📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Virus. Pc keeps shutting down

Options
1356

Comments

  • ,hills
    ,hills Posts: 136 Forumite
    All I seem to be doing lately is running scans with Malewarebytes, Avast, Spybot and CC Cleaner.

    They still find virus's and I am still getting the reboot timer countdown.

    Also, now I'm having to reboot occaisionally because Windows Mail is saying that there is a problem and I need to reinstall it. But after reboot, it is fine.

    If I re install Windows Live, will it keep my Accounts and Address book and saved emails or will it over ride them ?

    Thanks again.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Ive asked you to run combofix so I can get to the bottom of the problem
    :idea:
  • ,hills
    ,hills Posts: 136 Forumite
    Sorry for delay

    I've had to walk away from the pc it was doing my head in.

    Anyway, back fresh and ready to go again

    Here is the ComboFix results (in 2 parts)

    Any advice appreciated

    Many Thanks

    Part 1)

    ComboFix 10-01-23.05 - 24/01/2010 8:58.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.434 [GMT 0:00]
    Running from: c:\documents and settings\My Documents\QWERTY.exe
    AV: avast! antivirus 4.8.1368 [VPS 100123-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))))
    .

    2010-01-15 10:04 . 2010-01-23 08:05
    d
    w- c:\program files\Spybot - Search & Destroy
    2010-01-15 10:04 . 2010-01-23 08:04
    d
    w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-01-15 09:59 . 2010-01-15 09:59
    d
    w- c:\documents and settings\All Users\Application Data\F-Secure
    2010-01-15 09:48 . 2010-01-15 09:48
    d
    w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2010-01-15 06:59 . 2010-01-15 06:59
    d
    w- C:\found.000
    2010-01-13 10:19 . 2009-11-02 20:42 195456
    w- c:\windows\system32\MpSigStub.exe
    2010-01-12 22:02 . 2010-01-12 22:02
    d
    w- c:\documents and settings\Local Settings\Application Data\Threat Expert
    2010-01-12 21:12 . 2010-01-12 21:12
    d
    w- c:\documents and settings\All Users\Application Data\SITEguard
    2010-01-12 21:12 . 2010-01-12 21:12
    d
    w- c:\program files\Common Files\iS3
    2010-01-12 21:12 . 2010-01-12 23:03
    d
    w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2010-01-12 17:14 . 2010-01-12 17:19
    d
    w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
    2010-01-12 17:14 . 2010-01-13 17:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-12-26 12:52 . 2009-12-26 12:52 48948 ---ha-w- c:\windows\system32\mlfcache.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-23 18:25 . 2009-04-30 19:41 32853060 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
    2010-01-23 08:09 . 2009-11-06 00:49
    d
    w- c:\program files\hott notes 4
    2010-01-23 08:08 . 2009-11-08 21:12
    d
    w- c:\program files\Coupon Printer
    2010-01-23 00:31 . 2009-04-14 07:25 66944 ----a-w- c:\documents and settings\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-22 23:27 . 2009-04-15 19:23
    d
    w- c:\program files\MSECache
    2010-01-22 18:36 . 2008-04-14 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
    2010-01-22 18:36 . 2008-04-14 12:00 96512
    w- c:\windows\system32\drivers\atapi.sys
    2010-01-20 17:35 . 2010-01-20 17:35
    d
    w- c:\program files\Common Files\Java
    2010-01-20 17:35 . 2010-01-20 17:35 61440 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\decora-sse.dll
    2010-01-20 17:35 . 2010-01-20 17:35 503808 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\msvcp71.dll
    2010-01-20 17:35 . 2010-01-20 17:35 499712 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\jmc.dll
    2010-01-20 17:35 . 2010-01-20 17:35 348160 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\msvcr71.dll
    2010-01-20 17:35 . 2010-01-20 17:35 12800 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\decora-d3d.dll
    2010-01-20 17:35 . 2010-01-20 17:35 114688 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-6bcf4e8b-n\jogl_cg.dll
    2010-01-20 17:35 . 2010-01-20 17:35 315392 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-6bcf4e8b-n\jogl.dll
    2010-01-20 17:35 . 2010-01-20 17:35 20480 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-6bcf4e8b-n\jogl_awt.dll
    2010-01-20 17:35 . 2010-01-20 17:35 20480 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-1299b5a5-n\gluegen-rt.dll
    2010-01-20 17:35 . 2009-07-30 01:10
    d
    w- c:\program files\Java
    2010-01-20 13:38 . 2009-04-15 22:36
    d
    w- c:\program files\Microsoft Silverlight
    2010-01-12 23:09 . 2009-04-27 15:25
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-12 23:01 . 2010-01-12 22:59 1144 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
    2010-01-12 22:56 . 2009-04-08 09:43
    d---a-w- c:\documents and settings\All Users\Application Data\Temp
    2010-01-12 21:00 . 2009-05-16 08:45
    d
    w- c:\documents and settings\Application Data\Skype
    2010-01-07 16:07 . 2009-04-27 15:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 16:07 . 2009-04-27 15:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-05 10:00 . 2008-04-14 12:00 832512
    w- c:\windows\system32\wininet.dll
    2010-01-05 10:00 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-01-05 10:00 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-12-30 06:14 . 2009-12-30 06:50 2449408 ----a-w- c:\windows\Internet Logs\xDBF.tmp
    2009-12-17 17:14 . 2009-07-30 01:10 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-12-14 10:32 . 2009-12-14 10:40 2388992 ----a-w- c:\windows\Internet Logs\xDBE.tmp
    2009-12-14 09:54 . 2009-12-14 09:54
    d
    w- c:\documents and settings\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2009-12-14 09:14 . 2009-12-14 09:15 2383360 ----a-w- c:\windows\Internet Logs\xDBD.tmp
    2009-12-05 18:44 . 2009-12-05 18:45 2332160 ----a-w- c:\windows\Internet Logs\xDBC.tmp
    2009-12-05 18:44 . 2009-12-05 18:45 3097600 ----a-w- c:\windows\Internet Logs\xDBB.tmp
    2009-12-03 00:06 . 2009-05-16 08:47
    d
    w- c:\documents and settings\Application Data\skypePM
    2009-11-24 23:54 . 2009-04-27 19:33 1280480 ----a-w- c:\windows\system32\aswBoot.exe
    2009-11-24 23:51 . 2009-04-27 19:34 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-11-24 23:50 . 2009-04-27 19:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2009-11-24 23:50 . 2009-04-27 19:34 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-11-24 23:50 . 2009-04-27 19:34 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-11-24 23:49 . 2009-04-27 19:34 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-11-24 23:48 . 2009-04-27 19:34 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-11-24 23:47 . 2009-04-27 19:34 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-11-24 23:47 . 2009-04-27 19:34 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-16 14:15 . 2009-11-16 14:15 38208 ----a-w- c:\documents and settings\Application Data\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-08 21:12 . 2009-11-08 21:12 31 ---ha-w- c:\windows\UKCpInfo.sys
    2009-11-04 14:40 . 2009-11-04 14:40 152576 ----a-w- c:\documents and settings\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-11-01 09:02 . 2009-11-01 09:01 19943684 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2009_11_01_08_55_59_full.dmp.zip
    2009-10-28 14:12 . 2009-10-28 14:12 149752 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-01-23_19.37.17 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-01-24 08:17 . 2010-01-24 08:17 16384 c:\windows\Temp\Perflib_Perfdata_7b4.dat
    + 2010-01-24 08:17 . 2010-01-24 08:17 16384 c:\windows\Temp\Perflib_Perfdata_590.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
  • ,hills
    ,hills Posts: 136 Forumite
    part 2


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-10-16 17:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

    c:\documents and settings\Start Menu\Programs\Startup\
    BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-11-16 95232]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    ComproRemote.lnk - c:\program files\Common Files\VideoMate\ComproRemote.exe [2009-4-8 9736192]
    ComproSchedulerDTV.lnk - c:\program files\Common Files\VideoMate\ComproSchedulerDTV.exe [2009-4-8 229376]
    Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/04/2009 19:34 114768]
    R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [27/04/2009 20:04 464264]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/04/2009 19:34 20560]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [15/04/2009 22:36 54752]
    R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [07/04/2009 11:27 679680]
    R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [07/04/2009 11:54 735744]
    R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [07/04/2009 11:54 1656960]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [07/04/2009 11:21 845184]
    R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [08/04/2009 09:37 971648]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [22/08/2008 18:56 7680]
    S3 PAC207;SoC [email]PC-Camer@;c:\windows\system32\drivers\PFC027.sys[/email] [24/02/2005 11:29 162176]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    vvdsvc REG_MULTI_SZ vvdsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-01-24 c:\windows\Tasks\HPpromotions psc 2350 series.job
    - c:\program files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe [2005-01-28 12:26]
    .
    .
    Supplementary Scan

    .
    uStart Page = hxxp://uk.ask.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-24 09:02
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    DLLs Loaded Under Running Processes


    - - - - - - - > 'explorer.exe'(3260)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-01-24 09:03:24
    ComboFix-quarantined-files.txt 2010-01-24 09:03
    ComboFix2.txt 2010-01-23 19:38

    Pre-Run: 460,852,088,832 bytes free
    Post-Run: 460,813,529,088 bytes free

    Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
    - - End Of File - - E83CB64CD2B83B7079B5634D9508B6DB
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Open notepad and copy/paste the text in RED below

    File::
    c:\windows\system32\drivers\kgpcpy.cfg
    c:\windows\Internet Logs\xDBF.tmp
    c:\windows\Internet Logs\xDBE.tmp
    c:\windows\Internet Logs\xDBD.tmp
    c:\windows\Internet Logs\xDBC.tmp
    c:\windows\Internet Logs\xDBB.tmp



    Save this as "CFScript"

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScript.gif


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply


    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.


    ..............................................................................

    Uninstall the ASK TOOLBAR (ASKBARDIS)


    .................................................................


    Download HIJACK THIS (Click 'DOWNLOAD LATEST VERSION')
    http://www.filehippo.com/download_hijackthis/
    reboot
    SCAN and post the log so we can see whats running :)
    :idea:
  • ,hills
    ,hills Posts: 136 Forumite
    Thanks

    Can I ask what the Ask Tookbar (Askbadis) is ?.

    Here is the hijackthis log

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 11:19:49, on 24/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\VideoMate\ComproRemote.exe
    C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    O4 - Global Startup: ComproRemote.lnk = ?
    O4 - Global Startup: ComproSchedulerDTV.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.co.uk/SnapfishUKActivia.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    --
    End of file - 11709 bytes
  • ,hills
    ,hills Posts: 136 Forumite
    I can't seem to find

    File::
    c:\windows\system32\drivers\kgpcpy.cfg
    c:\windows\Internet Logs\xDBF.tmp
    c:\windows\Internet Logs\xDBE.tmp
    c:\windows\Internet Logs\xDBD.tmp
    c:\windows\Internet Logs\xDBC.tmp
    c:\windows\Internet Logs\xDBB.tmp
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    ,hills wrote: »
    I can't seem to find

    File::
    c:\windows\system32\drivers\kgpcpy.cfg
    c:\windows\Internet Logs\xDBF.tmp
    c:\windows\Internet Logs\xDBE.tmp
    c:\windows\Internet Logs\xDBD.tmp
    c:\windows\Internet Logs\xDBC.tmp
    c:\windows\Internet Logs\xDBB.tmp


    You dont have to, just COPY and PASTE into the notepad file as ive put
    :idea:
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    TICK these and FIX them using hijack ~
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Global Startup: ComproRemote.lnk = ?
    O4 - Global Startup: ComproSchedulerDTV.lnk = ?
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe


    Use the AVG REMOVAL TOOL (due to their being some still left)
    http://www.avg.com/download-tools
    :idea:
  • ,hills
    ,hills Posts: 136 Forumite
    opied and Pasted CFScript to Qwerty and here is the Combofix results

    ComboFix 10-01-23.05 - 24/01/2010 13:42:22.4.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.613 [GMT 0:00]
    Running from: C:\Documents and Settings\
    My Documents\QWERTY.exe
    AV: avast! antivirus 4.8.1368 [VPS 100123-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    ((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))))
    .
    2010-01-24 11:00:14 . 2010-01-24 11:00:14 388096 ----a-r- C:\Documents and Settings\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-01-24 11:00:14 . 2010-01-24 11:00:14
    d
    w- C:\Program Files\TrendMicro
    2010-01-15 10:04:44 . 2010-01-23 08:05:14
    d
    w- C:\Program Files\Spybot - Search & Destroy
    2010-01-15 10:04:44 . 2010-01-23 08:04:08
    d
    w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2010-01-15 09:59:26 . 2010-01-15 09:59:26
    d
    w- C:\Documents and Settings\All Users\Application Data\F-Secure
    2010-01-15 09:48:40 . 2010-01-15 09:48:40
    d
    w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2010-01-15 06:59:43 . 2010-01-15 06:59:43
    d
    w- C:\found.000
    2010-01-13 10:19:41 . 2009-11-02 20:42:06 195456
    w- C:\WINDOWS\system32\MpSigStub.exe
    2010-01-12 22:02:58 . 2010-01-12 22:02:58
    d
    w- C:\Documents and Settings\Local Settings\Application Data\Threat Expert
    2010-01-12 21:12:48 . 2010-01-12 21:12:48
    d
    w- C:\Documents and Settings\All Users\Application Data\SITEguard
    2010-01-12 21:12:06 . 2010-01-12 21:12:06
    d
    w- C:\Program Files\Common Files\iS3
    2010-01-12 21:12:05 . 2010-01-12 23:03:59
    d
    w- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    2010-01-12 17:14:29 . 2010-01-12 17:19:28
    d
    w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe
    2010-01-12 17:14:21 . 2010-01-13 17:43:08 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
    2009-12-26 12:52:06 . 2009-12-26 12:52:06 48948 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-23 18:25:57 . 2009-04-30 19:41:24 32853060 ----a-w- C:\WINDOWS\Internet Logs\tvDebug.Zip
    2010-01-23 08:09:06 . 2009-11-06 00:49:41
    d
    w- C:\Program Files\hott notes 4
    2010-01-23 08:08:54 . 2009-11-08 21:12:10
    d
    w- C:\Program Files\Coupon Printer
    2010-01-23 00:31:30 . 2009-04-14 07:25:11 66944 ----a-w- C:\Documents and Settings\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-22 23:27:40 . 2009-04-15 19:23:55
    d
    w- C:\Program Files\MSECache
    2010-01-22 18:36:51 . 2008-04-14 12:00:00 96512 ----a-w- C:\WINDOWS\system32\drivers\atapi.svs
    2010-01-22 18:36:51 . 2008-04-14 12:00:00 96512
    w- C:\WINDOWS\system32\drivers\atapi.sys
    2010-01-20 17:35:37 . 2010-01-20 17:35:37
    d
    w- C:\Program Files\Common Files\Java
    2010-01-20 17:35:35 . 2010-01-20 17:35:35 61440 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\decora-sse.dll
    2010-01-20 17:35:35 . 2010-01-20 17:35:35 503808 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\msvcp71.dll
    2010-01-20 17:35:35 . 2010-01-20 17:35:35 499712 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\jmc.dll
    2010-01-20 17:35:35 . 2010-01-20 17:35:35 348160 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\msvcr71.dll
    2010-01-20 17:35:35 . 2010-01-20 17:35:35 12800 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\decora-d3d.dll
    2010-01-20 17:35:35 . 2010-01-20 17:35:35 114688 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-6bcf4e8b-n\jogl_cg.dll
    2010-01-20 17:35:34 . 2010-01-20 17:35:34 315392 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-6bcf4e8b-n\jogl.dll
    2010-01-20 17:35:34 . 2010-01-20 17:35:34 20480 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-6bcf4e8b-n\jogl_awt.dll
    2010-01-20 17:35:34 . 2010-01-20 17:35:34 20480 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-1299b5a5-n\gluegen-rt.dll
    2010-01-20 17:35:21 . 2009-07-30 01:10:32
    d
    w- C:\Program Files\Java
    2010-01-20 13:38:17 . 2009-04-15 22:36:51
    d
    w- C:\Program Files\Microsoft Silverlight
    2010-01-12 23:09:18 . 2009-04-27 15:25:11
    d
    w- C:\Program Files\Malwarebytes' Anti-Malware
    2010-01-12 23:01:30 . 2010-01-12 22:59:38 1144 ----a-w- C:\WINDOWS\system32\drivers\kgpcpy.cfg
    2010-01-12 22:56:48 . 2009-04-08 09:43:06
    d---a-w- C:\Documents and Settings\All Users\Application Data\Temp
    2010-01-12 21:00:41 . 2009-05-16 08:45:39
    d
    w- C:\Documents and Settings\Application Data\Skype
    2010-01-07 16:07:14 . 2009-04-27 15:25:12 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2010-01-07 16:07:04 . 2009-04-27 15:25:14 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
    2010-01-05 10:00:29 . 2008-04-14 12:00:00 832512
    w- C:\WINDOWS\system32\wininet.dll
    2010-01-05 10:00:21 . 2008-04-14 12:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
    2010-01-05 10:00:20 . 2008-04-14 12:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
    2009-12-30 06:14:10 . 2009-12-30 06:50:28 2449408 ----a-w- C:\WINDOWS\Internet Logs\xDBF.tmp
    2009-12-17 17:14:00 . 2009-07-30 01:10:44 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
    2009-12-14 10:32:30 . 2009-12-14 10:40:06 2388992 ----a-w- C:\WINDOWS\Internet Logs\xDBE.tmp
    2009-12-14 09:54:02 . 2009-12-14 09:54:02
    d
    w- C:\Documents and Settings\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2009-12-14 09:14:07 . 2009-12-14 09:15:55 2383360 ----a-w- C:\WINDOWS\Internet Logs\xDBD.tmp
    2009-12-05 18:44:14 . 2009-12-05 18:45:51 2332160 ----a-w- C:\WINDOWS\Internet Logs\xDBC.tmp
    2009-12-05 18:44:13 . 2009-12-05 18:45:51 3097600 ----a-w- C:\WINDOWS\Internet Logs\xDBB.tmp
    2009-12-03 00:06:09 . 2009-05-16 08:47:03
    d
    w- C:\Documents and Settings\Application Data\skypePM
    2009-11-24 23:54:29 . 2009-04-27 19:33:46 1280480 ----a-w- C:\WINDOWS\system32\aswBoot.exe
    2009-11-24 23:51:09 . 2009-04-27 19:34:00 93424 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
    2009-11-24 23:50:59 . 2009-04-27 19:34:20 94160 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
    2009-11-24 23:50:12 . 2009-04-27 19:34:21 114768 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
    2009-11-24 23:50:00 . 2009-04-27 19:34:22 20560 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2009-11-24 23:49:07 . 2009-04-27 19:34:29 48560 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
    2009-11-24 23:48:57 . 2009-04-27 19:34:30 23120 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
    2009-11-24 23:47:54 . 2009-04-27 19:34:25 27408 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
    2009-11-24 23:47:28 . 2009-04-27 19:34:24 97480 ----a-w- C:\WINDOWS\system32\AvastSS.scr
    2009-11-21 15:51:04 . 2008-04-14 12:00:00 471552 ----a-w- C:\WINDOWS\AppPatch\aclayers.dll
    2009-11-16 14:15:25 . 2009-11-16 14:15:59 38208 ----a-w- C:\Documents and Settings\Application Data\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-08 21:12:10 . 2009-11-08 21:12:10 31 ---ha-w- C:\WINDOWS\UKCpInfo.sys
    2009-11-04 14:40:05 . 2009-11-04 14:40:05 152576 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-11-01 09:02:07 . 2009-11-01 09:01:57 19943684 ----a-w- C:\WINDOWS\Internet Logs\vsmon_on_demand_thread_2009_11_01_08_55_59_full.dmp.zip
    2009-10-28 14:12:23 . 2009-10-28 14:12:23 149752 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    .
    ((((((((((((((((((((((((((((( [EMAIL="SnapShot@2010-01-23_19.37.17"]SnapShot@2010-01-23_19.37.17[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-01-24 11:18:25 . 2010-01-24 11:18:25 16384 C:\WINDOWS\Temp\Perflib_Perfdata_7b4.dat
    + 2010-01-24 11:18:31 . 2010-01-24 11:18:31 16384 C:\WINDOWS\Temp\Perflib_Perfdata_684.dat
    + 2010-01-24 10:58:29 . 2010-01-24 10:58:29 1093632 C:\WINDOWS\Installer\5a6975.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-10-16 17:22:18 333192 ----a-w- C:\Program Files\AskBarDis\bar\bin\askBar.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 17:22:18 333192]
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 17:22:18 333192]
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 19:23:22 83240]
    "PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 10:36:42 50472]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 12:33:12 570664]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 15:29:02 2221352]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38:56 49152]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18:56 241664]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 23:51:40 81000]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 23:10:22 981384]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 03:08:38 35696]
    "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 11:08:30 935288]
    "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 15:21:52 246504]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-10-28 20:21:26 141600]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-12-25 16:08:00 13680640]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-09-05 00:54:42 417792]
    C:\Documents and Settings\Start Menu\Programs\Startup\
    BBC iPlayer Desktop.lnk - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-11-16 95232]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    ComproRemote.lnk - C:\Program Files\Common Files\VideoMate\ComproRemote.exe [2009-4-8 9736192]
    ComproSchedulerDTV.lnk - C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe [2009-4-8 229376]
    Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
    HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [27/04/2009 19:34:21 114768]
    R2 ASKService;ASKService;C:\Program Files\AskBarDis\bar\bin\AskService.exe [27/04/2009 20:04:24 464264]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [27/04/2009 19:34:22 20560]
    R2 fssfltr;FssFltr;C:\WINDOWS\system32\drivers\fssfltr_tdi.sys [15/04/2009 22:36:42 54752]
    R3 RT80x86;Ralink 802.11n Wireless Driver;C:\WINDOWS\system32\drivers\rt2860.sys [07/04/2009 11:27:19 679680]
    R3 t3;SB Xtreme Audio Notebook;C:\WINDOWS\system32\drivers\t3.sys [07/04/2009 11:54:35 735744]
    R3 t3filt;t3filt;C:\WINDOWS\system32\drivers\t3filt.sys [07/04/2009 11:54:35 1656960]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\WINDOWS\system32\drivers\viahduaa.sys [07/04/2009 11:21:00 845184]
    R3 VMHybrid;VMHybrid service;C:\WINDOWS\system32\drivers\VMHybrid.sys [08/04/2009 09:37:47 971648]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48:42 704864]
    S3 massfilter;ZTE Mass Storage Filter Driver;C:\WINDOWS\system32\drivers\massfilter.sys [22/08/2008 18:56:28 7680]
    S3 PAC207;SoC [EMAIL="PC-Camer@;C:\WINDOWS\system32\drivers\PFC027.sys"]PC-Camer@;C:\WINDOWS\system32\drivers\PFC027.sys[/EMAIL] [24/02/2005 11:29:14 162176]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    vvdsvc REG_MULTI_SZ vvdsvc
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-02-26 13:06:42 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    2010-01-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]
    2010-01-24 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe [2005-01-28 12:26:00 . 2005-01-28 12:26:00]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://uk.ask.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    .
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.1K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture