We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Can someone help me? Trojan
Comments
-
Leave the popcap folder for now (Do you know what it is exactly?)
If windows installer popping up then clearly somethings trying to install itself. Do you know WHAT it is thats trying to get installed?:idea:0 -
Seems the popcap folder has been moved to 'C:\Qoobox\Quarantine - i know exactly what it is, its definitely not needed.
Not sure exactly what Windows Installer tries to install
Next time it does it should i let it run, or is it a bug therefore i need to press cancel? 0 -
In your case its most likely that something nasty is attempting to install itself:idea:0
-
Is there anything i can do about it?
0 -
Next time it pops up try to find out WHAT is trying to install if you can (Any info at all is better than nothing)
for now ~
Open notepad and copy/paste the text in RED below
File::
c:\windows\Temp\Perflib_Perfdata_6cc.dat
c:\windows\Temp\Perflib_Perfdata_544.dat
c:\windows\Installer\c246a2.msi
c:\windows\Installer\2ed5f8e.msp
c:\windows\Installer\1f9c8a.msi
c:\windows\Installer\109fff.msi
Folder::
c:\program files\Zylom Games
c:\documents and settings\Chris\Application Data\Zylom
c:\documents and settings\All Users\Application Data\Zylom
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
ComboFix 09-07-01.04 - Clare 02/07/2009 19:44.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.223.87 [GMT 1:00]
Running from: c:\documents and settings\Clare\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Clare\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090701-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\Installer\109fff.msi"
"c:\windows\Installer\1f9c8a.msi"
"c:\windows\Installer\2ed5f8e.msp"
"c:\windows\Installer\c246a2.msi"
"c:\windows\Temp\Perflib_Perfdata_544.dat"
"c:\windows\Temp\Perflib_Perfdata_6cc.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Zylom
c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\nsIZylomPlugin.xpt
c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
c:\documents and settings\Chris\Application Data\Zylom
c:\program files\Zylom Games
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\angryeyes.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\Beauty.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\bonus\BeChuzzles_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\bonus\BeChuzzles_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\bonus\BeChuzzles_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\bonus\BeChuzzles_dynamic3.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\bonus\BeChuzzles_dynamic4.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\bonus\BeChuzzles_dynamic5.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\bonus\BeChuzzles_dynamic6.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\bonus\BeChuzzles_dynamic7.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\bonus\secretbutton_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\bonus\secretbutton_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\bonus\secretbutton_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\bonus\secretswirl.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\candy.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ChuzzleCheeks.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\classicchuzzle_menu.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ColorblindSymbols_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ColorblindSymbols_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ColorblindSymbols_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ColorblindSymbols_dynamic3.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ColorblindSymbols_dynamic4.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ColorblindSymbols_dynamic5.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ColorblindSymbols_dynamic6.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ColorblindSymbolsSmall_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ColorblindSymbolsSmall_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ColorblindSymbolsSmall_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ColorblindSymbolsSmall_dynamic3.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ColorblindSymbolsSmall_dynamic4.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ColorblindSymbolsSmall_dynamic5.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\ColorblindSymbolsSmall_dynamic6.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\GameButton_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\GameButton_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\GameButton_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\HighScoresButton_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\HighScoresButton_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\HighScoresButton_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\mainmenucontext_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\mainmenucontext_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\mainmenucontext_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\mainmenucontext_dynamic3.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\mindbender_menu.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\nakedchuzzle.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\OptionsButton_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\OptionsButton_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\OptionsButton_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\QuitButton_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\QuitButton_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\QuitButton_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\RosyCheeks.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\scrambulator_button_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\scrambulator_button_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\scrambulator_button_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\sleepyeyes.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\sleepyz.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\speedchuzzle_menu.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\TrophyRoomButton_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\TrophyRoomButton_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\TrophyRoomButton_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zenchuzzle_menu.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\charms_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\charms_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\charms_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\charms_dynamic3.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\charms_dynamic4.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\charms_dynamic5.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\goldcharms_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\goldcharms_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\goldcharms_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\goldcharms_dynamic3.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\goldcharms_dynamic4.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\goldcharms_dynamic5.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\pop-rainbow_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\pop-rainbow_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\pop-rainbow_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\pop-rainbow_dynamic3.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\rainbowcharms_dynamic0.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\rainbowcharms_dynamic1.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\rainbowcharms_dynamic2.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\rainbowcharms_dynamic3.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\rainbowcharms_dynamic4.cached
c:\program files\Zylom Games\Chuzzle Deluxe\cached\safemode\Textures\zens\rainbowcharms_dynamic5.cached
c:\program files\Zylom Games\Chuzzle Deluxe\HardwareTestResults\Hardware.registry
c:\program files\Zylom Games\Chuzzle Deluxe\Profiles\config.cfg
c:\program files\Zylom Games\Chuzzle Deluxe\Profiles\HSChuzzlePuzzle.cfg
c:\program files\Zylom Games\Chuzzle Deluxe\Profiles\HSSpeedChuzzle.cfg
c:\program files\Zylom Games\Chuzzle Deluxe\Profiles\Mmm\INFO.CFG
c:\program files\Zylom Games\Chuzzle Deluxe\Profiles\Mmm\SAVEGAME-CHUZZLEPUZZLE.DAT
c:\windows\Installer\109fff.msi
c:\windows\Installer\1f9c8a.msi
c:\windows\Installer\2ed5f8e.msp
c:\windows\Installer\c246a2.msi
c:\windows\Temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.
2009-07-02 15:32 . 2009-07-02 15:32 152576 ----a-w- c:\documents and settings\Clare\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-02 15:02 . 2009-07-02 15:02
d
w- c:\program files\Trend Micro
2009-06-30 09:10 . 2009-06-30 09:10
d
w- c:\documents and settings\Clare_2\Local Settings\Application Data\Identities
2009-06-29 17:21 . 2009-06-29 17:22
d
w- c:\program files\CCleaner
2009-06-29 16:16 . 2009-06-29 16:16
d
w- c:\documents and settings\Clare_2\Contacts
2009-06-28 19:47 . 2009-06-28 19:47
d
w- c:\documents and settings\Clare_2\Local Settings\Application Data\Yahoo
2009-06-28 16:43 . 2009-06-28 16:43
d
w- c:\documents and settings\Clare_2\Application Data\Teleca
2009-06-28 16:42 . 2009-06-28 16:42
d
w- c:\documents and settings\Clare_2\Application Data\Sony Ericsson
2009-06-28 06:49 . 2009-06-28 08:24 117760 ----a-w- c:\documents and settings\Clare\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-28 06:48 . 2009-06-28 06:48
d
w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-28 06:48 . 2009-06-28 08:32
d
w- c:\program files\SUPERAntiSpyware
2009-06-28 06:48 . 2009-06-28 06:48
d
w- c:\documents and settings\Clare\Application Data\SUPERAntiSpyware.com
2009-06-27 17:29 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-27 17:29 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-27 17:29 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-27 17:29 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-27 17:29 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-27 17:29 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-27 17:29 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-27 17:29 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-27 17:28 . 2009-06-27 17:28
d
w- c:\program files\Alwil Software
2009-06-27 12:48 . 2009-06-27 12:48
d
w- c:\documents and settings\Clare\Application Data\Malwarebytes
2009-06-27 12:48 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-27 12:48 . 2009-06-27 12:48
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-27 12:48 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-27 12:48 . 2009-06-27 12:48
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 05:42 . 2009-06-25 05:42
d
w- c:\windows\system32\Adobe
2009-06-03 10:50 . 2009-06-03 10:50
d
w- c:\documents and settings\All Users\Application Data\PopCap
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 15:34 . 2009-02-14 16:58
d
w- c:\program files\Java
2009-07-02 15:21 . 2005-05-12 19:33 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-28 16:28 . 2006-12-17 08:37
d
w- c:\program files\Yahoo!
2009-06-28 16:27 . 2008-06-04 17:34
d
w- c:\documents and settings\All Users\Application Data\Tesco Photobook Creator
2009-06-28 06:47 . 2006-10-23 11:19
d
w- c:\program files\Common Files\Wise Installation Wizard
2009-06-25 07:22 . 2009-05-18 08:17
d
w- c:\documents and settings\Chris\Application Data\Skype
2009-06-25 07:01 . 2009-05-18 08:27
d
w- c:\documents and settings\Chris\Application Data\skypePM
2009-05-21 10:57 . 2006-12-01 20:25
d
w- c:\program files\Common Files\Adobe
2009-05-21 10:33 . 2009-07-02 15:34 410984 ----a-w- c:\windows\system32\REN18.tmp
2009-05-19 17:38 . 2005-05-02 18:27
d
w- c:\documents and settings\Clare\Application Data\AdobeUM
2009-05-18 08:15 . 2009-05-18 08:15
d
w- c:\program files\Common Files\Skype
2009-05-18 08:15 . 2009-05-18 08:15
d
r- c:\program files\Skype
2009-05-18 08:15 . 2009-05-18 08:14
d
w- c:\documents and settings\All Users\Application Data\Skype
2009-05-07 15:32 . 2004-10-31 13:21 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-10-31 20:22 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-10-31 13:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-10-31 13:22 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-10-31 13:22 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-07-02_12.48.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-02 15:24 . 2009-07-02 15:24 16384 c:\windows\Temp\Perflib_Perfdata_710.dat
+ 2009-07-02 15:35 . 2009-07-02 15:35 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat
- 2009-04-15 15:12 . 2009-03-09 04:19 148888 c:\windows\system32\javaws.exe
+ 2009-07-02 15:34 . 2009-05-21 10:34 148888 c:\windows\system32\javaws.exe
+ 2009-07-02 15:34 . 2009-05-21 10:34 144792 c:\windows\system32\javaw.exe
- 2009-04-15 15:12 . 2009-03-09 04:19 144792 c:\windows\system32\javaw.exe
+ 2009-07-02 15:34 . 2009-05-21 10:34 144792 c:\windows\system32\java.exe
- 2009-04-15 15:12 . 2009-03-09 04:19 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2005-08-15 192512]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2004-11-06 1359967]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-5-12 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 viaide1;viaide1;c:\windows\system32\drivers\viaidexp.sys [11/02/2005 14:36 6144]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/06/2009 18:29 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/06/2009 18:29 20560]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [28/02/2009 19:38 266240]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [26/03/2008 19:39 30336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [11/05/2008 19:13 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [10/08/2008 20:32 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [10/08/2008 20:32 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se46mgmt.sys [08/04/2009 19:36 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\drivers\se46nd5.sys [16/04/2009 18:49 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [08/04/2009 19:25 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\drivers\se46unic.sys [16/04/2009 18:49 90800]
S3 U2KG54L;BUFFALO WLI-U2-KG54L Wireless LAN Driver;c:\windows\system32\drivers\U2KG54L.SYS [24/08/2006 05:44 477696]
S4 CADopia License Manager;CADopia License Manager;c:\progra~1\CADopia\CADOPI~1\LicenseManager\lmgrd.exe --> c:\progra~1\CADopia\CADOPI~1\LicenseManager\lmgrd.exe [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
2005-08-31 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-08-31 16:26]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yahoo.co.uk/
mStart Page = hxxp://uk.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
DPF: Bootstrap - hxxp://www.myfujiprints.co.uk/media/site/kiosk/Myfujiprints.CAB
DPF: NTLSignup - hxxps://register.tesco.net/tesco/NTLSignup.cab
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 19:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(624)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-07-02 19:58
ComboFix-quarantined-files.txt 2009-07-02 18:58
ComboFix2.txt 2009-07-02 12:58
ComboFix3.txt 2009-07-01 21:19
ComboFix4.txt 2009-06-29 17:55
ComboFix5.txt 2009-07-02 18:42
Pre-Run: 55,696,023,552 bytes free
Post-Run: 55,705,346,048 bytes free0 -
Is it still trying to install?:idea:0
-
Hasn't popped up again yet whilst surfing (but am being very careful at the minute, only using a select few sites, hotmail/facebook/a forum i'm on/MSE), but it did pop up this morning when i opened an excel file. Said it was 'preparing to install', then said it was 'configuring microsoft office premium 2000' or something similar. I let it carry on, then it asked what name i wanted to use for my files - i assume this is because i am now using a new limited user account rather than the admin account which i was using 0
-
Thats fine ~ let it configure (Though once configured it houldnt need configuring again):idea:0
-
Thats great
Will keep an eye on windows installer, esp when i'm surfing.
Thanks aliEnRIK for all your help getting rid of my nasties
xxx 0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.5K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards