Jasonm

Thanks for the link, i'll give it a try but will check back here as well to see if the situation updates..

Thanks god for that.....lol I have used the site before and the response was fantastic so didn't want to rock the boat. I will do the above mentioned apps and report back ( may be a few days as i will have to go to the brother in laws to sort it out for him. ) Thanks again

Hello Beeceebee. Thanks for the quick reply, sorry if i have breached any rules with the log, would you like me to edit the post and remove it...? I will do the steps you have provided and get back with an update... Once again i would like to apologise and also thankyou for the reply...

Hello all. I recently recieved a call from my brother in law asking if i could look at his laptop, it had no AV running or any other protection at all, it had spyware infected on the desktop and probably a whole lot more. I installed Eset Nod32, scanned and it found and fixed 8 problems, i then installed and ran Malwarebytes Anti-Malware, this found 4 problems, one of them being the desktop hijacker. Could someone have a look at his Hijackthis log and see if there is anything else i need to do please... Thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:49:07, on 03/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\STDSB.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\3\3Connect\AutoUpdateSrv.exe C:\Documents and Settings\Ellis\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing) O2 - BHO: (no name) - {0846276E-4539-F77E-477A-1EF23204BFBA} - (no file) O2 - BHO: (no name) - {0A1C8A5D-9929-2FC4-9A72-0FFCEC2D7347} - (no file) O2 - BHO: (no name) - {0E368392-AD4F-5461-2A9A-288167712596} - (no file) O2 - BHO: (no name) - {16B05DC6-B860-235A-E7C1-ABDA898678EE} - (no file) O2 - BHO: (no name) - {1EB9A5C3-8BE0-1184-BF52-28550086EC10} - (no file) O2 - BHO: (no name) - {1FA74F44-BE14-6F79-094E-4760D87A1B13} - (no file) O2 - BHO: (no name) - {209F8E8B-6292-6C42-3CE2-9DCDECC213E7} - (no file) O2 - BHO: (no name) - {2B7E95AD-F49A-B2B2-7702-10D4ABFF9B32} - (no file) O2 - BHO: (no name) - {3D2ACA16-3F1C-BF97-6524-0F7072E1E895} - (no file) O2 - BHO: (no name) - {46034628-821C-05B4-C227-B5A0FC40FCAF} - (no file) O2 - BHO: (no name) - {53C401D0-C173-7E8D-D257-350927DE1763} - (no file) O2 - BHO: (no name) - {570A9ABC-3DEC-8AF2-66E8-9567944E201C} - (no file) O2 - BHO: (no name) - {595E7E6F-2779-C942-CAB8-55911996604D} - (no file) O2 - BHO: (no name) - {66BE36B4-FD1C-B850-4827-ECA932D53C44} - (no file) O2 - BHO: (no name) - {68454196-47E8-C18D-A500-7C44E2066D18} - (no file) O2 - BHO: (no name) - {783B9D22-B9F2-EDFC-3D2B-4F6A3D1BCF1B} - (no file) O2 - BHO: (no name) - {7A97DD77-2070-7617-3461-0E4D0FF7624D} - (no file) O2 - BHO: (no name) - {81BC3EBA-35E5-E622-0BAD-7095B849C484} - (no file) O2 - BHO: (no name) - {88B9E4D2-1DFD-E365-CABB-E7124F455F33} - (no file) O2 - BHO: (no name) - {9291DF23-029D-DC8D-B7E6-64BEFF3F25AF} - (no file) O2 - BHO: (no name) - {97AB2DB6-2797-5E66-F69B-1C10B62342C2} - (no file) O2 - BHO: (no name) - {9B936827-936D-A301-874F-BB34B7DB33C5} - (no file) O2 - BHO: (no name) - {A7965648-2D3D-951F-7592-B85CE722DB02} - (no file) O2 - BHO: (no name) - {A927D1F4-E735-581F-E8AF-CE5C50848FE7} - (no file) O2 - BHO: (no name) - {A98BEA99-7B4B-FA3E-03F1-10C3D1AE7212} - (no file) O2 - BHO: (no name) - {B8830155-DABD-263E-9DB0-B251233F575C} - (no file) O2 - BHO: Class - {B9B28B37-0877-7E49-286C-63D980817566} - C:\WINDOWS\ipox.dll (file missing) O2 - BHO: (no name) - {BAC8C44D-2112-AF01-7896-5BA9C152A8BC} - (no file) O2 - BHO: (no name) - {C7E432B3-827D-F05D-1512-2D9B010AAF54} - (no file) O2 - BHO: (no name) - {CC67ADD3-8236-844B-5732-907E26BCF629} - (no file) O2 - BHO: (no name) - {D6F96C8F-4512-A517-5DA8-FB1C35C3D1C0} - (no file) O2 - BHO: (no name) - {E570DCA4-C521-2B7F-EB9D-E2F8DD25DF6B} - (no file) O2 - BHO: (no name) - {E92EFA08-05B6-5902-325B-EF61C5EC29A7} - (no file) O2 - BHO: (no name) - {EA196353-618C-D58B-907A-4C6567ABB42B} - (no file) O2 - BHO: (no name) - {F6F49380-F6BB-3D04-920B-C960D86C67BC} - (no file) O2 - BHO: (no name) - {FF756452-2FA2-7C43-6CAF-070E594D543C} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [sTDSB] C:\WINDOWS\System32\STDSB.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user') O4 - Global Startup: Update Agent.lnk = ? O8 - Extra context menu item: Wanadoo Search - http://file://C:\Program Files\WANADOO1\Cache\SelectedContextSearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- End of file - 7563 bytes

Hi Seth... I think they also monopolise the market due to their associations with the major PC suppliers, and lets face it majority of the pc user networks skills are below par, those with a bit of know how are in the vast minority.... So most people will believe what these major stores tell them.. As for Honda.... I couldn't agree more...:D

Had NOD on the system since last night and so far i am impressed. It does not consume the resourses that my previous 2 Anti-Viruses software did, making it a lot quicker on start up. The interface is really easy to use and from what i can see the spam filter lets you choose before making its own mind up... So far i have to say i'm impressed (ps..after a scan, nothing was found unwanting on my pc so i am also happy with that )

I certainly will.... Thanks

Already had it on my desktop..but thanks...;)

Thanks for your help Wolfey... I look forwrd to seeing what NOD32 can do....

Is that a trick question.....:D:D I am in the process of purchasing ESET NOD32, seems to be one of the better ones out there

I use Mcafee. thanks for the link i will have a look..

I'm pretty secure when it comes to malware spyware etc, always have been, i use Ad aware - Spybot CW shredder to name a few and my antivirus runs a scan nightly and is all up to date...;) I run regular checks......

I agree... I could kick myself, but this is what happens when we give into temptation..:( I wanted to jazz the desktop up a bit and to be honest i generally shy away from programs like this.. Correction..I am kicking myself....

there's nothing in add remove for it, will i have to delete the partition it was put on..?

Will that delete the files i added or just delete it from startup..?

Hello Wolfeymole. thankyou for the reply and i do agree about the trash.... Here's what it say's... [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0 [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

Hello all..first post here so please be gentle....:) My current OS is XP Home Edition and i was given a copy of XP Awesome to try out. During installation i didn't delete any partition and just installed it alongside the home edition. On boot up i get the option to go to either XP Awesome or my original Home OS. Ican access both but i now want to remove the Awesome files and stay with my original Home edition. I have been searching all day for ways to remove it and can't find nothing. Could anyone point me in the right direction....? Regards Jason