HELP : Virus Problem

[geek ashish]

Today, abiut an hour ago, I logged off from my brother's user account and then logged in my dad's user account.
I realised that the Kaspersky isn't running. I tried to run it manually but it didn't. same case with Spybot, Malwarebyte's Anti-Malware.
Only Ad-Aware AE ran, I ran the smart scan afer rebooting in Safe mode but it din't find anything. even Smitfraudfix didn't help.

Here's the Hijackthis 2 log :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:46:52, on 25/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\EnhanceKeyboard\kb_2k.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\RivaTuner v2.24\RivaTuner.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
I:\totalcmd\TOTALCMD.EXE
F:\Ashish Soft\SmitfraudFix\SmiUpdate.exe
C:\DOCUME~1\Anil\LOCALS~1\Temp\_tc\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url=http://www.sify.com/?userid=20327&check=3c0ae424284d7a6d]India News | Indian Business, Finance News | Sports: Cricket India | Bollywood, Tamil, Telugu Movies | Astrology, Indian Recipes[/url]
O2 - BHO: (no name) - {026BCCE4-8E5A-4337-9F48-CE72182403EE} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5077B1D1-B14B-4A7D-8685-C14486E237DF} - C:\WINDOWS\system32\qoMghfCU.dll (file missing)
O2 - BHO: (no name) - {5E190A6F-A116-4F03-81A1-6C8D6F2521A4} - (no file)
O2 - BHO: (no name) - {8AA4AF54-1F59-436F-9F50-FB15C15A2CE9} - (no file)
O2 - BHO: (no name) - {8dbb2576-0800-49a3-a1fe-60e36ef337ff} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WebSiteDown] "L:\Anil_prg\WebSiteDown.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-350281380-233495102-1455855570-1014\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-350281380-233495102-1455855570-1014\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe (User '?')
O4 - HKUS\S-1-5-21-350281380-233495102-1455855570-1014\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme (User '?')
O4 - HKUS\S-1-5-21-350281380-233495102-1455855570-1014\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-350281380-233495102-1455855570-1014\..\Run: [WebSiteDown] "L:\Anil_prg\WebSiteDown.exe" (User '?')
O4 - HKUS\S-1-5-21-350281380-233495102-1455855570-1014\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User '?')
O4 - HKUS\S-1-5-21-350281380-233495102-1455855570-1014\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - S-1-5-21-350281380-233495102-1455855570-1014 Startup: RivaTuner.lnk = C:\Program Files\RivaTuner v2.24\RivaTuner.exe (User '?')
O4 - Startup: RivaTuner.lnk = C:\Program Files\RivaTuner v2.24\RivaTuner.exe
O4 - Global Startup: enhanced  keyboard driver.lnk = ?
O4 - Global Startup: Visual Task Tips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C7571A3-FC03-46DF-8C17-170B03EFDEEC}: NameServer = 85.255.112.137,85.255.112.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{7168C47F-AE85-46E8-9A2E-28D4F340E845}: NameServer = 202.144.115.4,202.144.66.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.137,85.255.112.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C7571A3-FC03-46DF-8C17-170B03EFDEEC}: NameServer = 85.255.112.137,85.255.112.100
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.137,85.255.112.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{4C7571A3-FC03-46DF-8C17-170B03EFDEEC}: NameServer = 85.255.112.137,85.255.112.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.137,85.255.112.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O20 - Winlogon Notify: byXNgFyv - byXNgFyv.dll (file missing)
O20 - Winlogon Notify: iifcBQij - iifcBQij.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12153 bytes

PLz help.

 

[geek ashish]

less than 24 hrs BUMP...sorry mods

 

[muzux2]

log file looks clean to me.. you can Uninstall KS, reinstall after restart..

 

[nj_gamer]

UR KS has got corrupted...Just re-install it

 

[Balkazzaar]

what is the version of Kaspersky are u running? is it KIS or KAV?

 

[nj_gamer]

I'm Sure the kaspersky has got corrupted.happened to me a couple of times especiall when your comp shut down/restarted when kaspersky was running. Uninstall Kaspersky->restart->Reinstall Kaspersky->Update->Restart and then Finally Scan your system.Please post after following the steps to inform us whether it worked or not.
regards

 

[geek ashish]

thanks a lot guys, but I have reinstalled Xp and running NOD32 now.

Mods plz close the thread.

 

[nj_gamer]

@OP, you wasted our time man... format wasn't needed since Hijackthis 2 log showed your system was clean.If you already had the intension of formatting your system from the beginning, then you shouldn't have asked for OUR help.

 

[chang143u]

ur really dumb

 

[chang143u]

a good internet security suite is all u needed but alas when will these people learn