Worms and viruses - Help!
Comments
-
Uninstall the ASK TOOLBAR (also known as ASK BAR DIS)
and the PDFFORGE TOOLBAR (if possible)
TICK and FIX these (Some shouldnt be there so long as the aboves uninstalled so dont worry if theyre not) ~
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.XXXXXcom/Remote/tsweb.a...edirectAudio=2
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = XXXXX ***ALL OF THEM***
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
reboot
Hows it running now?:idea:0 -
Thanks Alienrik. Have only just seen your reply. I seem to have issues with disappearing programs etc as per my other thread here :-(
http://forums.moneysavingexpert.com/showthread.html?p=31831203&posted=1#post318312030 -
Actually looks like I'm still screwed with viruses. Before I had a chance to go in and make the changes Alienrik suggested I've started getting windows security alerts popping up left right and centre. The Antivirus suit then scans and shows lots of critical status malwares, my malwarebytes program that was previously installed seems to have disappeared and when I go into IE I can't get past a page that says "Internet Explorer warning - visiting this website may harm your computer. The only other page I can go to is a page asking me to purchase the antivirus suite software that is showing the malware in the scan.
Where the eck do i go from here?
Please help!!
PS I'm typing this from my trusty mac0 -
As an update I rebooted and although the laptop now doesn't have the virus messages popping up I can't seem to get IE to load any pages. It is showing as being connected to the internet, but I now just get a completely blank white page as it constantly tries to connect.
Anyone please able to help?0 -
Does firefox work?
If so ~
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
.............................................................
Here’s how you can disable all addons/extensions and run IE 7 or even IE 8 without them:
* Go to Start > Run
* Type iexplore -extoff
* Press Enter
Run Firefox Without Extensions
Similarly, if you’re having any problems with Firefox, you could disable addons and run it in safe mode. Here’s how:
* Go to the Run dialog by going to Start > Run
* Type firefox -safe-mode
* A window will popup asking things that you want to disable or reset (eg: reset/disable bookmarks/toolbars, etc.)
* Give the right choices, and press ‘Restart’ for the changes to take effect:idea:0 -
Hi AlienRik,
Here is the combo report. I somehow managed to get firefox and IE to work again.
ComboFix 10-04-13.02 - Alan 14/04/2010 8:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1289 [GMT 1:00]
Running from: c:\documents and settings\Alan\My Documents\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Alan\Application Data\.#\MBX@113C@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@113C@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@113C@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@11D8@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@11D8@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@11D8@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@1210@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@1210@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@1210@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@1270@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@1270@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@1270@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@12D0@394180.###
c:\documents and settings\Alan\Application Data\.#\MBX@12D0@3941B0.###
c:\documents and settings\Alan\Application Data\.#\MBX@12D0@3941E0.###
c:\documents and settings\Alan\Application Data\.#\MBX@13A0@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@13A0@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@13A0@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@1538@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@1538@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@1538@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@157C@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@157C@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@157C@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@15D8@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@15D8@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@15D8@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@1770@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@1770@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@1770@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@554@394180.###
c:\documents and settings\Alan\Application Data\.#\MBX@554@3941B0.###
c:\documents and settings\Alan\Application Data\.#\MBX@554@3941E0.###
c:\documents and settings\Alan\Application Data\.#\MBX@860@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@860@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@860@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@8C0@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@8C0@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@8C0@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@9AC@394180.###
c:\documents and settings\Alan\Application Data\.#\MBX@9AC@3941B0.###
c:\documents and settings\Alan\Application Data\.#\MBX@9AC@3941E0.###
c:\documents and settings\Alan\Application Data\.#\MBX@9F0@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@9F0@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@9F0@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@BDC@394180.###
c:\documents and settings\Alan\Application Data\.#\MBX@BDC@3941B0.###
c:\documents and settings\Alan\Application Data\.#\MBX@BDC@3941E0.###
c:\documents and settings\Alan\Application Data\.#\MBX@C90@394180.###
c:\documents and settings\Alan\Application Data\.#\MBX@C90@3941B0.###
c:\documents and settings\Alan\Application Data\.#\MBX@C90@3941E0.###
c:\documents and settings\Alan\Application Data\.#\MBX@CF0@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@CF0@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@CF0@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@DDC@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@DDC@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@DDC@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@DE4@394180.###
c:\documents and settings\Alan\Application Data\.#\MBX@DE4@3941B0.###
c:\documents and settings\Alan\Application Data\.#\MBX@DE4@3941E0.###
c:\documents and settings\Alan\Application Data\.#\MBX@F0@394180.###
c:\documents and settings\Alan\Application Data\.#\MBX@F0@3941B0.###
c:\documents and settings\Alan\Application Data\.#\MBX@F0@3941E0.###
c:\documents and settings\Alan\Application Data\.#\MBX@F48@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@F48@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@F48@394220.###
c:\documents and settings\Alan\Application Data\.#\MBX@F78@394180.###
c:\documents and settings\Alan\Application Data\.#\MBX@F78@3941B0.###
c:\documents and settings\Alan\Application Data\.#\MBX@F78@3941E0.###
c:\documents and settings\Alan\Application Data\.#\MBX@FE8@3941C0.###
c:\documents and settings\Alan\Application Data\.#\MBX@FE8@3941F0.###
c:\documents and settings\Alan\Application Data\.#\MBX@FE8@394220.###
.
((((((((((((((((((((((((( Files Created from 2010-03-14 to 2010-04-14 )))))))))))))))))))))))))))))))
.
2010-04-13 20:01 . 2010-04-13 23:31
d
w- c:\documents and settings\Alan\Local Settings\Application Data\saolbvtie
2010-04-10 14:54 . 2010-04-13 23:55
d
w- c:\program files\PeerBlock
2010-04-08 11:32 . 2010-04-08 11:32
d
w- c:\windows\system\Iosubsys
2010-04-08 11:32 . 2006-11-03 10:01 212992 ----a-r- c:\windows\system32\drivers\RevHDD.exe
2010-04-08 11:32 . 2006-10-12 13:53 17828 ----a-r- c:\windows\system32\drivers\SPIF225.sys
2010-04-07 19:54 . 2010-04-07 19:54
d
w- c:\program files\Trend Micro
2010-04-07 17:18 . 2010-04-07 17:18
d
w- c:\documents and settings\Alan\Application Data\Malwarebytes
2010-04-07 17:18 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 17:18 . 2010-04-07 17:18
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-07 17:18 . 2010-04-07 17:18
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 17:18 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-02 16:20 . 2010-04-02 16:20
d
w- c:\documents and settings\LocalService\Local Settings\Application Data\Xobni
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 07:22 . 2010-02-15 19:15
d
w- c:\documents and settings\Alan\Application Data\PriceGong
2010-04-14 07:21 . 2009-09-03 07:37
d
w- c:\documents and settings\Alan\Application Data\Dropbox
2010-04-13 23:55 . 2009-08-30 15:31
d
w- c:\documents and settings\Alan\Application Data\Azureus
2010-04-13 22:44 . 2009-09-01 19:29
d
w- c:\documents and settings\Alan\Application Data\HPAppData
2010-04-10 20:15 . 2009-12-26 11:54
d
w- c:\documents and settings\Alan\Application Data\vlc
2010-04-08 10:44 . 2007-08-01 10:24
d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 10:13 . 2009-11-22 10:09
d
w- c:\documents and settings\Alan\Application Data\TuneUpMedia
2010-03-11 21:21 . 2007-08-01 10:19
d
w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-11 12:38 . 2007-08-01 08:21 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2007-08-01 08:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2007-08-01 08:21 17408 ----a-w- c:\windows\system32\corpol.dll
2010-02-26 08:54 . 2009-10-12 12:16 91696 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\Uninstall.exe
2010-02-26 08:53 . 2010-02-26 08:53 13264416 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\Dropbox.exe
2010-02-25 14:14 . 2009-11-22 10:09
d
w- c:\program files\TuneUpMedia
2010-02-19 22:24 . 2009-10-15 16:51
d
w- c:\documents and settings\Alan\Application Data\VSO
2010-02-19 17:52 . 2010-02-19 17:52
d
w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-02-19 17:51 . 2010-02-19 17:51
d
w- c:\documents and settings\Alan\Application Data\Office Genuine Advantage
2010-02-15 19:21 . 2010-02-15 19:21
d
w- c:\documents and settings\All Users\Application Data\Winferno
2010-02-15 19:15 . 2010-02-15 19:15
d
w- c:\program files\Xobni
2010-02-15 19:15 . 2010-02-15 19:15
d
w- c:\program files\Winferno
2010-02-15 19:15 . 2010-02-15 19:15
d
w- c:\program files\PriceGong
2010-02-12 10:03 . 2010-03-07 14:17 293376
w- c:\windows\system32\browserchoice.exe
2009-10-14 15:12 . 2009-10-14 15:12 1372952 ----a-w- c:\program files\APUserManual.pdf
2009-10-14 14:39 . 2009-10-14 14:39 8412 ----a-w- c:\program files\APQuickStart.pdf
2009-10-13 12:23 . 2009-10-13 12:23 7266304 ----a-w- c:\program files\Achieve.exe
2009-10-13 12:23 . 2009-10-13 12:23 1298432 ----a-w- c:\program files\efxstd.DLL
2009-10-12 12:28 . 2009-10-12 12:28 265259 ----a-w- c:\program files\AchieveHelp.chm
2008-12-09 10:24 . 2008-12-09 10:24 87713 ----a-w- c:\program files\Default.dat
2008-10-29 09:23 . 2008-10-29 09:23 11611 ----a-w- c:\program files\APKeyboardReference.pdf
2008-10-21 14:28 . 2008-10-21 14:28 115339 ----a-r- c:\program files\Sample.ach
2007-11-28 09:49 . 2007-11-28 09:49 458752 ----a-w- c:\program files\Infragistics.Win.Misc.v7.1.dll
2007-11-28 09:49 . 2007-11-28 09:49 425984 ----a-w- c:\program files\Infragistics.Win.UltraWinEditors.v7.1.dll
2007-11-28 09:49 . 2007-11-28 09:49 253952 ----a-w- c:\program files\Infragistics.Win.UltraWinTabControl.v7.1.dll
2007-11-28 09:49 . 2007-11-28 09:49 1675264 ----a-w- c:\program files\Infragistics.Win.UltraWinChart.v7.1.dll
2007-11-28 09:49 . 2007-11-28 09:49 159744 ----a-w- c:\program files\Infragistics.Win.UltraWinPrintPreviewDialog.v7.1.dll
2007-11-28 09:49 . 2007-11-28 09:49 106496 ----a-w- c:\program files\Infragistics.Win.UltraWinDataSource.v7.1.dll
2006-08-23 14:40 . 2006-08-23 14:40 69632 ----a-w- c:\program files\SecurityManager.dll
2006-05-11 19:44 . 2006-05-11 19:44 126976 ----a-w- c:\program files\MiniComm.DLL
2006-02-15 02:32 . 2006-02-15 02:32 225280 ----a-w- c:\program files\tx12_htm.dll
2006-02-13 12:02 . 2006-02-13 12:02 663552 ----a-w- c:\program files\tx12.dll
2006-02-10 12:02 . 2006-02-10 12:02 274432 ----a-w- c:\program files\TXTextControl.dll
2006-02-09 05:00 . 2006-02-09 05:00 479232 ----a-w- c:\program files\tx12_doc.dll
2006-02-09 05:00 . 2006-02-09 05:00 360448 ----a-w- c:\program files\tx12_rtf.dll
2006-02-09 03:20 . 2006-02-09 03:20 530 ----a-w- c:\program files\tx12_ic.ini
2006-02-09 03:20 . 2006-02-09 03:20 106496 ----a-w- c:\program files\tx12_ic.dll
2006-02-02 02:01 . 2006-02-02 02:01 53248 ----a-w- c:\program files\tx12_wnd.dll
2006-02-02 02:01 . 2006-02-02 02:01 258048 ----a-w- c:\program files\tx12_css.dll
2006-02-01 02:21 . 2006-02-01 02:21 126976 ----a-w- c:\program files\tx12_tls.dll
2006-01-28 10:25 . 2006-01-28 10:25 196608 ----a-w- c:\program files\Office.dll
2006-01-28 10:23 . 2006-01-28 10:23 389120 ----a-w- c:\program files\Microsoft.Office.Interop.Outlook.dll
2005-11-11 01:32 . 2005-11-11 01:32 303104 ----a-w- c:\program files\tx12_xml.dll
2005-09-16 18:29 . 2005-09-16 18:29 90112 ----a-w- c:\program files\achbn.exe
2005-08-08 11:14 . 2005-08-08 11:14 16384 ----a-w- c:\program files\uis.exe
2005-07-26 01:13 . 2005-07-26 01:13 217088 ----a-w- c:\program files\tx12_png.flt
2005-07-26 01:12 . 2005-07-26 01:12 516096 ----a-w- c:\program files\tx12_pdf.dll
2005-07-06 11:12 . 2005-07-06 11:12 16384 ----a-w- c:\program files\stdole.dll
2005-07-04 02:45 . 2005-07-04 02:45 61440 ----a-w- c:\program files\tx12_tif.flt
2005-07-04 02:02 . 2005-07-04 02:02 49152 ----a-w- c:\program files\tx12_bmp.flt
2005-07-04 01:14 . 2005-07-04 01:14 33280 ----a-w- c:\program files\tx12_wmf.flt
2005-07-04 01:13 . 2005-07-04 01:13 172032 ----a-w- c:\program files\tx12_jpg.flt
2005-07-04 01:04 . 2005-07-04 01:04 49152 ----a-w- c:\program files\tx12_gif.flt
2005-05-31 14:27 . 2005-05-31 14:27 503808 ----a-w- c:\program files\ActiproSoftware.UIStudio.Dock.dll
2005-05-31 14:27 . 2005-05-31 14:27 176128 ----a-w- c:\program files\ActiproSoftware.Shared.dll
2005-05-31 14:27 . 2005-05-31 14:27 147456 ----a-w- c:\program files\ActiproSoftware.WinUICore.dll
2005-05-17 15:12 . 2005-05-17 15:12 36864 ----a-w- c:\program files\BICommon.dll
2005-01-12 15:24 . 2005-01-12 15:24 623 ----a-w- c:\program files\Achieve.exe.manifest
2004-09-01 15:19 . 2004-09-01 15:19 20480 ----a-w- c:\program files\EPR.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D3F3F3A-0E4B-4085-9032-7D072072319A}]
2010-01-25 12:38 99704 ----a-w- c:\program files\PriceGong\2.0.0\PriceLoadIE.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-07-28 20:49 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-07-28 20:49 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-07-28 20:49 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-08 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-01 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-01 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-01 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 651264]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2006-05-25 65536]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 53248]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-12-27 73728]
"TPSMain"="TPSMain.exe" [2005-08-11 266240]
"Zooming"="ZoomingHook.exe" [2005-06-06 24576]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"NDSTray.exe"="NDSTray.exe" [BU]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-07-28 671376]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\Alan\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Alan\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\O2\\bin\\wificfg.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=0 -
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 17:19 202280]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [12/10/2009 17:33 46824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/08/2009 19:29 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 00:44 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/01/2008 18:32 23888]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [10/04/2010 15:54 14424]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys --> c:\windows\system32\DRIVERS\TpChoice.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [30/08/2009 16:31 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [30/08/2009 16:31 234888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 23:44]
2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 23:44]
2009-06-02 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-08-01 00:12]
2009-06-02 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-08-01 00:12]
2009-06-02 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-08-01 00:12]
2010-04-14 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2010-02-15 14:48]
2010-04-14 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2010-02-15 14:34]
.
.
Supplementary Scan
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\ofv3nlgg.default\
FF - prefs.js: browser.startup.homepage - hxxp:
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\program files\PriceGong\2.0.0\FF\components\PriceLoadFF.dll
FF - plugin: c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\ofv3nlgg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Alan\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-RevHDD - c:\windows\SYSTEM\RevHDD.exe
SafeBoot-Symantec Antvirus
AddRemove-The Action Machine_is1 - c:\program files\The Action Machine\unins000.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2010-04-14 08:38:17
ComboFix-quarantined-files.txt 2010-04-14 07:38
Pre-Run: 106,677,862,400 bytes free
Post-Run: 106,958,471,168 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 6EC01DA6657B28D4CC50FC3E5AA592610 -
Your computers a total mess
You run this combofix log at your own risk, but you need to do SOMETHING. I really recommend formatting and starting afresh though
If you wish to proceed ~
Open notepad and copy/paste the text in RED below
File::
c:\program files\tx12_htm.dll
c:\program files\tx12.dll
c:\program files\tx12_doc.dll
c:\program files\tx12_rtf.dll
c:\program files\tx12_ic.ini
c:\program files\tx12_ic.dll
c:\program files\tx12_wnd.dll
c:\program files\tx12_css.dll
c:\program files\tx12_tls.dll
c:\program files\tx12_xml.dll
c:\windows\system32\drivers\RevHDD.exe
c:\windows\system32\drivers\SPIF225.sys
c:\program files\efxstd.DLL
c:\program files\MiniComm.DLL
c:\program files\Office.dll
c:\program files\SecurityManager.dll
c:\program files\Microsoft.Office.Interop.Outlook.dll
c:\program files\achbn.exe
c:\program files\uis.exe
c:\program files\tx12_png.flt
c:\program files\tx12_pdf.dll
c:\program files\stdole.dll
c:\program files\tx12_tif.flt
c:\program files\tx12_bmp.flt
c:\program files\tx12_wmf.flt
c:\program files\tx12_jpg.flt
c:\program files\tx12_gif.flt
c:\program files\BICommon.dll
c:\program files\Achieve.exe.manifest
c:\program files\EPR.dll
c:\program files\Achieve.exe
c:\program files\AchieveHelp.chm
c:\program files\Default.dat
c:\program files\APKeyboardReference.pdf
c:\program files\Sample.ach
c:\program files\Infragistics.Win.Misc.v7.1.dll
c:\program files\Infragistics.Win.UltraWinEditors.v7.1.dll
c:\program files\Infragistics.Win.UltraWinTabControl.v7.1.dll
c:\program files\Infragistics.Win.UltraWinChart.v7.1.dll
c:\program files\Infragistics.Win.UltraWinPrintPreviewDialog. v7.1.dll
c:\program files\Infragistics.Win.UltraWinDataSource.v7.1.dll
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\windows\system32\OOBE\oobebaln.exe
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
:idea:0 -
Uninstall REGISTRY POWER CLEANER too:idea:0
-
Thanks AlienRIK. I thought I had it all sorted yesterday then when I booted up this morning my dropbox, carbonite and firefox had disappeared again!
I'm happy to basically reformat and start from scratch again, but is it possible to do this without the original disks? Just want the quickest route to get back to a working PC again! Would reinstalling a completely new HD be an idea?
When you say I'm in a mess, is my current data at risk of being stolen?
Running the combofix again now. Watch this space!0
This discussion has been closed.
Categories
- All Categories
- 343.2K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.2K Work, Benefits & Business
- 608K Mortgages, Homes & Bills
- 173K Life & Family
- 247.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards