tlo06

I have had this problem for months now and have tried every anti-virus program known to man to remove the virus. I think it might be virtumonde but i'm not so sure anymore. I ran Spybot Search and Destroy and Virtumonde was on there a couple times but now when I scan it, it doesn't show up. Instead, other Ad-Type stuff show up..and they keep coming back.
Things such as Double Click, Fast CLick, etc.

I open up IE and a bunch of windows keep popping up and I'm unable to close them therefore I have to end it through task manager. I've been using Firefox but I still get a bunch of pop ups, just not continuously. If anyone can help me fix this problem, I would be very grateful!

Here's the DDS log:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Tina at 16:58:18.35 on Mon 06/29/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.266 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\bcmntray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tina\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.html.com/
uInternet Settings,ProxyOverride = *.local
BHO: {0A92387D-E9BE-491F-9FBE-8D28073E1963} - No File
BHO: {36f05721-f6f1-4883-bac0-4f9bde7fd917} - c:\windows\system32\byXOhIyY.dll
BHO: {1006ea03-e0bd-6469-c1b4-5c8b3fdb2b83}: {38b2bdf3-b8c5-4b1c-9646-db0e30ae6001} - c:\windows\system32\hcwoqe.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6D3EFB66-AD1F-4B0F-BF5D-DDCAE2E55211} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {EF331C97-39F4-4776-AEDF-9672C979D088} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\bcmntray
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\tina\startm~1\programs\startup\bhodem~1.lnk - c:\program files\bhodemon 2\BHODemon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228403100984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {D6F3A017-8FF4-4342-B666-4B9CEF28F84C} = 71.252.0.12,71.242.0.12
TCP: {E884C94A-A8A6-4D8D-9216-8133BA0F6C4E} = 71.252.0.12,71.242.0.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: cbXNGxyw - cbXNGxyw.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: hcwoqe.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\byXOhIyY

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tina\applic~1\mozilla\firefox\profiles\ek1a2kkc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-1-24 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-24 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-24 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-24 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-24 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-24 298776]
S0 daqyuacf;daqyuacf;c:\windows\system32\drivers\fpqpijmh.sys --> c:\windows\system32\drivers\fpqpijmh.sys [?]
S1 edasrokn;edasrokn;\??\c:\windows\system32\drivers\edasrokn.sys --> c:\windows\system32\drivers\edasrokn.sys [?]

=============== Created Last 30 ================

2009-06-28 17:21 <DIR> --d----- c:\program files\BHODemon 2
2009-06-28 17:04 <DIR> --d----- C:\VundoFix Backups
2009-06-28 11:54 <DIR> --d----- c:\windows\system32\LogFiles
2009-05-31 19:09 <DIR> --d----- c:\program files\CCleaner
2009-05-31 18:11 95 a------- c:\windows\wininit.ini

==================== Find3M ====================

2009-06-11 08:58 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-30 09:34 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-01-26 02:29 2,516 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-01-26 02:19 88 ---shr-- c:\docume~1\alluse~1\applic~1\2E98638424.sys

============= FINISH: 16:59:29.89 ===============

Attached Files

Attach.zip (3.0 KB, 2 views)