We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Spyware problems - Hijack Log
Comments
-
And here's the HJL to the untrained eye it looks promising
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:54, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\V-Stream Multimedia\DVB Plus\DTVR\Scheduled.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.everyclick.com/uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - !!243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [DTVR Agent] C:\Program Files\V-Stream Multimedia\DVB Plus\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msiconf.exe] msiconf.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: !!215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: !!406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: !!7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371290.cab
O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 7824 bytes0 -
Open notepad (Start > Run and type notepad) and copy/paste the text in the quote box below to it:
File:: C:\WINDOWS\imsins.BAK Folder:: C:\Program Files\Zango Programs Driver:: jatmlano Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msiconf.exe"=-
Save this as "CFScript"
Refering to the picture above, drag CFScript into ComboFix.exe
Run ComboFix again and post the resultant log file please.0 -
Thanks - Here's the combo log - do you need HJL?
ComboFix 08-02-17.2 - Family 2008-02-17 11:25:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.597 [GMT 0:00]
Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Family\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\imsins.BAK
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Zango Programs
C:\WINDOWS\imsins.BAK
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\LEGACY_JATMLANO
\jatmlano
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.
2008-02-17 10:00 . 2008-02-17 10:00 <DIR> d
C:\ComboFix[1]
2008-02-16 13:00 . 2008-02-16 13:00 <DIR> d
C:\Program Files\Datel
2008-02-16 11:17 . 2008-02-16 11:17 <DIR> d
C:\Program Files\Malwarebytes' Anti-Malware
2008-02-16 11:17 . 2008-02-16 11:17 <DIR> d
C:\Documents and Settings\Family\Application Data\Malwarebytes
2008-02-16 11:17 . 2008-02-16 11:17 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-16 11:16 . 2008-02-16 11:16 <DIR> d
C:\Program Files\Common Files\Download Manager
2008-01-29 19:12 . 2008-01-29 19:12 <DIR> d
C:\WINDOWS\ERUNT
2008-01-27 13:24 . 2008-01-27 13:24 <DIR> d
C:\Program Files\Trend Micro
2008-01-26 14:11 . 2004-08-03 23:07 59,264 --a
C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-26 14:11 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-23 21:40 . 2008-01-23 21:40 <DIR> d
C:\Program Files\Spybot - Search & Destroy
2008-01-23 21:36 . 2008-01-23 21:36 <DIR> d
C:\Program Files\CCleaner
2008-01-23 21:30 . 2008-01-23 21:30 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 18:39 . 2008-01-20 18:39 <DIR> d
C:\Program Files\MSXML 6.0
2008-01-20 18:31 . 2008-01-20 18:31 <DIR> d
C:\Documents and Settings\Family\Application Data\HP
2008-01-20 16:57 . 2008-01-20 16:57 <DIR> d
C:\Program Files\Microsoft WSE
2008-01-20 16:53 . 2008-01-20 16:53 <DIR> d
C:\Program Files\MSBuild
2008-01-20 16:45 . 2008-01-20 16:45 <DIR> d
C:\WINDOWS\system32\XPSViewer
2008-01-20 16:44 . 2008-01-20 16:44 <DIR> d
C:\Program Files\Reference Assemblies
2008-01-20 16:43 . 2006-06-29 13:07 14,048
C:\WINDOWS\system32\spmsg2.dll
2008-01-20 16:20 . 2008-01-20 17:19 <DIR> d
C:\Documents and Settings\Family\Application Data\Spare Backup
2008-01-20 10:50 . 2008-01-20 10:50 <DIR> d
C:\Program Files\Opera
2008-01-20 08:06 . 2008-01-18 22:03 102,664 --a
C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-20 07:23 . 2008-01-20 08:15 <DIR> d
C:\Documents and Settings\Family\.housecall6.6
2008-01-18 22:03 . 2008-01-27 12:12 <DIR> d
C:\Documents and Settings\Administrator\.housecall6.6
2008-01-18 07:12 . 2007-06-05 10:56 44,928 --a
C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-18 06:59 . 2008-01-27 11:47 <DIR> d
C:\WINDOWS\system32\ActiveScan
2008-01-18 06:59 . 2008-01-27 11:03 30,590 --a
C:\WINDOWS\system32\pavas.ico
2008-01-18 06:59 . 2008-01-27 11:03 2,550 --a
C:\WINDOWS\system32\Uninstall.ico
2008-01-18 06:59 . 2008-01-27 11:03 1,406 --a
C:\WINDOWS\system32\Help.ico
2008-01-17 21:19 . 2008-01-23 21:31 <DIR> d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-17 21:04 . 2008-01-23 21:43 <DIR> d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-17 19:00 . 2008-01-17 19:00 <DIR> d
C:\Documents and Settings\Family\Application Data\Uniblue
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 09:03
d
w C:\Program Files\FinePixViewer
2008-02-17 07:56
d
w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-15 13:13
d
w C:\Documents and Settings\Family\Application Data\AVG7
2008-01-19 07:12
d
w C:\Program Files\Musicnotes
2008-01-18 07:41
d
w C:\Program Files\TomTom HOME 2
2008-01-18 07:41
d
w C:\Program Files\QuickTime
2008-01-18 07:40
d
w C:\Program Files\Napster
2008-01-18 07:32
d
w C:\Program Files\Common Files\Teleca Shared
2008-01-17 21:19
d
w C:\Program Files\Lavasoft
2008-01-02 18:33
d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 18:27
d
w C:\Program Files\V-Stream Multimedia
2007-12-30 18:33
d
w C:\Documents and Settings\Family\Application Data\ArcSoft
2007-12-30 18:15
d
w C:\Program Files\Kidz Cam Photo Editing Software
2007-12-30 07:21
d
w C:\Program Files\KWorld Multimedia
2007-12-26 11:11
d
w C:\Program Files\MyDSC2
2007-12-26 11:11
d
w C:\Program Files\Mars
2007-12-26 11:11
d
w C:\Program Files\JL2005C
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-11-26 14:47 194,888 ----a-w C:\WINDOWS\Unwash6.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 14:47 1206600]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 11:00 200767]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 15:03 1957888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 02:35 94208]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 02:32 77824]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 02:36 114688]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 09:19 579072]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-10-24 18:37 323216]
"TosGbWatcher"="C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe" [2005-04-26 02:02 118837]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-14 10:12 282624]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"DTVR Agent"="C:\Program Files\V-Stream Multimedia\DVB Plus\DTVR\Scheduled.exe" [2004-03-04 21:05 729600]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 08:19 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-06-21 05:24:22 294912]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
R0 Spssys;Toshiba SPS Service;C:\WINDOWS\system32\drivers\spssys.sys [2004-05-07 21:56]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]
R3 KUSB;KWorld - DVBT-USB Driver;C:\WINDOWS\system32\Drivers\kcap.sys [2004-02-27 01:43]
S3 HCW848NT;Hauppauge Win/TV;C:\WINDOWS\system32\DRIVERS\hcw848nt.sys [2000-06-12 18:54]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\WINDOWS\system32\Drivers\hcw95bda.sys [2007-10-25 08:47]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\WINDOWS\system32\DRIVERS\hcw95rc.sys [2007-10-25 08:52]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-01-26 21:09]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2005-10-07 12:45]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-03-21 21:11]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-03-21 21:11]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-03-21 21:11]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-03-21 21:11]
S3 KLOAD;KLOAD;C:\WINDOWS\system32\DRIVERS\kload.sys [2004-04-01 12:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!48b7ee0e-978d-11dc-a2e6-00138feff855}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-17 08:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 11:29:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Other Running Processes
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-02-17 11:31:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 11:31:27
ComboFix2.txt 2008-02-17 10:13:20
.
2008-02-15 20:05:43 --- E O F ---0 -
ComboFix has dealt with the issues in your HJT log so no need to post another HJT log at the moment.
How's the machine performing now?0 -
Alfonso it all seems to be working OK and I just want to say thanks for taking the time and trouble to sort this out, you certainly didn't have to. Yourself and all the other tech guys on here who help out numb nuts like me do a fantastic job and save us loads of time and money. For that I take my hat off to you all and on this occasion particularly you Alfonso Skinarelli. Thanks again. Kgpuk
:money: :beer: :money:0 -
You're welcome.
Click Start then RUN
Now type Combofix /u in the runbox and click OK.
When shown the disclaimer, Select "2"
That will remove all the associated files and folders related to ComboFix.
:T0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.9K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.8K Work, Benefits & Business
- 619.6K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards