Multiple Trojans detected using CAVS.

Learn about Computer Security Virus/Malware Removal Assistance
#1

Hello I have just recently switched back to CAVS Beta 2.0 and Comodo Firewall. I was using Norton 360 when I got infected. I did a free online scan with Kaspersky because I wasn’t getting anything with norton but I knew something was wrong. I was barely able to use my computer. I am using Windows xp home sp2 completely up to date. I use spybot search and destroy and spyware blaster. All are fully updated including windows. I mostly use firefox but used IE when I had norton. Now that I have CAVS running I have most of the functionality of the computer back but still need to remove the trojans that it has quarintined. I have a log for hijack this and I have the log from kapersky. Not sure if you want me to copy and past or just attatch the files. please let me know if you need more information. Sorry the name of the Trojans is Trojan-Spy.Win32.VBstat.h and nat-a-virusAdWare.Win32.Virtumonde.ar and Trojan-Spy.Win32.VBStat.h and Trojan.Win32.BHO.g and Trojan-Spy.Win32.VBStat.h and the last one again. As well every time I try to start in safe mode it loads to a black screen that says safemode around the edges but there is no start button. Ran CAVS in safe mode but nothing was found. I think I have listed every thing.

Please let me know if you want me to copy and past the logs or just attatch the files I have

#2

Wow sorry this is off-topic but comodo detected trojans that norton couldnt already? CAV isnt even out of beta yet. :BNC

Must be Boclean signatures?

#3

For the first step, make sure you do not enter any sensitive information into the computer. For the list of sites that it logs keystrokes for is at (Although it may not log logons, i would not trust it):

http://www.avira.com/en/threats/section/fulldetails/id_vir/3144/tr_bho.g.html

The other one (Trojan-Spy.Win32.VBstat.h) also seems to steal information.

Please run SuperAntispyware free linked to at (https://forums.comodo.com/index.php/topic,4866.0.html). Install, Update the definitions and run a scan in safe mode. Let it delete what it finds and post the log here.

Once that is done also post a hijackthis log. (https://forums.comodo.com/index.php/topic,4866.0.html)

#4

I want to let you know that I tried to run SuperAnti spyware in safemode but it wouldn’t let me. I was able to run CAVS in safe mode through the browse option in the task manager. I get a black screen when I boot in safe mode. I don’t know how to fix this.

Here is my first Kaspersky online scan

KASPERSKY ONLINE SCANNER REPORT
Monday, April 09, 2007 7:47:19 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 10/04/2007
Kaspersky Anti-Virus database records: 293429

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:
C:
D:
E:
F:\

Scan Statistics
Total number of scanned objects 107293
Number of viruses found 3
Number of infected objects 13
Number of suspicious objects 0
Duration of the scan process 01:02:33

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Alex\Application Data\Roxio\MediaManager9\Album.ldb Object is locked skipped

C:\Documents and Settings\Alex\Application Data\Roxio\MediaManager9\Album.psod Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\A5A6CDFF.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\John.housecall6.6\Quarantine\n00zn00zn00zn00z.rar.bac_a02352/Setup.exe Infected: Backdoor.Win32.IRCBot.tk skipped

C:\Documents and Settings\John.housecall6.6\Quarantine\n00zn00zn00zn00z.rar.bac_a02352 ZIP: infected - 1 skipped

C:\Documents and Settings\John.housecall6.6\Quarantine\n00zn00zn00zn00z.rar.bac_a02352 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\John.housecall6.6\Quarantine\Setup.exe.bac_a02352 Infected: Backdoor.Win32.IRCBot.tk skipped

C:\Documents and Settings\John.housecall6.6\Quarantine\t.rar.bac_a02352/Setup.exe Infected: Backdoor.Win32.IRCBot.tk skipped

C:\Documents and Settings\John.housecall6.6\Quarantine\t.rar.bac_a02352 ZIP: infected - 1 skipped

C:\Documents and Settings\John.housecall6.6\Quarantine\t.rar.bac_a02352 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\John\Application Data\Roxio\MediaManager9\Album.ldb Object is locked skipped

C:\Documents and Settings\John\Application Data\Roxio\MediaManager9\Album.psod Object is locked skipped

C:\Documents and Settings\John\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\John\Desktop\New Folder (2)\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\John\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\John\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped

C:\Documents and Settings\John\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped

C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\John\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\John\Local Settings\Temp\Perflib_Perfdata_41c.dat Object is locked skipped

C:\Documents and Settings\John\Local Settings\Temp\Perflib_Perfdata_bf0.dat Object is locked skipped

C:\Documents and Settings\John\Local Settings\Temp\Perflib_Perfdata_bf8.dat Object is locked skipped

C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\John\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\John\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Rachel\Application Data\Roxio\MediaManager9\Album.ldb Object is locked skipped

C:\Documents and Settings\Rachel\Application Data\Roxio\MediaManager9\Album.psod Object is locked skipped

C:\Documents and Settings\Rachel\Desktop\New Folder (2)\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\Bonus\Log\Shazam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped

C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped

C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped

C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped

C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped

C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped

C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped

C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped

C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped

C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped

C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped

C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache{7FDF8FA8-4F9C-4C55-BBC7-ED9D354EB8EA}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\cc19.tmp Object is locked skipped

C:\WINDOWS\Temp\cc1A.tmp Object is locked skipped

C:\WINDOWS\Temp\cc1B.tmp Object is locked skipped

C:\WINDOWS\Temp\cc1C.tmp Object is locked skipped

C:\WINDOWS\Temp\JETF241.tmp Object is locked skipped

C:\WINDOWS\Temp\JETF2DD.tmp Object is locked skipped

C:\WINDOWS\Temp\JETF6C.tmp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\Downloads\Nero 7 Ultra\Nero 7 Ultra.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

D:\Downloads\Nero 7 Ultra\Nero 7 Ultra.exe RAR: infected - 1 skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

This is my first Hijack this Log

Logfile of HijackThis v1.99.1
Scan saved at 10:11:28 PM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CallingID\Light\CIDGlobalLight.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec Technical Support\controls\ssrc.exe
C:\Program Files\FlashGet\flashget.exe
C:\Documents and Settings\John\Desktop\New Folder (2)\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM…\Run: [Symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
O4 - HKLM…\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM…\Run: [Lexmark 3100 Series] “C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe”
O4 - HKLM…\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra ‘Tools’ menuitem: &KeyScrambler… - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165465281537
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15027/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#5

This is my second kapersky scan

KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 10, 2007 3:43:46 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 10/04/2007
Kaspersky Anti-Virus database records: 294503

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:
C:
D:
E:
F:\

Scan Statistics
Total number of scanned objects 118160
Number of viruses found 3
Number of infected objects 10
Number of suspicious objects 0
Duration of the scan process 01:13:14

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Alex\Application Data\Roxio\MediaManager9\Album.ldb Object is locked skipped

C:\Documents and Settings\Alex\Application Data\Roxio\MediaManager9\Album.psod Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\cav.lock Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\Reports\CAVSubmit\submit.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\TroubleShootLog\cavasm.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\TroubleShootLog\CAVSub.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\TroubleShootLog\monln.log Object is locked skipped

C:\Documents and Settings\John.housecall6.6\Quarantine\n00zn00zn00zn00z.rar.bac_a02352/Setup.exe Infected: Backdoor.Win32.IRCBot.tk skipped

C:\Documents and Settings\John.housecall6.6\Quarantine\n00zn00zn00zn00z.rar.bac_a02352 ZIP: infected - 1 skipped

C:\Documents and Settings\John.housecall6.6\Quarantine\n00zn00zn00zn00z.rar.bac_a02352 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\John.housecall6.6\Quarantine\Setup.exe.bac_a02352 Infected: Backdoor.Win32.IRCBot.tk skipped

C:\Documents and Settings\John.housecall6.6\Quarantine\t.rar.bac_a02352/Setup.exe Infected: Backdoor.Win32.IRCBot.tk skipped

C:\Documents and Settings\John.housecall6.6\Quarantine\t.rar.bac_a02352 ZIP: infected - 1 skipped

C:\Documents and Settings\John.housecall6.6\Quarantine\t.rar.bac_a02352 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\John\Application Data\Roxio\MediaManager9\Album.ldb Object is locked skipped

C:\Documents and Settings\John\Application Data\Roxio\MediaManager9\Album.psod Object is locked skipped

C:\Documents and Settings\John\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped

C:\Documents and Settings\John\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\John\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped

C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\John\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\John\Local Settings\History\History.IE5\MSHist012007041020070411\index.dat Object is locked skipped

C:\Documents and Settings\John\Local Settings\Temp\Perflib_Perfdata_adc.dat Object is locked skipped

C:\Documents and Settings\John\Local Settings\Temp\Perflib_Perfdata_f4c.dat Object is locked skipped

C:\Documents and Settings\John\Local Settings\Temp\Perflib_Perfdata_f5c.dat Object is locked skipped

C:\Documents and Settings\John\Local Settings\Temp~DFFCC.tmp Object is locked skipped

C:\Documents and Settings\John\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\John\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\John\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Rachel\Application Data\Roxio\MediaManager9\Album.ldb Object is locked skipped

C:\Documents and Settings\Rachel\Application Data\Roxio\MediaManager9\Album.psod Object is locked skipped

C:\Documents and Settings\Rachel\Desktop\New Folder (2)\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\JET1FE.tmp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\Downloads\Nero 7 Ultra\Nero 7 Ultra.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

D:\Downloads\Nero 7 Ultra\Nero 7 Ultra.exe RAR: infected - 1 skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

This is my second Hijack this scan

Logfile of HijackThis v1.99.1
Scan saved at 4:06:12 PM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Comodo\Comodo AntiVirus\CAVSubmit.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\John\Desktop\New Folder (2)\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM…\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM…\Run: [Lexmark 3100 Series] “C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe”
O4 - HKLM…\Run: [COMODO Firewall Pro] “C:\Program Files\Comodo\Firewall\CPF.exe” /background
O4 - HKLM…\Run: [cnfgCav] “C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe”
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra ‘Tools’ menuitem: &KeyScrambler… - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165465281537
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15027/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

If any more information is needed please let me know.

#6

Super antispyware log 1
SUPERAntiSpyware Scan Log
Generated 04/10/2007 at 10:37 AM

Application Version : 3.6.1000

Core Rules Database Version : 3216
Trace Rules Database Version: 1226

Scan type : Quick Scan
Total Scan Time : 00:22:59

Memory items scanned : 519
Memory threats detected : 0
Registry items scanned : 801
Registry threats detected : 10
File items scanned : 62550
File threats detected : 44

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{57E218E6-5A80-4f0c-AB25-83598F25D7E9}
HKCR\CLSID{57E218E6-5A80-4F0C-AB25-83598F25D7E9}
HKCR\CLSID{57E218E6-5A80-4F0C-AB25-83598F25D7E9}\InprocServer32
HKCR\CLSID{57E218E6-5A80-4F0C-AB25-83598F25D7E9}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\NGSLHKBG.DLL
HKCR\CLSID{57E218E6-5A80-4F0C-AB25-83598F25D7E9}

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{B651AC45-A85D-4C75-80E1-80470BDDC158}
HKCR\CLSID{B651AC45-A85D-4C75-80E1-80470BDDC158}
HKCR\CLSID{B651AC45-A85D-4C75-80E1-80470BDDC158}\InprocServer32
HKCR\CLSID{B651AC45-A85D-4C75-80E1-80470BDDC158}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKKLM.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkklm

Adware.Tracking Cookie
C:\Documents and Settings\John\Cookies\john@revsci[2].txt
C:\Documents and Settings\John\Cookies\john@toplist[1].txt
C:\Documents and Settings\John\Cookies\john@tacoda[2].txt
C:\Documents and Settings\John\Cookies\john@2o7[2].txt
C:\Documents and Settings\John\Cookies\john@www.ppctracking[1].txt
C:\Documents and Settings\John\Cookies\john@msnportal.112.2o7[1].txt
C:\Documents and Settings\John\Cookies\john@teleclick[1].txt
C:\Documents and Settings\John\Cookies\john@pch.122.2o7[1].txt
C:\Documents and Settings\John\Cookies\john@cpvfeed[2].txt
C:\Documents and Settings\Alex\Cookies\alex@atdmt[1].txt
C:\Documents and Settings\Alex\Cookies\alex@cpvfeed[2].txt
C:\Documents and Settings\Alex\Cookies\alex@fastclick[1].txt
C:\Documents and Settings\Alex\Cookies\alex@mediaplex[1].txt
C:\Documents and Settings\Alex\Cookies\alex@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Alex\Cookies\alex@stats1.reliablestats[1].txt
C:\Documents and Settings\Alex\Cookies\alex@winantivirus[1].txt
C:\Documents and Settings\Julia\Cookies\julia@tribalfusion[1].txt
C:\Documents and Settings\Julia\Cookies\julia@www.googleadservices[1].txt
C:\Documents and Settings\Rachel\Cookies\rachel@2o7[2].txt
C:\Documents and Settings\Rachel\Cookies\rachel@ads.mytelus[1].txt
C:\Documents and Settings\Rachel\Cookies\rachel@ads1.nsamedia[2].txt
C:\Documents and Settings\Rachel\Cookies\rachel@adtech[2].txt
C:\Documents and Settings\Rachel\Cookies\rachel@bs.serving-sys[1].txt
C:\Documents and Settings\Rachel\Cookies\rachel@canadapost.112.2o7[1].txt
C:\Documents and Settings\Rachel\Cookies\rachel@clickin.barcheneyngqac[2].txt
C:\Documents and Settings\Rachel\Cookies\rachel@clickin.paestreersqac[2].txt
C:\Documents and Settings\Rachel\Cookies\rachel@clickin.santiksengsqac[2].txt
C:\Documents and Settings\Rachel\Cookies\rachel@cnetaustralia.122.2o7[1].txt
C:\Documents and Settings\Rachel\Cookies\rachel@cpvfeed[2].txt
C:\Documents and Settings\Rachel\Cookies\rachel@imrworldwide[2].txt
C:\Documents and Settings\Rachel\Cookies\rachel@livedealcom.112.2o7[1].txt
C:\Documents and Settings\Rachel\Cookies\rachel@media.psp.ign[2].txt
C:\Documents and Settings\Rachel\Cookies\rachel@revsci[1].txt
C:\Documents and Settings\Rachel\Cookies\rachel@roiservice[1].txt
C:\Documents and Settings\Rachel\Cookies\rachel@serving-sys[1].txt
C:\Documents and Settings\Rachel\Cookies\rachel@stat.onestat[2].txt
C:\Documents and Settings\Rachel\Cookies\rachel@toplist[1].txt
C:\Documents and Settings\Rachel\Cookies\rachel@tribalfusion[1].txt
C:\Documents and Settings\Rachel\Cookies\rachel@web.media.mit[1].txt
C:\Documents and Settings\Rachel\Cookies\rachel@webstats.collegeview[1].txt
C:\Documents and Settings\Rachel\Cookies\rachel@www.googleadservices[1].txt
C:\Documents and Settings\Rachel\Cookies\rachel@www.ppctracking[1].txt

#7

Last super antispy ware log

SUPERAntiSpyware Scan Log
Generated 04/12/2007 at 00:16 AM

Application Version : 3.6.1000

Core Rules Database Version : 3217
Trace Rules Database Version: 1227

Scan type : Quick Scan
Total Scan Time : 00:22:20

Memory items scanned : 504
Memory threats detected : 0
Registry items scanned : 797
Registry threats detected : 0
File items scanned : 62650
File threats detected : 0

#8

Backup All important files NOW, as vundo is deep in the OS in general and it is just safer to backup important files that you do not want to loose now…

Go to the following link and download VundoFix:

http://www.atribune.org/ccount/click.php?id=4

Double click the file, it will create a folder on your desktop, leave that for now.

Print out the following details:

Double click VundoFix and it will extract to a folder on your desktop.

Open this folder and click “Scan for vundo”
Wait until finished.
Once it’s done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Your safe mode problem should be fixed now.