Please help with antivirus 2009!!!

dbdrake · Jan 8, 2009

I have been dealing with these antivirus 2009 popups for about a month now and they are getting really annoying. A fake windows explorer message pop ups and tells me to download antivirus 2009 about every 2 minutes or less while I am on the Internet, whether that is IE or firefox. Other popups have been coming up lately too and I just want to get rid of them. If anyone could help me get rid of these...that would be great!

Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:32 PM, on 1/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {775ce2da-057b-434d-9ef5-7b9832721ae5} - C:\WINDOWS\system32\potojinu.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [CPM3f768e5d] Rundll32.exe "C:\WINDOWS\system32\gavowolu.dll",a
O4 - HKLM\..\Run: [gofesamuda] Rundll32.exe "C:\WINDOWS\system32\vepogihe.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-20\..\Run: [gofesamuda] Rundll32.exe "C:\WINDOWS\system32\vepogihe.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: karna.dat hagnqz.dll c:\windows\system32\gavowolu.dll,C:\WINDOWS\system32\loluzalu.dll
O20 - Winlogon Notify: qomllki - qomllki.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gavowolu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gavowolu.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8439 bytes

Osiris · Jan 8, 2009

please go thru my guide

dbdrake · Jan 9, 2009

here is my hijackthis log after i had done the steps up until malwarebytes because i didn't know if i was supposed to do all of them?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:47, on 1/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\MOZILL~1\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = Internet Explorer: Get It Now
O2 - BHO: (no name) - {775ce2da-057b-434d-9ef5-7b9832721ae5} - C:\WINDOWS\system32\potojinu.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CPM3f768e5d] Rundll32.exe "c:\windows\system32\pigopimu.dll",a
O4 - HKLM\..\Run: [gofesamuda] Rundll32.exe "C:\WINDOWS\system32\vepogihe.dll",s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [gofesamuda] Rundll32.exe "C:\WINDOWS\system32\vepogihe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [gofesamuda] Rundll32.exe "C:\WINDOWS\system32\vepogihe.dll",s (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: karna.dat hagnqz.dll C:\WINDOWS\system32\loluzalu.dll c:\windows\system32\pigopimu.dll
O20 - Winlogon Notify: qomllki - qomllki.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pigopimu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pigopimu.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer .exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7716 bytes

Osiris · Jan 9, 2009

Yes you need to do all of them, especially Malwarebytes

dbdrake · Jan 10, 2009

Here is the ComboFix log:
ComboFix 09-01-10.01 - Dawn Balke 2009-01-10 12:52:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.315 [GMT -6:00]
Running from: c:\documents and settings\Dawn Balke\My Documents\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Dawn Balke\Application Data\gadcom
c:\documents and settings\Dawn Balke\Application Data\gadcom\gadcom.exe
c:\documents and settings\Dawn Balke\Application Data\gadcom\gadcom.exe1tc
c:\documents and settings\Dawn Balke\Application Data\GetModule
c:\documents and settings\Dawn Balke\Application Data\GetModule\dicik.gz
c:\documents and settings\Dawn Balke\Application Data\GetModule\kwdik.gz
c:\documents and settings\Dawn Balke\Application Data\GetModule\ofadik.gz
c:\documents and settings\Dawn Balke\My Documents\WNSXS~1
c:\windows\system32\404Fix.exe
c:\windows\system32\abgtjhun.ini
c:\windows\system32\adwegjwm.ini
c:\windows\system32\aromoyaw.ini
c:\windows\system32\asks~1
c:\windows\system32\aumtysel.ini
c:\windows\system32\bqbbctam.ini
c:\windows\system32\brchlxtg.ini
c:\windows\system32\brshapkl.ini
c:\windows\system32\btbxcund.ini
c:\windows\system32\btggclyx.ini
c:\windows\system32\btsmyurt.ini
c:\windows\system32\ccdxjpwg.ini
c:\windows\system32\cgacxbnc.ini
c:\windows\system32\chkconfig
c:\windows\system32\ckpqokhr.ini
c:\windows\system32\cxdnaxjj.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\efbuotwq.ini
c:\windows\system32\egophlja.ini
c:\windows\system32\epdlwhdn.ini
c:\windows\system32\erenekak.ini
c:\windows\system32\erokolez.ini
c:\windows\system32\fdohgdmd.ini
c:\windows\system32\fehotidu.dll
c:\windows\system32\ftypbdck.ini
c:\windows\system32\gavowolu.dll
c:\windows\system32\golidagi.dll
c:\windows\system32\H1
c:\windows\system32\hagnqz.dll
c:\windows\system32\hahadabe.dll
c:\windows\system32\hijcorlf.ini
c:\windows\system32\hkayxags.ini
c:\windows\system32\hnbsgsqx.ini
c:\windows\system32\hncenvgg.ini
c:\windows\system32\hpjagqjr.ini
c:\windows\system32\humugege.dll
c:\windows\system32\icroso~1
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\iyiewqtq.ini
c:\windows\system32\java2.sys c:\windows\system32\snjava.dll
c:\windows\system32\jayeduwa.dll
c:\windows\system32\jelulowa.dll
c:\windows\system32\jidesoti.dll
c:\windows\system32\jquwdhoh.dll
c:\windows\system32\kekasika.dll
c:\windows\system32\keqjehlp.ini
c:\windows\system32\koaisrmp.ini
c:\windows\system32\kobxiirr.ini
c:\windows\system32\kodatewe.dll
c:\windows\system32\koyudori.dll
c:\windows\system32\kpkhutmp.ini
c:\windows\system32\kxrctlyq.ini
c:\windows\system32\loluzalu.dll
c:\windows\system32\lulilupa.dll
c:\windows\system32\masepiji.dll
c:\windows\system32\mfcans32.DLL
c:\windows\system32\mfcuia32.dll
c:\windows\system32\mitofeyi.dll
c:\windows\system32\moisudgq.ini
c:\windows\system32\msrdo20.dll
c:\windows\system32\mufohito.dll
c:\windows\system32\munigibo.dll
c:\windows\system32\mwabepbu.ini
c:\windows\system32\ngylumrd.ini
c:\windows\system32\nhndroxq.ini
c:\windows\system32\nmpooqss.ini
c:\windows\system32\nmpooqss.ini2
c:\windows\system32\o4Patch.exe
c:\windows\system32\ocrhsvyg.ini
c:\windows\system32\odbajqxj.ini
c:\windows\system32\paduzebe.dll
c:\windows\system32\pfahmhaq.ini
c:\windows\system32\ppqss.bak1
c:\windows\system32\ppqss.bak2
c:\windows\system32\ppqss.ini
c:\windows\system32\ppqss.ini2
c:\windows\system32\ppqss.tmp
c:\windows\system32\Process.exe
c:\windows\system32\qlsibdgx.ini
c:\windows\system32\qsxmotgg.ini
c:\windows\system32\qvhsjfhh.ini
c:\windows\system32\rdocurs.dll
c:\windows\system32\rgdnkjbm.ini
c:\windows\system32\rlchbpwp.ini
c:\windows\system32\rtlabpsw.ini
c:\windows\system32\rubufofu.dll
c:\windows\system32\sbkatbxy.ini
c:\windows\system32\sojosebe.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\swqntobb.ini
c:\windows\system32\syschk2
c:\windows\system32\TDSSlrvd.dat
c:\windows\system32\TDSSwpyl.dat
c:\windows\system32\tivujabo.exe
c:\windows\system32\tmps9
c:\windows\system32\tqvxahqc.ini
c:\windows\system32\ukugvjym.ini
c:\windows\system32\ulntpefu.ini
c:\windows\system32\V1
c:\windows\system32\VACFix.exe
c:\windows\system32\vajfsgpd.ini
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vifikogo.dll
c:\windows\system32\vojedayu.dll
c:\windows\system32\vumajopu.dll
c:\windows\system32\watqkrmf.ini
c:\windows\system32\wayomora.dll
c:\windows\system32\winpfz32.sys
c:\windows\system32\wmejnlvf.ini
c:\windows\system32\WS2Fix.exe
c:\windows\system32\xacgshqy.ini
c:\windows\system32\xfccinap.ini
c:\windows\system32\yeweyefa.dll
c:\windows\system32\yjkrkuai.ini
c:\windows\system32\ykjmsewo.ini
c:\windows\system32\yowetiga.dll
c:\windows\system32\ypmemjuy.ini
c:\windows\system32\yulenume.dll
c:\windows\system32\yutegeve.dll
c:\windows\system32\zelokore.dll
c:\windows\Tasks\lpklhtcn.job
c:\windows\Tasks\wzlytovr.job
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_$SYS$DRMSERVER
-------\Legacy_CD_PROXY
-------\Legacy_TDSSSERV
-------\Legacy_TDSSSERV.SYS)
-------\Service_$sys$DRMServer
-------\Service_CD_Proxy
-------\Service_TDSSserv
-------\Service_TDSSserv.sys)

((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
.

2009-01-09 16:04 . 2009-01-09 16:04 <DIR> d--hs---- c:\documents and settings\Dawn Balke\PrivacIE
2009-01-09 15:52 . 2009-01-09 15:54 <DIR> d--h-c--- c:\windows\ie8
2009-01-09 14:49 . 2007-10-01 16:24 219,448 --a------ c:\windows\system32\is-4O3M7.tmp
2009-01-09 14:49 . 2007-10-01 16:24 20,280 --a------ c:\windows\system32\drivers\SSFS0BB9.sys
2009-01-09 12:33 . 2009-01-09 12:33 <DIR> d-------- C:\VundoFix Backups
2009-01-09 12:28 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-09 12:24 . 2009-01-09 12:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Talkback
2009-01-09 12:18 . 2009-01-09 12:18 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2009-01-09 12:03 . 2009-01-09 12:03 <DIR> d-------- c:\program files\CCleaner
2009-01-09 11:56 . 2009-01-09 11:56 <DIR> d-------- c:\program files\CleanUp!
2009-01-09 11:46 . 2009-01-09 11:46 <DIR> d-------- c:\program files\MSConfig CleanUp
2009-01-06 13:07 . 2009-01-06 13:07 <DIR> d-------- c:\program files\Trend Micro
2008-12-29 11:21 . 2008-12-29 11:21 1,262,893 ---hs---- c:\windows\system32\ogokifiv.tmp
2008-12-24 16:43 . 2008-12-24 16:43 46,592 --a------ c:\windows\system32\nods32.dll
2008-12-24 16:43 . 2008-12-24 16:43 1 --a------ c:\windows\system32\za.dat
2008-12-22 17:22 . 2008-12-22 17:22 61,440 --a------ c:\windows\system32\drivers\bdjqz.sys
2008-12-19 01:16 . 2008-12-19 01:16 61,440 --a------ c:\windows\system32\drivers\zchsvk.sys
2008-12-16 00:19 . 2008-12-16 00:19 70,144 --a------ c:\windows\system32\hgGvwXRh.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 22:00 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-09 21:28 --------- d-----w c:\program files\Creative
2009-01-09 21:23 --------- d--h--w c:\documents and settings\Dawn Balke\Application Data\Move Networks
2009-01-09 21:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-09 21:22 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-24 18:01 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2008-12-19 05:22 --------- d-s---w c:\documents and settings\All Users\Application Data\Memeo
2008-12-19 05:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 15:49 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-21 03:33 19,830 ----a-w c:\documents and settings\Dawn Balke\Application Data\kypibyb.dll
2008-10-21 03:33 19,586 ----a-w c:\documents and settings\Dawn Balke\Application Data\sawofem.pif
2008-10-21 03:33 19,309 ----a-w c:\program files\Common Files\jixiraj.dat
2008-10-21 03:33 18,588 ----a-w c:\program files\Common Files\qunafezexy.bin
2008-10-21 03:33 18,499 ----a-w c:\documents and settings\All Users\Application Data\jetekym.com
2008-10-21 03:33 11,985 ----a-w c:\documents and settings\Dawn Balke\Application Data\ekyfoc.dat
2008-10-21 03:33 11,861 ----a-w c:\documents and settings\Dawn Balke\Application Data\mazaje.com
2006-12-28 20:51 40 -c--a-w c:\documents and settings\Dawn Balke\language.dat
2009-01-07 17:48 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-07 17:48 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-07 17:48 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-07 17:48 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-07 17:48 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-06-10 00:57 8 -csh--r c:\windows\system32\2DD42D4501.sys
2007-06-10 00:58 2,828 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-19 06:00 64,164 --sha-w c:\windows\system32\sewinuja.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 5367608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\loluzalu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2006-09-25 13:54 229952 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CD_Proxy"=2 (0x2)
"AOL ACS"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161538237\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161538237\\ee\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe"=
"c:\\WINDOWS\\ehome\\ehrecvr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\LEXBCES.EXE"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\WLKEEPER.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\ComboFix\\fdsv.cfexe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe"=

R0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys [2004-10-06 18432]
R1 $sys$crater;$sys$crater;c:\windows\system32\$sys$filesystem\crater.sys [2004-10-07 11904]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-03-11 24652]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08b8e796-a843-11dd-b85a-0015c52210fa}]
\Shell\AutoRun\command - f:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e76aed45-bf8d-11db-b775-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6bb02ee-e969-11dc-b808-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 08:59]

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-09-19 16:36]
.
- - - - ORPHANS REMOVED - - - -

BHO-{775ce2da-057b-434d-9ef5-7b9832721ae5} - c:\windows\system32\potojinu.dll
HKLM-Run-gofesamuda - c:\windows\system32\vepogihe.dll
Notify-qomllki - qomllki.dll
SafeBoot-TDSSpqlt.sys

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/ig?hl=en
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
mSearchAssistant = hxxp://www.google.com/ie
FF - ProfilePath - c:\documents and settings\Dawn Balke\Application Data\Mozilla\Firefox\Profiles\f8mefu35.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 13:11:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\WRLogonNTF.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2009-01-10 13:17:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-10 19:17:29

Pre-Run: 1,787,056,128 bytes free
Post-Run: 1,757,351,936 bytes free

335 --- E O F --- 2008-12-12 17:23:24

Osiris · Jan 10, 2009

Was this the first log? If so can you run it again and post a new one?

dbdrake · Jan 10, 2009

Here is the final Hijackthis log after running all of the programs in the guide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:10, on 1/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6740 bytes

Osiris · Jan 10, 2009

Almost done

Run SFDIX

Bleeping Computer Downloads: SDFix

Reboot

Then run Combofix

Then run Hijackthis again

Post the logs from all 3 programs

Run the programs in the order you see here.

kimsland · Oct 12, 2009

I have noticed that you are running both Spy Sweeper and free AVG, but you have been heavily infected

If after running the above tools you still feel that you may have Malware installed, please do the following
Please note from doing the following will also help my debate with Osiris regarding how I believe AVG is quite useless, so please try it

One more note: Although I am a new member here I have over 16,000 posts in this forum and have resolved thousands of members computer faults.

Please uninstall Spy Sweeper, from Control Panel > Programs Add/remove
Please uninstall free AVG, from Control Panel > Programs Add/remove
Then run the AVG Remover from here: http://www.avg.com/filedir/util/support/avgremover_en.exe
Restart
Download and install the free Avira Antivirus: Free antivirus - Avira AntiVir
Confirm it is fully up to date
Run a full scan
Report back with your findings

From doing the above, I believe your system will be much better off, and likely more responsive

Please help with antivirus 2009!!!

dbdrake

Beta member

Osiris

Golden Master

dbdrake

Beta member

Osiris

Golden Master

dbdrake

Beta member

Osiris

Golden Master

dbdrake

Beta member

Osiris

Golden Master

kimsland

In Runtime

Similar threads