Cannot remove smitfraud-c

Result of Jotti

Service load: 0% 100%

File: nsysaudm.sys
Status: INFECTED/MALWARE
MD5: 03bff1de5b708e92a1926ba4a33595d0
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 18 Aug 2007 13:04:45 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found RootKit.Agent.ma
Sophos Antivirus Found nothing
VirusBuster Found Rootkit.Agent.UIP
VBA32 Found Trojan.NtRootKit.138
 
Hi

Yes, it's bad and we need a sample:

Download suspicious file packer from here

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

C:\Documents and Settings\Beth\Local Settings\Temp\nsysaudm.sys

Go to spykiller

Press new topic, make threads title "Files for Shaba"
Include to your message a link to here, then attach the cab/zip file to your message and post the topic
If you cant locate it through the browse button just copy/paste the filename and path.

Please after doing that, we'll continue :)
 
Hi and thanks for the file.

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\Documents and Settings\Beth\Local Settings\Temp\nsysaudm.sys

Driver::
nsysaudm

Save this as "CFScript"

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
Filelogs as requested

ComboFix 07-08-14.4 - "Ian" 2007-08-18 21:00:25.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.66 [GMT 1:00]
Command switches used :: C:\Documents and Settings\Ian.COLLINSFAMILY\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\Documents and Settings\Beth\Local Settings\Temp\nsysaudm.sys


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Beth\Local Settings\Temp\nsysaudm.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NSYSAUDM
-------\nsysaudm


((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))


2007-08-18 11:48 <DIR> d-------- C:\!KillBox
2007-08-16 18:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 17:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-15 12:44 33,408 --a------ C:\WINDOWS\system32\drivers\freedom.sys
2007-08-15 12:43 <DIR> d-------- C:\Program Files\Common Files\PestPatrol
2007-08-15 12:43 <DIR> d-------- C:\Program Files\Common Files\Command Software
2007-08-15 12:41 <DIR> d-------- C:\Program Files\Virgin Broadband
2007-08-14 19:00 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-08-14 19:00 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-08-14 18:35 <DIR> d-------- C:\Program Files\WindowsUpdate
2007-08-13 20:11 <DIR> d-------- C:\Program Files\BrainTrainAge
2007-08-11 19:02 <DIR> d-------- C:\WINDOWS\pss
2007-08-10 07:35 <DIR> d-------- C:\DOCUME~1\Jack\APPLIC~1\SoftwareDetectionScripts
2007-08-09 19:06 <DIR> d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\SoftwareDetectionScripts
2007-08-09 19:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\temp
2007-08-09 18:59 <DIR> d-------- C:\WINDOWS\system32\SearchTool
2007-08-09 18:59 <DIR> d-------- C:\Program Files\Mywenger
2007-08-09 18:59 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-08-06 10:56 <DIR> d-------- C:\Program Files\PogoSticker
2007-08-06 10:43 <DIR> d-------- C:\Program Files\Speed Thrasher
2007-08-05 12:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-05 12:28 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-04 15:38 <DIR> d-------- C:\Program Files\Disney
2007-07-31 18:14 <DIR> d-------- C:\DOCUME~1\Jack\APPLIC~1\IMVU
2007-07-31 18:13 <DIR> d-------- C:\Program Files\IMVU
2007-07-28 19:55 <DIR> d-------- C:\DOCUME~1\Karen\APPLIC~1\Apple Computer
2007-07-26 15:34 <DIR> d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\Apple Computer
2007-07-26 15:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-22 14:46 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-07-22 12:32 <DIR> d-------- C:\WINDOWS\.jagex_cache_34


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-17 18:06 45321 --a------ C:\WINDOWS\system32\CAUnst.exe
2007-08-15 12:47 --------- d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\Virgin Broadband
2007-08-12 20:57 --------- d-------- C:\Program Files\Lexmark X1100 Series
2007-08-10 16:27 --------- d-------- C:\Program Files\Google
2007-08-09 19:13 --------- d-------- C:\Program Files\ntl
2007-07-26 15:32 --------- d-------- C:\Program Files\QuickTime
2007-07-21 11:58 --------- d-------- C:\Program Files\Puppy Luv
2007-07-19 07:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-15 20:48 --------- d-------- C:\Program Files\LimeWire
2007-07-13 00:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-07 12:07 --------- dr-h----- C:\DOCUME~1\IAN~1.COL\APPLIC~1\yahoo!
2007-07-07 11:13 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-07-07 11:13 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-07-07 11:09 --------- d-------- C:\Program Files\Motorola Phone Tools
2007-07-07 11:05 --------- d-------- C:\Program Files\Common Files\Motorola Shared
2007-07-07 11:01 --------- d-------- C:\Program Files\Avanquest update
2007-07-07 11:01 --------- d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\InstallShield
2007-06-30 12:20 --------- d-------- C:\Program Files\DivX
2007-06-29 17:12 --------- d-------- C:\Program Files\Kontiki
2007-06-29 17:12 --------- d-------- C:\Program Files\Channel4
2007-06-27 23:45 --------- d-------- C:\Program Files\Vizumi
2007-06-27 23:16 --------- d-------- C:\Program Files\Maxis
2007-06-27 23:12 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-27 23:12 --------- d-------- C:\Program Files\Home Cinema
2007-06-27 23:12 --------- d-------- C:\Program Files\CyberLink
2007-06-27 23:07 --------- d-------- C:\Program Files\Disney Interactive
2007-06-27 23:05 --------- d-------- C:\Program Files\Broken Sword II
2007-06-27 15:34 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --a--c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --a--c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --a--c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --a--c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --a--c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --a--c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --a--c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --a--c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --a--c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 21:07 --------- d-------- C:\Program Files\Windows Live
2007-06-20 21:07 --------- d-------- C:\Program Files\MSN Messenger
2007-06-20 21:07 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 11:23 1033216 --------- C:\WINDOWS\explorer.exe
2006-11-09 09:16 0 --a------ C:\Program Files\Common Files\err.log


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C07F60AC-688D-4F3E-89EC-30B281BDD2CC}]
2007-08-17 18:06 421888 --a------ C:\_OTMOV~1\MOVEDF~1\WINDOWS\system32\asclvoib.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
"SoundMan"="SOUNDMAN.EXE" [2005-03-25 05:20 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 19:03]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:43]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 19:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 18:59]
"CHotkey"="zHotkey.exe" [2004-05-17 18:30 C:\WINDOWS\zHotkey.exe]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-08 15:53 C:\WINDOWS\AGRSMMSG.exe]
"4oD"="C:\Program Files\Kontiki\KHost.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-01-24 14:12]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-01-24 18:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 16:03]
"LifeCU"="C:\WINDOWS\system32\BastaYa.exe" [2007-01-10 19:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys
S3 ZSMC302;PCL-W310;C:\WINDOWS\system32\Drivers\usbvm302.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44c422bd-7bf6-11db-887b-0013d389a330}]
AutoRun\command- G:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-08-07 17:07:20 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job - C:\Program Files\SpywareBot\SpywareBot.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 21:09:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-18 21:13:16 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-18 21:13
C:\ComboFix2.txt ... 2007-08-18 13:31
C:\ComboFix3.txt ... 2007-08-17 18:19

--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:29, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vc.freedom.net/html/virus_definition_template.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\_OTMOV~1\MOVEDF~1\WINDOWS\system32\asclvoib.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jack\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123753183109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123758956265
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe

--
End of file - 6931 bytes
 
Hi

Is this up-to-date?

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
 
Logfile

Cannot paste Kapersky report to much text. Please advise.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:40, on 19/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vc.freedom.net/html/virus_definition_template.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\_OTMOV~1\MOVEDF~1\WINDOWS\system32\asclvoib.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jack\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123753183109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123758956265
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe

--
End of file - 7036 bytes
 
Hi

Is Command Antivirus up-to-date?

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

You can edit out all lines with object locked skipped; size should reduce significantly.
 
Kapersky Report

I don't know what the Command Anti virus is?? news to me, I'm using Freedom Anti virus from Virgin PCGuard and this is up to date.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, August 19, 2007 2:47:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 19/08/2007
Kaspersky Anti-Virus database records: 385111
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 144914
Number of viruses found: 17
Number of infected objects: 60
Number of suspicious objects: 0
Duration of the scan process: 01:50:49

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\Beth\Local Settings\Temp\ErrorProtectorFreeSetup.exe/file03 Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\Beth\Local Settings\Temp\ErrorProtectorFreeSetup.exe/file04 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Beth\Local Settings\Temp\ErrorProtectorFreeSetup.exe Inno: infected - 2 skipped
C:\Documents and Settings\Beth\My Documents\My Pictures\barbie icons.exe/WISE0016.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Beth\My Documents\My Pictures\barbie icons.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\Beth\My Documents\My Pictures\barbie icons.exe/WISE0018.BIN/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.Accoona.b skipped
C:\Documents and Settings\Beth\My Documents\My Pictures\barbie icons.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.Accoona.b skipped
C:\Documents and Settings\Beth\My Documents\My Pictures\barbie icons.exe/WISE0019.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped
C:\Documents and Settings\Beth\My Documents\My Pictures\barbie icons.exe/WISE0020.BIN/data0002 Infected: not-a-virus:AdWare.Win32.WebRebates.r skipped
C:\Documents and Settings\Beth\My Documents\My Pictures\barbie icons.exe/WISE0020.BIN/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\Documents and Settings\Beth\My Documents\My Pictures\barbie icons.exe/WISE0020.BIN/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\Documents and Settings\Beth\My Documents\My Pictures\barbie icons.exe/WISE0020.BIN/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\Documents and Settings\Beth\My Documents\My Pictures\barbie icons.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\Documents and Settings\Beth\My Documents\My Pictures\barbie icons.exe WiseSFX: infected - 10 skipped
C:\Documents and Settings\Beth\My Documents\My Pictures\barbie icons.exe WiseSFX Dropper: infected - 10 skipped
C:\Documents and Settings\Jack\My Documents\My Received Files\ring ring bannana phone naked.rar/setup.exe/data0005 Infected: not-a-virus:AdWare.Win32.NetNucleus.b skipped
C:\Documents and Settings\Jack\My Documents\My Received Files\ring ring bannana phone naked.rar/setup.exe/data0006/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.h skipped
C:\Documents and Settings\Jack\My Documents\My Received Files\ring ring bannana phone naked.rar/setup.exe/data0006/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.h skipped
C:\Documents and Settings\Jack\My Documents\My Received Files\ring ring bannana phone naked.rar/setup.exe/data0006 Infected: not-a-virus:AdWare.Win32.TrafficSol.h skipped
C:\Documents and Settings\Jack\My Documents\My Received Files\ring ring bannana phone naked.rar/setup.exe/data0007/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.dy skipped
C:\Documents and Settings\Jack\My Documents\My Received Files\ring ring bannana phone naked.rar/setup.exe/data0007/stream Infected: not-a-virus:AdWare.Win32.Agent.dy skipped
C:\Documents and Settings\Jack\My Documents\My Received Files\ring ring bannana phone naked.rar/setup.exe/data0007 Infected: not-a-virus:AdWare.Win32.Agent.dy skipped
C:\Documents and Settings\Jack\My Documents\My Received Files\ring ring bannana phone naked.rar/setup.exe Infected: not-a-virus:AdWare.Win32.Agent.dy skipped
C:\Documents and Settings\Jack\My Documents\My Received Files\ring ring bannana phone naked.rar RAR: infected - 8 skipped
C:\Documents and Settings\Luke\Local Settings\Temporary Internet Files\Content.IE5\KTAZGDQN\444444[1].htm Infected: Trojan-Downloader.JS.Psyme.eb skipped
C:\Documents and Settings\Luke\My Documents\My Music\Eighties classic.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Luke\My Documents\My Music\TOTALLY HIP TRACK.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Luke\My Documents\My Music\Wicked Remix.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Luke\My Documents\NeroVision\Incomplete\Preview-T-4335426-Eighties classic.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Luke\My Documents\NeroVision\Incomplete\T-3045752-01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Program Files\filesubmit\prin7.zip\atoolbar400134.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.Accoona.b skipped
C:\Program Files\filesubmit\prin7.zip\atoolbar400134.exe WiseSFX: infected - 1 skipped
C:\Program Files\filesubmit\prin7.zip\atoolbar400134.exe WiseSFX Dropper: infected - 1 skipped
C:\Program Files\filesubmit\prin7.zip\WebRebates_InstallS.exe/data0002 Infected: not-a-virus:AdWare.Win32.WebRebates.r skipped
C:\Program Files\filesubmit\prin7.zip\WebRebates_InstallS.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\Program Files\filesubmit\prin7.zip\WebRebates_InstallS.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\Program Files\filesubmit\prin7.zip\WebRebates_InstallS.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\Program Files\filesubmit\prin7.zip\WebRebates_InstallS.exe NSIS: infected - 4 skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070816-191447-512.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070817-105149-983.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070817-174029-391.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vcbhafjl.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP19\A0001729.dll Infected: not-a-virus:AdWare.Win32.HotBar.cc skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP20\A0001771.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP20\A0001869.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP22\A0002977.dll Infected: not-a-virus:AdWare.Win32.HotBar.cc skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP22\A0003006.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP23\A0003022.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\change.log Object is locked skipped
C:\WINDOWS\5-a0c18a429b8010fee34ee31d9073371d.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.TrafficSol.d skipped
C:\WINDOWS\5-a0c18a429b8010fee34ee31d9073371d.exe/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.d skipped
C:\WINDOWS\5-a0c18a429b8010fee34ee31d9073371d.exe NSIS: infected - 2 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\BastaYa.exe Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\WINDOWS\system32\brrotate.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.d skipped

C:\WINDOWS\system32\italfds.exe Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\WINDOWS\system32\SearchTool\nsa1C.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\WINDOWS\system32\SearchTool\SearchTool.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\asclvoib.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 
Hi

That's the same thing under different name :)

Please download ATF Cleaner by Atribune and save
it to desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

Empty these folders:

C:\Documents and Settings\Beth\Local Settings\Temp
C:\QooBox\Quarantine
C:\_OTMoveIt\MovedFiles

Delete these:

C:\Documents and Settings\Beth\My Documents\My Pictures\barbie icons.exe
C:\Documents and Settings\Jack\My Documents\My Received Files\ring ring bannana phone naked.rar
C:\Documents and Settings\Luke\My Documents\My Music\Eighties classic.wma
C:\Documents and Settings\Luke\My Documents\My Music\TOTALLY HIP TRACK.wma
C:\Documents and Settings\Luke\My Documents\My Music\Wicked Remix.wma
C:\Documents and Settings\Luke\My Documents\NeroVision\Incomplete\Preview-T-4335426-Eighties classic.wma
C:\Documents and Settings\Luke\My Documents\NeroVision\Incomplete\T-3045752-01 Track 1.wma
C:\Program Files\filesubmit\prin7.zip
C:\WINDOWS\5-a0c18a429b8010fee34ee31d9073371d.exe
C:\WINDOWS\system32\BastaYa.exe
C:\WINDOWS\system32\brrotate.dll
C:\WINDOWS\system32\italfds.exe
C:\WINDOWS\system32\SearchTool
C:\WINDOWS\system32\SmartShopper

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
Logfile and Kapersky Report as requested

Could not empty Folder C:_OTMoveIt\MovedFiles (message 'cannot delete asclvoib.dll, access denied).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:13, on 19/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vc.freedom.net/html/virus_definition_template.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\_OTMOV~1\MOVEDF~1\WINDOWS\system32\asclvoib.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jack\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123753183109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123758956265
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe

--
End of file - 7036 bytes

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, August 19, 2007 5:57:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 19/08/2007
Kaspersky Anti-Virus database records: 385131
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 131588
Number of viruses found: 8
Number of infected objects: 30
Number of suspicious objects: 0
Duration of the scan process: 01:42:53

Infected Object Name / Virus Name / Last Action
C:\!KillBox\asclvoib.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\!KillBox\asclvoib.dll( 1) Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070816-191447-512.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070817-105149-983.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070817-174029-391.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP19\A0001729.dll Infected: not-a-virus:AdWare.Win32.HotBar.cc skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP20\A0001771.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP20\A0001869.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP22\A0002977.dll Infected: not-a-virus:AdWare.Win32.HotBar.cc skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP22\A0003006.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP23\A0003022.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003207.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.TrafficSol.d skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003207.exe/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.d skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003207.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003208.exe Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003209.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.d skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003210.exe Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003211.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003213.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003214.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003216.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.Accoona.b skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003216.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003216.exe WiseSFX Dropper: infected - 1 skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003221.exe/data0002 Infected: not-a-virus:AdWare.Win32.WebRebates.r skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003221.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003221.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003221.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\System Volume Information\_restore{1506C531-5A27-4107-AE68-02DD7D553190}\RP29\A0003221.exe NSIS: infected - 4 skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\asclvoib.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped


Scan process completed.
 
Hi

Empty these folders (in safe mode if not successful otherwise):

C:\!KillBox\
C:\_OTMoveIt\MovedFiles\

Delete these:

C:\Program Files\Trend Micro\HijackThis\backups\backup-20070816-191447-512.dll
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070817-105149-983.dll
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070817-174029-391.dll

Empty Recycle Bin

All other viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
 
Folders emptied and files deleted.

Folders emptied and files deleted.

The only problem I have left is that spybot cannot remove funwebproducts but if this is not that dangerous will deal with at a later date. Other than that all clear. Thanks very much for all your help much appreciated. :bigthumb:
 
Hi

Please then post spybot report here:

* Close all browsers.
* Open SpyBot, check for and get any updates available.
* Check for problems and fix everything found in red
* Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

* Uncheck[ ] do not report disabled or known legitimate Items.
* Uncheck[ ] Include a list of services in report.
* Uncheck[ ] Include uninstall list in report.

* Now select (near the top) view report.
* Click export and in the 'save in' box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.
 
Spybot report

Which shall I uncheck as the report is to big to upload. Thanks.

1. Include results of last check in report
2. Include activex list in report
3. Include browser pages in report
4. Include start up list in report
5. Include system information in report
6. Include BHO list in report
7. Include process list in report
8. Include list of Winsock LSPs in report
 
Hi

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-18\Software\Fun Web Products]

[-HKEY_USERS\S-1-5-20\Software\Fun Web Products]

[-HKEY_USERS\S-1-5-19\Software\Fun Web Products]

[-HKEY_USERS\.DEFAULT\Software\Fun Web Products]

It should look like this ->
reg.gif


Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

Re-scan with spybot and tell me that has resolved the problem?
 
HijackThis Log as requested

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:12, on 21/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vc.freedom.net/html/virus_definition_template.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\_OTMOV~1\MOVEDF~1\WINDOWS\system32\asclvoib.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: spywareblaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jack\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123753183109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123758956265
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe

--
End of file - 6843 bytes
 
You must log in or register to reply here.
Back
Top