BuddyPic / jpg infected me, popups and sending of IMs to spread virus

[kthorne]

Help! I accidently opened a link from my sister and am now infected. What's happening is, I get popups occasionally, but also, whenever I start to run IM programs, they randomly send out a msg like, "Hey, I found your pic. Click here: http:\\....buddypic.com\....jpg." But that's an exe that infects you.

Attached is my hjt log.

 

[Mictlantecuhtli]

I'd kill these processes:

C:\WINDOWS\csrvs.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\windows\adtech2006.exe
C:\WINDOWS\S2V2aW4gVGhvcm5l\command.exe
C:\PROGRA~1\COMMON~1\qzkq\qzkqm.exe
C:\PROGRA~1\COMMON~1\qzkq\qzkqa.exe
C:\WINDOWS\system32\igps.exe
C:\WINDOWS\system32\pgws.exe


And fix these with HJT:

O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2006] c:\windows\adtech2006.exe
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
O4 - HKLM\..\Run: [0wao06rs.dll] RUNDLL32.EXE 0wao06rs.dll,b 25724421
O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\sle.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2V2aW4gVGhvcm5l\command.exe
O23 - Service: Secure HTTP (Service Secured) - Unknown owner - C:\WINDOWS\csrvs.exe