I need help checking for spyware, virus, etc. Thanks

[cthis]

I copied this from a previous post word for word because it is the same problem I'm having. Any help would be great.
"Some odd behavior started on Oct 26th - for example:
IE started by itself and going to ad sites (not our home page).
Pop up error messages - "The application or DLL c:\Windows\System32\msansspc.dll is not a valid Windows image. Please check this against your installation disk."  In the blue top border of the message box would be "KBD.EXE" or "Mantispm.exe" or "jusched.exe".
I googled the message text and found references to "getpack23" and searched for and found that on my system. Another website gave instructions for using msconfig to turn off getpack23 from startup. Meanwhile I also found "getmodule25" and stopped that from startup. I looked into add/remove software and found something called "icheck" that I uninstalled. I deleted the getpack23 and getmodule25 also. These 3 executables had creation dates of October 26th. (I deleted them when I found them over the past 2 days.)"
Thank you very much for any help anyone could give me.

[Saving space - attachment deleted by admin]

[evilfantasy]

Hello cthis.

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.

For Windows XP Systems install the Recovery Console:

- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
- If for some reason your Internet is not working click No.
- If you are not using Windows XP, you will not be prompted.
- When prompted to accept the EULA click OK.
- Accept Microsoft's EULA (Click Yes).
- When you are told that the RC is installed correctly click YES to continue scanning for malware.

When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.


Also let me know what problems still remain, if any.

[cthis]

Hello Evilfantasy,

   Thank you so much for your help, here is the log. One question, I've downloaded 5 antispy, malware and cleaner programs, is it necessary to keep all of these on my computer? Per your request I've got CCleaner, SuperAntispyware, Malwarebytes, sniper.com, and ComboFix. By the way, why was I told to change the name of Hijackthis to sniper?

[Saving space - attachment deleted by admin]

[evilfantasy]

Changing the name of Hijackthis to sniper helps to make some malware easier to find.

We will clean up everything that isn't needed when we are done. You will only be left with the tools from the malware removal guide, which you will want to keep and scan with now and then.

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:files
c:\windows\system32\CF31297.exe.vir
c:\windows\system32\CF30607.exe.vir

:Commands
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

Also let me know how everything is now.

[cthis]

Thanks again, I hope this works. Here is the new log.

[Saving space - attachment deleted by admin]

[evilfantasy]

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.
.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.
.
----------

Download

ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.
.
----------

Download OTCleanIt.exe and save it to your Desktop.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it yourself.

.
Important: Restart the computer before continuing.


How is everything now?