0

Hi Everyone

I hope someone can help - when I log onto the 'net I nearly sometimes get a "PartyPoker" pop up browser pening after a few minutes. I;ve tried Spybot, AdAware and HouseTrendMicro but all to no avail.

Can somebody please take a look at my logfile (HijackThis) and see if anything is lurking that shouldnt be there?

Many thanks in advance!!

cheers
Geo

Logfile of HijackThis v1.99.1
Scan saved at 20:32:34, on 02/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Documents and Settings\gary\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183055250346
O16 - DPF: {7CD7C63F-A958-4E85-B21B-5157234F9BD8} (KWClient Control) - http://192.168.0.250/kwclient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prime-medica.com
O17 - HKLM\Software\..\Telephony: DomainName = prime-medica.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B87BEC2-6D20-4320-876D-DB6BE647E302}: NameServer = 62.241.162.200 62.241.163.201
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prime-medica.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

3
Contributors
7
Replies
8
Views
10 Years
Discussion Span
Last Post by geopsyche
0

Geo,

Here's what I would do...

First, I'm ALWAYS suspicious of BHO (O2) and Winlogon Notify (O20) entries in the HijackThis! log. In fact it's probably more accurate to say I'm ruthless. The only one I allow on my system is Adobe Acrobat IE add-on. Make a list of the filenames associated with each of these entries (O2 & O20).

Second, go out the website www.bleepingcomputer.com/startups and use their database search engine to lookup each of your files. If it's a legitimate file there should be an entry saying what application or vendor it belongs to. If it's some vermin that someone has seen before, there's usually an entry giving you that information too. If there are both good and bad entries listed pay close attention to the directory it resides in and also check for upper/lower case differences in the file name itself. (Btw, it's a good habit to periodically apply this process to ALL of the files listed in your HijackThis! log - I do it at least once a month.)

Third, run HijackThis! again and ask it to remove all the O2 & O20 entries except for the ones you absolutely want to keep. You may not want to be as aggressive as me, but I zap everything and assume I can reinstall later if I need to (a couple of times I've deleted drivers that were a pain in the ass to restore, but you shouldn't have that problem with O2s & O20s).

Fourth, if that hasn't fixed the problem download the program Security Task Manager (just google it) and run it. It will give you an assessment of how likely something is to be a baddie. It's also much better at removing some of the nasties than HijackThis!.

If that still hasn't worked, repeat this process for all the suspicious entries in your log.

0

Hello, Gary... you could just do this, use hijackthis to fix the following entry and then delete its file:

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll

..But I would like to see if Combofix is set up to deal with it properly - there are a lot of reg keys and files that depend from the above BHO and which would remain, but neutralised. So, if you are willing, pls do this next after the above fix:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Thanks.

0

Thanks Guys!

I deleted the BH0 and ran the combofix file. Heres the log from that below - anything I should delete further?

thanks
Geo

-------------------------------------------


ComboFix 07-08-03.4 - "gary" 2007-08-03 20:23:48.1 [GMT 1:00] - NTFS
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.True
* Created a new restore point



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))



C:\DOCUME~1\gary\Desktop.\internet explorer.lnk
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\FTPx.dll



(((((((((((((((((((((((((   Files Created from 2007-07-03 to 2007-08-03  )))))))))))))))))))))))))))))))



2007-08-03 20:21    51,200  --a------   C:\WINDOWS\nircmd.exe
2007-07-31 23:40    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-31 23:35    <DIR>    d--------   C:\DOCUME~1\gary\.housecall6.6
2007-07-28 17:29    <DIR>    d--------   C:\Program Files\DIFX
2007-07-28 17:28    8,704   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdc.sys
2007-07-28 17:28    13,312  --a------   C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdcm.sys
2007-07-28 17:28    13,312  --a------   C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdcj.sys
2007-07-28 17:28    <DIR>    d--------   C:\Program Files\Common Files\Nokia
2007-07-28 17:28    <DIR>    d--------   C:\DOCUME~1\gary\APPLIC~1\PC Suite
2007-07-28 17:28    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-07-28 17:27    50,688  --a------   C:\WINDOWS\SYSTEM32\nmwcdcls.dll
2007-07-28 17:27    4,608   --a------   C:\WINDOWS\SYSTEM32\nmwcdlog.dll
2007-07-28 17:27    30,720  --a------   C:\WINDOWS\SYSTEM32\nmwcdcocls.dll
2007-07-28 17:27    127,488 --a------   C:\WINDOWS\SYSTEM32\DRIVERS\nmwcd.sys
2007-07-28 17:27    <DIR>    d----c---   C:\WINDOWS\SYSTEM32\DRVSTORE
2007-07-28 17:27    <DIR>    d--------   C:\Program Files\Nokia
2007-07-28 17:27    <DIR>    d--------   C:\Program Files\Common Files\PCSuite
2007-07-28 17:27    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-07-21 01:36    <DIR>    d--------   C:\Program Files\Windows Media Connect 2
2007-07-21 01:25    <DIR>    d--------   C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-07-21 01:25    <DIR>    d--------   C:\e632f1f5244e9e345045fcdaaba0a3
2007-07-15 20:10    15,950  --a------   C:\WINDOWS\SYSTEM32\winmds.exe



((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-07-31 23:40    ---------   d--------   C:\Program Files\Lavasoft
2007-07-31 23:39    ---------   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-07-24 08:39    ---------   d--------   C:\DOCUME~1\gary\APPLIC~1\AdobeUM
2007-07-21 01:44    ---------   d--------   C:\DOCUME~1\gary\APPLIC~1\Real
2007-06-28 20:22    ---------   d--------   C:\Program Files\MSXML 4.0
2007-06-25 21:51    ---------   d--------   C:\Program Files\NavNT
2007-06-25 21:51    ---------   d--------   C:\Program Files\Apoint
2007-06-25 21:50    22592   --a------   C:\WINDOWS\system32\72g22X6D.exe
2007-06-25 20:29    ---------   d--------   C:\DOCUME~1\gary\APPLIC~1\Apple Computer
2007-06-04 15:18    9344    --a------   C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17    8320    --a------   C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14    6272    --a------   C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 10:10    148010  --a------   C:\WINDOWS\system32\nvModes.dat
2007-05-16 16:12    86528   --a------   C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12    85504   --a------   C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12    683520  --a------   C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12    683520  --a------   C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12    510976  --a------   C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12    1314816 --a------   C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 10:24    3583488 --a------   C:\WINDOWS\system32\dllcache\mshtml.dll
2004-05-20 13:29    15364   --ah-----   C:\Program Files\.DS_Store
2005-06-02 16:17:12 10,856  --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))



*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-08-20 20:24]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-01-12 13:55]
"nwiz"="nwiz.exe" [2004-10-26 13:01 C:\WINDOWS\SYSTEM32\nwiz.exe]
"bascstray"="BascsTray.exe" []
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 17:32]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 10:18]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 07:59]
"NWEReboot"="" []
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 00:56]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-23 23:27]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 21:06]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]


C:\Documents and Settings\gary\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 13:36:04]


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
DESKTOP.INI [2002-09-03 13:36:04]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 2003-06-20 07:03 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll


R0 DevUpper;TI UltraMedia CardBus Controller Filter Driver;C:\WINDOWS\system32\DRIVERS\tiumflt.sys
R0 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\WINDOWS\system32\DRIVERS\sbp2port.sys
R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R2 BASFND;BASFND;\??\C:\WINDOWS\System32\Drivers\BASFND.sys
R2 NAVAPEL;NAVAPEL;\??\C:\Program Files\NavNT\NAVAPEL.SYS
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R3 alcan5wn;Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
R3 Bonifay;Bonifay;C:\WINDOWS\system32\DRIVERS\Bonifay.sys
R3 GTICARD;GTICARD;C:\WINDOWS\system32\DRIVERS\gticard.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 NAVAP;NAVAP;\??\C:\Program Files\NavNT\NAVAP.sys
R3 tiumfwl;tiumfwl;C:\WINDOWS\system32\drivers\tiumfwl.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 gv3;Intel GV3 Processor Driver;C:\WINDOWS\system32\DRIVERS\gv3.sys
S3 iAimFP0;iAimFP0;C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
S3 iAimFP1;iAimFP1;C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
S3 iAimFP2;iAimFP2;C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
S3 iAimFP3;iAimFP3;C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
S3 iAimFP4;iAimFP4;C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
S3 iAimTV0;iAimTV0;C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
S3 iAimTV1;iAimTV1;C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
S3 iAimTV2;iAimTV2;C:\WINDOWS\system32\DRIVERS\wATV03nt.sys
S3 iAimTV3;iAimTV3;C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
S3 iAimTV4;iAimTV4;C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 Nokia USB Port;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys
S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys
S3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver;C:\WINDOWS\system32\DRIVERS\w70n51.sys
S3 wdm_tridwave;Trident 4DWave PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\tridwave.sys



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f01691-9475-11d8-8dcf-806d6172696f}]
AutoRun\command- D:\NokiaInstaller.exe



**************************************************************************


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-03 20:27:20
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden registry entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************


Completion time: 2007-08-03 20:28:55
C:\ComboFix-quarantined-files.txt ... 2007-08-03 20:28


--- E O F ---

Edited by happygeek: fixed formatting

0

Hi Gerbil

Thanks for your reply - yes the machine seems to work fine so thanks very much guys!!!!!!! You people know your stuff - people like us would be helpless without your knowledge and help.

Thanks a million.

I'll delete the files as you say and remember that technique for the future (if needed).

cheers
Geo

0

Absolutely Gerbil...I didnt know about that function as was my 1st post.

Thanks again!
Geo

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.