We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
MBAM and HJT Logs: Help Please
Comments
-
I will do another Dr Web scan and report.
I have just completed a second SAS scan and it is now coming up clean.No free lunch, and no free laptop
0 -
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\dllcache\xpshims.dll
c:\windows\nsreg.dat
c:\windows\Installer\3bf4d.msi
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
c:\windows\Installer\41423.msi
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
OK, here is the new Combofix log RIK:
ComboFix 10-02-02.04 - Chesters 03/02/2010 14:02:50.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.464 [GMT 0:00]
Running from: c:\documents and settings\Chesters\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chesters\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FILE ::
"c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe"
"c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe"
"c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe"
"c:\windows\Installer\3bf4d.msi"
"c:\windows\Installer\41423.msi"
"c:\windows\nsreg.dat"
"c:\windows\system32\dllcache\xpshims.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
c:\windows\Installer\3bf4d.msi
c:\windows\Installer\41423.msi
c:\windows\nsreg.dat
c:\windows\system32\dllcache\xpshims.dll
.
((((((((((((((((((((((((( Files Created from 2010-01-03 to 2010-02-03 )))))))))))))))))))))))))))))))
.
2010-02-03 10:48 . 2010-01-12 18:05 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-02-03 10:17 . 2010-01-11 13:40 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\NAVENG.SYS
2010-02-03 10:17 . 2010-01-11 13:40 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\NAVENG32.DLL
2010-02-03 10:17 . 2010-01-11 13:40 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\NAVEX32A.DLL
2010-02-03 10:17 . 2010-01-11 13:40 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\NAVEX15.SYS
2010-02-03 10:17 . 2010-01-11 13:40 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\EECTRL.SYS
2010-02-03 10:17 . 2010-01-11 13:40 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\CCERASER.DLL
2010-02-03 10:17 . 2010-01-11 13:40 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\ECMSVR32.DLL
2010-02-03 10:17 . 2010-01-11 13:40 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100202.041\ERASER.SYS
2010-02-03 10:10 . 2010-02-03 10:10 52224 ----a-w- c:\documents and settings\Chesters\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-03 10:10 . 2010-02-03 10:10 117760 ----a-w- c:\documents and settings\Chesters\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-03 10:10 . 2010-02-03 10:10
d
w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-03 10:09 . 2010-02-03 10:09
d
w- c:\program files\SUPERAntiSpyware
2010-02-03 10:09 . 2010-02-03 10:09
d
w- c:\documents and settings\Chesters\Application Data\SUPERAntiSpyware.com
2010-02-03 10:09 . 2010-02-03 10:09
d
w- c:\program files\Common Files\Wise Installation Wizard
2010-02-03 10:06 . 2010-02-03 10:06
d
w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-03 10:05 . 2010-02-03 10:05
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-02 15:37 . 2010-02-02 16:27
d
w- c:\documents and settings\Chesters\DoctorWeb
2010-02-02 15:14 . 2010-02-02 15:14
d
w- c:\documents and settings\Chesters\Local Settings\Application Data\Symantec
2010-02-02 10:41 . 2010-02-02 10:41
d
w- c:\program files\Trend Micro
2010-02-02 10:37 . 2010-02-02 10:37
d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-02 10:27 . 2010-02-02 10:27
d
w- c:\windows\ie8updates
2010-02-01 22:41 . 2009-12-21 19:14 246272
w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-01 22:40 . 2009-11-21 15:51 471552
w- c:\windows\system32\dllcache\aclayers.dll
2010-02-01 22:28 . 2010-02-01 22:28
d
w- c:\documents and settings\Chesters\Application Data\Malwarebytes
2010-02-01 22:28 . 2010-02-01 22:28
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-01 22:28 . 2010-02-03 10:48
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 22:24 . 2010-02-01 22:24
d
w- c:\documents and settings\Chesters\Local Settings\Application Data\Mozilla
2010-02-01 22:12 . 2010-02-01 22:12
d
w- c:\program files\CCleaner
2010-02-01 21:33 . 2010-02-01 21:33
d-sh--w- c:\documents and settings\Chesters\PrivacIE
2010-02-01 21:33 . 2010-02-01 21:33
d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-01 21:30 . 2010-02-01 21:30
d-sh--w- c:\documents and settings\Chesters\IETldCache
2010-02-01 20:28 . 2010-02-01 20:31
dc-h--w- c:\windows\ie8
2010-01-30 08:57 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSvix86.sys
2010-01-30 08:57 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys
2010-01-30 08:57 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\Scxpx86.dll
2010-01-30 08:57 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSxpx86.dll
2010-01-30 08:57 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSviA64.sys
2010-01-23 08:12 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\Scxpx86.dll
2010-01-23 08:12 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSvix86.sys
2010-01-23 08:12 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSXpx86.sys
2010-01-23 08:12 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSxpx86.dll
2010-01-23 08:12 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSviA64.sys
2010-01-12 18:07 . 2010-01-12 18:04 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-01-12 18:05 . 2010-01-12 18:05 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-01-12 18:05 . 2010-01-12 18:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-12 18:05 . 2010-01-12 18:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-12 18:05 . 2010-01-12 18:05 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-01-12 18:05 . 2010-01-12 18:05 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-01-12 18:04 . 2010-01-12 18:04 771440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-01-12 18:04 . 2010-02-03 11:18
d
w- c:\windows\system32\drivers\N360
2010-01-12 18:04 . 2010-01-12 18:04
d
w- c:\program files\Norton 360
2010-01-12 18:04 . 2010-01-12 18:04
d
w- c:\program files\Windows Sidebar
2010-01-12 17:56 . 2010-01-12 17:56
d
w- c:\documents and settings\All Users\Application Data\PCSettings
2010-01-12 17:54 . 2010-01-12 18:07
d
w- c:\documents and settings\All Users\Application Data\Norton
2010-01-12 17:52 . 2010-01-12 18:04
d
w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-12 17:52 . 2010-01-12 17:52
d
w- c:\program files\NortonInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 18:40 . 2009-08-01 00:49
d
w- c:\program files\Google
2010-02-02 17:56 . 2005-11-10 21:23
d
w- c:\program files\Common Files\FTL Shared
2010-02-02 16:27 . 2005-11-10 21:22
d
w- c:\program files\BT Voyager 105 ADSL Modem
2010-01-16 09:23 . 2005-11-08 14:57
d
w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-16 08:45 . 2005-11-08 14:57
d
w- c:\program files\Common Files\Symantec Shared
2010-01-12 18:05 . 2005-11-08 14:57
d
w- c:\program files\Symantec
2010-01-12 18:05 . 2010-01-12 18:05 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-12 18:05 . 2010-01-12 18:05 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-12 18:05 . 2006-09-19 12:44 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-12 18:05 . 2006-10-03 17:47 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-12-21 19:14 . 2005-08-16 04:18 916480
w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2005-08-16 04:18 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-02_15.04.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-03 10:49 . 2010-02-03 10:49 16384 c:\windows\Temp\Perflib_Perfdata_5cc.dat
+ 2010-02-03 11:18 . 2010-01-12 18:05 48688 c:\windows\system32\drivers\N360\0308000.029\symndisv.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 36400 c:\windows\system32\drivers\N360\0308000.029\symndis.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 33072 c:\windows\system32\drivers\N360\0308000.029\symids.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 89904 c:\windows\system32\drivers\N360\0308000.029\symfw.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 43696 c:\windows\system32\drivers\N360\0308000.029\srtspx.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 217136 c:\windows\system32\drivers\N360\0308000.029\symtdi.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 310320 c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 308272 c:\windows\system32\drivers\N360\0308000.029\srtsp.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 482432 c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys
+ 2010-02-03 11:18 . 2010-01-12 18:05 259632 c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-11-08 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-08 98304]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 147456]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 16384]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"HostManager"="c:\program files\Common Files\AOL\1202547353\ee\AOLSoftware.exe" [2006-09-26 50736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2005-11-8 156784]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2005-12-31 315392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1202547353\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"=
"c:\\WINDOWS\\stsystra.exe"=
"c:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe"=
"c:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe"=
"c:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"=
"c:\\Program Files\\VoyagerTest\\fts.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [03/02/2010 11:18 310320]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys [30/01/2010 08:57 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [03/02/2010 11:18 117640]
R3 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys [12/01/2010 18:05 259632]
R3 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0305020.00B\cchpx86.sys [12/01/2010 18:05 482432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16/01/2010 10:25 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/02/2010 18:40 135664]
.
Contents of the 'Scheduled Tasks' folder
2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:40]
2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:40]
.
.
Supplementary Scan
.
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
FF - ProfilePath - c:\documents and settings\Chesters\Application Data\Mozilla\Firefox\Profiles\d8ukdcxn.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1016)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-03 14:08:07
ComboFix-quarantined-files.txt 2010-02-03 14:08
ComboFix2.txt 2010-02-03 12:19
ComboFix3.txt 2010-02-02 15:07
Pre-Run: 141,691,482,112 bytes free
Post-Run: 141,675,233,280 bytes free
- - End Of File - - 93853EB5D51940C08D810F8957225C60No free lunch, and no free laptop0 -
Give it another full scan with Dr Web:idea:0
-
Give it another full scan with Dr Web
Another Dr Web full scan found two things:
A0248254.exe Trojan.KillDisk.307 -deleted.
A0248256.dll. Probably DLOADER , Trojan. Incurable-I opted to 'move' this, should I have renamed/deleted it?
What next please?No free lunch, and no free laptop0 -
As reluctant said, any chance you can find out exactly where theyre coming from?:idea:0
-
I'm having trouble trying to work out how to copy the file path, but both are in:
C:\System Volume Information\_restore {129201FA-BOAC-49B3-96B2-DEB8B91E727B)\RP511.
I fear I may not have typed that exactly 'as is'.No free lunch, and no free laptop0 -
If they are all from System Volume then you are ok as they can be flushed.
- Now Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
The easiest and safest way to do this is:
Go to Start > Programs > Accessories > System Tools and click "System Restore"
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then go to Start > Run and type: Cleanmgr
Click "OK".
Click the "More Options" Tab.
Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
0 - Now Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
-
Thanks, I have done that, (set a new RP and removed all but the new one). Should I now run anything again to double check?No free lunch, and no free laptop0
-
Yes please - which ever programme was finding the trojans0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.8K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.2K Spending & Discounts
- 246.8K Work, Benefits & Business
- 603.4K Mortgages, Homes & Bills
- 178.2K Life & Family
- 260.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards