We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
My computer has been hijacked HELP REQUIRED
Comments
-
ComboFix 07-08-30.3 - "Compaq_Owner" 2007-09-01 19:50:36.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.125 [GMT 1:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\dat.txt
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\rs.txt
((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))
2007-09-01 19:30 <DIR> d
C:\Program Files\WinMerge
2007-09-01 18:43 204,800 --a
C:\WINDOWS\mxduo.dll
2007-09-01 15:30 <DIR> d
C:\Program Files\SUPERAntiSpyware
2007-09-01 15:30 <DIR> d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-01 15:30 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-01 15:29 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2007-09-01 09:07 626,688 --a
C:\WINDOWS\system32\msvcr80.dll
2007-08-31 22:28 <DIR> d
C:\Program Files\Trend Micro
2007-08-31 22:20 51,200 --a
C:\WINDOWS\nircmd.exe
2007-08-31 15:08 323,584 --a
C:\WINDOWS\wmpdev.dll
2007-08-31 15:08 245,760 --a
C:\WINDOWS\wmphost.dll
2007-08-29 12:57 <DIR> d
C:\Program Files\SiteEntry
2007-08-14 10:55 98,304 --a
C:\WINDOWS\system32\CmdLineExt.dll
2007-08-14 08:57 <DIR> d
C:\Program Files\GameSpy Arcade
2007-08-14 08:51 <DIR> d
C:\Program Files\Sierra
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-01 19:53
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
2007-09-01 17:56
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\DMCache
2007-09-01 09:27
d
C:\Program Files\PC-Doctor 5 for Windows
2007-08-27 15:32
d
C:\Program Files\Zoom Player
2007-08-27 12:43
d
C:\Program Files\iTunes
2007-08-27 12:42
d
C:\Program Files\iPod
2007-08-14 08:51
d--h
C:\Program Files\InstallShield Installation Information
2007-08-12 20:20
d
C:\Program Files\softnyx
2007-08-03 19:55
d
C:\Program Files\BitComet
2007-08-03 15:17 359808 --a
C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-03 15:14 2560 --a
C:\WINDOWS\system32\BitCometRes.dll
2007-07-30 19:19 92504 --a
C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a
C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a
C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a
C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a
C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a
C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a
C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a
C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a
C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a
C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a
C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a
C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a
C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a
C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a
C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a
C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a
C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 12:03
d
C:\Program Files\QuickTime
2007-07-19 07:59 3583488 --a
C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 00:31 765952 --a
C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-09 00:22
d
C:\Program Files\3ivx
2007-07-07 11:26
d
C:\Program Files\GustoSoft
2007-07-07 11:18
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\DivX
2007-07-07 11:14
d
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Talkback
2007-07-07 11:13
d
C:\Program Files\DivX
2007-07-07 11:09
d
C:\Program Files\LEAD Technologies, Inc
2007-07-02 20:41 524288 --a
C:\WINDOWS\system32\DivXsm.exe
2007-07-02 20:41 36624
C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-02 20:41 3596288 --a
C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 20:41 2560
C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-02 20:41 2432
C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-02 20:41 200704 --a
C:\WINDOWS\system32\ssldivx.dll
2007-07-02 20:41 129784
C:\WINDOWS\system32\pxafs.dll
2007-07-02 20:41 118520
C:\WINDOWS\system32\pxinsi64.exe
2007-07-02 20:41 116472
C:\WINDOWS\system32\pxcpyi64.exe
2007-07-02 20:41 1044480 --a
C:\WINDOWS\system32\libdivx.dll
2007-07-02 20:37 823296 --a
C:\WINDOWS\system32\divx_xx0c.dll
2007-07-02 20:37 823296 --a
C:\WINDOWS\system32\divx_xx07.dll
2007-07-02 20:37 802816 --a
C:\WINDOWS\system32\divx_xx11.dll
2007-07-02 20:37 740442 --a
C:\WINDOWS\system32\DivX.dll
2007-07-02 20:37 73728 --a
C:\WINDOWS\system32\dpl100.dll
2007-07-02 20:37 593920 --a
C:\WINDOWS\system32\dpuGUI11.dll
2007-07-02 20:37 57344 --a
C:\WINDOWS\system32\dpv11.dll
2007-07-02 20:37 53248 --a
C:\WINDOWS\system32\dpuGUI10.dll
2007-07-02 20:37 344064 --a
C:\WINDOWS\system32\dpus11.dll
2007-07-02 20:37 294912 --a
C:\WINDOWS\system32\dpu11.dll
2007-07-02 20:37 294912 --a
C:\WINDOWS\system32\dpu10.dll
2007-07-02 20:37 196608 --a
C:\WINDOWS\system32\dtu100.dll
2007-07-02 20:36 124472 --a
C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-02 20:36 12288 --a
C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-02 15:07
d
C:\Program Files\Common Files\Apple
2007-07-02 15:07
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-27 15:34 823808 --a
C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a
C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496
C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224
C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a
C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264
C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --a
C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --a
C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488
C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a
C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776
C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --a
C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --a
C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a
C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --a
C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a
C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --a
C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a
C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --a
C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --a
C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --a
C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --a
C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824
C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --a
C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a
C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 07:08 1104896 --a
C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 --a
C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 14:31 282112 --a
C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 --a
C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:23 1374314 -r-hs---- C:\WINDOWS\system32\etpetx.exe
2007-06-13 11:23 1033216 --a
C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 11:23 1033216 --a
C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a
C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-06 17:07 25576 --a
C:\WINDOWS\system32\SamsungVfWCodec.dll
2007-06-06 17:07 25576 --a
C:\WINDOWS\system32\DivXVfWCodec.dll
2007-06-06 17:06 66536 --a
C:\WINDOWS\system32\libfaac.dll
2007-06-06 17:06 443368 --a
C:\WINDOWS\system32\OpenQuicktimeLib.dll
((((((((((((((((((((((((((((( snapshot_2007-08-31_223746.71 )))))))))))))))))))))))))))))))))))))))))
----a-r 29,696 2007-09-01 15:36:57 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
----a-r 18,944 2007-09-01 15:36:57 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
----a-r 65,024 2007-09-01 15:36:57 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
----atw 16,384 2007-09-01 16:19:35 C:\WINDOWS\Temp\Perflib_Perfdata_738.dat
----atw 16,384 2007-07-14 02:40:36 C:\WINDOWS\Temp\Perflib_Perfdata_738.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4CF814F-970F-405D-A42C-0CE06EB97373}]
2007-09-01 12:25 204800 --a
C:\WINDOWS\mxduo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 C:\WINDOWS\RTHDCPL.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-13 22:05]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 16:14]
"PCDrProfiler"="" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 16:17]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 20:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-09 17:30]
"RegistryMechanic"="" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2006-11-18 00:17]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
C:\DOCUME~1\COMPAQ~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmphost"= {C3530121-A782-49E4-9073-3042F5B6E1E1} - C:\WINDOWS\wmphost.dll [2007-08-31 11:22 245760]
"wmpdev"= !!716B063C-0A5C-48A8-A5F7-653617A6BC1F} - C:\WINDOWS\wmpdev.dll [2007-08-31 11:22 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R1 nnrnstdi;nnrnstdi;C:\WINDOWS\system32\drivers\nnrnstdi.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
Contents of the 'Scheduled Tasks' folder
2007-08-27 10:58:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-01 18:04:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
2006-07-12 05:24:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job - C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exe
2007-09-01 15:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
2006-05-12 20:55:09 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 19:53:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-01 19:54:54
C:\ComboFix-quarantined-files.txt ... 2007-09-01 19:54
C:\ComboFix2.txt ... 2007-09-01 18:04
C:\ComboFix3.txt ... 2007-09-01 10:55
--- E O F ---
Wow that is the first time i have had success with registry editing, thankyou for sticking with me what is next?0 -
do another Hijackthis log for me
seems like combifix was able to finish this timeEx forum ambassador
Long term forum member0 -
Here is the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:56, on 01/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\WinMerge\WinMergeU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mytalktalk.net/
O2 - BHO: IDMIEHlprObj Class - !!0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - !!39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: BitComet Search - !!461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - !!4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &DownloadStudio - !!4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: !!288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://franvoir1.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\!!7EC6F36B-2F98-430E-AFD7-48DB53818DB1}: NameServer = 62.24.252.135 62.24.252.134
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: wmphost - {C3530121-A782-49E4-9073-3042F5B6E1E1} - C:\WINDOWS\wmphost.dll
O21 - SSODL: wmpdev - !!716B063C-0A5C-48A8-A5F7-653617A6BC1F} - C:\WINDOWS\wmpdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 12090 bytes0 -
thats looking better
I 'd like you to download and install AVG free
http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=aff
to give you antivirus software
i also want you to turn on Windows firewall until we have installed a real one
go to control Panel and then Security Centre and make sure it's onEx forum ambassador
Long term forum member0 -
than follow post 1 to 4 of
http://forums.moneysavingexpert.com/showthread.html?t=133269
it will take some time to do but will make sure everything is cleanEx forum ambassador
Long term forum member0 -
Things have taken a turn fo the worst. I went through all your steps on your sticky however i had to run ad aware out of safe mode because i could not find it in safe mode (even when i looked for the program in my computer). It only appeared in normal mode. So i went to normal mode scanned ad aware and went to bed and left my computer on. When i woke up i discover the same message i got on friday saying, an internet attack has accured even though i was not connected to the internet and this trojan which i thought i got rid of is back (Trojan.W32 Looksky) Im at my wits end please continue to help me0
-
try running superantispyware in normal mode and then AVG antivirus in safe mode
make sure you check for updates on both before running themEx forum ambassador
Long term forum member0 -
Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log.
Ex forum ambassador
Long term forum member0 -
Ok both scans took 3 long hours each, they picked up some trojans and deleted them but not the trojan that started the problem. I know the problem is going to persist on until i an get rid of this trojan.
Here is the superantispyware log:
Core Rules Database Version : 3298
Trace Rules Database Version: 1306
Scan type : Complete Scan
Total Scan Time : 03:07:44
Memory items scanned : 557
Memory threats detected : 0
Registry items scanned : 5917
Registry threats detected : 10
File items scanned : 39834
File threats detected : 15
Trojan.Net-MSV/VPS
HKLM\Software\Classes\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}
HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}
HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}
HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}\InprocServer32
HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}\InprocServer32#ThreadingModel
HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}\ProgID
HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}\Programmable
HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}\TypeLib
HKCR\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}\VersionIndependentProgID
C:\WINDOWS\MXDUO.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4CF814F-970F-405D-A42C-0CE06EB97373}
Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[2].txt
Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger
C:\Documents and Settings\Compaq_Owner\Desktop\Error Cleaner.url
C:\Documents and Settings\Compaq_Owner\Desktop\Privacy Protector.url
C:\Documents and Settings\Compaq_Owner\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Compaq_Owner\Favorites\Error Cleaner.url
C:\Documents and Settings\Compaq_Owner\Favorites\Privacy Protector.url
C:\Documents and Settings\Compaq_Owner\Favorites\Spyware&Malware Protection.url
And also the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:06, on 02/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mytalktalk.net/
O2 - BHO: IDMIEHlprObj Class - !!0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - !!39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: BitComet Search - !!461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - !!4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &DownloadStudio - !!4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: !!288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://franvoir1.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\!!7EC6F36B-2F98-430E-AFD7-48DB53818DB1}: NameServer = 62.24.252.134 62.24.252.135
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: wmphost - {BA186615-82C5-45F5-8832-693841534231} - C:\WINDOWS\wmphost.dll
O21 - SSODL: wmpdev - !!19994AFE-EAF8-4127-A597-13FDDBA47771} - C:\WINDOWS\wmpdev.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 13484 bytes
There it is, i would just like to say again thankyou for your continual help.0 -
run hijackthis and fix these
O21 - SSODL: wmphost - {BA186615-82C5-45F5-8832-693841534231} - C:\WINDOWS\wmphost.dll
O21 - SSODL: wmpdev - !!19994AFE-EAF8-4127-A597-13FDDBA47771} - C:\WINDOWS\wmpdev.dll
Download SmitfraudFix.exe from here and save it to your desktop
SmitFraudFix.exe
The icon will look like the one below:
Next, please reboot your computer into Safe mode again, navigate to these files folders and delete them if you find them
C:\WINDOWS\privacy_danger (Delete the entire folder if found)
C:\WINDOWS\wmpdev.dll
C:\WINDOWS\wmphost.dll
C:\WINDOWS\mxduo.dll
Close all open Windows.
Now, double-click on the SmitFraudfix icon that should be residing on your desktop.The icon will look like the one below:
When the tool first starts you will see a credits screen, press any key to go to the next screen
Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).
The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program as shown by the image below.
When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key.
When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. Hit the spacebar and allow the PC to reboot
Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer, please cut and paste that back on here
this is partially sourced from here
http://www.bleepingcomputer.com/forums/topic17258.htmlEx forum ambassador
Long term forum member0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.4K Banking & Borrowing
- 253.3K Reduce Debt & Boost Income
- 453.8K Spending & Discounts
- 244.4K Work, Benefits & Business
- 599.6K Mortgages, Homes & Bills
- 177.1K Life & Family
- 257.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards