18:20 18,718 ----a-w c:\program files\Common Files\ogok.exe
2008-11-16 18:20 13,125 ----a-w c:\program files\Common Files\rywuzegyr.com
2008-11-10 21:58 19,692 ----a-w c:\documents and settings\Ben 10\Application Data\sebodume.exe
2008-11-10 21:58 19,430 ----a-w c:\windows\iwacocuh.reg
2008-11-10 21:58 19,080 ----a-w c:\documents and settings\All Users\Application Data\ulewix.sys
2008-11-10 21:58 16,950 ----a-w c:\documents and settings\Ben 10\Application Data\mobyzyvy.vbs
2008-11-10 21:58 15,540 ----a-w c:\documents and settings\All Users\Application Data\sagekadijo.sys
2008-11-10 21:58 14,739 ----a-w c:\program files\Common Files\fufyxocis.dat
2008-11-10 21:58 13,831 ----a-w c:\program files\Common Files\qiho.pif
2008-11-10 21:58 13,387 ----a-w c:\program files\Common Files\jeful._dl
2008-11-10 21:58 12,578 ----a-w c:\program files\Common Files\onijitadi.inf
2008-11-10 21:44 17,793 ----a-w c:\program files\Common Files\kaforixu._dl
2008-11-10 21:44 17,004 ----a-w c:\windows\bofejafu.sys
2008-11-10 21:44 16,633 ----a-w c:\documents and settings\All Users\Application Data\afyt.bat
2008-11-10 21:44 13,959 ----a-w c:\program files\Common Files\cyhuqyvyb.sys
2008-11-10 21:44 10,770 ----a-w c:\windows\wofaquv.reg
2008-11-10 21:44 10,671 ----a-w c:\documents and settings\Ben 10\Application Data\isuvaje.sys
2008-11-08 00:22 19,165 ----a-w c:\program files\Common Files\ginotudot.bat
2008-11-08 00:22 17,934 ----a-w c:\windows\racica.bin
2008-11-08 00:22 17,668 ----a-w c:\program files\Common Files\imuza.bat
2008-11-08 00:22 16,976 ----a-w c:\program files\Common Files\ixalow._sy
2008-11-08 00:22 14,242 ----a-w c:\documents and settings\Owner\Application Data\ybiwy.pif
2008-11-08 00:21 19,840 ----a-w c:\documents and settings\All Users\Application Data\ogyc.reg
2008-11-08 00:21 15,695 ----a-w c:\windows\lysoxiqary.sys
2008-11-08 00:21 15,627 ----a-w c:\program files\Common Files\uxilow.dat
2008-11-08 00:21 15,289 ----a-w c:\windows\hetyvyqufu.bin
2008-11-08 00:21 13,691 ----a-w c:\windows\ehiluq.vbs
2008-11-08 00:21 12,515 ----a-w c:\program files\Common Files\zypozy.inf
2008-11-05 22:48 16,933 ----a-w c:\documents and settings\Ben 10\Application Data\vynaqerylo.pif
2008-11-05 22:48 12,674 ----a-w c:\documents and settings\All Users\Application Data\larejihapo.bin
2008-11-05 22:48 12,316 ----a-w c:\program files\Common Files\quhukyheh.com
2008-11-05 22:48 11,281 ----a-w c:\documents and settings\Ben 10\Application Data\vatywo.dat
2008-04-13 18:39 2,816 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2007-05-19 16:54 1,026,152 ----a-w c:\documents and settings\Ben 10\Nintendo_WFC_USB.zip
1999-07-07 00:00 6 --sh--r c:\windows\@@desktop.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-16 4347120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-06 29744]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HostManager"="c:\program files\Common Files\AOL\1168114808\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-06 98304]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-01-06 2168360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2008-09-28 1073152]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=karna.dat mhpvcn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1168114808\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-01-06 29744]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - e:\nintendowfcreg\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0EA88F0F-B698-4ab1-8DBC-EBE2CD00927F}]
rundll32 ipv6sp.dll,InitO
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - 
.
.
------- File Associations -------
.
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 17:06:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-07 17:09:36
ComboFix-quarantined-files.txt 2009-02-07 22:09:31
ComboFix2.txt 2009-02-07 21:51:41
Pre-Run: 81,038,802,944 bytes free
Post-Run: 81,018,638,336 bytes free
179 --- E O F --- 2009-01-30 02:31:58

And, Here's the latest *Hijackthis log*-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:45 PM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\116811~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\116811~1\EE\AOLServiceHost.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=47689
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168114808\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173541748343
O20 - AppInit_DLLs: karna.dat mhpvcn.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://www.cartoonnetwork.com/tv_shows/ben10af/medias/wallpapers/800_600/ben_800_600.jpg
O24 - Desktop Component 1: (no name) - http://fc02.deviantart.com/fs11/i/2006/167/b/c/Upgrade_by_Mr_M7.jpg
--
End of file - 6466 bytes

Once again, Thanks for your help! I hope Im not too much of a bother...Xp..


----------



## dvk01 (Dec 14, 2002)

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press *SAVE * and choose desktop in the list of selections in that window & press save)

Close any open browsers 
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

*Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum *

This will create a zip file inside C:\QooBox\ named something like [38][email protected]

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\ created by combofix named something like [38][email protected]


----------



## spyroflame0487 (Feb 2, 2009)

Ok!
I submitted the file on that website. Here's the latest HJT log-

*Logfile of Trend Micro HijackThis v2.0.2
*Scan saved at 4:42:37 PM, on 2/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\116811~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\116811~1\EE\AOLServiceHost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=47689
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168114808\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173541748343
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://www.cartoonnetwork.com/tv_shows/ben10af/medias/wallpapers/800_600/ben_800_600.jpg
O24 - Desktop Component 1: (no name) - http://fc02.deviantart.com/fs11/i/2006/167/b/c/Upgrade_by_Mr_M7.jpg
--
End of file - 6471 bytes

Xp..I can already see the computer working a bit faster now. Once again, thanks for the help!


----------



## dvk01 (Dec 14, 2002)

should be fine now
*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click *START* then *RUN*
* Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there.









then 
Turn off system restore by following instructions here 
for XP http://www.thespykiller.co.uk/index.php?page=8
or for Vista http://www.bleepingcomputer.com/tutorials/tutorial143.html

That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable system restore & create a new restore point. Now Empty Recycle bin on desktop

go here* http://www.thespykiller.co.uk/index.php?page=3 *for info on how to tighten your security settings and how to help prevent future attacks.

and scan here* http://secunia.com/software_inspector/ * for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place


----------



## spyroflame0487 (Feb 2, 2009)

Thanks so much for all your help! I'll try to use a bit more stronger Virus protection for future use.

Thanks again. I'll mark this as "solved" now.


----------

