📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

My computer has been hijacked HELP REQUIRED

Options
I heard from another thread i should download combofix and hijack this and post the logs.

This is the combofix log:
ComboFix 07-08-30.3 - "Compaq_Owner" 2007-09-01 10:49:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.72 [GMT 1:00]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt

((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))

2007-09-01 09:09 83,536 --a
C:\WINDOWS\system32\drivers\iksyssec.sys
2007-09-01 09:09 59,984 --a
C:\WINDOWS\system32\drivers\iksysflt.sys
2007-09-01 09:09 52,304 --a
C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-01 09:09 39,248 --a
C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-09-01 09:09 26,064 --a
C:\WINDOWS\system32\drivers\kcom.sys
2007-09-01 09:08 <DIR> d
C:\Program Files\Spyware Doctor
2007-09-01 09:08 <DIR> d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\PC Tools
2007-09-01 09:07 626,688 --a
C:\WINDOWS\system32\msvcr80.dll
2007-08-31 22:28 <DIR> d
C:\Program Files\Trend Micro
2007-08-31 22:20 51,200 --a
C:\WINDOWS\nircmd.exe
2007-08-31 15:08 323,584 --a
C:\WINDOWS\wmpdev.dll
2007-08-31 15:08 245,760 --a
C:\WINDOWS\wmphost.dll
2007-08-31 15:08 233,472 --a
C:\WINDOWS\mxduo.dll
2007-08-29 12:57 <DIR> d
C:\Program Files\SiteEntry
2007-08-14 10:55 98,304 --a
C:\WINDOWS\system32\CmdLineExt.dll
2007-08-14 08:57 <DIR> d
C:\Program Files\GameSpy Arcade
2007-08-14 08:51 <DIR> d
C:\Program Files\Sierra

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-01 10:54
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
2007-09-01 09:52
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\DMCache
2007-09-01 09:27
d
C:\Program Files\PC-Doctor 5 for Windows
2007-08-27 15:32
d
C:\Program Files\Zoom Player
2007-08-27 12:43
d
C:\Program Files\iTunes
2007-08-27 12:42
d
C:\Program Files\iPod
2007-08-14 08:51
d--h
C:\Program Files\InstallShield Installation Information
2007-08-12 20:20
d
C:\Program Files\softnyx
2007-08-03 19:55
d
C:\Program Files\BitComet
2007-08-03 15:17 359808 --a
C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-03 15:14 2560 --a
C:\WINDOWS\system32\BitCometRes.dll
2007-07-30 19:19 92504 --a
C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a
C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a
C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a
C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a
C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a
C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a
C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a
C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a
C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a
C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a
C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a
C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a
C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a
C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a
C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a
C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a
C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 12:03
d
C:\Program Files\QuickTime
2007-07-19 07:59 3583488 --a
C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 00:31 765952 --a
C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-09 00:22
d
C:\Program Files\3ivx
2007-07-07 11:26
d
C:\Program Files\GustoSoft
2007-07-07 11:18
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\DivX
2007-07-07 11:14
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Talkback
2007-07-07 11:13
d
C:\Program Files\DivX
2007-07-07 11:09
d
C:\Program Files\LEAD Technologies, Inc
2007-07-02 20:41 524288 --a
C:\WINDOWS\system32\DivXsm.exe
2007-07-02 20:41 36624
C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-02 20:41 3596288 --a
C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 20:41 2560
C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-02 20:41 2432
C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-02 20:41 200704 --a
C:\WINDOWS\system32\ssldivx.dll
2007-07-02 20:41 129784
C:\WINDOWS\system32\pxafs.dll
2007-07-02 20:41 118520
C:\WINDOWS\system32\pxinsi64.exe
2007-07-02 20:41 116472
C:\WINDOWS\system32\pxcpyi64.exe
2007-07-02 20:41 1044480 --a
C:\WINDOWS\system32\libdivx.dll
2007-07-02 20:37 823296 --a
C:\WINDOWS\system32\divx_xx0c.dll
2007-07-02 20:37 823296 --a
C:\WINDOWS\system32\divx_xx07.dll
2007-07-02 20:37 802816 --a
C:\WINDOWS\system32\divx_xx11.dll
2007-07-02 20:37 740442 --a
C:\WINDOWS\system32\DivX.dll
2007-07-02 20:37 73728 --a
C:\WINDOWS\system32\dpl100.dll
2007-07-02 20:37 593920 --a
C:\WINDOWS\system32\dpuGUI11.dll
2007-07-02 20:37 57344 --a
C:\WINDOWS\system32\dpv11.dll
2007-07-02 20:37 53248 --a
C:\WINDOWS\system32\dpuGUI10.dll
2007-07-02 20:37 344064 --a
C:\WINDOWS\system32\dpus11.dll
2007-07-02 20:37 294912 --a
C:\WINDOWS\system32\dpu11.dll
2007-07-02 20:37 294912 --a
C:\WINDOWS\system32\dpu10.dll
2007-07-02 20:37 196608 --a
C:\WINDOWS\system32\dtu100.dll
2007-07-02 20:36 124472 --a
C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-02 20:36 12288 --a
C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-02 15:07
d
C:\Program Files\Common Files\Apple
2007-07-02 15:07
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-27 15:34 823808 --a
C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a
C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496
C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224
C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a
C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264
C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --a
C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --a
C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488
C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a
C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776
C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --a
C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --a
C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a
C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --a
C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a
C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --a
C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a
C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --a
C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --a
C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --a
C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --a
C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824
C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --a
C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a
C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 07:08 1104896 --a
C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 --a
C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 14:31 282112 --a
C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 --a
C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:23 1033216 --a
C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 11:23 1033216 --a
C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a
C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-06 17:07 25576 --a
C:\WINDOWS\system32\SamsungVfWCodec.dll
2007-06-06 17:07 25576 --a
C:\WINDOWS\system32\DivXVfWCodec.dll
2007-06-06 17:06 66536 --a
C:\WINDOWS\system32\libfaac.dll
2007-06-06 17:06 443368 --a
C:\WINDOWS\system32\OpenQuicktimeLib.dll
2007-06-06 17:06 324584 --a
C:\WINDOWS\system32\3ivxVfWCodec.dll

((((((((((((((((((((((((((((( snapshot_2007-08-31_223746.71 )))))))))))))))))))))))))))))))))))))))))
----atw 16,384 2007-09-01 08:51:00 C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
----atw 16,384 2007-05-31 19:48:26 C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4CF814F-970F-405D-A42C-0CE06EB97373}]
2007-08-31 11:22 233472 --a
C:\WINDOWS\mxduo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 C:\WINDOWS\RTHDCPL.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-13 22:05]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 16:14]
"PCDrProfiler"="" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 16:17]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 20:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-09 17:30]
"RegistryMechanic"="" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
"NielsenOnline"="C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2007-01-05 17:55]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-09-01 09:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2006-11-18 00:17]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
C:\DOCUME~1\COMPAQ~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= [URL]file:///C:\WINDOWS\privacy_danger\index.htm[/URL]
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmphost"= !!2A25C512-07A7-4E1A-8C8B-5D8829EF750D} - C:\WINDOWS\wmphost.dll [2007-08-31 11:22 245760]
"wmpdev"= !!53F04414-FCF1-4756-A743-8AE5E477E48A} - C:\WINDOWS\wmpdev.dll [2007-08-31 11:22 323584]
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
R1 nnrnstdi;nnrnstdi;C:\WINDOWS\system32\drivers\nnrnstdi.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys

Contents of the 'Scheduled Tasks' folder
2007-08-27 10:58:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-01 09:04:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2006-07-12 05:24:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job - C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exe
2007-09-01 07:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
2006-05-12 20:55:09 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 10:53:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-01 10:55:28
C:\ComboFix-quarantined-files.txt ... 2007-09-01 10:55
C:\ComboFix2.txt ... 2007-08-31 22:38
--- E O F ---
«13

Comments

  • And here is the hijack this log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:36:59, on 01/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mytalktalk.net/
    O2 - BHO: IDMIEHlprObj Class - !!0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - !!39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: IeMonitorBho Class - !!8170D7DC-BDD6-461e-88EB-F047257898C9} - blank (file missing)
    O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - blank (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
    O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
    O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
    O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
    O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
    O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: BitComet Search - !!461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: (no name) - !!4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &DownloadStudio - !!4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: DownloadStudio - !!7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - blank (file missing)
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
    O16 - DPF: !!288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
    O16 - DPF: !!2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co.jp/jp/f/ActiveX/Public/nxpm.cab
    O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://franvoir1.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
    O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\!!7EC6F36B-2F98-430E-AFD7-48DB53818DB1}: NameServer = 62.24.252.135 62.24.252.134
    O21 - SSODL: wmphost - !!2A25C512-07A7-4E1A-8C8B-5D8829EF750D} - C:\WINDOWS\wmphost.dll
    O21 - SSODL: wmpdev - !!53F04414-FCF1-4756-A743-8AE5E477E48A} - C:\WINDOWS\wmpdev.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O24 - Desktop Component 0: Privacy Protection - [URL]file:///C:\WINDOWS\privacy_danger\index.htm[/URL]
    --
    Can anyone tell me what to do next, it would be greatly appreciated
  • I can not see what anti virus software or firewall you are running I would suggest that you install some and as otherwise all efforts will be in vain.
  • Hi,

    I agree with Reluctant_spender, cannot see an antivirus program - you do have AVG antispy which will help with Malware.

    You also seem to have a P2P torrent program (Bitcomet) installed. Without any anti-virus this a big pc security risk.

    I would sit tight and wait for the Hijack this experts to read your thread.

    hope this helps
    See you on the dark side of the moon
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    just reading ;)
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    fix these by running hijackthis again and putting a tick against these items

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2

    O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file

    O2 - BHO: IeMonitorBho Class - !!8170D7DC-BDD6-461e-88EB-F047257898C9} - blank (file missing)

    O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll

    O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - blank (file missing)

    O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.ex e

    O9 - Extra button: DownloadStudio - !!7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - blank (file missing)

    O16 - DPF: !!2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co.jp/jp/f/ActiveX/Public/nxpm.cab

    O21 - SSODL: wmphost - !!2A25C512-07A7-4E1A-8C8B-5D8829EF750D} - C:\WINDOWS\wmphost.dll

    O21 - SSODL: wmpdev - !!53F04414-FCF1-4756-A743-8AE5E477E48A} - C:\WINDOWS\wmpdev.dll

    O24 - Desktop Component 0: Privacy Protection - [URL="file:///C:\WINDOWS\privacy_danger\index.htm"][URL="file:///C:\WINDOWS\privacy_danger\index.htm"]file:///C:\WINDOWS\privacy_danger\[/url][/url]index.htm

    then click "fix selected"
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    download and install superantispyware

    www.superantispyware.com

    you want the blue button for the free version

    we will use it to fix this

    SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.


    Within the Superantispyware folder at C:\Program Files\SUPERAntiSpyware is a file called bootsafe. Double click this and your computer will reboot to safe mode and the registry entry should be fixed

    then reboot to normal and then run both combifix and superantispyware

    then post a new combifix file and Hijackthis log
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    we will sort out a free firewall and Antivirus software afterwards
    Ex forum ambassador

    Long term forum member
  • Luffy321
    Luffy321 Posts: 257 Forumite
    Part of the Furniture Combo Breaker
    Thankyou for your time. I have followed your instructions so far and this is what my second combofix log looks like:

    ComboFix 07-08-30.3 - "Compaq_Owner" 2007-09-01 18:00:40.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.53 [GMT 1:00]

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\dat.txt
    C:\WINDOWS\main_uninstaller.exe
    C:\WINDOWS\rs.txt

    ((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))

    2007-09-01 17:32 204,800 --a
    C:\WINDOWS\mxduo.dll
    2007-09-01 15:30 <DIR> d
    C:\Program Files\SUPERAntiSpyware
    2007-09-01 15:30 <DIR> d
    C:\DOCUME~1\COMPAQ~1\APPLIC~1\SUPERAntiSpyware.com
    2007-09-01 15:30 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-09-01 15:29 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-01 09:07 626,688 --a
    C:\WINDOWS\system32\msvcr80.dll
    2007-08-31 22:28 <DIR> d
    C:\Program Files\Trend Micro
    2007-08-31 22:20 51,200 --a
    C:\WINDOWS\nircmd.exe
    2007-08-31 15:08 323,584 --a
    C:\WINDOWS\wmpdev.dll
    2007-08-31 15:08 245,760 --a
    C:\WINDOWS\wmphost.dll
    2007-08-29 12:57 <DIR> d
    C:\Program Files\SiteEntry
    2007-08-14 10:55 98,304 --a
    C:\WINDOWS\system32\CmdLineExt.dll
    2007-08-14 08:57 <DIR> d
    C:\Program Files\GameSpy Arcade
    2007-08-14 08:51 <DIR> d
    C:\Program Files\Sierra

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    2007-09-01 18:03
    d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
    2007-09-01 17:56
    d
    C:\DOCUME~1\COMPAQ~1\APPLIC~1\DMCache
    2007-09-01 09:27
    d
    C:\Program Files\PC-Doctor 5 for Windows
    2007-08-27 15:32
    d
    C:\Program Files\Zoom Player
    2007-08-27 12:43
    d
    C:\Program Files\iTunes
    2007-08-27 12:42
    d
    C:\Program Files\iPod
    2007-08-14 08:51
    d--h
    C:\Program Files\InstallShield Installation Information
    2007-08-12 20:20
    d
    C:\Program Files\softnyx
    2007-08-03 19:55
    d
    C:\Program Files\BitComet
    2007-08-03 15:17 359808 --a
    C:\WINDOWS\system32\drivers\tcpip.sys
    2007-08-03 15:14 2560 --a
    C:\WINDOWS\system32\BitCometRes.dll
    2007-07-30 19:19 92504 --a
    C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 19:19 92504 --a
    C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a
    C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 549720 --a
    C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 19:19 53080 --a
    C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 53080 --a
    C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 19:19 43352 --a
    C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a
    C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 325976 --a
    C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 19:19 271224 --a
    C:\WINDOWS\system32\mucltui.dll
    2007-07-30 19:19 207736 --a
    C:\WINDOWS\system32\muweb.dll
    2007-07-30 19:19 203096 --a
    C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 203096 --a
    C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 19:19 1712984 --a
    C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:19 1712984 --a
    C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 19:18 33624 --a
    C:\WINDOWS\system32\wups.dll
    2007-07-30 19:18 33624 --a
    C:\WINDOWS\system32\dllcache\wups.dll
    2007-07-30 12:03
    d
    C:\Program Files\QuickTime
    2007-07-19 07:59 3583488 --a
    C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-07-13 00:31 765952 --a
    C:\WINDOWS\system32\dllcache\vgx.dll
    2007-07-09 00:22
    d
    C:\Program Files\3ivx
    2007-07-07 11:26
    d
    C:\Program Files\GustoSoft
    2007-07-07 11:18
    d
    C:\DOCUME~1\COMPAQ~1\APPLIC~1\DivX
    2007-07-07 11:14
    d
    C:\DOCUME~1\COMPAQ~1\APPLIC~1\Talkback
    2007-07-07 11:13
    d
    C:\Program Files\DivX
    2007-07-07 11:09
    d
    C:\Program Files\LEAD Technologies, Inc
    2007-07-02 20:41 524288 --a
    C:\WINDOWS\system32\DivXsm.exe
    2007-07-02 20:41 36624
    C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-07-02 20:41 3596288 --a
    C:\WINDOWS\system32\qt-dx331.dll
    2007-07-02 20:41 2560
    C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-07-02 20:41 2432
    C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-07-02 20:41 200704 --a
    C:\WINDOWS\system32\ssldivx.dll
    2007-07-02 20:41 129784
    C:\WINDOWS\system32\pxafs.dll
    2007-07-02 20:41 118520
    C:\WINDOWS\system32\pxinsi64.exe
    2007-07-02 20:41 116472
    C:\WINDOWS\system32\pxcpyi64.exe
    2007-07-02 20:41 1044480 --a
    C:\WINDOWS\system32\libdivx.dll
    2007-07-02 20:37 823296 --a
    C:\WINDOWS\system32\divx_xx0c.dll
    2007-07-02 20:37 823296 --a
    C:\WINDOWS\system32\divx_xx07.dll
    2007-07-02 20:37 802816 --a
    C:\WINDOWS\system32\divx_xx11.dll
    2007-07-02 20:37 740442 --a
    C:\WINDOWS\system32\DivX.dll
    2007-07-02 20:37 73728 --a
    C:\WINDOWS\system32\dpl100.dll
    2007-07-02 20:37 593920 --a
    C:\WINDOWS\system32\dpuGUI11.dll
    2007-07-02 20:37 57344 --a
    C:\WINDOWS\system32\dpv11.dll
    2007-07-02 20:37 53248 --a
    C:\WINDOWS\system32\dpuGUI10.dll
    2007-07-02 20:37 344064 --a
    C:\WINDOWS\system32\dpus11.dll
    2007-07-02 20:37 294912 --a
    C:\WINDOWS\system32\dpu11.dll
    2007-07-02 20:37 294912 --a
    C:\WINDOWS\system32\dpu10.dll
    2007-07-02 20:37 196608 --a
    C:\WINDOWS\system32\dtu100.dll
    2007-07-02 20:36 124472 --a
    C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-07-02 20:36 12288 --a
    C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-07-02 15:07
    d
    C:\Program Files\Common Files\Apple
    2007-07-02 15:07
    d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-06-27 15:34 823808 --a
    C:\WINDOWS\system32\dllcache\wininet.dll
    2007-06-27 15:34 671232 --a
    C:\WINDOWS\system32\dllcache\mstime.dll
    2007-06-27 15:34 6058496
    C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-06-27 15:34 52224
    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-06-27 15:34 477696 --a
    C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-06-27 15:34 459264
    C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-06-27 15:34 44544 --a
    C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-06-27 15:34 384512 --a
    C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-06-27 15:34 383488
    C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-06-27 15:34 27648 --a
    C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-06-27 15:34 267776
    C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-06-27 15:34 232960 --a
    C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-06-27 15:34 230400 --a
    C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-06-27 15:34 193024 --a
    C:\WINDOWS\system32\dllcache\msrating.dll
    2007-06-27 15:34 153088 --a
    C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-06-27 15:34 132608 --a
    C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-06-27 15:34 124928 --a
    C:\WINDOWS\system32\dllcache\advpack.dll
    2007-06-27 15:34 1152000 --a
    C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-06-27 15:34 105984 --a
    C:\WINDOWS\system32\dllcache\url.dll
    2007-06-27 15:34 102400 --a
    C:\WINDOWS\system32\dllcache\occache.dll
    2007-06-27 09:27 63488 --a
    C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-06-27 09:27 625152 --a
    C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-06-27 09:27 13824
    C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-06-27 08:00 161792 --a
    C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-06-26 22:10 317440 --a
    C:\WINDOWS\system32\dllcache\unregmp2.exe
    2007-06-26 07:08 1104896 --a
    C:\WINDOWS\system32\msxml3.dll
    2007-06-26 07:08 1104896 --a
    C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-06-19 14:31 282112 --a
    C:\WINDOWS\system32\gdi32.dll
    2007-06-19 14:31 282112 --a
    C:\WINDOWS\system32\dllcache\gdi32.dll
    2007-06-13 11:23 1374314 -r-hs---- C:\WINDOWS\system32\etpetx.exe
    2007-06-13 11:23 1033216 --a
    C:\WINDOWS\system32\dllcache\explorer.exe
    2007-06-13 11:23 1033216 --a
    C:\WINDOWS\explorer.exe
    2007-06-11 23:51 10834944 --a
    C:\WINDOWS\system32\dllcache\wmp.dll
    2007-06-06 17:07 25576 --a
    C:\WINDOWS\system32\SamsungVfWCodec.dll
    2007-06-06 17:07 25576 --a
    C:\WINDOWS\system32\DivXVfWCodec.dll
    2007-06-06 17:06 66536 --a
    C:\WINDOWS\system32\libfaac.dll
    2007-06-06 17:06 443368 --a
    C:\WINDOWS\system32\OpenQuicktimeLib.dll

    ((((((((((((((((((((((((((((( snapshot_2007-08-31_223746.71 )))))))))))))))))))))))))))))))))))))))))
    ----a-r 29,696 2007-09-01 15:36:57 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
    ----a-r 18,944 2007-09-01 15:36:57 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    ----a-r 65,024 2007-09-01 15:36:57 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    ----atw 16,384 2007-09-01 15:34:03 C:\WINDOWS\Temp\Perflib_Perfdata_720.dat
    ----atw 16,384 2007-09-01 14:15:37 C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat
    ----atw 16,384 2007-09-01 16:19:35 C:\WINDOWS\Temp\Perflib_Perfdata_738.dat
    ----atw 16,384 2007-09-01 08:51:00 C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
    ----atw 16,384 2007-07-11 18:48:21 C:\WINDOWS\Temp\Perflib_Perfdata_720.dat
    ----atw 16,384 2007-08-03 14:19:50 C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat
    ----atw 16,384 2007-07-14 02:40:36 C:\WINDOWS\Temp\Perflib_Perfdata_738.dat
    ----atw 16,384 2007-05-31 19:48:26 C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4CF814F-970F-405D-A42C-0CE06EB97373}]
    2007-09-01 12:25 204800 --a
    C:\WINDOWS\mxduo.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 C:\WINDOWS\RTHDCPL.EXE]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-13 22:05]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 16:14]
    "PCDrProfiler"="" []
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 16:17]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 20:23]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-09 17:30]
    "RegistryMechanic"="" []
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
    "NielsenOnline"="C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2007-01-05 17:55]
    "4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2006-11-18 00:17]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
    C:\DOCUME~1\COMPAQ~1\STARTM~1\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "wmphost"= !!29541909-9422-4F7D-BA47-10C2DC9CE406} - C:\WINDOWS\wmphost.dll [2007-08-31 11:22 245760]
    "wmpdev"= !!9160129B-0907-4A61-8471-C78B54E94331} - C:\WINDOWS\wmpdev.dll [2007-08-31 11:22 323584]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
    @="Service"
    R1 nnrnstdi;nnrnstdi;C:\WINDOWS\system32\drivers\nnrnstdi.sys
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys

    Contents of the 'Scheduled Tasks' folder
    2007-08-27 10:58:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    2007-09-01 17:04:08 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    2006-07-12 05:24:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job - C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exe
    2007-09-01 15:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
    2006-05-12 20:55:09 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    **************************************************************************
    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-01 18:03:53
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    Completion time: 2007-09-01 18:04:54
    C:\ComboFix-quarantined-files.txt ... 2007-09-01 18:04
    C:\ComboFix2.txt ... 2007-09-01 10:55
    C:\ComboFix3.txt ... 2007-08-31 22:38
    --- E O F ---

    It looks like my registry entry was not fixed even after using bootsafe, any other suggestions on how to sort this out?
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    did you get Superantispyware to boot into safe mode ??
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Download the ZIP file, extract the SafeBoot.reg file on the crippled PC and merge it into the registry by double-clicking it:

    safebootmerge.PNG

    Download:

    SafeBoot.zip (https)

    http://blog.didierstevens.com/2007/02/19/restoring-safe-mode-with-a-reg-file/
    Ex forum ambassador

    Long term forum member
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.