📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

My computer has been hijacked HELP REQUIRED

Options
2

Comments

  • Luffy321
    Luffy321 Posts: 257 Forumite
    Part of the Furniture Combo Breaker
    ComboFix 07-08-30.3 - "Compaq_Owner" 2007-09-01 19:50:36.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.125 [GMT 1:00]

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\dat.txt
    C:\WINDOWS\main_uninstaller.exe
    C:\WINDOWS\rs.txt

    ((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))

    2007-09-01 19:30 <DIR> d
    C:\Program Files\WinMerge
    2007-09-01 18:43 204,800 --a
    C:\WINDOWS\mxduo.dll
    2007-09-01 15:30 <DIR> d
    C:\Program Files\SUPERAntiSpyware
    2007-09-01 15:30 <DIR> d
    C:\DOCUME~1\COMPAQ~1\APPLIC~1\SUPERAntiSpyware.com
    2007-09-01 15:30 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-09-01 15:29 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-01 09:07 626,688 --a
    C:\WINDOWS\system32\msvcr80.dll
    2007-08-31 22:28 <DIR> d
    C:\Program Files\Trend Micro
    2007-08-31 22:20 51,200 --a
    C:\WINDOWS\nircmd.exe
    2007-08-31 15:08 323,584 --a
    C:\WINDOWS\wmpdev.dll
    2007-08-31 15:08 245,760 --a
    C:\WINDOWS\wmphost.dll
    2007-08-29 12:57 <DIR> d
    C:\Program Files\SiteEntry
    2007-08-14 10:55 98,304 --a
    C:\WINDOWS\system32\CmdLineExt.dll
    2007-08-14 08:57 <DIR> d
    C:\Program Files\GameSpy Arcade
    2007-08-14 08:51 <DIR> d
    C:\Program Files\Sierra

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    2007-09-01 19:53
    d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
    2007-09-01 17:56
    d
    C:\DOCUME~1\COMPAQ~1\APPLIC~1\DMCache
    2007-09-01 09:27
    d
    C:\Program Files\PC-Doctor 5 for Windows
    2007-08-27 15:32
    d
    C:\Program Files\Zoom Player
    2007-08-27 12:43
    d
    C:\Program Files\iTunes
    2007-08-27 12:42
    d
    C:\Program Files\iPod
    2007-08-14 08:51
    d--h
    C:\Program Files\InstallShield Installation Information
    2007-08-12 20:20
    d
    C:\Program Files\softnyx
    2007-08-03 19:55
    d
    C:\Program Files\BitComet
    2007-08-03 15:17 359808 --a
    C:\WINDOWS\system32\drivers\tcpip.sys
    2007-08-03 15:14 2560 --a
    C:\WINDOWS\system32\BitCometRes.dll
    2007-07-30 19:19 92504 --a
    C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 19:19 92504 --a
    C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a
    C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 549720 --a
    C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 19:19 53080 --a
    C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 53080 --a
    C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 19:19 43352 --a
    C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a
    C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 325976 --a
    C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 19:19 271224 --a
    C:\WINDOWS\system32\mucltui.dll
    2007-07-30 19:19 207736 --a
    C:\WINDOWS\system32\muweb.dll
    2007-07-30 19:19 203096 --a
    C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 203096 --a
    C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 19:19 1712984 --a
    C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:19 1712984 --a
    C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 19:18 33624 --a
    C:\WINDOWS\system32\wups.dll
    2007-07-30 19:18 33624 --a
    C:\WINDOWS\system32\dllcache\wups.dll
    2007-07-30 12:03
    d
    C:\Program Files\QuickTime
    2007-07-19 07:59 3583488 --a
    C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-07-13 00:31 765952 --a
    C:\WINDOWS\system32\dllcache\vgx.dll
    2007-07-09 00:22
    d
    C:\Program Files\3ivx
    2007-07-07 11:26
    d
    C:\Program Files\GustoSoft
    2007-07-07 11:18
    d
    C:\DOCUME~1\COMPAQ~1\APPLIC~1\DivX
    2007-07-07 11:14
    d
    C:\DOCUME~1\COMPAQ~1\APPLIC~1\Talkback
    2007-07-07 11:13
    d
    C:\Program Files\DivX
    2007-07-07 11:09
    d
    C:\Program Files\LEAD Technologies, Inc
    2007-07-02 20:41 524288 --a
    C:\WINDOWS\system32\DivXsm.exe
    2007-07-02 20:41 36624
    C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-07-02 20:41 3596288 --a
    C:\WINDOWS\system32\qt-dx331.dll
    2007-07-02 20:41 2560
    C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-07-02 20:41 2432
    C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-07-02 20:41 200704 --a
    C:\WINDOWS\system32\ssldivx.dll
    2007-07-02 20:41 129784
    C:\WINDOWS\system32\pxafs.dll
    2007-07-02 20:41 118520
    C:\WINDOWS\system32\pxinsi64.exe
    2007-07-02 20:41 116472
    C:\WINDOWS\system32\pxcpyi64.exe
    2007-07-02 20:41 1044480 --a
    C:\WINDOWS\system32\libdivx.dll
    2007-07-02 20:37 823296 --a
    C:\WINDOWS\system32\divx_xx0c.dll
    2007-07-02 20:37 823296 --a
    C:\WINDOWS\system32\divx_xx07.dll
    2007-07-02 20:37 802816 --a
    C:\WINDOWS\system32\divx_xx11.dll
    2007-07-02 20:37 740442 --a
    C:\WINDOWS\system32\DivX.dll
    2007-07-02 20:37 73728 --a
    C:\WINDOWS\system32\dpl100.dll
    2007-07-02 20:37 593920 --a
    C:\WINDOWS\system32\dpuGUI11.dll
    2007-07-02 20:37 57344 --a
    C:\WINDOWS\system32\dpv11.dll
    2007-07-02 20:37 53248 --a
    C:\WINDOWS\system32\dpuGUI10.dll
    2007-07-02 20:37 344064 --a
    C:\WINDOWS\system32\dpus11.dll
    2007-07-02 20:37 294912 --a
    C:\WINDOWS\system32\dpu11.dll
    2007-07-02 20:37 294912 --a
    C:\WINDOWS\system32\dpu10.dll
    2007-07-02 20:37 196608 --a
    C:\WINDOWS\system32\dtu100.dll
    2007-07-02 20:36 124472 --a
    C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-07-02 20:36 12288 --a
    C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-07-02 15:07
    d
    C:\Program Files\Common Files\Apple
    2007-07-02 15:07
    d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-06-27 15:34 823808 --a
    C:\WINDOWS\system32\dllcache\wininet.dll
    2007-06-27 15:34 671232 --a
    C:\WINDOWS\system32\dllcache\mstime.dll
    2007-06-27 15:34 6058496
    C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-06-27 15:34 52224
    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-06-27 15:34 477696 --a
    C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-06-27 15:34 459264
    C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-06-27 15:34 44544 --a
    C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-06-27 15:34 384512 --a
    C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-06-27 15:34 383488
    C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-06-27 15:34 27648 --a
    C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-06-27 15:34 267776
    C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-06-27 15:34 232960 --a
    C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-06-27 15:34 230400 --a
    C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-06-27 15:34 193024 --a
    C:\WINDOWS\system32\dllcache\msrating.dll
    2007-06-27 15:34 153088 --a
    C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-06-27 15:34 132608 --a
    C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-06-27 15:34 124928 --a
    C:\WINDOWS\system32\dllcache\advpack.dll
    2007-06-27 15:34 1152000 --a
    C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-06-27 15:34 105984 --a
    C:\WINDOWS\system32\dllcache\url.dll
    2007-06-27 15:34 102400 --a
    C:\WINDOWS\system32\dllcache\occache.dll
    2007-06-27 09:27 63488 --a
    C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-06-27 09:27 625152 --a
    C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-06-27 09:27 13824
    C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-06-27 08:00 161792 --a
    C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-06-26 22:10 317440 --a
    C:\WINDOWS\system32\dllcache\unregmp2.exe
    2007-06-26 07:08 1104896 --a
    C:\WINDOWS\system32\msxml3.dll
    2007-06-26 07:08 1104896 --a
    C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-06-19 14:31 282112 --a
    C:\WINDOWS\system32\gdi32.dll
    2007-06-19 14:31 282112 --a
    C:\WINDOWS\system32\dllcache\gdi32.dll
    2007-06-13 11:23 1374314 -r-hs---- C:\WINDOWS\system32\etpetx.exe
    2007-06-13 11:23 1033216 --a
    C:\WINDOWS\system32\dllcache\explorer.exe
    2007-06-13 11:23 1033216 --a
    C:\WINDOWS\explorer.exe
    2007-06-11 23:51 10834944 --a
    C:\WINDOWS\system32\dllcache\wmp.dll
    2007-06-06 17:07 25576 --a
    C:\WINDOWS\system32\SamsungVfWCodec.dll
    2007-06-06 17:07 25576 --a
    C:\WINDOWS\system32\DivXVfWCodec.dll
    2007-06-06 17:06 66536 --a
    C:\WINDOWS\system32\libfaac.dll
    2007-06-06 17:06 443368 --a
    C:\WINDOWS\system32\OpenQuicktimeLib.dll

    ((((((((((((((((((((((((((((( snapshot_2007-08-31_223746.71 )))))))))))))))))))))))))))))))))))))))))
    ----a-r 29,696 2007-09-01 15:36:57 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
    ----a-r 18,944 2007-09-01 15:36:57 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    ----a-r 65,024 2007-09-01 15:36:57 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    ----atw 16,384 2007-09-01 16:19:35 C:\WINDOWS\Temp\Perflib_Perfdata_738.dat
    ----atw 16,384 2007-07-14 02:40:36 C:\WINDOWS\Temp\Perflib_Perfdata_738.dat
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4CF814F-970F-405D-A42C-0CE06EB97373}]
    2007-09-01 12:25 204800 --a
    C:\WINDOWS\mxduo.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 C:\WINDOWS\RTHDCPL.EXE]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-13 22:05]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 16:14]
    "PCDrProfiler"="" []
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 16:17]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 20:23]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-09 17:30]
    "RegistryMechanic"="" []
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
    "4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2006-11-18 00:17]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
    C:\DOCUME~1\COMPAQ~1\STARTM~1\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "wmphost"= {C3530121-A782-49E4-9073-3042F5B6E1E1} - C:\WINDOWS\wmphost.dll [2007-08-31 11:22 245760]
    "wmpdev"= !!716B063C-0A5C-48A8-A5F7-653617A6BC1F} - C:\WINDOWS\wmpdev.dll [2007-08-31 11:22 323584]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    R1 nnrnstdi;nnrnstdi;C:\WINDOWS\system32\drivers\nnrnstdi.sys
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys

    Contents of the 'Scheduled Tasks' folder
    2007-08-27 10:58:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    2007-09-01 18:04:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    2006-07-12 05:24:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job - C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exe
    2007-09-01 15:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
    2006-05-12 20:55:09 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    **************************************************************************
    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-01 19:53:47
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    Completion time: 2007-09-01 19:54:54
    C:\ComboFix-quarantined-files.txt ... 2007-09-01 19:54
    C:\ComboFix2.txt ... 2007-09-01 18:04
    C:\ComboFix3.txt ... 2007-09-01 10:55
    --- E O F ---
    Wow that is the first time i have had success with registry editing, thankyou for sticking with me what is next?
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    do another Hijackthis log for me

    seems like combifix was able to finish this time
    Ex forum ambassador

    Long term forum member
  • Luffy321
    Luffy321 Posts: 257 Forumite
    Part of the Furniture Combo Breaker
    Here is the hijackthis log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:32:56, on 01/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\WinMerge\WinMergeU.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mytalktalk.net/
    O2 - BHO: IDMIEHlprObj Class - !!0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - !!39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
    O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
    O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
    O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
    O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
    O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: BitComet Search - !!461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: (no name) - !!4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &DownloadStudio - !!4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
    O16 - DPF: !!288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
    O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://franvoir1.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
    O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\!!7EC6F36B-2F98-430E-AFD7-48DB53818DB1}: NameServer = 62.24.252.135 62.24.252.134
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: wmphost - {C3530121-A782-49E4-9073-3042F5B6E1E1} - C:\WINDOWS\wmphost.dll
    O21 - SSODL: wmpdev - !!716B063C-0A5C-48A8-A5F7-653617A6BC1F} - C:\WINDOWS\wmpdev.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    --
    End of file - 12090 bytes
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    thats looking better

    I 'd like you to download and install AVG free

    http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=aff

    to give you antivirus software

    i also want you to turn on Windows firewall until we have installed a real one

    go to control Panel and then Security Centre and make sure it's on
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    than follow post 1 to 4 of

    http://forums.moneysavingexpert.com/showthread.html?t=133269

    it will take some time to do but will make sure everything is clean
    Ex forum ambassador

    Long term forum member
  • Things have taken a turn fo the worst. I went through all your steps on your sticky however i had to run ad aware out of safe mode because i could not find it in safe mode (even when i looked for the program in my computer). It only appeared in normal mode. So i went to normal mode scanned ad aware and went to bed and left my computer on. When i woke up i discover the same message i got on friday saying, an internet attack has accured even though i was not connected to the internet and this trojan which i thought i got rid of is back (Trojan.W32 Looksky) Im at my wits end please continue to help me
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    try running superantispyware in normal mode and then AVG antivirus in safe mode

    make sure you check for updates on both before running them
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Obtain the SuperAntiSpyware log as follows:

    Click on 'Preferences'.

    Click on the 'Statistics/Logs' tab.

    Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.

    It will then open in your default text editor,such as Notepad.

    Copy and paste the contents of that report into your next reply.

    Also post a new Hijackthis log.


    Ex forum ambassador

    Long term forum member
  • Luffy321
    Luffy321 Posts: 257 Forumite
    Part of the Furniture Combo Breaker
    Ok both scans took 3 long hours each, they picked up some trojans and deleted them but not the trojan that started the problem. I know the problem is going to persist on until i an get rid of this trojan.

    Here is the superantispyware log:
    Core Rules Database Version : 3298
    Trace Rules Database Version: 1306
    Scan type : Complete Scan
    Total Scan Time : 03:07:44
    Memory items scanned : 557
    Memory threats detected : 0
    Registry items scanned : 5917
    Registry threats detected : 10
    File items scanned : 39834
    File threats detected : 15
    Trojan.Net-MSV/VPS
    HKLM\Software\Classes\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}
    HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}
    HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}
    HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}\InprocServer32
    HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}\InprocServer32#ThreadingModel
    HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}\ProgID
    HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}\Programmable
    HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}\TypeLib
    HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}\VersionIndependentProgID
    C:\WINDOWS\MXDUO.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4CF814F-970F-405D-A42C-0CE06EB97373}
    Adware.Tracking Cookie
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[2].txt
    Desktop Hijacker.AboutYourPrivacy
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\images
    C:\WINDOWS\privacy_danger\index.htm
    C:\WINDOWS\privacy_danger
    C:\Documents and Settings\Compaq_Owner\Desktop\Error Cleaner.url
    C:\Documents and Settings\Compaq_Owner\Desktop\Privacy Protector.url
    C:\Documents and Settings\Compaq_Owner\Desktop\Spyware&Malware Protection.url
    C:\Documents and Settings\Compaq_Owner\Favorites\Error Cleaner.url
    C:\Documents and Settings\Compaq_Owner\Favorites\Privacy Protector.url
    C:\Documents and Settings\Compaq_Owner\Favorites\Spyware&Malware Protection.url

    And also the hijackthis log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:01:06, on 02/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\HP\KBD\KBD.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mytalktalk.net/
    O2 - BHO: IDMIEHlprObj Class - !!0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - !!39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
    O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
    O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
    O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
    O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
    O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: BitComet Search - !!461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: (no name) - !!4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &DownloadStudio - !!4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
    O16 - DPF: !!288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
    O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://franvoir1.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
    O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\!!7EC6F36B-2F98-430E-AFD7-48DB53818DB1}: NameServer = 62.24.252.134 62.24.252.135
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: wmphost - {BA186615-82C5-45F5-8832-693841534231} - C:\WINDOWS\wmphost.dll
    O21 - SSODL: wmpdev - !!19994AFE-EAF8-4127-A597-13FDDBA47771} - C:\WINDOWS\wmpdev.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    --
    End of file - 13484 bytes

    There it is, i would just like to say again thankyou for your continual help.
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    run hijackthis and fix these

    O21 - SSODL: wmphost - {BA186615-82C5-45F5-8832-693841534231} - C:\WINDOWS\wmphost.dll
    O21 - SSODL: wmpdev - !!19994AFE-EAF8-4127-A597-13FDDBA47771} - C:\WINDOWS\wmpdev.dll



    Download SmitfraudFix.exe from here and save it to your desktop

    SmitFraudFix.exe
    The icon will look like the one below:


    sff-icon.gif

    Next, please reboot your computer into Safe mode again, navigate to these files folders and delete them if you find them

    C:\WINDOWS\privacy_danger (Delete the entire folder if found)
    C:\WINDOWS\wmpdev.dll
    C:\WINDOWS\wmphost.dll
    C:\WINDOWS\mxduo.dll

    Close all open Windows.

    Now, double-click on the SmitFraudfix icon that should be residing on your desktop.The icon will look like the one below:


    sff-icon.gif

    When the tool first starts you will see a credits screen, press any key to go to the next screen

    Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).

    The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program as shown by the image below.



    dc.jpg

    When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key.

    When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. Hit the spacebar and allow the PC to reboot


    Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer, please cut and paste that back on here

    this is partially sourced from here

    http://www.bleepingcomputer.com/forums/topic17258.html
    Ex forum ambassador

    Long term forum member
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.