We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Trojan Horse Pakes.CBE please help
Comments
-
Your have downloaded the wrong thing stopzilla is junk.0
-
No sorry I have done stopzilla - that is obviously wrong. Shall I go back and download the combofixThe birds of sadness may fly overhead but don't let them nest in your hair0
-
Combofix wants me to disable AVG I have no idea how to do that or if that is safe to do. I'm sorry as you have probably guessed I'm not very pc savvy.The birds of sadness may fly overhead but don't let them nest in your hair0
-
I did give you a direct link to combofix
Anyways ~ I cant recall exactly. But goto TOOLS and shut down the RESIDENT SHIELD
Even if you cant manage it, I think combofix will force shut it down anyways:idea:0 -
I'm sorry RIK I have no idea how I downloaded the wrong stuff. I've turned the shield off but still having a bit of a problem - I am still trying.The birds of sadness may fly overhead but don't let them nest in your hair0
-
No worries kitten
:idea:0 -
ComboFix 09-03-02.01 - Tanya 2009-03-02 21:56:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.374 [GMT 0:00]
Running from: c:\documents and settings\Tanya\My Documents\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.
2009-03-02 18:29 . 2009-03-02 20:31 <DIR> d
c:\documents and settings\All Users\Application Data\SITEguard
2009-03-02 18:27 . 2009-03-02 18:27 <DIR> d
c:\program files\Common Files\iS3
2009-03-02 18:27 . 2009-03-02 21:41 <DIR> d
c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-01 23:02 . 2009-03-01 23:02 <DIR> d
C:\rsit
2009-03-01 22:46 . 2009-03-01 22:46 <DIR> d
c:\program files\Spybot - Search & Destroy
2009-03-01 22:46 . 2009-03-01 22:54 <DIR> d
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-01 21:24 . 2009-03-01 21:24 <DIR> d
c:\program files\SUPERAntiSpyware
2009-03-01 21:24 . 2009-03-01 21:24 <DIR> d
c:\documents and settings\Tanya\Application Data\SUPERAntiSpyware.com
2009-03-01 21:24 . 2009-03-01 21:24 <DIR> d
c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-01 21:23 . 2009-03-01 21:23 <DIR> d
c:\program files\Common Files\Wise Installation Wizard
2009-03-01 20:52 . 2009-03-01 20:52 <DIR> d
c:\program files\Trend Micro
2009-03-01 19:15 . 2009-03-01 19:15 <DIR> d
c:\program files\Malwarebytes' Anti-Malware
2009-03-01 19:15 . 2009-03-01 19:15 <DIR> d
c:\documents and settings\Tanya\Application Data\Malwarebytes
2009-03-01 19:15 . 2009-03-01 19:15 <DIR> d
c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-01 19:15 . 2009-02-11 10:19 38,496 --a
c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 19:15 . 2009-02-11 10:19 15,504 --a
c:\windows\system32\drivers\mbam.sys
2009-02-28 12:58 . 2009-02-28 13:19 <DIR> d--hs---- c:\documents and settings\Boys\Application Data\twain32
2009-02-06 13:09 . 2009-02-06 13:09 <DIR> d
c:\documents and settings\Tanya\Application Data\Windows Search
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 21:59
d
w c:\documents and settings\All Users\Application Data\Kontiki
2009-02-28 13:14 393,728 ----a-w c:\windows\Internet Logs\xDB33.tmp
2009-02-28 13:14 2,955,264 ----a-w c:\windows\Internet Logs\xDB34.tmp
2009-02-27 18:46 2,952,192 ----a-w c:\windows\Internet Logs\xDB32.tmp
2009-02-27 09:28
d
w c:\program files\Microsoft Silverlight
2009-02-06 23:00 1,985,131 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-02-03 23:04 3,417,600 ----a-w c:\windows\Internet Logs\xDB31.tmp
2009-01-29 15:16
d
w c:\documents and settings\All Users\Application Data\avg8
2009-01-29 15:14 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-29 15:14 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-26 16:00
d
w c:\program files\Google
2009-01-08 00:23 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-01-08 00:23 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-01-06 23:55
d
w c:\program files\Common Files\LogiShrd
2009-01-06 23:53
d
w c:\documents and settings\Tanya\Application Data\Leadertech
2009-01-06 23:51
d
w c:\program files\Logitech
2009-01-06 23:51
d
w c:\documents and settings\All Users\Application Data\Logitech
2009-01-06 23:51
d
w c:\documents and settings\All Users\Application Data\LogiShrd
2009-01-04 12:09
d
w c:\program files\The Learning Company
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2006-02-28 22:24 17,920 ----a-w c:\documents and settings\Tanya\Application Data\GDIPFONTCACHEV1.DAT
2006-02-25 19:49 17,920 ----a-w c:\documents and settings\Boys\Application Data\GDIPFONTCACHEV1.DAT
2008-10-04 22:53 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100420081005\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-09-19 7083056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Google Update"="c:\documents and settings\Tanya\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-06 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-18 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 933888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-08-15 271672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2006-03-20 802816]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-04-27 122880]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"!!56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-29 15:14 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Tanya\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Tanya\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-08 325128]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-08 298264]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2006-11-19 30920]
.
Contents of the 'Scheduled Tasks' folder
2009-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 12:15]
2009-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1715567821-682003330-1003.job
- c:\documents and settings\Tanya\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-06 23:37]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
.
Supplementary Scan
.
uStart Page = hxxp://www.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - [URL]file://c:\windows\Java\classes\dajava.cab[/URL]
DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
DPF: !!7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37610.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 21:59:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\software\ZangoToolbar\ZangoToolbar]
@DACL=(02 0000)
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(840)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'lsass.exe'(896)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
- - - - - - - > 'explorer.exe'(1076)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
Completion time: 2009-03-02 22:02:16
ComboFix-quarantined-files.txt 2009-03-02 22:02:03
Pre-Run: 61,166,567,424 bytes free
Post-Run: 62,181,343,232 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
179 --- E O F --- 2009-02-26 23:13:38The birds of sadness may fly overhead but don't let them nest in your hair0 -
I think I've done the right thing this time.
I've uninstalled stopzilla
Shall I turn the shield back on - I'm a nervous wreck now!The birds of sadness may fly overhead but don't let them nest in your hair0 -
hehe
yup you did it right. You can turn it back on now. Combofix looks quite scary xD 0 -
Zango is showing as a locked Registry key - I will have to read up in relation to unlocking it and removing it.
Did you remove Stopzilla before or after installing Combofix?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards