Please help and thank you:
Did both the scans in the "malware instructions" but the Kaspersky one is rather long.
Cannot use spybot in safe mode, it's blocked by a windows pop up thing that has an
error message "no disk".
When i go in safe mode as "admin", there's no spybot there.
Get same spyware balloons etc that other describe in their threads here.
I have removed it all in spybot in regular mode, but it keeps returning and worse each time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:18 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
i:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
I:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
I:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
I:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\wscntfy.exe

I:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\Program Files\QuickTime\qttask.exe

I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

I:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
I:\Program Files\Outlook Express\msimn.exe
I:\Program Files\MSN Messenger\msnmsgr.exe
I:\Program Files\MSN Messenger\usnsvc.exe
I:\WINDOWS\System32\rsvp.exe
I:\WINDOWS\system32\notepad.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by...............
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (disabled by BHODemon)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {E75B284A-D5D0-4F5D-9BD3-59637A85F5D0} - I:\WINDOWS\werbetlsp.dll (disabled by BHODemon)
O3 - Toolbar: The hdtip - {872F66C1-E394-4545-8843-EDE16648058A} - I:\WINDOWS\hdtip.dll
O4 - HKLM\..\Run: [vptray] I:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] I:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] I:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll

End of file -

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

1) You are infected, please read the directions again:

Note: In notepad under Format, uncheck "Word Wrap" Produce all HJT logs like this, single spaced.
single-spaced - (of type or print) not having a blank space between lines.

2) You have cut off your HJT log also, when in notepad click on Edit at the top then Select All, copy and paste the complete highlited information.

3) I:\Program Files\Java\jre1.5.0_06\ <<< Java is out of date, follow these instructions.
http://forums.spybot.info/showpost.php?p=12880&postcount=2
4) TeaTimer will block changes we must make, use these instruction to turn it off until we are done.
http://russelltexas.com/malware/teatimer.htm

5) Wait on the Kaspersky scan, I will ask you to run it again and request it when I need it.

6) http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.

Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

Post only the C:\rapport.txt

Thanks

This topic is closed due to lack of a response.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks