We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
My computer has been hijacked HELP REQUIRED
Options
Luffy321
Posts: 257 Forumite
in Techie Stuff
I heard from another thread i should download combofix and hijack this and post the logs.
This is the combofix log:
ComboFix 07-08-30.3 - "Compaq_Owner" 2007-09-01 10:49:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.72 [GMT 1:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))
2007-09-01 09:09 83,536 --a
C:\WINDOWS\system32\drivers\iksyssec.sys
2007-09-01 09:09 59,984 --a
C:\WINDOWS\system32\drivers\iksysflt.sys
2007-09-01 09:09 52,304 --a
C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-01 09:09 39,248 --a
C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-09-01 09:09 26,064 --a
C:\WINDOWS\system32\drivers\kcom.sys
2007-09-01 09:08 <DIR> d
C:\Program Files\Spyware Doctor
2007-09-01 09:08 <DIR> d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\PC Tools
2007-09-01 09:07 626,688 --a
C:\WINDOWS\system32\msvcr80.dll
2007-08-31 22:28 <DIR> d
C:\Program Files\Trend Micro
2007-08-31 22:20 51,200 --a
C:\WINDOWS\nircmd.exe
2007-08-31 15:08 323,584 --a
C:\WINDOWS\wmpdev.dll
2007-08-31 15:08 245,760 --a
C:\WINDOWS\wmphost.dll
2007-08-31 15:08 233,472 --a
C:\WINDOWS\mxduo.dll
2007-08-29 12:57 <DIR> d
C:\Program Files\SiteEntry
2007-08-14 10:55 98,304 --a
C:\WINDOWS\system32\CmdLineExt.dll
2007-08-14 08:57 <DIR> d
C:\Program Files\GameSpy Arcade
2007-08-14 08:51 <DIR> d
C:\Program Files\Sierra
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-01 10:54
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
2007-09-01 09:52
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\DMCache
2007-09-01 09:27
d
C:\Program Files\PC-Doctor 5 for Windows
2007-08-27 15:32
d
C:\Program Files\Zoom Player
2007-08-27 12:43
d
C:\Program Files\iTunes
2007-08-27 12:42
d
C:\Program Files\iPod
2007-08-14 08:51
d--h
C:\Program Files\InstallShield Installation Information
2007-08-12 20:20
d
C:\Program Files\softnyx
2007-08-03 19:55
d
C:\Program Files\BitComet
2007-08-03 15:17 359808 --a
C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-03 15:14 2560 --a
C:\WINDOWS\system32\BitCometRes.dll
2007-07-30 19:19 92504 --a
C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a
C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a
C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a
C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a
C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a
C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a
C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a
C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a
C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a
C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a
C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a
C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a
C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a
C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a
C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a
C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a
C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 12:03
d
C:\Program Files\QuickTime
2007-07-19 07:59 3583488 --a
C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 00:31 765952 --a
C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-09 00:22
d
C:\Program Files\3ivx
2007-07-07 11:26
d
C:\Program Files\GustoSoft
2007-07-07 11:18
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\DivX
2007-07-07 11:14
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Talkback
2007-07-07 11:13
d
C:\Program Files\DivX
2007-07-07 11:09
d
C:\Program Files\LEAD Technologies, Inc
2007-07-02 20:41 524288 --a
C:\WINDOWS\system32\DivXsm.exe
2007-07-02 20:41 36624
C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-02 20:41 3596288 --a
C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 20:41 2560
C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-02 20:41 2432
C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-02 20:41 200704 --a
C:\WINDOWS\system32\ssldivx.dll
2007-07-02 20:41 129784
C:\WINDOWS\system32\pxafs.dll
2007-07-02 20:41 118520
C:\WINDOWS\system32\pxinsi64.exe
2007-07-02 20:41 116472
C:\WINDOWS\system32\pxcpyi64.exe
2007-07-02 20:41 1044480 --a
C:\WINDOWS\system32\libdivx.dll
2007-07-02 20:37 823296 --a
C:\WINDOWS\system32\divx_xx0c.dll
2007-07-02 20:37 823296 --a
C:\WINDOWS\system32\divx_xx07.dll
2007-07-02 20:37 802816 --a
C:\WINDOWS\system32\divx_xx11.dll
2007-07-02 20:37 740442 --a
C:\WINDOWS\system32\DivX.dll
2007-07-02 20:37 73728 --a
C:\WINDOWS\system32\dpl100.dll
2007-07-02 20:37 593920 --a
C:\WINDOWS\system32\dpuGUI11.dll
2007-07-02 20:37 57344 --a
C:\WINDOWS\system32\dpv11.dll
2007-07-02 20:37 53248 --a
C:\WINDOWS\system32\dpuGUI10.dll
2007-07-02 20:37 344064 --a
C:\WINDOWS\system32\dpus11.dll
2007-07-02 20:37 294912 --a
C:\WINDOWS\system32\dpu11.dll
2007-07-02 20:37 294912 --a
C:\WINDOWS\system32\dpu10.dll
2007-07-02 20:37 196608 --a
C:\WINDOWS\system32\dtu100.dll
2007-07-02 20:36 124472 --a
C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-02 20:36 12288 --a
C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-02 15:07
d
C:\Program Files\Common Files\Apple
2007-07-02 15:07
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-27 15:34 823808 --a
C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a
C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496
C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224
C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a
C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264
C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --a
C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --a
C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488
C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a
C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776
C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --a
C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --a
C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a
C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --a
C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a
C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --a
C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a
C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --a
C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --a
C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --a
C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --a
C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824
C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --a
C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a
C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 07:08 1104896 --a
C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 --a
C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 14:31 282112 --a
C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 --a
C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:23 1033216 --a
C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 11:23 1033216 --a
C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a
C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-06 17:07 25576 --a
C:\WINDOWS\system32\SamsungVfWCodec.dll
2007-06-06 17:07 25576 --a
C:\WINDOWS\system32\DivXVfWCodec.dll
2007-06-06 17:06 66536 --a
C:\WINDOWS\system32\libfaac.dll
2007-06-06 17:06 443368 --a
C:\WINDOWS\system32\OpenQuicktimeLib.dll
2007-06-06 17:06 324584 --a
C:\WINDOWS\system32\3ivxVfWCodec.dll
((((((((((((((((((((((((((((( snapshot_2007-08-31_223746.71 )))))))))))))))))))))))))))))))))))))))))
----atw 16,384 2007-09-01 08:51:00 C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
----atw 16,384 2007-05-31 19:48:26 C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4CF814F-970F-405D-A42C-0CE06EB97373}]
2007-08-31 11:22 233472 --a
C:\WINDOWS\mxduo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 C:\WINDOWS\RTHDCPL.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-13 22:05]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 16:14]
"PCDrProfiler"="" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 16:17]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 20:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-09 17:30]
"RegistryMechanic"="" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
"NielsenOnline"="C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2007-01-05 17:55]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-09-01 09:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2006-11-18 00:17]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
C:\DOCUME~1\COMPAQ~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= [URL]file:///C:\WINDOWS\privacy_danger\index.htm[/URL]
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmphost"= !!2A25C512-07A7-4E1A-8C8B-5D8829EF750D} - C:\WINDOWS\wmphost.dll [2007-08-31 11:22 245760]
"wmpdev"= !!53F04414-FCF1-4756-A743-8AE5E477E48A} - C:\WINDOWS\wmpdev.dll [2007-08-31 11:22 323584]
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
R1 nnrnstdi;nnrnstdi;C:\WINDOWS\system32\drivers\nnrnstdi.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
Contents of the 'Scheduled Tasks' folder
2007-08-27 10:58:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-01 09:04:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2006-07-12 05:24:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job - C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exe
2007-09-01 07:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
2006-05-12 20:55:09 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 10:53:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-01 10:55:28
C:\ComboFix-quarantined-files.txt ... 2007-09-01 10:55
C:\ComboFix2.txt ... 2007-08-31 22:38
--- E O F ---
This is the combofix log:
ComboFix 07-08-30.3 - "Compaq_Owner" 2007-09-01 10:49:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.72 [GMT 1:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))
2007-09-01 09:09 83,536 --a
C:\WINDOWS\system32\drivers\iksyssec.sys
2007-09-01 09:09 59,984 --a
C:\WINDOWS\system32\drivers\iksysflt.sys
2007-09-01 09:09 52,304 --a
C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-01 09:09 39,248 --a
C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-09-01 09:09 26,064 --a
C:\WINDOWS\system32\drivers\kcom.sys
2007-09-01 09:08 <DIR> d
C:\Program Files\Spyware Doctor
2007-09-01 09:08 <DIR> d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\PC Tools
2007-09-01 09:07 626,688 --a
C:\WINDOWS\system32\msvcr80.dll
2007-08-31 22:28 <DIR> d
C:\Program Files\Trend Micro
2007-08-31 22:20 51,200 --a
C:\WINDOWS\nircmd.exe
2007-08-31 15:08 323,584 --a
C:\WINDOWS\wmpdev.dll
2007-08-31 15:08 245,760 --a
C:\WINDOWS\wmphost.dll
2007-08-31 15:08 233,472 --a
C:\WINDOWS\mxduo.dll
2007-08-29 12:57 <DIR> d
C:\Program Files\SiteEntry
2007-08-14 10:55 98,304 --a
C:\WINDOWS\system32\CmdLineExt.dll
2007-08-14 08:57 <DIR> d
C:\Program Files\GameSpy Arcade
2007-08-14 08:51 <DIR> d
C:\Program Files\Sierra
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-01 10:54
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
2007-09-01 09:52
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\DMCache
2007-09-01 09:27
d
C:\Program Files\PC-Doctor 5 for Windows
2007-08-27 15:32
d
C:\Program Files\Zoom Player
2007-08-27 12:43
d
C:\Program Files\iTunes
2007-08-27 12:42
d
C:\Program Files\iPod
2007-08-14 08:51
d--h
C:\Program Files\InstallShield Installation Information
2007-08-12 20:20
d
C:\Program Files\softnyx
2007-08-03 19:55
d
C:\Program Files\BitComet
2007-08-03 15:17 359808 --a
C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-03 15:14 2560 --a
C:\WINDOWS\system32\BitCometRes.dll
2007-07-30 19:19 92504 --a
C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a
C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a
C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a
C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a
C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a
C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a
C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a
C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a
C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a
C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a
C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a
C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a
C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a
C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a
C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a
C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a
C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 12:03
d
C:\Program Files\QuickTime
2007-07-19 07:59 3583488 --a
C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 00:31 765952 --a
C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-09 00:22
d
C:\Program Files\3ivx
2007-07-07 11:26
d
C:\Program Files\GustoSoft
2007-07-07 11:18
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\DivX
2007-07-07 11:14
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Talkback
2007-07-07 11:13
d
C:\Program Files\DivX
2007-07-07 11:09
d
C:\Program Files\LEAD Technologies, Inc
2007-07-02 20:41 524288 --a
C:\WINDOWS\system32\DivXsm.exe
2007-07-02 20:41 36624
C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-02 20:41 3596288 --a
C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 20:41 2560
C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-02 20:41 2432
C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-02 20:41 200704 --a
C:\WINDOWS\system32\ssldivx.dll
2007-07-02 20:41 129784
C:\WINDOWS\system32\pxafs.dll
2007-07-02 20:41 118520
C:\WINDOWS\system32\pxinsi64.exe
2007-07-02 20:41 116472
C:\WINDOWS\system32\pxcpyi64.exe
2007-07-02 20:41 1044480 --a
C:\WINDOWS\system32\libdivx.dll
2007-07-02 20:37 823296 --a
C:\WINDOWS\system32\divx_xx0c.dll
2007-07-02 20:37 823296 --a
C:\WINDOWS\system32\divx_xx07.dll
2007-07-02 20:37 802816 --a
C:\WINDOWS\system32\divx_xx11.dll
2007-07-02 20:37 740442 --a
C:\WINDOWS\system32\DivX.dll
2007-07-02 20:37 73728 --a
C:\WINDOWS\system32\dpl100.dll
2007-07-02 20:37 593920 --a
C:\WINDOWS\system32\dpuGUI11.dll
2007-07-02 20:37 57344 --a
C:\WINDOWS\system32\dpv11.dll
2007-07-02 20:37 53248 --a
C:\WINDOWS\system32\dpuGUI10.dll
2007-07-02 20:37 344064 --a
C:\WINDOWS\system32\dpus11.dll
2007-07-02 20:37 294912 --a
C:\WINDOWS\system32\dpu11.dll
2007-07-02 20:37 294912 --a
C:\WINDOWS\system32\dpu10.dll
2007-07-02 20:37 196608 --a
C:\WINDOWS\system32\dtu100.dll
2007-07-02 20:36 124472 --a
C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-02 20:36 12288 --a
C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-02 15:07
d
C:\Program Files\Common Files\Apple
2007-07-02 15:07
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-27 15:34 823808 --a
C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a
C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496
C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224
C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a
C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264
C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --a
C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --a
C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488
C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a
C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776
C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --a
C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --a
C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a
C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --a
C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a
C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --a
C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a
C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --a
C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --a
C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --a
C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --a
C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824
C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --a
C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a
C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 07:08 1104896 --a
C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 --a
C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 14:31 282112 --a
C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 --a
C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:23 1033216 --a
C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 11:23 1033216 --a
C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a
C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-06 17:07 25576 --a
C:\WINDOWS\system32\SamsungVfWCodec.dll
2007-06-06 17:07 25576 --a
C:\WINDOWS\system32\DivXVfWCodec.dll
2007-06-06 17:06 66536 --a
C:\WINDOWS\system32\libfaac.dll
2007-06-06 17:06 443368 --a
C:\WINDOWS\system32\OpenQuicktimeLib.dll
2007-06-06 17:06 324584 --a
C:\WINDOWS\system32\3ivxVfWCodec.dll
((((((((((((((((((((((((((((( snapshot_2007-08-31_223746.71 )))))))))))))))))))))))))))))))))))))))))
----atw 16,384 2007-09-01 08:51:00 C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
----atw 16,384 2007-05-31 19:48:26 C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4CF814F-970F-405D-A42C-0CE06EB97373}]
2007-08-31 11:22 233472 --a
C:\WINDOWS\mxduo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 C:\WINDOWS\RTHDCPL.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-13 22:05]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 16:14]
"PCDrProfiler"="" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 16:17]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 20:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-09 17:30]
"RegistryMechanic"="" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
"NielsenOnline"="C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2007-01-05 17:55]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-09-01 09:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2006-11-18 00:17]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
C:\DOCUME~1\COMPAQ~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= [URL]file:///C:\WINDOWS\privacy_danger\index.htm[/URL]
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmphost"= !!2A25C512-07A7-4E1A-8C8B-5D8829EF750D} - C:\WINDOWS\wmphost.dll [2007-08-31 11:22 245760]
"wmpdev"= !!53F04414-FCF1-4756-A743-8AE5E477E48A} - C:\WINDOWS\wmpdev.dll [2007-08-31 11:22 323584]
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
R1 nnrnstdi;nnrnstdi;C:\WINDOWS\system32\drivers\nnrnstdi.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
Contents of the 'Scheduled Tasks' folder
2007-08-27 10:58:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-01 09:04:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2006-07-12 05:24:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job - C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exe
2007-09-01 07:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
2006-05-12 20:55:09 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 10:53:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-01 10:55:28
C:\ComboFix-quarantined-files.txt ... 2007-09-01 10:55
C:\ComboFix2.txt ... 2007-08-31 22:38
--- E O F ---
0
Comments
-
And here is the hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:59, on 01/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mytalktalk.net/
O2 - BHO: IDMIEHlprObj Class - !!0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - !!39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeMonitorBho Class - !!8170D7DC-BDD6-461e-88EB-F047257898C9} - blank (file missing)
O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - blank (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: BitComet Search - !!461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - !!4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &DownloadStudio - !!4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: DownloadStudio - !!7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - blank (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: !!288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: !!2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co.jp/jp/f/ActiveX/Public/nxpm.cab
O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://franvoir1.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\!!7EC6F36B-2F98-430E-AFD7-48DB53818DB1}: NameServer = 62.24.252.135 62.24.252.134
O21 - SSODL: wmphost - !!2A25C512-07A7-4E1A-8C8B-5D8829EF750D} - C:\WINDOWS\wmphost.dll
O21 - SSODL: wmpdev - !!53F04414-FCF1-4756-A743-8AE5E477E48A} - C:\WINDOWS\wmpdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O24 - Desktop Component 0: Privacy Protection - [URL]file:///C:\WINDOWS\privacy_danger\index.htm[/URL]
--
Can anyone tell me what to do next, it would be greatly appreciated0 -
I can not see what anti virus software or firewall you are running I would suggest that you install some and as otherwise all efforts will be in vain.0
-
Hi,
I agree with Reluctant_spender, cannot see an antivirus program - you do have AVG antispy which will help with Malware.
You also seem to have a P2P torrent program (Bitcomet) installed. Without any anti-virus this a big pc security risk.
I would sit tight and wait for the Hijack this experts to read your thread.
hope this helpsSee you on the dark side of the moon0 -
just reading
Ex forum ambassador
Long term forum member0 -
fix these by running hijackthis again and putting a tick against these items
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file
O2 - BHO: IeMonitorBho Class - !!8170D7DC-BDD6-461e-88EB-F047257898C9} - blank (file missing)
O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - blank (file missing)
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.ex e
O9 - Extra button: DownloadStudio - !!7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - blank (file missing)
O16 - DPF: !!2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co.jp/jp/f/ActiveX/Public/nxpm.cab
O21 - SSODL: wmphost - !!2A25C512-07A7-4E1A-8C8B-5D8829EF750D} - C:\WINDOWS\wmphost.dll
O21 - SSODL: wmpdev - !!53F04414-FCF1-4756-A743-8AE5E477E48A} - C:\WINDOWS\wmpdev.dll
O24 - Desktop Component 0: Privacy Protection - [URL="file:///C:\WINDOWS\privacy_danger\index.htm"][URL="file:///C:\WINDOWS\privacy_danger\index.htm"]file:///C:\WINDOWS\privacy_danger\[/url][/url]index.htm
then click "fix selected"Ex forum ambassador
Long term forum member0 -
download and install superantispyware
www.superantispyware.com
you want the blue button for the free version
we will use it to fix this
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
Within the Superantispyware folder at C:\Program Files\SUPERAntiSpyware is a file called bootsafe. Double click this and your computer will reboot to safe mode and the registry entry should be fixed
then reboot to normal and then run both combifix and superantispyware
then post a new combifix file and Hijackthis logEx forum ambassador
Long term forum member0 -
we will sort out a free firewall and Antivirus software afterwardsEx forum ambassador
Long term forum member0 -
Thankyou for your time. I have followed your instructions so far and this is what my second combofix log looks like:
ComboFix 07-08-30.3 - "Compaq_Owner" 2007-09-01 18:00:40.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.53 [GMT 1:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\dat.txt
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\rs.txt
((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))
2007-09-01 17:32 204,800 --a
C:\WINDOWS\mxduo.dll
2007-09-01 15:30 <DIR> d
C:\Program Files\SUPERAntiSpyware
2007-09-01 15:30 <DIR> d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-01 15:30 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-01 15:29 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2007-09-01 09:07 626,688 --a
C:\WINDOWS\system32\msvcr80.dll
2007-08-31 22:28 <DIR> d
C:\Program Files\Trend Micro
2007-08-31 22:20 51,200 --a
C:\WINDOWS\nircmd.exe
2007-08-31 15:08 323,584 --a
C:\WINDOWS\wmpdev.dll
2007-08-31 15:08 245,760 --a
C:\WINDOWS\wmphost.dll
2007-08-29 12:57 <DIR> d
C:\Program Files\SiteEntry
2007-08-14 10:55 98,304 --a
C:\WINDOWS\system32\CmdLineExt.dll
2007-08-14 08:57 <DIR> d
C:\Program Files\GameSpy Arcade
2007-08-14 08:51 <DIR> d
C:\Program Files\Sierra
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-01 18:03
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
2007-09-01 17:56
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\DMCache
2007-09-01 09:27
d
C:\Program Files\PC-Doctor 5 for Windows
2007-08-27 15:32
d
C:\Program Files\Zoom Player
2007-08-27 12:43
d
C:\Program Files\iTunes
2007-08-27 12:42
d
C:\Program Files\iPod
2007-08-14 08:51
d--h
C:\Program Files\InstallShield Installation Information
2007-08-12 20:20
d
C:\Program Files\softnyx
2007-08-03 19:55
d
C:\Program Files\BitComet
2007-08-03 15:17 359808 --a
C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-03 15:14 2560 --a
C:\WINDOWS\system32\BitCometRes.dll
2007-07-30 19:19 92504 --a
C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a
C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a
C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a
C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a
C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a
C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a
C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a
C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a
C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a
C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a
C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a
C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a
C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a
C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a
C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a
C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a
C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 12:03
d
C:\Program Files\QuickTime
2007-07-19 07:59 3583488 --a
C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 00:31 765952 --a
C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-09 00:22
d
C:\Program Files\3ivx
2007-07-07 11:26
d
C:\Program Files\GustoSoft
2007-07-07 11:18
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\DivX
2007-07-07 11:14
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Talkback
2007-07-07 11:13
d
C:\Program Files\DivX
2007-07-07 11:09
d
C:\Program Files\LEAD Technologies, Inc
2007-07-02 20:41 524288 --a
C:\WINDOWS\system32\DivXsm.exe
2007-07-02 20:41 36624
C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-02 20:41 3596288 --a
C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 20:41 2560
C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-02 20:41 2432
C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-02 20:41 200704 --a
C:\WINDOWS\system32\ssldivx.dll
2007-07-02 20:41 129784
C:\WINDOWS\system32\pxafs.dll
2007-07-02 20:41 118520
C:\WINDOWS\system32\pxinsi64.exe
2007-07-02 20:41 116472
C:\WINDOWS\system32\pxcpyi64.exe
2007-07-02 20:41 1044480 --a
C:\WINDOWS\system32\libdivx.dll
2007-07-02 20:37 823296 --a
C:\WINDOWS\system32\divx_xx0c.dll
2007-07-02 20:37 823296 --a
C:\WINDOWS\system32\divx_xx07.dll
2007-07-02 20:37 802816 --a
C:\WINDOWS\system32\divx_xx11.dll
2007-07-02 20:37 740442 --a
C:\WINDOWS\system32\DivX.dll
2007-07-02 20:37 73728 --a
C:\WINDOWS\system32\dpl100.dll
2007-07-02 20:37 593920 --a
C:\WINDOWS\system32\dpuGUI11.dll
2007-07-02 20:37 57344 --a
C:\WINDOWS\system32\dpv11.dll
2007-07-02 20:37 53248 --a
C:\WINDOWS\system32\dpuGUI10.dll
2007-07-02 20:37 344064 --a
C:\WINDOWS\system32\dpus11.dll
2007-07-02 20:37 294912 --a
C:\WINDOWS\system32\dpu11.dll
2007-07-02 20:37 294912 --a
C:\WINDOWS\system32\dpu10.dll
2007-07-02 20:37 196608 --a
C:\WINDOWS\system32\dtu100.dll
2007-07-02 20:36 124472 --a
C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-02 20:36 12288 --a
C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-02 15:07
d
C:\Program Files\Common Files\Apple
2007-07-02 15:07
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-27 15:34 823808 --a
C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a
C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496
C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224
C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a
C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264
C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --a
C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --a
C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488
C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a
C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776
C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --a
C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --a
C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a
C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --a
C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a
C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --a
C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a
C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --a
C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --a
C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --a
C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --a
C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824
C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --a
C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a
C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 07:08 1104896 --a
C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 --a
C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 14:31 282112 --a
C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 --a
C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:23 1374314 -r-hs---- C:\WINDOWS\system32\etpetx.exe
2007-06-13 11:23 1033216 --a
C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 11:23 1033216 --a
C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a
C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-06 17:07 25576 --a
C:\WINDOWS\system32\SamsungVfWCodec.dll
2007-06-06 17:07 25576 --a
C:\WINDOWS\system32\DivXVfWCodec.dll
2007-06-06 17:06 66536 --a
C:\WINDOWS\system32\libfaac.dll
2007-06-06 17:06 443368 --a
C:\WINDOWS\system32\OpenQuicktimeLib.dll
((((((((((((((((((((((((((((( snapshot_2007-08-31_223746.71 )))))))))))))))))))))))))))))))))))))))))
----a-r 29,696 2007-09-01 15:36:57 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
----a-r 18,944 2007-09-01 15:36:57 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
----a-r 65,024 2007-09-01 15:36:57 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
----atw 16,384 2007-09-01 15:34:03 C:\WINDOWS\Temp\Perflib_Perfdata_720.dat
----atw 16,384 2007-09-01 14:15:37 C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat
----atw 16,384 2007-09-01 16:19:35 C:\WINDOWS\Temp\Perflib_Perfdata_738.dat
----atw 16,384 2007-09-01 08:51:00 C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
----atw 16,384 2007-07-11 18:48:21 C:\WINDOWS\Temp\Perflib_Perfdata_720.dat
----atw 16,384 2007-08-03 14:19:50 C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat
----atw 16,384 2007-07-14 02:40:36 C:\WINDOWS\Temp\Perflib_Perfdata_738.dat
----atw 16,384 2007-05-31 19:48:26 C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4CF814F-970F-405D-A42C-0CE06EB97373}]
2007-09-01 12:25 204800 --a
C:\WINDOWS\mxduo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 C:\WINDOWS\RTHDCPL.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-13 22:05]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 16:14]
"PCDrProfiler"="" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 16:17]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 20:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-09 17:30]
"RegistryMechanic"="" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
"NielsenOnline"="C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2007-01-05 17:55]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2006-11-18 00:17]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
C:\DOCUME~1\COMPAQ~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmphost"= !!29541909-9422-4F7D-BA47-10C2DC9CE406} - C:\WINDOWS\wmphost.dll [2007-08-31 11:22 245760]
"wmpdev"= !!9160129B-0907-4A61-8471-C78B54E94331} - C:\WINDOWS\wmpdev.dll [2007-08-31 11:22 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
R1 nnrnstdi;nnrnstdi;C:\WINDOWS\system32\drivers\nnrnstdi.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
Contents of the 'Scheduled Tasks' folder
2007-08-27 10:58:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-01 17:04:08 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
2006-07-12 05:24:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job - C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exe
2007-09-01 15:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
2006-05-12 20:55:09 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 18:03:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-01 18:04:54
C:\ComboFix-quarantined-files.txt ... 2007-09-01 18:04
C:\ComboFix2.txt ... 2007-09-01 10:55
C:\ComboFix3.txt ... 2007-08-31 22:38
--- E O F ---
It looks like my registry entry was not fixed even after using bootsafe, any other suggestions on how to sort this out?0 -
did you get Superantispyware to boot into safe mode ??Ex forum ambassador
Long term forum member0 -
Download the ZIP file, extract the SafeBoot.reg file on the crippled PC and merge it into the registry by double-clicking it:
Download:
SafeBoot.zip (https)
http://blog.didierstevens.com/2007/02/19/restoring-safe-mode-with-a-reg-file/Ex forum ambassador
Long term forum member0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards