We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help with removing Win32: Rootkit-gen (RtK)
Comments
-
aliEnRIK,
Combofix log above. Has it got the win32 virus or is there more to do ?
In Hijackthis I removed the items as you suggested.
I have already used the AVG removal tool, as remove programmes/unistall wouldnt work. Do I need to do this again or have we got the remaining bits via hijackthis and combofix ?
Closed,
Yes, I have installed cleanmem. have switched on mini-monitor, currently showing:
memory used: 230MB
memory totalL 479MB
commit charge: 325MB
Ive uninstalled spybot and asshampoo as suggested, and your suggestions from the hijackthis log.
I dont use IE, only firefox, but have made the change you suggested.
Is it ok to disable google updates ? doesnt this make sure you get security updates ?
Id already disabled the Kaseya agent, but cannot find the adobe files you mentioned ? where are they in misconfig ?
Thanks for all your help guys. Is there anything else I need to do now ?Proud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0 -
As per post #11:idea:0
-
ComboFix 11-03-18.05 - shelley 19/03/2011 16:31:10.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.480.227 [GMT 0:00]
Running from: C:\ComboFix.exe
Command switches used :: c:\documents and settings\shelley\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\CF25356.exe"
"c:\windows\system32\CF25363.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\CF25356.exe
c:\windows\system32\CF25363.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-19 to 2011-03-19 )))))))))))))))))))))))))))))))
.
.
2011-03-19 12:42 . 2011-03-19 12:42
dc----w- c:\documents and settings\shelley\Local Settings\Application Data\Yahoo!
2011-03-18 15:59 . 2011-03-15 21:19 61440 -c--a-w- c:\windows\system32\CleanMem.exe
2011-03-18 15:59 . 2008-09-19 17:37 121856 -c--a-w- c:\windows\system32\schtasks.exe
2011-03-18 15:59 . 2011-03-18 15:59
d
w- c:\program files\CleanMem
2011-03-18 15:59 . 2011-03-18 15:59
dc----w- c:\windows\CleanMem
2011-03-18 15:29 . 2011-02-23 14:54 19544 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-18 15:29 . 2011-02-23 14:56 301528 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-18 15:29 . 2011-02-23 14:55 25432 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-18 15:29 . 2011-02-23 14:56 371544 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-18 15:29 . 2011-02-23 14:55 49240 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-18 15:29 . 2011-02-23 14:55 102232 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-18 15:29 . 2011-02-23 14:55 96344 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-18 15:29 . 2011-02-23 14:54 30680 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-18 15:29 . 2011-02-23 15:04 40648 -c--a-w- c:\windows\avastSS.scr
2011-03-18 15:29 . 2011-02-23 15:04 190016 -c--a-w- c:\windows\system32\aswBoot.exe
2011-03-18 15:28 . 2011-03-18 15:28
dc----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-18 15:28 . 2011-03-18 15:28
d
w- c:\program files\AVAST Software
2011-03-18 14:53 . 2011-03-18 14:53
dc----w- c:\windows\Internet Logs
2011-03-18 08:57 . 2011-03-18 08:57
d
w- c:\program files\CCleaner
2011-03-18 08:24 . 2011-03-18 08:24 388096 -c--a-r- c:\documents and settings\shelley\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-18 08:24 . 2011-03-18 08:24
d
w- c:\program files\Trend Micro
2011-03-17 23:27 . 2011-03-17 23:27
dc----w- C:\iTunes
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-19 16:27 . 2009-01-07 18:53 4291126 -c--a-r- C:\ComboFix.exe
2011-02-09 13:53 . 2003-11-05 08:31 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-11-05 08:31 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2003-11-05 09:53 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2003-11-05 09:53 677888 -c--a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2003-11-05 08:31 439296 -c--a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-11-05 08:30 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2003-11-05 08:31 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2005-06-17 22:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2003-11-05 08:31 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2003-11-05 08:31 1469440 -c--a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 18:09 . 2008-12-14 14:23 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2008-12-14 14:24 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2003-11-05 08:31 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 05:59 385024 -c--a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-08-14 90112]
"LgWDskTp"="c:\program files\Wireless Desktop\LgWDskTp.exe" [2003-10-29 65536]
"Logitech Utility"="Logi_MwX.Exe" [2003-07-22 19968]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"Drag'n Drop CD+DVD"="c:\program files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" [2003-08-08 1175552]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Kaseya Agent Service Helper"="c:\program files\Kaseya\Agent\KaUsrTsk.exe" [2008-09-04 229376]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\shelley\Start Menu\Programs\Startup\
Click to DVD Automatic Mode Launcher.lnk - c:\program files\Sony\click to dvd\ctdatsvr.exe [2004-8-16 81920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Timer Recording Manager.lnk
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 15:51 177440 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 17:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebClient"=2 (0x2)
"SSDPSRV"=3 (0x3)
"KaseyaAgent"=2 (0x2)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\giga pocket\\gps.exe"=
"c:\\Temp\\kf56686.exe"=
"c:\\Temp\\KRlyCCon.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18/03/2011 15:29 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18/03/2011 15:29 301528]
R1 feed;feed;c:\windows\system32\feed.sys [12/10/2010 17:38 75264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18/03/2011 15:29 19544]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [04/11/2003 08:21 175744]
S0 b8d0259f6878b520e949562f9fcb3273;b8d0259f6878b520e949562f9fcb3273;c:\windows\system32\b8d0259f6878b520e949562f9fcb3273.sys --> c:\windows\system32\b8d0259f6878b520e949562f9fcb3273.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [05/11/2003 08:31 14336]
S3 SMSCMS;SMSC LPC Memory Stick Host Controller;c:\windows\system32\drivers\SMSCMS.SYS [04/11/2003 08:44 58112]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25/01/2010 18:45 135664]
S4 KaseyaAgent;Kaseya Agent;c:\program files\Kaseya\Agent\AgentMon.exe [07/01/2009 18:13 610304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2011-03-19 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2011-03-18 21:19]
.
2011-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 18:45]
.
2011-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 18:45]
.
.
Supplementary Scan
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm143YYGB&fl=0&ptb=u.vKSz5OumWpKu2LQLktHQ&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\shelley\Application Data\Mozilla\Firefox\Profiles\8yh1nc8x.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d29d7c4&v=6.011.025.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: XHTML Mobile Profile: {8ea9957e-2953-402f-80e0-bceb5f169d6f} - %profile%\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
FF - Ext: EWOQ Mobile Setup extension: {f035aa18-ee32-4e6e-81d2-57e32867f8a7} - %profile%\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}
FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-19 16:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-03-19 16:44:42
ComboFix-quarantined-files.txt 2011-03-19 16:44
ComboFix2.txt 2011-03-19 15:57
ComboFix3.txt 2009-01-16 21:57
ComboFix4.txt 2009-01-07 19:12
.
Pre-Run: 14,086,123,520 bytes free
Post-Run: 14,087,413,760 bytes free
.
- - End Of File - - AFE562B0487380D5E490DC4EDABC1D37Proud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0 -
Hi aliEnRIK
new log posted. not sure which bit you didnt need so posted it all, lol
Thanks for your help with thisProud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0 -
Id recommend one last (very long) scan
Download and run the FREE version of DR WEB
https://www.freedrweb.com/download+cureit+free/?lng=en
Turn your anti virus OFF
Click CANCEL to its first question (Unless your happy to lock windows until its run)
Click NO to opening the purchase page
Click START
click YES
It will auto QUICK scan
Pess the STOP button on the right (Unless your happy to quick scan first)
After that set to COMPLETE SCAN the computer and press the 'play' icon
This will more than likely take hours (12 is average!), so leave running overnight or whatever
***DO NOT UPGRADE TO FULL VERSION***:idea:0 -
could you post a fresh hijackthis log?
did you do the chkdsk from your other thread?
what toolbars/addins have you got in firefox?!!
> . !!!! ----> .0 -
did you do the chkdsk from your other thread?
what toolbars/addins have you got in firefox?
I did this: click start, then run, then chkdsk c: /F, answer Y to the run it at boot question, then reboot.powering off without shutting down can corrupt your hard disk, this will check and fix any problems.
I didnt notice anything happen, in terms of results appearing after rebooting etc ? Has it not worked or do I need to go somewhere to check the results ?
Ive no toolbars running now in Firefox except the basic, menu bar, navigation toolbar and bookmarks toolbar.
Not sure what you mean by add ins sorry, do you mean plug-ins ?
If so ive got:
google update
itunes application detector
java plugin
metastream 3 plugin (disabled)
There are also the following extensions:
adobe DLM (powered by get Plus R)
avast webrep
flashblock
microsfot.net framwrosk asst
wlmbrowser
xhtml mobile profile.
Ive just run this hijackthis scan, heres the log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:43:20, on 19/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\vaio media music server\SSSvr.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Wireless Desktop\LgWDskTp.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Sony\click to dvd\ctdatsvr.exe
C:\Program Files\CleanMem\Mini_Monitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [LgWDskTp] C:\Program Files\Wireless Desktop\LgWDskTp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] "C:\Program Files\Kaseya\Agent\KaUsrTsk.exe"
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Click to DVD Automatic Mode Launcher.lnk = C:\Program Files\Sony\click to dvd\ctdatsvr.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMEDIAPLATFORM-MUSICSERVER-UPNP) - Sony Corporation - C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMEDIAPLATFORM-PHOTOSERVER-UPNP) - Sony Corporation - C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMEDIAPLATFORM-VIDEOSERVER-UPNP) - Sony Corporation - C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\DOCUME~1\shelley\LOCALS~1\Temp\winvnc4.exe (file missing)
--
End of file - 8513 bytes
Is there anything else you want me to try before I run the scan that aliEnRIKs has suggested......Proud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0 -
still got these showing, see post 9 re msconfig, and ie debug
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] "C:\Program Files\Kaseya\Agent\KaUsrTsk.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
if you've already follow the ctfmon instruction in the how to speed up thread, these 3 tick and fix with hijackthis
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\DOCUME~1\shelley\LOCALS~1\Temp\winvnc4.exe (file missing)
some of the sony stuff could probably be taken out of startup if you don't use them
chkdsk should have scanned your c drive when it rebooted!!
> . !!!! ----> .0 -
disable these by using msconfig (untick them)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] "C:\Program Files\Kaseya\Agent\KaUsrTsk.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Hi, sorry found these now ! have unticked as you said. also done same with a couple of others I never use (dragdrop and click to dvd auto..)Proud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0 -
Ive run hijackthis again; have I got everything now ?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:10:14, on 19/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Wireless Desktop\LgWDskTp.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [LgWDskTp] C:\Program Files\Wireless Desktop\LgWDskTp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMEDIAPLATFORM-MUSICSERVER-UPNP) - Sony Corporation - C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMEDIAPLATFORM-PHOTOSERVER-UPNP) - Sony Corporation - C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMEDIAPLATFORM-VIDEOSERVER-UPNP) - Sony Corporation - C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\DOCUME~1\shelley\LOCALS~1\Temp\winvnc4.exe (file missing)
--
End of file - 7820 bytesProud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards