We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Can someone help me? Trojan
Comments
-
Ran it straight off as i didn't see your reply, it worked fine and created a log.
Ran the script and it froze again when it got to deleting files. Possibly something to do with the Popcap folder (?) - i've noticed it went through deleting those files then froze there each time, just no response from it.
Getting worried now 0 -
leave out the 'popcap' folder then:idea:0
-
ComboFix 09-07-01.04 - Clare 02/07/2009 13:34.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.223.85 [GMT 1:00]
Running from: c:\documents and settings\Clare\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Clare\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090701-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\documents and settings\Clare\Application Data\Sun\Java\Deployment\cache\6.0\43\27c1206b-3a2d6d87"
"c:\documents and settings\Clare\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvm impro.jar-54e206d6-2e392bbc.zip"
"c:\documents and settings\Clare\Application Data\Sun\Java\jre1.6.0_13\lzma.dll"
"c:\windows\system32\aswBoot.exe"
"c:\windows\Temp\Perflib_Perfdata_564.dat"
"c:\windows\Temp\Perflib_Perfdata_714.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Clare\Application Data\Sun\Java\Deployment\cache\6.0\43\27c1206b-3a2d6d87
c:\documents and settings\Clare\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
c:\windows\Installer\1e143.msp
c:\windows\Installer\2586a6b.msp
c:\windows\Installer\2c85cde.msp
c:\windows\Installer\2f385c1.msp
c:\windows\Installer\3515179.msp
c:\windows\Installer\3b807b.msp
c:\windows\Installer\51b5f.msp
c:\windows\Installer\5dff2b.msp
c:\windows\Installer\92e99e.msp
c:\windows\Installer\933c90.msp
c:\windows\Installer\e686a6.msp
c:\windows\Installer\WinRMSrv.msi
c:\windows\system32\aswBoot.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.
2009-06-30 09:10 . 2009-06-30 09:10
d
w- c:\documents and settings\Clare_2\Local Settings\Application Data\Identities
2009-06-29 17:21 . 2009-06-29 17:22
d
w- c:\program files\CCleaner
2009-06-29 16:16 . 2009-06-29 16:16
d
w- c:\documents and settings\Clare_2\Contacts
2009-06-28 19:47 . 2009-06-28 19:47
d
w- c:\documents and settings\Clare_2\Local Settings\Application Data\Yahoo
2009-06-28 16:43 . 2009-06-28 16:43
d
w- c:\documents and settings\Clare_2\Application Data\Teleca
2009-06-28 16:42 . 2009-06-28 16:42
d
w- c:\documents and settings\Clare_2\Application Data\Sony Ericsson
2009-06-28 06:49 . 2009-06-28 08:24 117760 ----a-w- c:\documents and settings\Clare\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-28 06:48 . 2009-06-28 06:48
d
w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-28 06:48 . 2009-06-28 08:32
d
w- c:\program files\SUPERAntiSpyware
2009-06-28 06:48 . 2009-06-28 06:48
d
w- c:\documents and settings\Clare\Application Data\SUPERAntiSpyware.com
2009-06-27 17:29 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-27 17:29 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-27 17:29 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-27 17:29 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-27 17:29 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-27 17:29 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-27 17:29 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-27 17:29 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-27 17:28 . 2009-06-27 17:28
d
w- c:\program files\Alwil Software
2009-06-27 12:48 . 2009-06-27 12:48
d
w- c:\documents and settings\Clare\Application Data\Malwarebytes
2009-06-27 12:48 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-27 12:48 . 2009-06-27 12:48
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-27 12:48 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-27 12:48 . 2009-06-27 12:48
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 05:42 . 2009-06-25 05:42
d
w- c:\windows\system32\Adobe
2009-06-03 10:50 . 2009-06-03 10:50
d
w- c:\documents and settings\All Users\Application Data\PopCap
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 12:43 . 2005-05-12 19:33 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-28 16:28 . 2006-12-17 08:37
d
w- c:\program files\Yahoo!
2009-06-28 16:27 . 2008-06-04 17:34
d
w- c:\documents and settings\All Users\Application Data\Tesco Photobook Creator
2009-06-28 06:47 . 2006-10-23 11:19
d
w- c:\program files\Common Files\Wise Installation Wizard
2009-06-25 07:22 . 2009-05-18 08:17
d
w- c:\documents and settings\Chris\Application Data\Skype
2009-06-25 07:01 . 2009-05-18 08:27
d
w- c:\documents and settings\Chris\Application Data\skypePM
2009-05-24 08:53 . 2009-05-24 06:33
d
w- c:\program files\Zylom Games
2009-05-24 06:33 . 2009-05-24 06:33
d
w- c:\documents and settings\Chris\Application Data\Zylom
2009-05-24 06:33 . 2009-05-24 06:33
d
w- c:\documents and settings\All Users\Application Data\Zylom
2009-05-21 10:57 . 2006-12-01 20:25
d
w- c:\program files\Common Files\Adobe
2009-05-19 17:38 . 2005-05-02 18:27
d
w- c:\documents and settings\Clare\Application Data\AdobeUM
2009-05-18 08:15 . 2009-05-18 08:15
d
w- c:\program files\Common Files\Skype
2009-05-18 08:15 . 2009-05-18 08:15
d
r- c:\program files\Skype
2009-05-18 08:15 . 2009-05-18 08:14
d
w- c:\documents and settings\All Users\Application Data\Skype
2009-05-07 15:32 . 2004-10-31 13:21 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-10-31 20:22 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-10-31 13:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-10-31 13:22 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-10-31 13:22 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2009-06-28_09.01.22"]SnapShot@2009-06-28_09.01.22[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-02 12:46 . 2009-07-02 12:46 16384 c:\windows\Temp\Perflib_Perfdata_6cc.dat
+ 2009-07-02 12:46 . 2009-07-02 12:46 16384 c:\windows\Temp\Perflib_Perfdata_544.dat
+ 2008-08-13 11:04 . 2008-08-13 11:04 55296 c:\windows\Installer\bed4fb.msi
+ 2008-04-12 08:33 . 2008-04-12 08:33 86528 c:\windows\Installer\3d2b0a.msi
+ 2008-12-29 22:19 . 2008-12-29 22:19 20992 c:\windows\Installer\2f94ef3.msi
+ 2008-12-29 22:18 . 2008-12-29 22:18 24576 c:\windows\Installer\2f94eee.msi
+ 2004-10-31 13:21 . 2004-08-04 19:00 66048 c:\windows\I386\WINNT32.MSI
+ 2008-10-10 19:28 . 2004-08-04 19:00 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-10-10 19:28 . 2004-08-04 19:00 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2009-02-14 16:58 . 2009-02-14 16:58 598016 c:\windows\Installer\c246a2.msi
+ 2005-08-31 17:58 . 2005-08-31 17:58 413184 c:\windows\Installer\be8a2.msi
+ 2005-08-31 17:58 . 2005-08-31 17:58 497664 c:\windows\Installer\be893.msi
+ 2007-01-30 11:46 . 2007-01-30 11:46 991744 c:\windows\Installer\b24557.msi
+ 2007-09-25 17:35 . 2007-09-25 17:35 809984 c:\windows\Installer\9e734.msi
+ 2006-10-23 11:20 . 2006-10-23 11:20 545792 c:\windows\Installer\9bdbeb.msi
+ 2008-02-28 09:01 . 2008-02-28 09:01 470528 c:\windows\Installer\83e9c.msi
+ 2005-04-17 17:18 . 2005-04-17 17:18 510976 c:\windows\Installer\5a855d.msi
+ 2005-04-17 17:18 . 2005-04-17 17:18 589824 c:\windows\Installer\5a8558.msi
+ 2005-04-17 17:18 . 2005-04-17 17:18 158208 c:\windows\Installer\5a8552.msi
+ 2005-04-17 17:18 . 2005-04-17 17:18 772096 c:\windows\Installer\5a8549.msi
+ 2005-04-17 17:18 . 2005-04-17 17:18 859136 c:\windows\Installer\5a8540.msi
+ 2005-04-17 17:18 . 2005-04-17 17:18 288768 c:\windows\Installer\5a8537.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 913920 c:\windows\Installer\5a852f.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 234496 c:\windows\Installer\5a852a.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 233984 c:\windows\Installer\5a8524.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 305152 c:\windows\Installer\5a851c.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 643584 c:\windows\Installer\5a8517.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 940032 c:\windows\Installer\5a8511.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 247296 c:\windows\Installer\5a8508.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 236544 c:\windows\Installer\5a84ff.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 237568 c:\windows\Installer\5a84f6.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 246272 c:\windows\Installer\5a84ed.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 236544 c:\windows\Installer\5a84e4.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 156672 c:\windows\Installer\5a84db.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 238592 c:\windows\Installer\5a84d2.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 156672 c:\windows\Installer\5a84c9.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 156672 c:\windows\Installer\5a84c0.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 158208 c:\windows\Installer\5a84b7.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 419840 c:\windows\Installer\5a84ae.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 233472 c:\windows\Installer\5a84a6.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 237568 c:\windows\Installer\5a84a0.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 485888 c:\windows\Installer\5a8497.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 238592 c:\windows\Installer\5a848e.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 238592 c:\windows\Installer\5a8485.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 233984 c:\windows\Installer\5a847d.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 352768 c:\windows\Installer\5a8477.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 686080 c:\windows\Installer\5a846e.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 218624 c:\windows\Installer\5a8466.msi
+ 2008-02-26 19:44 . 2008-02-26 19:44 467456 c:\windows\Installer\4d10a7.msi
+ 2007-08-17 06:46 . 2007-08-17 06:46 431104 c:\windows\Installer\43897.msi
+ 2007-11-07 14:07 . 2007-11-07 14:07 999936 c:\windows\Installer\3d2b13.msp
+ 2007-11-07 13:56 . 2007-11-07 13:56 553472 c:\windows\Installer\3d2b10.msp
+ 2007-11-07 13:58 . 2007-11-07 13:58 908800 c:\windows\Installer\3d2b0c.msp
+ 2007-11-07 13:54 . 2007-11-07 13:54 507392 c:\windows\Installer\3d2b0b.msp
+ 2006-11-17 09:50 . 2006-11-17 09:50 428544 c:\windows\Installer\36912.msi
+ 2008-11-12 22:58 . 2008-11-12 22:58 432640 c:\windows\Installer\31dea31.msi
+ 2008-10-24 19:51 . 2008-10-24 19:51 804352 c:\windows\Installer\3031a75.msi
+ 2008-05-12 10:45 . 2008-05-12 10:45 337408 c:\windows\Installer\29721f.msi
+ 2004-10-31 13:44 . 2004-10-31 13:44 264704 c:\windows\Installer\13d6c.msi
+ 2004-10-31 13:22 . 2004-08-04 19:00 1326080 c:\windows\system32\webfldrs.msi
+ 2008-10-10 19:32 . 2004-08-04 19:00 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-10-10 19:30 . 2004-08-04 19:00 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2007-05-25 11:08 . 2007-05-25 11:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2008-07-15 22:12 . 2008-07-15 22:12 1298432 c:\windows\Installer\bed501.msp
+ 2005-08-31 17:58 . 2005-08-31 17:58 2182656 c:\windows\Installer\be898.msi
+ 2005-04-17 17:17 . 2005-04-17 17:17 1491968 c:\windows\Installer\5a8461.msi
+ 2004-10-31 13:48 . 2004-10-31 13:48 3443712 c:\windows\Installer\475a7.msi
+ 2007-11-07 13:50 . 2007-11-07 13:50 6055936 c:\windows\Installer\3d2b12.msp
+ 2007-11-07 14:00 . 2007-11-07 14:00 3407360 c:\windows\Installer\3d2b11.msp
+ 2007-11-07 13:46 . 2007-11-07 13:46 3010560 c:\windows\Installer\3d2b0f.msp
+ 2007-11-07 14:02 . 2007-11-07 14:02 6473216 c:\windows\Installer\3d2b0e.msp
+ 2007-11-07 14:12 . 2007-11-07 14:12 2533376 c:\windows\Installer\3d2b0d.msp
+ 2008-10-05 03:12 . 2008-10-05 03:12 4784128 c:\windows\Installer\3118037.msp
+ 2008-12-29 22:18 . 2008-12-29 22:18 1780736 c:\windows\Installer\2f94ee9.msi
+ 2009-01-15 03:35 . 2009-01-15 03:35 4830720 c:\windows\Installer\2ed5f8e.msp
+ 2005-08-20 19:33 . 2005-08-20 19:33 2333184 c:\windows\Installer\28e090f.msi
+ 2009-06-28 06:48 . 2009-06-28 06:48 1516544 c:\windows\Installer\1f9c8a.msi
+ 2005-04-09 19:57 . 2005-04-09 19:57 5864960 c:\windows\Installer\1c2a002.msp
+ 2008-06-30 18:45 . 2008-06-30 18:45 4753408 c:\windows\Installer\18004ed.msp
+ 2008-05-11 20:01 . 2008-05-11 20:01 1534464 c:\windows\Installer\14df85.msi
+ 2007-02-26 21:29 . 2007-02-26 21:29 5893120 c:\windows\Installer\131608b.msi
+ 2009-05-18 08:15 . 2009-05-18 08:15 1602048 c:\windows\Installer\109fff.msi
+ 2005-12-31 18:26 . 2005-12-31 18:26 6170112 c:\windows\Downloaded Installations\{C0FA7138-477B-4FEC-8F23-640C21C2287B}\Microsoft AntiSpyware.msi
+ 2007-01-30 11:45 . 2007-01-30 11:45 6985728 c:\windows\Downloaded Installations\{5840D406-AE94-4AEB-A7FA-C657865F0B8E}\Microsoft ActiveSync 4.0.msi
+ 2005-04-09 18:56 . 2004-06-18 22:22 38398976 c:\windows\system32\config\systemprofile\Desktop\Virus Guard Installer.msi
+ 2007-02-03 20:11 . 2007-01-19 13:20 16633344 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2006-10-11 21:52 . 2006-07-29 19:38 15524352 c:\windows\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi
+ 2004-10-31 13:50 . 2004-10-31 13:50 19210240 c:\windows\Installer\6ec70.msp
+ 2007-08-15 20:55 . 2007-08-15 20:55 15256576 c:\windows\Installer\2e2fd9d.msp
+ 2008-05-11 18:51 . 2008-05-11 18:51 14952960 c:\windows\Installer\28555dd.msi
+ 2005-12-26 20:27 . 2005-12-26 20:27 16175616 c:\windows\Installer\26a67f.msi
+ 2008-05-11 18:11 . 2008-05-11 18:07 39429632 c:\windows\Downloaded Installations\{FC906D5C-91F9-4DA4-A765-6DCBB669F317}\Sony Ericsson PC Suite.msi
+ 2007-02-26 21:31 . 2007-09-25 17:15 48458980 c:\windows\Downloaded Installations\{E2A3BA4B-E704-42B6-AB10-8251332323E2}\Sony Ericsson PC Suite 1.20.173.msi
+ 2007-09-25 17:20 . 2007-09-25 17:15 48458980 c:\windows\Downloaded Installations\{C5ADA65A-7828-4D85-B071-ECC52B51F794}\Sony Ericsson PC Suite 1.20.173.msi
+ 2005-12-26 20:25 . 2005-12-26 20:25 21069312 c:\windows\Downloaded Installations\{A89EB61A-717D-4E9B-BB70-7626DF2EB947}\iTunes.msi
.
-- Snapshot reset to current date --0 -
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2005-08-15 192512]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-26 98304]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2004-11-06 1359967]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-5-12 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 CADopia License Manager;CADopia License Manager;c:\progra~1\CADopia\CADOPI~1\LicenseManager\lmgrd.exe [x]
R3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2006-07-27 30336]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
R3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\DRIVERS\se46bus.sys [2006-11-30 61536]
R3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360]
R3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se46mdm.sys [2006-11-30 97088]
R3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624]
R3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\DRIVERS\se46nd5.sys [2006-11-30 18704]
R3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se46obex.sys [2006-11-30 86432]
R3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\DRIVERS\se46unic.sys [2006-11-30 90800]
R3 U2KG54L;BUFFALO WLI-U2-KG54L Wireless LAN Driver;c:\windows\system32\DRIVERS\U2KG54L.sys [2006-08-24 477696]
S0 viaide1;viaide1;c:\windows\SYSTEM32\DRIVERS\VIAIDEXP.SYS [2001-10-18 6144]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-02-28 266240]
.
Contents of the 'Scheduled Tasks' folder
2005-08-31 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-08-31 16:26]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yahoo.co.uk/
mStart Page = hxxp://uk.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
DPF: Bootstrap - hxxp://www.myfujiprints.co.uk/media/site/kiosk/Myfujiprints.CAB
DPF: NTLSignup - hxxps://register.tesco.net/tesco/NTLSignup.cab
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 13:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(628)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(2980)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\slserv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\progra~1\MICROS~2\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-07-02 13:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-02 12:57
ComboFix2.txt 2009-07-01 21:19
ComboFix3.txt 2009-06-29 17:55
ComboFix4.txt 2009-06-28 09:08
Pre-Run: 55,745,282,048 bytes free
Post-Run: 55,727,603,712 bytes free
314 --- E O F --- 2009-06-11 20:480 -
Ok
Lets clean it up a little and have a hijack scan. Id say your ok now
Download CCLEANER
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click DO A SCAN AND SAVE A LOGFILE (Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log):idea:0 -
Ran CCleaner.
HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:49, on 02/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: Bootstrap - http://www.myfujiprints.co.uk/media/site/kiosk/Myfujiprints.CAB
O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - https://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveuk02.custhelp.com/7560-b440h/rnl/java/RntX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CADopia License Manager - Unknown owner - C:\PROGRA~1\CADopia\CADOPI~1\LicenseManager\lmgrd.exe (file missing)
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 9366 bytes0 -
TICK these with hijack and FIX them ~
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O23 - Service: CADopia License Manager - Unknown owner - C:\PROGRA~1\CADopia\CADOPI~1\LicenseManager\lmgrd. exe (file missing)
Update JAVA
Then id say your good to go
:idea:0 -
Just realised i forgot to reboot after CCleaner :rolleyes: Shall i reboot then do HijackThis Log again?0
-
no its fine ~ dont worry bout it:idea:0
-
Thank you
So - the popcap folder, shall i seek it out and delete it manually? Its not needed, was something hubby did when he was working from home but he has his own laptop to wreck now rather than our PC
And something else which has been bugging me, sometimes while surfing, 'windows installer' pops up, and i always click 'cancel'. Was this part of the bug, and if not, can i stop it happening?
MUCH appreciated, thank you so much for all your help :j0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.5K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards