hello,
my computer is infected with many infections. i have tried to update spybot.ikeep getting error messages. i tried to download kapersky but got a message saying "update failed" @59%.
here is theHiJack This log. Thank you for any assistance you can give me.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:07 PM, on 3/15/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\DOCUME~1\Bob\LOCALS~1\Temp\winlogon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\mssrv.exe
C:\WINDOWS\mssrv.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system\smscg.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\TEMP\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://world.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://world.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: C:\WINDOWS\System32\ioEtfr.dll - {8D5849C4-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\System32\ioEtfr.dll
O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pad39A-HtEHL] F:\Pad39A.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Bob\LOCALS~1\Temp\winlogon.exe
O4 - HKLM\..\Policies\Explorer\Run: [mslocales] C:\WINDOWS\mslocales.exe
O4 - HKUS\S-1-5-18\..\Run: [Ujisdfns89fu98ndf] C:\WINDOWS\TEMP\svchast.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Firewall auto setup] C:\WINDOWS\TEMP\winlogon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Ujisdfns89fu98ndf] C:\WINDOWS\TEMP\svchast.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://world.yahoo.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - C:\WINDOWS\System32\exkktb.dll
O21 - SSODL: WpEuPgbBG - {B0532AE9-1AF9-8043-E015-0522A1BF9846} - C:\WINDOWS\System32\lhcau.dll
O22 - SharedTaskScheduler: OpenGL additional - {8D5849C4-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\System32\ioEtfr.dll
O22 - SharedTaskScheduler: Network Neighborhood - {9F143C3A-1457-6CCA-03A7-7AA23B61E40F} - C:\Program Files\Common Files\kbui32.dll
O22 - SharedTaskScheduler: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - C:\WINDOWS\System32\exkktb.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\Bob\~tmp0374.exe
O23 - Service: System Managment Controler (SMSCGISVC) - Unknown owner - C:\WINDOWS\system\smscg.exe

--
End of file - 6026 bytes

Hi,

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

Disconnect the computer from the Internet and from any networked computers until it is cleaned.
Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous (http://www.microsoft.com/technet/security/alerts/info/virusrat.mspx)
How do I respond to a possible identity theft and how do I prevent it (http://www.dslreports.com/faq/10451)
When should do a reformat and reinstallation of my OS (http://www.dslreports.com/faq/10063)
Where to backup your files (http://www.microsoft.com/athome/security/update/wherebackup.mspx)
How to backup your files in Windows XP (http://www.microsoft.com/athome/security/update/howbackup.mspx)
Restoring your backups (http://support.microsoft.com/kb/309340)

Please let me know your decision.

Hi,

Thank you for looking into this for me. I knew it was bad, just not HOW bad!

I've been thinking it's probably about time for a new computer anyway, so I am not going to go ahead an try to clean it up. I had already taken some of the identity theft precautions when the computer started acting weird.

Again, thank you for your help.

Sorry about that. Here are some ways to prevent such infections again.

Install an antivirus

With an antivirus program installed, it will scan files and emails when you use them, open them or download them. If it's a known threat, the antivirus program has the ability to stop them and prevent them from infecting you.

Here are two free ones to consider. Please install only ONE antivirus as having more than one may cause conflicts.

After that, restart your computer for the changes to take effect.

avast! 4 Home Edition (http://files.avast.com/iavs4pro/setupeng.exe)
AntiVir Free Edition (http://www.antivir-pe.com/freet/index.php?id=25&domain=free-av.com)

Install a firewall

A firewall examine incoming and outgoing traffic and see if they match any malicious traffic. If it is, the communications will be blocked.

Here are 4 free firewalls to consider. Please install only ONE firewall as having more than one may cause conflicts.

After installing a firewall, restart the computer for the changes to take effect.

Online Armor (http://dl1.online-armor.com/downloads/OnlineArmor_Setup_Free.exe)
Comodo Personal Firewall (http://www.personalfirewall.comodo.com/)
Sunbelt Kerio (http://www.sunbelt-software.com/Kerio.cfm)
Sygate Personal Firewall Free (http://www.majorgeeks.com/Sygate_Personal_Firewall_Free_d3356.html)

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows

Go to Start > All Programs > Windows Update

To update Office

Open up any Office program.

Go to Help > Check for Updates

Alternatively, you can visit the links below to update Windows and Office products.

Windows Update (http://update.microsoft.com/)
Office Update (http://office.microsoft.com/en-us/officeupdate/default.aspx)

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

Go to Start > Control Panel > Automatic Updates
Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).

Stop malicious scripts

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article (http://www.microsoft.com/athome/security/update/howbackup.mspx) to learn how to backup. Follow this article (http://support.microsoft.com/kb/309340) by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer (http://www.bleepingcomputer.com/tutorials/tutorial127.html).

Make your Internet Explorer safer

For Internet Explorer 6

Open Internet Explorer. Click on Tools > Options.
Click on the Security tab.
Click on the Internet icon.
Click on the Custom Level button.
Under Download signed ActiveX controls, select Prompt.
Under Download unsigned ActiveX controls, select Disable.
Under Initialize and script ActiveX controls not marked as safe, select Disable.
Under Installation of desktop items, select Prompt.
Under Launching programs and files in an IFRAME, select Prompt.
Under Navigate sub-frames across different domains, select Prompt.
Under Allow paste operations via script, select Disable.
Click OK to apply these settings.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Press OK to exit the Internet Properties page.
For a pictorial guide, please refer to this article (http://surfthenetsafely.com/slides/ieconfigureslide1.htm).

If you intend to upgrade to Internet Explorer 7, please read this article (http://surfthenetsafely.com/ieseczone8.htm) to configure Internet Explorer 7 properly.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs (http://p2p.malwareremoval.com/) if you need to use one.

Prevent a re-infection

Winpatrol
Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here (http://www.winpatrol.com/features.html).

You can get a free copy (http://www.winpatrol.com/wpsetup.exe) of Winpatrol or use the Plus version (http://winpatrol.stores.yahoo.net/winplusmemre.html) for more features.

You can read Winpatrol's FAQ (http://www.winpatrol.com/faq.html) if you run into problems.

Spyware Blaster
SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX (http://surfthenetsafely.com/activex.htm) programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

You can download SpywareBlaster from Javacool (http://www.javacoolsoftware.com/spywareblaster.html).

If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial (http://www.bleepingcomputer.com/tutorials/tutorial49.html) at Bleeping Computer.

SpywareGuard
Just as an antivirus program scans a file for viruses before opening it, SpywareGuard does the same thing, except that it scans it for spywares.

You can download SpywareGuard from Javacool (http://www.javacoolsoftware.com/spywareguard.html).

If you need help in using SpywareGuard, you can SpywareGuard's tutorial (http://www.bleepingcomputer.com/tutorials/tutorial50.html) at Bleeping Computer.

IE-SPYAD
IE-SPYAD adds over 5000 sites to your Internet Explorer restricted zone so that you will be protected if the website turns out to be a bad one. Sites that are in the restricted zone of Internet Explorer can't have any scripts ran, no downloads and cookies. However, you can still connect to these sites.

You can download IE-SPYAD from Spyware Warrior (http://www.spywarewarrior.com/uiuc/resource.htm). Be sure to read the whole website carefully for instructions on usage of IE-SPYAD.

Hosts File
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
Bluetack's Hosts File (http://www.bluetack.co.uk/forums/index.php?showtopic=8406)
Bluetack's Host Manager (http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=16)
hpHosts (http://hphosts.mysteryfcm.co.uk/?s=Download)

A tutorial (http://forum.malwareremoval.com/viewtopic.php?t=22187) about Hosts File can be found at Malware Removal.

Spybot Search and Destroy
Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

Spybot Search & Destroy can be downloaded from here (http://www.safer-networking.org/en/mirrors/index.html).

If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial (http://www.bleepingcomputer.com/tutorials/tutorial43.html) at Bleeping Computer.

a-squared Free
a-squared Free is also another program for scanning spywares and adwares. It doesn't have preventive features like Spybot Search & Destroy though.

You can download a-squared Free from here (http://www.emsisoft.com/en/software/download/).

Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs (http://www.spywarewarrior.com/rogue_anti-spyware.htm) and Malwarebytes RogueNET (http://www.malwarebytes.org/roguenet.php). This will save you from a lot of trouble. If in doubt, don't ever download it.

SiteHound Toolbar
SiteHound (http://www.firetrust.com/en/products/sitehound) is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

Use an alternative Internet Browser

Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead.

Firefox (http://www.mozilla.com/en-US/firefox/)
Opera (http://www.opera.com/download/)
K-Meleon (http://kmeleon.sourceforge.net/download.php)

Use an alternative email client

If you are using Outlook Express as your default email client, try using Thunderbird (http://www.mozilla.com/en-US/thunderbird/) or Pegasus Mail (http://www.pmail.com/) instead.

Here are some more things to read about:

List of clean and infected download managers (http://www.safer-networking.org/en/articles/download-managers.html)
Configuring Skype (http://www.tcd.ie/iss/internet/skype.php)
Greater email safety (http://surfthenetsafely.com/surfsafely4.htm)
Phishing - what is it? (http://surfthenetsafely.com/phishing.htm)
Configuring Outlook Express (http://surfthenetsafely.com/slides/oeconfigureslide1.htm)
The Unofficial Cookie FAQ (http://www.cookiecentral.com/faq)
Securing your home wireless network (http://www.windowsecurity.com/articles/Wireless-Network-Security-Home.html)
80 Super Security Tips (http://www.pcmag.com/article2/0,1895,1838690,00.asp)
The different classes of security softwares (http://wiki.castlecops.com/Different_classes_of_security_software)