It is antivirus2009 and spysweeper. Please help. Thanks

[peku006]

Hi tiffanyle2000

1 - Clean temp files

• Download and Run ATF Cleaner
  Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.
  
  Under Main choose:
  • Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    *The other boxes are optional*
    Then click the Empty Selected button.
  
  if you use Firefox:
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
  
  if you use Opera:
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
  
  
  Click Exit on the Main menu to close the program

2 - F-Secure Online Scan

1. Please go to F-Secure website to perform an online scan. Click on Start scanning at the bottom of the page.
2. You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
3. Click on Accept to accept the License Agreement.
4. Click on Custom Scan.
   • Under Virus Scan Options, select the Scan whole system option.
   • Under Other Scan Options, select these options:
     • Scan all files
     • Scan whole system for rootkits
     • Scan whole system for spyware
     • Scan inside archives
     • Use advanced heuristics
5. Click Start.
6. It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
7. Click on I want decide item by item.
8. Under Actions, select None for all infections found.
9. Click Next.
10. Click on Show Report.
11. Please copy and paste this report in your next reply.
12. Click Finish.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the F-Secure online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006

[tiffanyle2000]

Scanning Report
Sunday, March 08, 2009 21:59:44 - 23:27:07
Computer name: UNITED-CARGO
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 11 malware found
Vundo.DZC (virus)
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSfxmp.dll.vir (Submitted)
Vundo.FBW (virus)
C:\Qoobox\Quarantine\C\WINDOWS\system32\ekahaluh.ini.vir (Submitted)
C:\Qoobox\Quarantine\C\WINDOWS\system32\elepaleg.ini.vir (Submitted)
C:\Qoobox\Quarantine\C\WINDOWS\system32\ivahalak.ini.vir (Submitted)
C:\Qoobox\Quarantine\C\WINDOWS\system32\odisinad.ini.vir (Submitted)
C:\Qoobox\Quarantine\C\WINDOWS\system32\ogayotez.ini.vir (Submitted)
C:\Qoobox\Quarantine\C\WINDOWS\system32\opikumon.ini.vir (Submitted)
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovatijeh.ini.vir (Submitted)
C:\Qoobox\Quarantine\C\WINDOWS\system32\umeyanol.ini.vir (Submitted)
C:\Qoobox\Quarantine\C\WINDOWS\system32\unojitef.ini.vir (Submitted)
C:\Qoobox\Quarantine\C\WINDOWS\system32\usajuhig.ini.vir (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 68240
System: 2751
Not scanned: 37
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 11
Submitted: 11
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{81901D13-1307-41A3-8A97-1C9220A87C5C}\{8F1035CB-C632-45A9-B75E-F85484ACF039}.skx\{8F1035CB-C632-45A9-B75E-F85484ACF039}.skx\radar.BMP
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{81901D13-1307-41A3-8A97-1C9220A87C5C}\{8F1035CB-C632-45A9-B75E-F85484ACF039}.skx\{8F1035CB-C632-45A9-B75E-F85484ACF039}.skx\icons.bmp
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{81901D13-1307-41A3-8A97-1C9220A87C5C}\{8F1035CB-C632-45A9-B75E-F85484ACF039}.skx\{8F1035CB-C632-45A9-B75E-F85484ACF039}.skx\Startup.xml
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{81901D13-1307-41A3-8A97-1C9220A87C5C}\{8F1035CB-C632-45A9-B75E-F85484ACF039}.skx\{8F1035CB-C632-45A9-B75E-F85484ACF039}.skx\MultiMode.zip
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{81901D13-1307-41A3-8A97-1C9220A87C5C}\{8F1035CB-C632-45A9-B75E-F85484ACF039}.skx\{8F1035CB-C632-45A9-B75E-F85484ACF039}.skx\startup.sgn
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{81901D13-1307-41A3-8A97-1C9220A87C5C}\{8F1035CB-C632-45A9-B75E-F85484ACF039}.skx\{8F1035CB-C632-45A9-B75E-F85484ACF039}.skx\MultiMode.sgn
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{81901D13-1307-41A3-8A97-1C9220A87C5C}\{B54166A6-E03A-4438-AE2E-CFDB2151E27A}.skx\{B54166A6-E03A-4438-AE2E-CFDB2151E27A}.skx\radar.BMP
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{81901D13-1307-41A3-8A97-1C9220A87C5C}\{B54166A6-E03A-4438-AE2E-CFDB2151E27A}.skx\{B54166A6-E03A-4438-AE2E-CFDB2151E27A}.skx\icons.bmp
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{81901D13-1307-41A3-8A97-1C9220A87C5C}\{B54166A6-E03A-4438-AE2E-CFDB2151E27A}.skx\{B54166A6-E03A-4438-AE2E-CFDB2151E27A}.skx\Startup.xml
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{81901D13-1307-41A3-8A97-1C9220A87C5C}\{B54166A6-E03A-4438-AE2E-CFDB2151E27A}.skx\{B54166A6-E03A-4438-AE2E-CFDB2151E27A}.skx\MultiMode.zip
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{81901D13-1307-41A3-8A97-1C9220A87C5C}\{B54166A6-E03A-4438-AE2E-CFDB2151E27A}.skx\{B54166A6-E03A-4438-AE2E-CFDB2151E27A}.skx\startup.sgn
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{81901D13-1307-41A3-8A97-1C9220A87C5C}\{B54166A6-E03A-4438-AE2E-CFDB2151E27A}.skx\{B54166A6-E03A-4438-AE2E-CFDB2151E27A}.skx\MultiMode.sgn
C:\DOCUMENTS AND SETTINGS\U_C\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\U_C\NTUSER.DAT.LOG
C:\DOCUMENTS AND SETTINGS\U_C\LOCAL SETTINGS\TEMP\~DFA27F.TMP
C:\DOCUMENTS AND SETTINGS\U_C\LOCAL SETTINGS\TEMP\~DFA2CA.TMP
C:\DOCUMENTS AND SETTINGS\U_C\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\U_C\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOG
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG

-----------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:40 PM, on 3/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Cleaner - {CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} - C:\Program Files\ClickClean\ClickClean.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O24 - Desktop Component 0: (no name) - http://l.yimg.com/a/i/ww/thm/1/grd-1px_1.4.gif

--
End of file - 4653 bytes

[peku006]

Hi tiffanyle2000
Things are looking good. Do you still notice any problems with your computer?

it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

[tiffanyle2000]

After testing my computer for 3 days, it looks very good to me. Only one time it was freezed and the mouse dead. Have to restart the computer. After that, everything working fine.
Thanks.

[peku006]

Hi tiffanyle2000

The scans are fine and it looks like your machine is clean

Next we remove all used tools.
Delete RSIT from your desktop, also delete this folder C:\rsit.

uninstall ComboFix:

• Click START then RUN
• Now type Combofix /u in the runbox and click OK

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• Check Turn off System Restore.
• Click Apply, and then click OK.
• Reboot.

Turn ON System Restore

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• UN-Check *Turn off System Restore*.
• Click Apply, and then click OK.

This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.


Happy safe surfing!

[peku006]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.