Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:25 PM, on 11/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\bluva!\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\bluva!\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bluva!\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bluva!\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bluva!\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.net-studio.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = search.net-studio.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{983ad4d4-8b63-442f-8684-fbc1c067949c} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 winsecure2009.microsoft.com
O1 - Hosts: 91.212.127.227 winsecure2009.com
O1 - Hosts: 91.212.127.227 www.winsecure2009.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3cfc0ff0-eeb4-4468-98f1-69efe5f92250} - fajejako.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Softonic-en Toolbar - {983ad4d4-8b63-442f-8684-fbc1c067949c} - C:\Program Files\Softonic-en\tbSof1.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Softonic-en Toolbar - {983ad4d4-8b63-442f-8684-fbc1c067949c} - C:\Program Files\Softonic-en\tbSof1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\explorer.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bluva!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SysNet - {A465A602-639B-4C4E-80BB-3144940910D2} - (no file)
O21 - SSODL: popibegig - {0a261d01-4380-4147-9a50-b62b2da76bc2} - (no file)
O21 - SSODL: zaduvipeb - {e8a5bc3a-7958-4642-8653-58bf9cd7e68f} - (no file)
O22 - SharedTaskScheduler: jugezatag - {0a261d01-4380-4147-9a50-b62b2da76bc2} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {e8a5bc3a-7958-4642-8653-58bf9cd7e68f} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekService\seekservice133.exe (file missing)
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8972 bytes

Please re-open HijackThis and scan. Check the boxes to the left of all the entries listed below.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.net-studio.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = search.net-studio.org
O1 - Hosts: 91.212.127.227 winsecure2009.microsoft.com
O1 - Hosts: 91.212.127.227 winsecure2009.com
O1 - Hosts: 91.212.127.227 www.winsecure2009.com
O2 - BHO: (no name) - {3cfc0ff0-eeb4-4468-98f1-69efe5f92250} - fajejako.dll (file missing)
O21 - SSODL: SysNet - {A465A602-639B-4C4E-80BB-3144940910D2} - (no file)
O21 - SSODL: popibegig - {0a261d01-4380-4147-9a50-b62b2da76bc2} - (no file)
O21 - SSODL: zaduvipeb - {e8a5bc3a-7958-4642-8653-58bf9cd7e68f} - (no file)
O22 - SharedTaskScheduler: jugezatag - {0a261d01-4380-4147-9a50-b62b2da76bc2} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {e8a5bc3a-7958-4642-8653-58bf9cd7e68f} - (no file)
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekService\seekservice133.exe (file missing)

Then, please exit all programs except for HijackThis (System Tray (bottom right of screen): right-click on each program icon and click an Exit or shut down option, etc.), then click Fix Checked.

After it completes its process, please close HijackThis and reboot your computer.

NEXT

Please download Rkill by Grinler, and save it to your Desktop.
Double-click on Rkill to run it. It will take a minute to shutdown running processes that the rogue program creates. It is important, please, that you do not reboot your computer, or shutdown, until asked to do so.

NEXT

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Please make sure a new HijackThis log and the Malwarebytes log is included in your next reply.

I think I have a problem with rkill. It doesn't ask me to restart, it just flashes. And I alreay have malwarebytes install. You think that's the reason?

Edit: okay so i did the scan anyways without restarting the computer. It found 5 things that didn't pop up before, and so far the computer seems to be working great. No pop ups

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:20 PM, on 12/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\bluva!\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\bluva!\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bluva!\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.net-studio.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = search.net-studio.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{983ad4d4-8b63-442f-8684-fbc1c067949c} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3cfc0ff0-eeb4-4468-98f1-69efe5f92250} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Softonic-en Toolbar - {983ad4d4-8b63-442f-8684-fbc1c067949c} - C:\Program Files\Softonic-en\tbSof1.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Softonic-en Toolbar - {983ad4d4-8b63-442f-8684-fbc1c067949c} - C:\Program Files\Softonic-en\tbSof1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\explorer.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bluva!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SysNet - {A465A602-639B-4C4E-80BB-3144940910D2} - (no file)
O21 - SSODL: popibegig - {0a261d01-4380-4147-9a50-b62b2da76bc2} - (no file)
O21 - SSODL: zaduvipeb - {e8a5bc3a-7958-4642-8653-58bf9cd7e68f} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8168 bytes


_____
Malwarebytes' Anti-Malware 1.41
Database version: 3268
Windows 5.1.2600 Service Pack 2

12/1/2009 3:33:42 PM
mbam-log-2009-12-01 (15-33-42).txt

Scan type: Full Scan (C:\|)
Objects scanned: 141944
Time elapsed: 19 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekservice (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\SeekService\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xa.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
  
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  
• This will start the program and scan your system.
  
• The scan will take a while, so be patient and let it run.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.
  

uh! forget what i said before! Its back to acting up again. The scan is compete and this is the result. I hope i post tis right.
Tuesday, December 1, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, December 01, 2009 20:31:03
Records in database: 3319607


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\

Scan statistics
Objects scanned 38784
Threats found 2
Infected objects found 2
Suspicious objects found 0
Scan duration 01:02:00

File name Threat Threats count
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice124.exe Infected: not-a-virus:AdWare.Win32.Zwangi.aa 1

C:\Documents and Settings\bluva!\My Documents\Downloads\unconfirmed 24679.download Infected: Trojan-Downloader.Win32.FraudLoad.gao 1

Selected area has been scanned.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

http://www.getsysteminfo.com/read.php?file=dd1992000b7cda7a0612f0f3bcd57a2f

Please open Malwarebytes' Anti-Malware, and click More Tools tab. Under FileASSASSIN, click Run Tool.

For each file listed below (this process only handles one file at a time), find its location, and you will see the name of the file in the Filename box, then click Open.

File to delete using FileASSASSIN:
C:\WINDOWS\system32\rmc_rtspdl.dll


The FileASSASSIN will then delete the file, or ask you to reboot your computer in order to delete it. Please allow it to reboot, if necessary.

==

Jotti File Submission:

• Please go to Jotti's malware scan
  
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  
  
  • C:\WINDOWS\system32\drivers\atapi.sys
  
  
  
• Click on the submit button
  
  
• Please post the results (URL) in your next reply.

I Hope im giving you the right url
http://virusscan.jotti.org/en/scanresult/c7d32046685c3a93f8cea39f644d5388bba9a5f2

If not it says nothing was found from all the different scanners.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please post the Malwarebytes and Security Check logs in your next reply. Also, please tell me how your computer is running.

Malwarebytes' Anti-Malware 1.41
Database version: 3281
Windows 5.1.2600 Service Pack 2

12/2/2009 5:05:14 PM
mbam-log-2009-12-02 (17-05-14).txt

Scan type: Quick Scan
Objects scanned: 105969
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\bluva!\My Documents\downloads\unconfirmed 24679.download (Rogue.Installer) -> Quarantined and deleted successfully.

______________________________________________
Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG Free 8.5
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 15
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

==

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

i can't download sp3. i get this error message
http://i50.tinypic.com/259gyt3.jpg

i follwed this guide to unlock: http://www.apartmentfinder.com/search.aspx?ecid=PS|ADM|21189S114209140
The program told me that it wasn't lock. So no clue now.

EDIT: lol im still getting redirected this is the site: http://social.technet.microsoft.com/Forums/en/itproxpsp/thread/8823d777-b1ff-4e8e-8e19-530bfcad8bb1

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

ComboFix 09-12-02.05 - bluva! 12/02/2009 20:36.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3061.2611 [GMT -5]
Running from: c:\documents and settings\bluva!\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-11-03 to 2009-12-03 )))))))))))))))))))))))))))))))
.

2009-12-02 23:04 . 2009-12-02 23:12 -------- d-----w- c:\program files\Unlocker
2009-12-02 22:47 . 2009-12-02 23:21 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-01 01:50 . 2009-12-01 01:50 -------- d-----w- c:\program files\Trend Micro
2009-11-29 22:12 . 2009-12-01 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-29 22:12 . 2009-11-29 22:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-29 22:06 . 2009-11-29 22:06 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-11-29 22:06 . 2005-10-18 00:50 245376 ----a-w- c:\windows\system32\rt2500usb.sys
2009-11-29 22:06 . 2004-04-24 03:43 374752 ----a-w- c:\windows\system32\WUSBGXP.sys
2009-11-29 22:06 . 2004-01-07 22:04 339488 ----a-w- c:\windows\system32\WUSB20XP.sys
2009-11-29 22:06 . 2009-11-29 22:06 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-11-28 05:12 . 2009-11-28 05:12 -------- d-----w- c:\program files\iPod
2009-11-28 05:12 . 2009-11-28 05:13 -------- d-----w- c:\program files\iTunes
2009-11-28 05:04 . 2009-11-28 05:04 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-28 05:03 . 2009-11-28 05:03 -------- d-----w- c:\program files\Safari
2009-11-28 05:00 . 2009-11-28 05:00 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-27 17:20 . 2009-11-27 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-27 17:20 . 2009-11-27 17:20 -------- d-----w- c:\documents and settings\bluva!\Application Data\Yahoo!
2009-11-27 17:20 . 2009-11-27 17:20 -------- d-----w- c:\program files\Yahoo!
2009-11-15 23:59 . 2009-11-15 23:59 -------- d-----w- c:\program files\Cablenut
2009-11-14 17:20 . 2009-11-14 17:20 -------- d-----w- c:\documents and settings\bluva!\Local Settings\Application Data\Gameztar Toolbar
2009-11-14 16:58 . 2009-11-14 16:59 -------- d-----w- C:\66e30e380b7408c7513a5fe5eed6ea
2009-11-14 16:49 . 2009-11-14 16:49 -------- d-----r- C:\AHCache
2009-11-09 15:11 . 2009-11-09 23:11 -------- d-----w- c:\documents and settings\bluva!\Local Settings\Application Data\kxfxee
2009-11-07 19:11 . 2009-11-07 19:11 -------- d-----w- c:\program files\RADVideo
2009-11-07 17:55 . 2009-11-07 17:55 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-07 17:30 . 2009-11-07 18:06 -------- d-----w- c:\documents and settings\bluva!\Local Settings\Application Data\jfkolg
2009-11-03 18:56 . 2009-11-04 22:02 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-01 02:47 . 2009-09-26 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-29 22:06 . 2009-09-19 21:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-29 22:06 . 2009-09-19 21:39 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-29 20:30 . 2009-10-31 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-28 05:26 . 2009-09-19 22:59 -------- d-----w- c:\documents and settings\bluva!\Application Data\Apple Computer
2009-11-28 05:12 . 2009-09-19 22:57 -------- d-----w- c:\program files\Common Files\Apple
2009-11-28 05:10 . 2009-09-19 22:58 -------- d-----w- c:\program files\QuickTime
2009-11-27 19:40 . 2009-09-20 00:37 -------- d-----w- c:\documents and settings\bluva!\Application Data\Any Video Converter
2009-11-27 18:06 . 2009-09-26 18:20 -------- d-----w- c:\program files\AVG
2009-11-27 17:15 . 2009-11-01 21:58 117760 ----a-w- c:\documents and settings\bluva!\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-26 17:39 . 2009-10-23 02:55 -------- d-----w- c:\program files\SeekService
2009-11-26 04:59 . 2009-09-20 01:41 -------- d-----w- c:\program files\Replay Media Catcher
2009-11-26 04:49 . 2009-09-20 01:14 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-11-26 04:49 . 2009-09-20 00:19 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-11-23 21:53 . 2009-11-01 21:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-20 05:28 . 2009-09-21 03:36 -------- d-----w- c:\documents and settings\bluva!\Application Data\Publish Providers
2009-11-14 17:04 . 2009-09-20 00:36 -------- d-----w- c:\program files\Paint.NET
2009-11-14 17:02 . 2009-09-19 22:59 68456 ----a-w- c:\documents and settings\bluva!\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 17:00 . 2009-09-20 00:02 158528 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-09 15:11 . 2009-09-20 00:39 -------- d-----w- c:\program files\Softonic-en
2009-11-01 21:58 . 2009-11-01 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-01 21:58 . 2009-11-01 21:58 -------- d-----w- c:\documents and settings\bluva!\Application Data\SUPERAntiSpyware.com
2009-11-01 21:57 . 2009-11-01 21:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-01 20:15 . 2009-11-01 20:15 -------- d-----w- c:\documents and settings\bluva!\Application Data\IObit
2009-11-01 20:15 . 2009-11-01 20:15 -------- d-----w- c:\program files\IObit
2009-11-01 01:00 . 2009-11-01 00:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 23:01 . 2009-10-31 23:01 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

EDIT!: I have sp3 now! thanks. upgrading java and adobe then imma run malware scan.


Malwarebytes' Anti-Malware 1.41
Database version: 3283
Windows 5.1.2600 Service Pack 3

12/2/2009 9:30:57 PM
mbam-log-2009-12-02 (21-30-57).txt

Scan type: Quick Scan
Objects scanned: 104196
Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)