We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

webroot antivirus?

caris
caris Posts: 730 Forumite
in Techie Stuff
Hi

We have webroot antivirus installed, when ever I trurn on my computer or during use I keep having an "error" report popping-up on the bottom right of the screen, and then when I open it it asks do I want to send the error report to webroot,

What is this and how do we fix the problem?

thanks
caris
«1

Comments

  • kduffy101
    kduffy101 Posts: 399 Forumite
    ive been getting this for the last 2 days aswell,
    ive restored my pc a couple of times but its still the same.
    ive got avast..i thought it might be something to do with IE,
    any help would be great,thanks
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Download MALWAREBYTES (Make sure you click 'DOWNLOAD LATEST VERSION')
    http://www.filehippo.com/download_malwarebytes_anti_malware/
    Open malwarebytes and goto UPDATE and click 'check for updates'. After its updated goto SCANNER and click PERFORM FULL SCAN then click SCAN
    Post the log COMPLETE here AFTER youve deleted everything it finds


    reboot

    Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
    http://www.filehippo.com/download_hijackthis/
    Click DO A SCAN AND SAVE A LOGFILE (Takes seconds) then post the log so we can see whats running
    (do NOT do anything else with Hijack but scan and post the FULL log)
    :idea:
  • kduffy101
    kduffy101 Posts: 399 Forumite
    Malwarebytes' Anti-Malware 1.42
    Database version: 3344
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    11/12/2009 11:49:43
    mbam-log-2009-12-11 (11-49-43).txt
    Scan type: Full Scan (A:\|C:\|D:\|)
    Objects scanned: 229346
    Time elapsed: 1 hour(s), 32 minute(s), 57 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 36
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP211\A0035168.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP219\A0035802.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP223\A0036657.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP224\A0037260.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP224\A0037618.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP230\A0038367.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP230\A0038792.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP230\A0039044.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP230\A0039296.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP230\A0039457.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP231\A0039586.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP231\A0039653.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP231\A0040073.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP231\A0040413.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP231\A0040470.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP231\A0040812.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP231\A0040759.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP231\A0040932.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0042222.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0042539.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0042592.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0042881.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0042936.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0043077.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0043129.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0043287.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0043337.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0043404.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0043473.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0043593.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0043646.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0043931.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0043984.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0044104.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0044157.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{56E88B42-6CED-4EE1-8E38-FF4999432132}\RP235\A0044381.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
  • kduffy101
    kduffy101 Posts: 399 Forumite
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:54:11, on 11/12/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Update Service (gupdate1c9f971741070e8) (gupdate1c9f971741070e8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    --
    End of file - 6200 bytes
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Odd in that they were all restore points, which means its not actually removed anything that was running

    Please run COMBOFIX

    Shut down your anti virus
    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be)

    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
    :idea:
  • kduffy101
    kduffy101 Posts: 399 Forumite
    ComboFix 09-12-06.A1 - Duffy 11/12/2009 12:53.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1471.1025 [GMT 0:00]
    Running from: c:\documents and settings\Duffy\My Documents\QUERTY.exe
    AV: avast! antivirus 4.8.1351 [VPS 091210-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
    c:\documents and settings\Duffy\Application Data\inst.exe
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    c:\windows\system32\twain_32.dll
    .
    ((((((((((((((((((((((((( Files Created from 2009-11-11 to 2009-12-11 )))))))))))))))))))))))))))))))
    .
    2009-12-11 09:58 . 2009-12-11 09:58
    d
    w- c:\documents and settings\Duffy\Application Data\Malwarebytes
    2009-12-11 09:58 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-11 09:58 . 2009-12-11 09:58
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-12-11 09:58 . 2009-12-11 09:58
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-11 09:58 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-10 08:28 . 2009-12-10 08:28
    d
    w- c:\program files\Ashampoo
    2009-12-10 07:06 . 2009-12-10 07:08
    d
    w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
    2009-12-10 07:05 . 2009-12-10 07:05
    d
    w- c:\windows\system32\wbem\Repository
    2009-12-10 07:00 . 2009-12-10 10:45
    d
    w- c:\documents and settings\Duffy\Application Data\vlc
    2009-12-10 06:58 . 2009-12-10 06:58
    d
    w- c:\program files\Common Files\Ahead
    2009-12-09 11:53 . 2009-12-10 06:52
    d
    w- c:\program files\Ashampoo(2)
    2009-12-09 10:43 . 2009-12-09 10:59
    d
    w- C:\HAPPY_GO_LUCKY__2008_ENG__DVDRIP
    2009-12-07 16:07 . 2009-12-07 16:07
    d
    w- c:\documents and settings\Duffy\Application Data\Ashampoo
    2009-12-07 16:04 . 2009-12-07 16:04
    d
    w- c:\documents and settings\Duffy\Local Settings\Application Data\ashampoo
    2009-12-07 16:04 . 2009-12-07 16:04
    d
    w- c:\documents and settings\All Users\Application Data\ashampoo
    2009-12-07 10:12 . 2009-12-10 06:53
    d
    w- c:\documents and settings\Duffy\Application Data\vlc(4)
    2009-12-07 10:07 . 2009-12-10 06:55
    d
    w- C:\RECYCLER(3)
    2009-12-07 10:04 . 2009-12-10 06:55
    d
    w- C:\RECYCLER(2)
    2009-12-07 09:47 . 2009-12-10 06:56
    d
    w- C:\QUERTY(2)
    2009-12-07 05:44 . 2009-12-10 06:58
    d
    w- c:\documents and settings\Duffy\Application Data\vlc(3)
    2009-12-06 07:51 . 2009-12-10 07:00
    d
    w- c:\documents and settings\Duffy\Application Data\vlc(2)
    2009-11-27 06:09 . 2009-12-10 07:01
    d
    w- c:\documents and settings\Duffy\Application Data\Malwarebytes(2)
    2009-11-27 06:09 . 2009-12-10 07:01
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes(2)
    2009-11-27 06:09 . 2009-12-10 07:01
    d
    w- c:\program files\Malwarebytes' Anti-Malware(2)
    2009-11-26 08:20 . 2009-12-10 07:03
    d
    w- c:\program files\Spyware Doctor(2)
    2009-11-13 09:36 . 2009-11-13 09:36
    d
    w- c:\documents and settings\Duffy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2009-11-13 07:11 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Duffy\Application Data\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-13 07:11 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-13 07:11 . 2009-11-13 07:11
    d
    w- c:\program files\Common Files\Adobe AIR
    2009-11-13 07:10 . 2009-11-13 07:10 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2009-11-13 07:10 . 2009-11-13 09:32
    d
    w- c:\documents and settings\All Users\Application Data\NOS
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-10 07:04 . 2009-06-23 15:25
    d
    w- c:\documents and settings\Duffy\Application Data\uTorrent
    2009-12-10 07:04 . 2009-10-12 05:40
    d
    w- c:\program files\Spybot - Search & Destroy
    2009-12-10 07:04 . 2009-10-12 05:40
    d
    w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-12-10 06:58 . 2009-10-12 05:41
    d
    w- c:\documents and settings\All Users\Application Data\Nero
    2009-12-10 06:58 . 2009-08-06 10:06
    d
    w- c:\program files\Common Files\Nero
    2009-12-09 11:03 . 2009-05-19 15:20
    d
    w- c:\program files\Ahead
    2009-12-07 06:53 . 2009-06-24 14:22
    d
    w- c:\documents and settings\Duffy\Application Data\Vso
    2009-11-26 09:38 . 2009-05-19 17:51
    d
    w- c:\program files\Google
    2009-11-23 11:21 . 2009-10-28 18:15
    d
    w- c:\documents and settings\Duffy\Application Data\Spotify
    2009-11-23 11:17 . 2009-08-31 07:29
    d
    w- c:\program files\PokerStars
    2009-11-13 07:12 . 2009-08-09 08:54
    d
    w- c:\program files\Common Files\Adobe
    2009-11-02 20:42 . 2009-10-30 09:11 195456
    w- c:\windows\system32\MpSigStub.exe
    2009-10-30 10:49 . 2009-10-30 10:49
    d
    w- c:\program files\CCleaner
    2009-10-30 09:39 . 2009-10-30 09:39
    d
    w- c:\program files\Trend Micro
    2009-10-30 09:10 . 2009-10-30 09:10
    d
    w- c:\program files\Windows Defender
    2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-10-28 18:15 . 2009-10-28 18:15
    d
    w- c:\program files\Spotify
    2009-10-25 09:40 . 2009-10-12 05:40
    d
    w- c:\documents and settings\All Users\Application Data\vsosdk
    2009-10-24 11:44 . 2009-10-23 12:06
    d
    w- c:\program files\PDF Suite
    2009-10-23 12:07 . 2009-10-23 12:07
    d
    w- c:\documents and settings\Duffy\Application Data\PDF Software
    2009-10-22 04:39 . 2009-05-21 12:35 46096 ----a-w- c:\documents and settings\Duffy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-22 04:23 . 2009-10-22 04:23
    d
    w- c:\program files\MSBuild
    2009-10-22 04:23 . 2009-10-22 04:23
    d
    w- c:\program files\Reference Assemblies
    2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
    2009-09-22 07:38 . 2009-06-24 14:22 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2009-09-22 07:38 . 2009-06-24 14:22 47360 ----a-w- c:\documents and settings\Duffy\Application Data\pcouffin.sys
    2009-09-22 07:38 . 2009-06-24 14:22 47360 ----a-w- c:\documents and settings\Duffy\Application Data\pcouffin.sys
    2009-08-09 06:40 . 2009-08-09 06:34 143392 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-08-09 06:40 . 2009-08-08 10:05 14880 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [BU]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe " [X]
    "SiSPower"="SiSPower.dll" [2004-11-12 49152]
    "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
    "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-5-19 331776]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9101:TCP"= 9101:TCP:BitComet 9101 TCP
    "9101:UDP"= 9101:UDP:BitComet 9101 UDP
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/06/2009 14:26 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/06/2009 14:26 20560]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
    S2 gupdate1c9f971741070e8;Google Update Service (gupdate1c9f971741070e8);c:\program files\Google\Update\GoogleUpdate.exe [30/06/2009 10:56 133104]
    S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [27/08/2009 08:24 12672]
    .
    Supplementary Scan
    .
    uStart Page = hxxp://uk.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Duffy\Application Data\Mozilla\Firefox\Profiles\yt9ucrk5.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://uk.search.yahoo.com/firefox/?fr=yff35-sfp
    FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    .
    **************************************************************************
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files:
    **************************************************************************
    .
    Completion time: 2009-12-11 13:02
    ComboFix-quarantined-files.txt 2009-12-11 13:01
    ComboFix2.txt 2009-12-07 10:02
    ComboFix3.txt 2009-12-03 09:09
    ComboFix4.txt 2009-11-26 09:27
    Pre-Run: 29,710,417,920 bytes free
    Post-Run: 30,043,369,472 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    - - End Of File - - 09A5E12606D354A5C7205EDD4B95D073
  • kduffy101
    kduffy101 Posts: 399 Forumite
    when combofix was running a box appeared saying....PEV.exe has encountered a problem+needs to close.
    any comments
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Pass ~ no idea what that would be

    Are you still having the same problem?
    :idea:
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    On 2nd thoughts
    PEV.EXE ~

    Download SUPERANTISPYWARE (Make sure you click 'DOWNLOAD LATEST VERSION')
    http://www.filehippo.com/download_superantispyware/
    UPDATE and PERFORM COMPLETE SCAN
    (Then goto console and LOGS and post the log it created then untick it from STARTING UP WITH WINDOWS)
    :idea:
  • kduffy101
    kduffy101 Posts: 399 Forumite
    no,
    pev.exe seems to be a virus/trojan whats your thoughts?
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.5K Banking & Borrowing
  • 254.2K Reduce Debt & Boost Income
  • 455.1K Spending & Discounts
  • 246.6K Work, Benefits & Business
  • 603K Mortgages, Homes & Bills
  • 178.1K Life & Family
  • 260.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture