hi there, my pc runs very slow, especially on start up, and if i have more than one site running at a time. ebay just goes white screen and freezes me oyt of my pc. very annoying

heres the logs for you pc legends

Malwarebytes' Anti-Malware 1.28
Database version: 1225
Windows 5.1.2600 Service Pack 1

02/10/2008 21:12:37
mbam-log-2008-10-02 (21-12-30).txt

Scan type: Quick Scan
Objects scanned: 45671
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 19

Memory Processes Infected:
C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\Common Files\SystemDoctor\SDR6cw.exe (Rogue.SystemDoctor) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1557b435-8242-4686-9aa3-9265bf7525a4} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1557b435-8242-4686-9aa3-9265bf7525a4} (Trojan.BHO.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92335157-984b-4692-8405-530335ca9f27} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{92335157-984b-4692-8405-530335ca9f27} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{67c55a8d-e808-4caa-9ea7-f77102de0bb6} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cbfc979c-cb7c-41d7-aaa2-f332c1fbaeb7} (Rogue.SystemDoctor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\soundservice (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart (Rogue.SystemDoctor) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\SystemDoctor (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\Common Files\SystemDoctor (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SystemDoctor (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SystemDoctor\Data (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data (Rogue.SystemDoctor) -> No action taken.

Files Infected:
C:\WINDOWS\system32\hvnwmjci.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\icjmwnvh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ajlivjum.dll (Trojan.BHO.H) -> No action taken.
C:\WINDOWS\system32\gtmxqjur.dll (Trojan.BHO.H) -> No action taken.
C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe (Rogue.SystemDoctor) -> No action taken.
C:\WINDOWS\system32\cyudgwgs.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\FunWebProducts\Shared\00B6CC24.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\SystemDoctor\lock.dat (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\SystemDoctor\main.exe (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\SystemDoctor\st.dat (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\Common Files\SystemDoctor\err.log (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\Common Files\SystemDoctor\order.dll (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\Common Files\SystemDoctor\SDR6cw.exe (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\Common Files\SystemDoctor\USDR6cw.exe (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SystemDoctor\Data\ProductCode (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode (Rogue.SystemDoctor) -> No action taken.


HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:23, on 03/10/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PCEye2000\pceye.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 6300 Series\lxcdmon.exe
C:\Program Files\Lexmark 6300 Series\ezprint.exe
C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\pcwpx.exe
C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\lxcdcoms.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PixAlertMonitor] C:\Program Files\BOS\PixAlert Monitor Home\MCtrlA5-0.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PcEye] C:\Program Files\PCEye2000\pceye.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [/AutoLaunch] C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
O4 - HKLM\..\Run: [SDR6cw] C:\Program Files\Common Files\SystemDoctor\SDR6cw.exe -c
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - https://www.wanadoo.co.uk/time/anytimereg_d...rs/sd0101_5.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176728223484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176729088640
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\System32\lxcdcoms.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8495 bytes


any help will be greatfully recieved

Did you tell Malwarebytes to remove all those infections found? There is no action taken according to the logfile.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

SystemDoctor

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [SDR6cw] C:\Program Files\Common Files\SystemDoctor\SDR6cw.exe -c

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\Program Files\Common Files\SystemDoctor\

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

sorry, i did remove the infections found in the malwarebytes program, i just saved the original log.
i could not find any files or folder relating to systemdoctor in C: drive or using the search facility.

heres new HJt log and combofix log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:23, on 04/10/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PCEye2000\pceye.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 6300 Series\lxcdmon.exe
C:\Program Files\Lexmark 6300 Series\ezprint.exe
C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
C:\WINDOWS\System32\pcwpx.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\lxcdcoms.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PixAlertMonitor] C:\Program Files\BOS\PixAlert Monitor Home\MCtrlA5-0.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PcEye] C:\Program Files\PCEye2000\pceye.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [/AutoLaunch] C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - https://www.wanadoo.co.uk/time/anytimereg_d...rs/sd0101_5.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176728223484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176729088640
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\System32\lxcdcoms.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8427 bytes


COMBOFIX


ComboFix 08-10-03.06 - Matthew Newton 2008-10-04 11:52:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.66 [GMT 1:00]
Running from: C:\Documents and Settings\Matthew Newton\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Andrea Newton\ResErrors.log
C:\Documents and Settings\Matthew Newton\err.log
C:\WINDOWS\jestertb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.

2008-10-03 11:22 . 2008-10-03 11:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-02 21:19 . 2008-10-02 21:19 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-02 21:19 . 2005-02-25 04:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-02 21:17 . 2008-10-02 21:17 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-02 21:08 . 2008-10-02 21:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 21:08 . 2008-10-02 21:08 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-10-02 21:08 . 2008-10-02 21:08 <DIR> d-------- C:\Documents and Settings\Matthew Newton\Application Data\Malwarebytes
2008-10-02 21:08 . 2008-10-02 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-02 21:08 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-02 21:08 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-02 21:06 . 2008-10-02 21:06 <DIR> d-------- C:\Program Files\ERUNT
2008-09-27 16:48 . 2008-09-27 16:48 <DIR> d-------- C:\Program Files\Raxco
2008-09-27 16:48 . 2008-09-27 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-09-27 16:47 . 2008-09-27 16:47 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-09-06 09:56 . 2004-07-01 23:08 361,984 --a------ C:\WINDOWS\system32\dllcache\qmgr.dll
2008-09-06 09:56 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-09-06 09:56 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\dllcache\winhttp.dll
2008-09-06 09:56 . 2004-07-01 00:59 158,720 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-09-06 09:56 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-09-06 09:56 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-09-06 09:56 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-09-06 09:56 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-09-06 09:56 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-09-06 09:56 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-09-05 21:59 . 2008-09-05 23:09 <DIR> d-------- C:\Documents and Settings\Matthew Newton\Contacts
2008-09-04 23:02 . 2008-09-07 16:25 <DIR> d-------- C:\Program Files\Three Rings Design
2008-09-04 23:01 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 17:38 --------- d-----w C:\Program Files\Lx_cats
2008-09-27 15:46 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-09-07 15:25 --------- d-----w C:\Program Files\Tesconet
2008-09-04 22:01 --------- d-----w C:\Program Files\Java
2008-09-01 12:41 --------- d-----w C:\Program Files\Common Files\Scanner
2008-09-01 11:47 --------- d-----w C:\Program Files\CA
2008-09-01 11:46 --------- d-----w C:\Program Files\Virgin Broadband
2008-09-01 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-09-01 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-01 08:56 --------- d-----w C:\Documents and Settings\Matthew Newton\Application Data\Virgin Broadband
2008-09-01 08:55 --------- d-----w C:\Program Files\Virgin Media Broadband
2008-09-01 08:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-01 08:55 --------- d-----w C:\Documents and Settings\Matthew Newton\Application Data\InstallShield
2008-09-01 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 13312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-21 1511453]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PixAlertMonitor"="C:\Program Files\BOS\PixAlert Monitor Home\MCtrlA5-0.exe" [2004-01-09 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-02-11 98304]
"PcEye"="C:\Program Files\PCEye2000\pceye.exe" [2004-02-12 135168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LXCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
"lxcdmon.exe"="C:\Program Files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
"EzPrint"="C:\Program Files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2004-07-01 53248]
"/AutoLaunch"="C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe" [2004-03-24 65624]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-03-31 13312]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

R0 SiSide1;SiSide1;C:\WINDOWS\System32\DRIVERS\siside.sys [2003-03-25 4096]
R2 FastPara;FastPara;C:\WINDOWS\System32\drivers\FastPara.sys [1998-11-11 35008]
S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe [2003-03-31 12800]
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\System32\dllhost.exe [2003-03-31 4608]
S3 WNUSCTLH;NEC 606 CONTROL Driver;C:\WINDOWS\System32\DRIVERS\WNUSCTLH.SYS [2002-04-18 46810]
S3 WNUSENUH;NEC 606 ENUMERATION Driver;C:\WINDOWS\System32\DRIVERS\WNUSENUH.SYS [2002-04-18 14458]
S3 WNUSMDMH;NEC 606 Modem Driver;C:\WINDOWS\System32\DRIVERS\WNUSMDMH.sys [2002-07-12 37120]
S3 WNUSOBXH;NEC 606 OBEX Port Driver;C:\WINDOWS\System32\DRIVERS\WNUSOBXH.sys [2002-09-12 33536]
S3 WNUSTACH;NEC 606 Command Port Driver;C:\WINDOWS\System32\DRIVERS\WNUSTACH.sys [2002-04-18 28304]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SiS KHooker - C:\WINDOWS\System32\khooker.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.virginmedia.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie

O16 -: NTLSignup - hxxps://tesco.autoregister.net/tesco/NTLSignup.cab
C:\WINDOWS\Downloaded Program Files\OSD23CE.OSD
C:\WINDOWS\Downloaded Program Files\NTLSignup.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 11:55:55
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
C:\WINDOWS\system32\pcwpx.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
.
**************************************************************************
.
Completion time: 2008-10-04 12:01:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-04 11:01:11

Pre-Run: 50,339,676,160 bytes free
Post-Run: 50,279,923,712 bytes free

158

Nothing much to clean at this time....we can try disabling some unnecessary startup programs since those use up resources.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.