KVG.exe

Double check the properties of the below smss.exe file to make sure it belongs to Microsoft. This is not normally the location that Microsoft would have this running from. It should be in the system32 folder.
C:\xphome\smss.exe

For now, I'm going to work under the assumption that the above file is bad.

Did you install the below keylogger? If not, add it to the below list of things to fix with HJT and also delete the file later in safe mode.
O2 - BHO: - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\xphome\system32\ib6.dll

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\xphome\smss.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKCU\..\Run: [klop] C:\xphome\KVG.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\xphome\KVG.exe

To be safe, we will only rename the below file instead of deleting it.
Right click on C:\xphome\smss.exe and select Rename. Change the name to smss.xxx

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Is there also an smss.exe in the c:\xphome\system32 folder?

So are all you malware issues gone?

 

I guess when you said:

You must not have been talking about this forum!

 

Okay! And for now leave the smss.exe in the c:\windows folder renamed. It is will probably be okay to delete it since you do have the correct one in system32, but just wait a couple days to make sure you do not run into any problems.

Well no that you know which forum to come to for answers , continue on to the below to help keep you clean:

How to Protect yourself from malware!