We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help with removing Win32: Rootkit-gen (RtK)
Comments
-
Yeah, avast just found the quarantined dr web file (win 32: whenu-U PUP). It cant fix it either, just put it in the chest. Is the threat gone even though we cant delete it or do I need to find a way of getting ris of it ?
There is no Dr web files under either programs or users (I dont have a folder C:\users ?). Also, the Dr web program cant be accessed under 'all programs', just via the downloads file ? Have I not installed it right ?
Im just in the minute of something but Ill post another hijack this and combofix log in about an hour or so.
ThanksProud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0 -
They may have changed how dr web works
Im going to have to run it one of these days to find out whats changed:idea:0 -
ComboFix 11-03-19.03 - shelley 20/03/2011 11:46:19.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.480.242 [GMT 0:00]
Running from: C:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 )))))))))))))))))))))))))))))))
.
.
2011-03-19 20:29 . 2011-03-19 22:45
dc----w- c:\documents and settings\shelley\DoctorWeb
2011-03-19 12:42 . 2011-03-19 12:42
dc----w- c:\documents and settings\shelley\Local Settings\Application Data\Yahoo!
2011-03-18 15:59 . 2011-03-15 21:19 61440 -c--a-w- c:\windows\system32\CleanMem.exe
2011-03-18 15:59 . 2008-09-19 17:37 121856 -c--a-w- c:\windows\system32\schtasks.exe
2011-03-18 15:59 . 2011-03-18 15:59
d
w- c:\program files\CleanMem
2011-03-18 15:59 . 2011-03-18 15:59
dc----w- c:\windows\CleanMem
2011-03-18 15:29 . 2011-02-23 14:54 19544 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-18 15:29 . 2011-02-23 14:56 301528 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-18 15:29 . 2011-02-23 14:55 25432 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-18 15:29 . 2011-02-23 14:56 371544 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-18 15:29 . 2011-02-23 14:55 49240 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-18 15:29 . 2011-02-23 14:55 102232 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-18 15:29 . 2011-02-23 14:55 96344 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-18 15:29 . 2011-02-23 14:54 30680 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-18 15:29 . 2011-02-23 15:04 40648 -c--a-w- c:\windows\avastSS.scr
2011-03-18 15:29 . 2011-02-23 15:04 190016 -c--a-w- c:\windows\system32\aswBoot.exe
2011-03-18 15:28 . 2011-03-18 15:28
dc----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-18 15:28 . 2011-03-18 15:28
d
w- c:\program files\AVAST Software
2011-03-18 14:53 . 2011-03-18 14:53
dc----w- c:\windows\Internet Logs
2011-03-18 08:57 . 2011-03-18 08:57
d
w- c:\program files\CCleaner
2011-03-18 08:24 . 2011-03-18 08:24 388096 -c--a-r- c:\documents and settings\shelley\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-18 08:24 . 2011-03-18 08:24
d
w- c:\program files\Trend Micro
2011-03-17 23:27 . 2011-03-17 23:27
dc----w- C:\iTunes
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 11:42 . 2009-01-07 18:53 4297581 -c--a-r- C:\ComboFix.exe
2011-02-09 13:53 . 2003-11-05 08:31 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-11-05 08:31 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2003-11-05 09:53 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2003-11-05 09:53 677888 -c--a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2003-11-05 08:31 439296 -c--a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-11-05 08:30 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2003-11-05 08:31 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2005-06-17 22:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2003-11-05 08:31 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2003-11-05 08:31 1469440 -c--a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 18:09 . 2008-12-14 14:23 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2008-12-14 14:24 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2003-11-05 08:31 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 05:59 385024 -c--a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-19_15.52.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-20 09:55 . 2011-03-20 09:55 16384 c:\windows\Temp\Perflib_Perfdata_e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-08-14 90112]
"LgWDskTp"="c:\program files\Wireless Desktop\LgWDskTp.exe" [2003-10-29 65536]
"Logitech Utility"="Logi_MwX.Exe" [2003-07-22 19968]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"CleanMem Mini Monitor"="c:\program files\CleanMem\Mini_Monitor.exe" [2011-03-15 1126400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Timer Recording Manager.lnk
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^shelley^Start Menu^Programs^Startup^Click to DVD Automatic Mode Launcher.lnk]
path=c:\documents and settings\shelley\Start Menu\Programs\Startup\Click to DVD Automatic Mode Launcher.lnk
backup=c:\windows\pss\Click to DVD Automatic Mode Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 23:07 932288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 23:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 15:51 177440 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD+DVD]
2003-08-08 17:54 1175552
w- c:\program files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 17:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kaseya Agent Service Helper]
2008-09-04 13:35 229376 ----a-w- c:\program files\Kaseya\Agent\KaUsrTsk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebClient"=2 (0x2)
"SSDPSRV"=3 (0x3)
"KaseyaAgent"=2 (0x2)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\giga pocket\\gps.exe"=
"c:\\Temp\\kf56686.exe"=
"c:\\Temp\\KRlyCCon.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18/03/2011 15:29 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18/03/2011 15:29 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18/03/2011 15:29 19544]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [04/11/2003 08:21 175744]
S0 b8d0259f6878b520e949562f9fcb3273;b8d0259f6878b520e949562f9fcb3273;c:\windows\system32\b8d0259f6878b520e949562f9fcb3273.sys --> c:\windows\system32\b8d0259f6878b520e949562f9fcb3273.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [05/11/2003 08:31 14336]
S3 SMSCMS;SMSC LPC Memory Stick Host Controller;c:\windows\system32\drivers\SMSCMS.SYS [04/11/2003 08:44 58112]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25/01/2010 18:45 135664]
S4 KaseyaAgent;Kaseya Agent;c:\program files\Kaseya\Agent\AgentMon.exe [07/01/2009 18:13 610304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2011-03-20 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2011-03-18 21:19]
.
2011-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 18:45]
.
2011-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 18:45]
.
.
Supplementary Scan
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm143YYGB&fl=0&ptb=u.vKSz5OumWpKu2LQLktHQ&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\shelley\Application Data\Mozilla\Firefox\Profiles\8yh1nc8x.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d29d7c4&v=6.011.025.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: XHTML Mobile Profile: {8ea9957e-2953-402f-80e0-bceb5f169d6f} - %profile%\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
FF - Ext: EWOQ Mobile Setup extension: {f035aa18-ee32-4e6e-81d2-57e32867f8a7} - %profile%\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}
FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-20 11:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
DLLs Loaded Under Running Processes
.
- - - - - - - > 'explorer.exe'(3532)
c:\windows\system32\WININET.dll
c:\program files\Wireless Desktop\LgWndHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-20 12:01:11
ComboFix-quarantined-files.txt 2011-03-20 12:01
ComboFix2.txt 2011-03-19 16:44
ComboFix3.txt 2011-03-19 15:57
ComboFix4.txt 2009-01-16 21:57
ComboFix5.txt 2011-03-20 11:43
.
Pre-Run: 13,852,356,608 bytes free
Post-Run: 13,913,051,136 bytes free
.
- - End Of File - - 30480589122F10AD9F87E91056D9EB83Proud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0 -
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:13:09, on 20/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Wireless Desktop\LgWDskTp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\vaio media music server\SSSvr.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\CleanMem\Mini_Monitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [LgWDskTp] C:\Program Files\Wireless Desktop\LgWDskTp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [CleanMem Mini Monitor] C:\Program Files\CleanMem\Mini_Monitor.exe /startup
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMEDIAPLATFORM-MUSICSERVER-UPNP) - Sony Corporation - C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMEDIAPLATFORM-PHOTOSERVER-UPNP) - Sony Corporation - C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMEDIAPLATFORM-VIDEOSERVER-UPNP) - Sony Corporation - C:\PROGRAM FILES\COMMON FILES\SONY SHARED\VAIO MEDIA PLATFORM\UPNPFRAMEWORK.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\DOCUME~1\shelley\LOCALS~1\Temp\winvnc4.exe (file missing)
--
End of file - 7730 bytesProud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0 -
Cant really see anything wrong in the logs
Does this exist -
c:\windows\system32\b8d0259f6878b520e949562f9fcb3273.sys?
Give it a clean up
Download CCLEANER
http://www.piriform.com/ccleaner/download/slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks):idea:0 -
Hi
Cant find a file called this
c:\windows\system32\b8d0259f6878b520e949562f9fcb3273.sys
in the windows\system32 folder.
However, this was the folder that avast flagged as infected with win32 rootkit-gen (Rtk), which prompted me to start this post....
So this has already been in the avast chest and then I emptied the chest yesterday, but its still showing in the logs ?
Ill try running the cclearner again tonight. PC is running a lot better now, in terms of speed/memory etc, I just hope the viruses have been dealt with too.......if avast finds something, is it enough to just quarantine it in the vault and not worry about it ??Proud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0 -
can you find and delete that file manually using the mbam tools tab and the file killer tool ???......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Set to show hidden files -
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/hiddenfiles.mspx
Is it visible now?:idea:0 -
Set to show hidden files -
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/hiddenfiles.mspx
Is it visible now?
No, still cant see it. im just looking in C:\windows\system32 is that right ? Cant see anything like this, all files names are just short words etcProud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0 -
while I remember, from your HJT log, when you've finished everything else, you'll need to update Java
http://www.filehippo.com/download_jre_32/......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards