I have been getting popups regarding WiniFighter for the past 1-2 days. I have attempted to clean using Spybot Search & Destroy as well as Spyware Doctor, which I later uninstalled. I have now run Spybot Search & Destroy at least 5-6 times, and still have bad things coming up, so figured it was time to ask for help. I do not have the directories that are said to be deleted if infected with WiniFighter, and I briefly looked through the registry and didn't see anything at first glance. I downloaded and installed RunAlyzer but am unaware how to use it so that's as far as I've got.
Thank you.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:03 PM, on 8/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\USBStorage\USBDetector.exe
C:\Program Files\CRW\shwicon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\Brownie\BrstsWnd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\gb9iengh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.17r023] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.17r023"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2994] command /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7475] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2076] command /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6580] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6055] command /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7007] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1975] command /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2742] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4187] command /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3925] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5126] command /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC834] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9408] command /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5122] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA732] command /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6037] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2414] command /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC667] cmd /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7032] command /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6159] cmd /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [gb9iengh.exe] C:\WINDOWS\system32\gb9iengh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB389] command /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1122] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4875] command /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9080] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1437] command /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD671] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB223] command /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5261] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7167] command /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1097] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB965] command /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7308] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8970] command /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1544] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4123] command /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6716] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1984] command /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9376] cmd /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4574] command /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7212] cmd /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'User')
O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-1005\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'User')
O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-1005\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl (User 'User')
O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-501\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_1.ocx
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC53C825-75D4-48EB-BFC6-AB8946AD24BA}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\pokodezu.html
O24 - Desktop Component 1: (no name) - C:\Program Files\Common Files\mehe.html
--
End of file - 16086 bytes