Infected. Someone help

Hi Everyone, I am having a terrible time with a few things. I am having trouble with ADW.PSGUARD, Trojan.intell32Trojan and some IE Helper that keeps wanting to pop up hpD719.tmp. I have done the following. I have restarted in Safe Mode, turned of system restore, ran Counter Spy and MS Beta and ran HiJackthis. Nothing has helped even after the above they still come back. Here is a log of my HiJackthis. Thanks in advance for everyones help.

Logfile of HijackThis v1.99.1
Scan saved at 4:43:15 PM, on 10/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunServAlert.exe
C:\Program Files\EasyZip\EZIP.EXE
C:\DOCUME~1\Default\LOCALS~1\Temp\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: HomepageBHO - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\System32\hp8041.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Dell Home - {A656FFE0-478C-11D4-AE1F-D0104BC17C2F} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: Java Mainframe Display (MFDFTX) - http://web3270.extra.daimlerchrysler.com/w2hlegacy/w2h_b/w2hlegacy/java/wdmfdftx.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud5.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://grd02309.guardian.com/qp2.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) -
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://grd11001.guardian.com/iNotes.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (WficaCtl Object) - http://my.guardian.com/metaframe/wfica.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://grd11001.guardian.com/download/dolcontrol.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097936006829
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

NEVER copy & paste a HijackThis log into your post. HijackThis logs are posted as ATTACHMENTS. You have HijackThis installed incorrectly.

You have not completed any of the steps required by our standard cleaning procedures.

Your Operating System is way out of date and you have no Anti-Virus program installed.

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

OK, then How do I edit my post to take the log out? Sorry for any problems I might have caused. Just looking for help...Its been a hard last couple of days due to the problems above.

 

You only have 5 minutes after you posted to edit your post. Follow the instructions in teh two threads I linked to, then come back here and post a fresh HijackThis log.

Also I would uninstall WinPatrol, CounterSpy, and Spy Sweeper; as they will block any of the fixes I have you do later. You can reinstall them after we are done.

 

OK, Shadow puter dude. I have spent the last 4hrs going thru the instructions above and I still have issues. I have all the logs for Spybot, Adaware SE, CCleaner,MS Beta etc... What do I do next? Do not want to post anything unless asked. These items ADW.PSGUARD Adaware, Trojan.intell32 Trojan still here. I followed step by step instructions givin. Thanks for helping so far, but 4hrs and I am still infected.

 

OK, now post post a fresh HijackThis log.

 

Here is the log from HJT...Thanks...I saved as an attachment as you requested in the instructions for HJT.

 

You have HijackThis install incorrectly. Please reinstall to C:\Program Files\HJT. Let me know when that has been done. It is very import you do this.

 

OK, lets try this..Thanks

 

Download
- Pocket Killbox

Now scan and have HJT Fix the following:

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Whatever ever you are using MSCONFIG to disable reenable.

Run HijackThis and post a fresh log.

 

Hey, BHO still remains. HJT would not delete and I lost my Kerio Firewall somewhere. Thanks

 

Please follow the instructions in this thread:
Smitfraud and PSGuard Removal

 

Here are the smitfiles. Thanks for your help today....

 

OK, that cleaned PSGuard. Post a fresh HijackThis log.

 

Dude, you are amazing. Thanks for helping over the last 9hrs. Should I re-install Counterspy and Winpatrol or is AdawareSE and the others you gave me enough. Is there a free Antivirus that you recommend? Thanks again...

 

OK, have HijackThis fix the following:

I like AVAST! Home Edition.

You should check out this thread
How to Protect yourself from malware!

Definitely have Ad-Aware SE, Spybot S&D, and SpywareBlaster installed. If you should also installed either Microsoft Anti-Spyware or SpywareGuard; you only need one of these. If you like CounterSpy, Spy Sweeper and WinPatrol by all means reinstall them.

Once you have done the above HijackThis fixes. Please post a fresh, just to make sure the fixes took.

 

I do not think HJT got them all. Looks like they come back...Thanks

 

Follow the instructions in this thread:
Running Ewido Security Suite

Post the Ewido log when finished.

 

Hey Shadow Dude..After 4hrs of scanning ewido, here is the log...Thanks

 

Download DelDomains and unzip it to your desktop.

Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install.

Afterwards run Spybot and make sure you re-Immunize immediately. Then run a full system scan. If you get any reported problems, attach the log from Spybot.

Also post a new HJT log