We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Worms and viruses - Help!
Comments
-
Thanks DCM. I used that the other day and it worked, but then the same problem came back today, so must be another underlying cause as well. I've just rerun the registry fix and it seems to have worked again. Hopefully it'll hold for a while longer this time.
I'm going to delete all the red files Rik mentioned so hopefully that will help0 -
Actually I managed to get the combofix working after doing the reg fix.
This si the log output
ComboFix 10-04-14.01 - Alan 15/04/2010 14:04:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1272 [GMT 1:00]
Running from: c:\documents and settings\Alan\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Alan\My Documents\Downloads\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
FILE ::
"c:\program files\achbn.exe"
"c:\program files\Achieve.exe"
"c:\program files\Achieve.exe.manifest"
"c:\program files\AchieveHelp.chm"
"c:\program files\APKeyboardReference.pdf"
"c:\program files\AskBarDis\bar\bin\askBar.dll"
"c:\program files\AskBarDis\bar\bin\AskService.exe"
"c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe"
"c:\program files\BICommon.dll"
"c:\program files\Default.dat"
"c:\program files\efxstd.DLL"
"c:\program files\EPR.dll"
"c:\program files\Infragistics.Win.Misc.v7.1.dll"
"c:\program files\Infragistics.Win.UltraWinChart.v7.1.dll"
"c:\program files\Infragistics.Win.UltraWinDataSource.v7.1.dll"
"c:\program files\Infragistics.Win.UltraWinEditors.v7.1.dll"
"c:\program files\Infragistics.Win.UltraWinPrintPreviewDialog. v7.1.dll"
"c:\program files\Infragistics.Win.UltraWinTabControl.v7.1.dll"
"c:\program files\Microsoft.Office.Interop.Outlook.dll"
"c:\program files\MiniComm.DLL"
"c:\program files\Office.dll"
"c:\program files\Sample.ach"
"c:\program files\SecurityManager.dll"
"c:\program files\stdole.dll"
"c:\program files\tx12.dll"
"c:\program files\tx12_bmp.flt"
"c:\program files\tx12_css.dll"
"c:\program files\tx12_doc.dll"
"c:\program files\tx12_gif.flt"
"c:\program files\tx12_htm.dll"
"c:\program files\tx12_ic.dll"
"c:\program files\tx12_ic.ini"
"c:\program files\tx12_jpg.flt"
"c:\program files\tx12_pdf.dll"
"c:\program files\tx12_png.flt"
"c:\program files\tx12_rtf.dll"
"c:\program files\tx12_tif.flt"
"c:\program files\tx12_tls.dll"
"c:\program files\tx12_wmf.flt"
"c:\program files\tx12_wnd.dll"
"c:\program files\tx12_xml.dll"
"c:\program files\uis.exe"
"c:\windows\system32\drivers\RevHDD.exe"
"c:\windows\system32\drivers\SPIF225.sys"
"c:\windows\system32\OOBE\oobebaln.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\achbn.exe
c:\program files\Achieve.exe
c:\program files\Achieve.exe.manifest
c:\program files\AchieveHelp.chm
c:\program files\APKeyboardReference.pdf
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\BICommon.dll
c:\program files\Default.dat
c:\program files\efxstd.DLL
c:\program files\EPR.dll
c:\program files\Infragistics.Win.Misc.v7.1.dll
c:\program files\Infragistics.Win.UltraWinChart.v7.1.dll
c:\program files\Infragistics.Win.UltraWinDataSource.v7.1.dll
c:\program files\Infragistics.Win.UltraWinEditors.v7.1.dll
c:\program files\Infragistics.Win.UltraWinTabControl.v7.1.dll
c:\program files\Microsoft.Office.Interop.Outlook.dll
c:\program files\MiniComm.DLL
c:\program files\Office.dll
c:\program files\Sample.ach
c:\program files\SecurityManager.dll
c:\program files\stdole.dll
c:\program files\tx12.dll
c:\program files\tx12_bmp.flt
c:\program files\tx12_css.dll
c:\program files\tx12_doc.dll
c:\program files\tx12_gif.flt
c:\program files\tx12_htm.dll
c:\program files\tx12_ic.dll
c:\program files\tx12_ic.ini
c:\program files\tx12_jpg.flt
c:\program files\tx12_pdf.dll
c:\program files\tx12_png.flt
c:\program files\tx12_rtf.dll
c:\program files\tx12_tif.flt
c:\program files\tx12_tls.dll
c:\program files\tx12_wmf.flt
c:\program files\tx12_wnd.dll
c:\program files\tx12_xml.dll
c:\program files\uis.exe
c:\windows\system32\drivers\RevHDD.exe
c:\windows\system32\drivers\SPIF225.sys
c:\windows\system32\OOBE\oobebaln.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_ASKService
\Legacy_ASKUpgrade
\Service_ASKService
\Service_ASKUpgrade
((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.
2010-04-14 08:13 . 2010-04-15 08:22
d
w- C:\Versalsoft
2010-04-14 08:13 . 2010-04-14 08:13
d
w- c:\program files\Versalsoft
2010-04-14 08:13 . 2010-04-14 08:13
d
w- c:\program files\Universal
2010-04-13 20:01 . 2010-04-13 23:31
d
w- c:\documents and settings\Alan\Local Settings\Application Data\saolbvtie
2010-04-10 14:54 . 2010-04-13 23:55
d
w- c:\program files\PeerBlock
2010-04-08 11:32 . 2010-04-08 11:32
d
w- c:\windows\system\Iosubsys
2010-04-07 19:54 . 2010-04-07 19:54
d
w- c:\program files\Trend Micro
2010-04-07 17:18 . 2010-04-07 17:18
d
w- c:\documents and settings\Alan\Application Data\Malwarebytes
2010-04-07 17:18 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 17:18 . 2010-04-07 17:18
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-07 17:18 . 2010-04-07 17:18
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 17:18 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-02 16:20 . 2010-04-02 16:20
d
w- c:\documents and settings\LocalService\Local Settings\Application Data\Xobni
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 13:17 . 2009-09-03 07:37
d
w- c:\documents and settings\Alan\Application Data\Dropbox
2010-04-15 12:34 . 2010-02-15 19:15
d
w- c:\documents and settings\Alan\Application Data\PriceGong
2010-04-13 23:55 . 2009-08-30 15:31
d
w- c:\documents and settings\Alan\Application Data\Azureus
2010-04-13 22:44 . 2009-09-01 19:29
d
w- c:\documents and settings\Alan\Application Data\HPAppData
2010-04-10 20:15 . 2009-12-26 11:54
d
w- c:\documents and settings\Alan\Application Data\vlc
2010-04-08 10:44 . 2007-08-01 10:24
d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 10:13 . 2009-11-22 10:09
d
w- c:\documents and settings\Alan\Application Data\TuneUpMedia
2010-03-11 21:21 . 2007-08-01 10:19
d
w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-11 12:38 . 2007-08-01 08:21 832512
w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2007-08-01 08:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2007-08-01 08:21 17408 ----a-w- c:\windows\system32\corpol.dll
2010-02-26 08:54 . 2009-10-12 12:16 91696 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\Uninstall.exe
2010-02-26 08:53 . 2010-02-26 08:53 13264416 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\Dropbox.exe
2010-02-25 14:14 . 2009-11-22 10:09
d
w- c:\program files\TuneUpMedia
2010-02-19 22:24 . 2009-10-15 16:51
d
w- c:\documents and settings\Alan\Application Data\VSO
2010-02-19 17:52 . 2010-02-19 17:52
d
w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-02-19 17:51 . 2010-02-19 17:51
d
w- c:\documents and settings\Alan\Application Data\Office Genuine Advantage
2010-02-15 19:21 . 2010-02-15 19:21
d
w- c:\documents and settings\All Users\Application Data\Winferno
2010-02-15 19:15 . 2010-02-15 19:15
d
w- c:\program files\Xobni
2010-02-15 19:15 . 2010-02-15 19:15
d
w- c:\program files\Winferno
2010-02-15 19:15 . 2010-02-15 19:15
d
w- c:\program files\PriceGong
2010-02-12 10:03 . 2010-03-07 14:17 293376
w- c:\windows\system32\browserchoice.exe
2009-10-14 15:12 . 2009-10-14 15:12 1372952 ----a-w- c:\program files\APUserManual.pdf
2009-10-14 14:39 . 2009-10-14 14:39 8412 ----a-w- c:\program files\APQuickStart.pdf
2007-11-28 09:49 . 2007-11-28 09:49 159744 ----a-w- c:\program files\Infragistics.Win.UltraWinPrintPreviewDialog.v7.1.dll
2006-02-10 12:02 . 2006-02-10 12:02 274432 ----a-w- c:\program files\TXTextControl.dll
2005-05-31 14:27 . 2005-05-31 14:27 503808 ----a-w- c:\program files\ActiproSoftware.UIStudio.Dock.dll
2005-05-31 14:27 . 2005-05-31 14:27 176128 ----a-w- c:\program files\ActiproSoftware.Shared.dll
2005-05-31 14:27 . 2005-05-31 14:27 147456 ----a-w- c:\program files\ActiproSoftware.WinUICore.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D3F3F3A-0E4B-4085-9032-7D072072319A}]
2010-01-25 12:38 99704 ----a-w- c:\program files\PriceGong\2.0.0\PriceLoadIE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-07-28 20:49 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-07-28 20:49 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-07-28 20:49 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-08 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-01 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-01 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-01 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 651264]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2006-05-25 65536]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 53248]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-12-27 73728]
"TPSMain"="TPSMain.exe" [2005-08-11 266240]
"Zooming"="ZoomingHook.exe" [2005-06-06 24576]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"NDSTray.exe"="NDSTray.exe" [BU]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-07-28 671376]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"InternetDownload_upgrade"="c:\program files\Versalsoft\InternetDownload\InternetDownload.exe" [2010-03-09 394752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\Alan\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Alan\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\O2\\bin\\wificfg.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 17:19 202280]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [12/10/2009 17:33 46824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/08/2009 19:29 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 00:44 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/01/2008 18:32 23888]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [10/04/2010 15:54 14424]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys --> c:\windows\system32\DRIVERS\TpChoice.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 23:44]
2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 23:44]
2010-04-15 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2010-02-15 14:48]
2010-04-15 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2010-02-15 14:34]
.
.
Supplementary Scan
.
uStart Page = https://....
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Download by Versalsoft Internet Download - c:\program files\Versalsoft\InternetDownload\adddownload.htm
Trusted Zone: acumen-resources.com\mail
Trusted Zone: qword.com
FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\ofv3nlgg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.abc.co.uk
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\program files\PriceGong\2.0.0\FF\components\PriceLoadFF.dll
FF - plugin: c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\ofv3nlgg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Alan\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 14:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(6020)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\documents and settings\Alan\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Other Running Processes
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\TDispVol.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\ZoomingHook.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-04-15 14:21:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-15 13:21
ComboFix2.txt 2010-04-14 07:38
Pre-Run: 106,915,188,736 bytes free
Post-Run: 106,792,722,432 bytes free
- - End Of File - - F4FB3FAABB6AAD500DEBDAA6A1E794860 -
What is the model of the pc, if it didn't come with a disc, it may have a restore partition!!
> . !!!! ----> .0 -
-
You don't say which model, if you look in the manual, or download it from Toshiba, it should tell you the recovery to factory state options (if they are there), or you could try booting holding down the zero key, or F8 or F12 to see if you get any restore to factory state options, or borrow an XP disc .
After ensuring you have your data backed up.!!
> . !!!! ----> .0 -
You don't say which model, if you look in the manual, or download it from Toshiba, it should tell you the recovery to factory state options (if they are there), or you could try booting holding down the zero key, or F8 or F12 to see if you get any restore to factory state options, or borrow an XP disc .
After ensuring you have your data backed up.
Sorry Sat Pro A200
Thaks for the advice0 -
Logs not looking bad actually
if you can, a factory reset is definitely the way to go (Simply reboot and see if the options there before windows loads)
As it stands, id be running a few more scanners to see how things are ~
Download SUPERANTISPYWARE (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_superantispyware/
UPDATE and PERFORM COMPLETE SCAN
(Then goto console and LOGS and post the log it created then untick it from STARTING UP WITH WINDOWS)
....................................................................
Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
Click CANCEL to the 'Would you like to read purchase terms now?' message
Click START click OK
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon
***DO NOT UPGRADE TO FULL VERSION***
..........................................................................
Then give the system a clean ~
Download CCLEANER (When installing UNTICK 'Add ccleaner YAHOO TOOLBAR...')
http://www.piriform.com/ccleaner/download/standard
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
reboot
Download GLARY UTILITIES
http://www.glaryutilities.com/download/gusetup_slim.exe
Run the ONE CLICK scan
Goto MODULES / SYSTEM TOOLS / WINDOWS STANDARD TOOLS / then run SYSTEM FILE CHECKER:idea:0 -
Pythagorous wrote: »Thanks DCM. I used that the other day and it worked, but then the same problem came back today, so must be another underlying cause as well. I've just rerun the registry fix and it seems to have worked again. Hopefully it'll hold for a while longer this time.
I'm going to delete all the red files Rik mentioned so hopefully that will help
Glad that helped if the reg fix works and now .exe starts working again
I will repost the bits again again here for anyone else who has the problem of "open with" for notepad and other programs like IE/Firefox/MBAM/etc
copy the code below and paste it into notepad (and if running notepad it say's "open with" select notepad you will get garbage in the window, don't worry select file new then paste it) then save as xxx.reg and then exit, then right click on it xxx.reg and merge in to the registryWindows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command] [-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command] [-HKEY_CLASSES_ROOT\.exe\shell\open\command] [HKEY_CLASSES_ROOT\.exe] @="exefile" "Content Type"="application/x-msdownload" [-HKEY_CLASSES_ROOT\secfile]
Then hopefully all .exe files will start working again. Many thanks to the guys at bleepingcomputer.com for the source.4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy0 -
Hope I'm not intruding on someone elses problem but am trying unsuccessfully to help sister by phone. (were over 60 so not too computer savvy) She has the Anvi virus tried an automatic removal tool online and it is still there. Is there an automatic tool that will help please or an idiots version to do manually.0
-
Hope I'm not intruding on someone elses problem but am trying unsuccessfully to help sister by phone. (were over 60 so not too computer savvy) She has the Anvi virus tried an automatic removal tool online and it is still there. Is there an automatic tool that will help please or an idiots version to do manually.
get her to join this site (Youll have to post the logs)
Download MALWAREBYTES (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_malwarebytes_anti_malware/
Open malwarebytes and goto UPDATE and click 'check for updates'. After its updated goto SCANNER and click PERFORM QUICK SCAN then click SCAN
Remove everything thats found (needs to be ticked)
Post the COMPLETE log in a new thread AFTER youve deleted everything it finds
If anything was found then do the exact same but run a FULL scan
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log in a new thread so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
If you get a message that you cant write to the hosts file then Press the SHIFT key, and whilst holding it RIGHT CLICK and select RUN AS (admin):idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.2K Banking & Borrowing
- 252.8K Reduce Debt & Boost Income
- 453.2K Spending & Discounts
- 243.2K Work, Benefits & Business
- 597.6K Mortgages, Homes & Bills
- 176.5K Life & Family
- 256.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards