We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
MBAM and HJT Logs: Help Please
Comments
-
Dr Web found another 19 problems, seemed to remove or quarantine all except one marked incurable, which was moved.
Revised MBAN scan picked up 2 more. I hope that's it?
Malwarebytes' Anti-Malware 1.44
Database version: 3679
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
02/02/2010 18:22:46
mbam-log-2010-02-02 (18-22-46).txt
Scan type: Full Scan (C:\|)
Objects scanned: 172143
Time elapsed: 21 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Chesters\DoctorWeb\Quarantine\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP511\A0248255.ocx (Adware.Gdown) -> Quarantined and deleted successfully.No free lunch, and no free laptop
0 -
Give a scan with SAS:idea:0
-
No free lunch, and no free laptop0
-
Would that be SuperAntiSpyware RIK?
http://www.superantispyware.com/
Sorry, yes
I was kinda ssuming you were 'down with the lingo'
:idea:0 -
Hmmm
The fact it keeps finding trojans is not good
Download a fresh copy of combofix and run it again
Maybe ive missed something somewhere:idea:0 -
Thanks RIK, fresh Combofix log is below:
ComboFix 10-02-02.04 - Chesters 03/02/2010 12:13:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.576 [GMT 0:00]
Running from: c:\documents and settings\Chesters\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-01-03 to 2010-02-03 )))))))))))))))))))))))))))))))
.
2010-02-03 10:48 . 2010-01-12 18:05 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-02-03 10:17 . 2010-01-11 13:40 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\NAVENG.SYS
2010-02-03 10:17 . 2010-01-11 13:40 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\NAVENG32.DLL
2010-02-03 10:17 . 2010-01-11 13:40 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\NAVEX32A.DLL
2010-02-03 10:17 . 2010-01-11 13:40 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\NAVEX15.SYS
2010-02-03 10:17 . 2010-01-11 13:40 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\EECTRL.SYS
2010-02-03 10:17 . 2010-01-11 13:40 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\CCERASER.DLL
2010-02-03 10:17 . 2010-01-11 13:40 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\ECMSVR32.DLL
2010-02-03 10:17 . 2010-01-11 13:40 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\ERASER.SYS
2010-02-03 10:10 . 2010-02-03 10:10 52224 ----a-w- c:\documents and settings\Chesters\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-03 10:10 . 2010-02-03 10:10 117760 ----a-w- c:\documents and settings\Chesters\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-03 10:10 . 2010-02-03 10:10
d
w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-03 10:09 . 2010-02-03 10:09
d
w- c:\program files\SUPERAntiSpyware
2010-02-03 10:09 . 2010-02-03 10:09
d
w- c:\documents and settings\Chesters\Application Data\SUPERAntiSpyware.com
2010-02-03 10:09 . 2010-02-03 10:09
d
w- c:\program files\Common Files\Wise Installation Wizard
2010-02-03 10:06 . 2010-02-03 10:06
d
w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-03 10:05 . 2010-02-03 10:05
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-02 15:37 . 2010-02-02 16:27
d
w- c:\documents and settings\Chesters\DoctorWeb
2010-02-02 15:14 . 2010-02-02 15:14
d
w- c:\documents and settings\Chesters\Local Settings\Application Data\Symantec
2010-02-02 10:41 . 2010-02-02 10:41
d
w- c:\program files\Trend Micro
2010-02-02 10:37 . 2010-02-02 10:37
d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-02 10:27 . 2010-02-02 10:27
d
w- c:\windows\ie8updates
2010-02-01 22:41 . 2009-12-21 19:14 12800
w- c:\windows\system32\dllcache\xpshims.dll
2010-02-01 22:41 . 2009-12-21 19:14 246272
w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-01 22:40 . 2009-11-21 15:51 471552
w- c:\windows\system32\dllcache\aclayers.dll
2010-02-01 22:28 . 2010-02-01 22:28
d
w- c:\documents and settings\Chesters\Application Data\Malwarebytes
2010-02-01 22:28 . 2010-02-01 22:28
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-01 22:28 . 2010-02-03 10:48
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 22:25 . 2010-02-01 22:25 0 ----a-w- c:\windows\nsreg.dat
2010-02-01 22:24 . 2010-02-01 22:24
d
w- c:\documents and settings\Chesters\Local Settings\Application Data\Mozilla
2010-02-01 22:12 . 2010-02-01 22:12
d
w- c:\program files\CCleaner
2010-02-01 21:33 . 2010-02-01 21:33
d-sh--w- c:\documents and settings\Chesters\PrivacIE
2010-02-01 21:33 . 2010-02-01 21:33
d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-01 21:30 . 2010-02-01 21:30
d-sh--w- c:\documents and settings\Chesters\IETldCache
2010-02-01 20:28 . 2010-02-01 20:31
dc-h--w- c:\windows\ie8
2010-01-30 08:57 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSvix86.sys
2010-01-30 08:57 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys
2010-01-30 08:57 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\Scxpx86.dll
2010-01-30 08:57 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSxpx86.dll
2010-01-30 08:57 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSviA64.sys
2010-01-23 08:12 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\Scxpx86.dll
2010-01-23 08:12 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSvix86.sys
2010-01-23 08:12 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSXpx86.sys
2010-01-23 08:12 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSxpx86.dll
2010-01-23 08:12 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSviA64.sys
2010-01-12 18:07 . 2010-01-12 18:04 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-01-12 18:05 . 2010-01-12 18:05 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-01-12 18:05 . 2010-01-12 18:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-12 18:05 . 2010-01-12 18:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-12 18:05 . 2010-01-12 18:05 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-01-12 18:05 . 2010-01-12 18:05 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-01-12 18:04 . 2010-01-12 18:04 771440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-01-12 18:04 . 2010-02-03 11:18
d
w- c:\windows\system32\drivers\N360
2010-01-12 18:04 . 2010-01-12 18:04
d
w- c:\program files\Norton 360
2010-01-12 18:04 . 2010-01-12 18:04
d
w- c:\program files\Windows Sidebar
2010-01-12 17:56 . 2010-01-12 17:56
d
w- c:\documents and settings\All Users\Application Data\PCSettings
2010-01-12 17:54 . 2010-01-12 18:07
d
w- c:\documents and settings\All Users\Application Data\Norton
2010-01-12 17:52 . 2010-01-12 18:04
d
w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-12 17:52 . 2010-01-12 17:52
d
w- c:\program files\NortonInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 18:40 . 2009-08-01 00:49
d
w- c:\program files\Google
2010-02-02 17:56 . 2005-11-10 21:23
d
w- c:\program files\Common Files\FTL Shared
2010-02-02 16:27 . 2005-11-10 21:22
d
w- c:\program files\BT Voyager 105 ADSL Modem
2010-01-16 09:23 . 2005-11-08 14:57
d
w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-16 08:45 . 2005-11-08 14:57
d
w- c:\program files\Common Files\Symantec Shared
2010-01-12 18:05 . 2005-11-08 14:57
d
w- c:\program files\Symantec
2010-01-12 18:05 . 2010-01-12 18:05 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-12 18:05 . 2010-01-12 18:05 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-12 18:05 . 2006-09-19 12:44 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-12 18:05 . 2006-10-03 17:47 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-12-21 19:14 . 2005-08-16 04:18 916480
w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2005-08-16 04:18 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-02_15.04.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-03 10:49 . 2010-02-03 10:49 16384 c:\windows\Temp\Perflib_Perfdata_5cc.dat
+ 2010-02-03 11:18 . 2010-01-12 18:05 48688 c:\windows\system32\drivers\N360\0308000.029\symndisv.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 36400 c:\windows\system32\drivers\N360\0308000.029\symndis.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 33072 c:\windows\system32\drivers\N360\0308000.029\symids.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 89904 c:\windows\system32\drivers\N360\0308000.029\symfw.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 43696 c:\windows\system32\drivers\N360\0308000.029\srtspx.sys
+ 2010-02-02 18:40 . 2010-02-02 18:40 22528 c:\windows\Installer\3bf4d.msi
+ 2010-02-03 10:09 . 2010-02-03 10:09 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-02-03 10:09 . 2010-02-03 10:09 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-02-03 10:09 . 2010-02-03 10:09 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2010-02-03 11:18 . 2010-01-12 18:05 217136 c:\windows\system32\drivers\N360\0308000.029\symtdi.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 310320 c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 308272 c:\windows\system32\drivers\N360\0308000.029\srtsp.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 482432 c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 259632 c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys
+ 2010-02-03 10:09 . 2010-02-03 10:09 1583616 c:\windows\Installer\41423.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-11-08 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-08 98304]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 147456]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 16384]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"HostManager"="c:\program files\Common Files\AOL\1202547353\ee\AOLSoftware.exe" [2006-09-26 50736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2005-11-8 156784]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2005-12-31 315392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1202547353\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"=
"c:\\WINDOWS\\stsystra.exe"=
"c:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe"=
"c:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe"=
"c:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"=
"c:\\Program Files\\VoyagerTest\\fts.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [03/02/2010 11:18 310320]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys [30/01/2010 08:57 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [03/02/2010 11:18 117640]
R3 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys [12/01/2010 18:05 259632]
R3 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0305020.00B\cchpx86.sys [12/01/2010 18:05 482432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16/01/2010 10:25 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/02/2010 18:40 135664]
.
Contents of the 'Scheduled Tasks' folder
2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:40]
2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:40]
.
.
Supplementary Scan
.
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
FF - ProfilePath - c:\documents and settings\Chesters\Application Data\Mozilla\Firefox\Profiles\d8ukdcxn.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 12:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1016)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2900)
c:\windows\system32\WININET.dll
c:\program files\Norton 360\Engine\3.5.2.11\Microsoft.VC80.CRT\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-03 12:19:15
ComboFix-quarantined-files.txt 2010-02-03 12:19
ComboFix2.txt 2010-02-02 15:07
Pre-Run: 141,676,576,768 bytes free
Post-Run: 141,684,969,472 bytes free
- - End Of File - - ACA74FFED2E91CFF066BACA2B51CACCANo free lunch, and no free laptop0 -
What did Dr Web Cure it find. Did you take note of what and where it found stuff.
What is the name and filepath of the trojan you keep finding?0 -
I didn't keep the Dr Web log unfortunately.
The trojans are not recurring, they are different ones.No free lunch, and no free laptop0 -
Is the filepath the same?
Can you tell us what the last one was?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.7K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.8K Work, Benefits & Business
- 603.2K Mortgages, Homes & Bills
- 178.2K Life & Family
- 260.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards