Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    • Pythagorous
    • By Pythagorous 7th Apr 10, 5:03 PM
    • 698Posts
    • 90Thanks
    Pythagorous
    Worms and viruses - Help!
    • #1
    • 7th Apr 10, 5:03 PM
    Worms and viruses - Help! 7th Apr 10 at 5:03 PM
    Firstly please excuse my ignorance when it comes to this sort of thing.

    I have an XP security tool 2010 icon which today keeps popping up telling me that there is a privacy threat due to spyware intrusion and that my pc has a stealth intrusion, tracking software found, rogue malware, viruses etc.

    When I run it it comes back saying there are 29 infections. However I only have the unregistered version so I can't use this to get rid of them.

    The only anti virus I have is Symantic endpoint protection and having just run a scan it shows no threats!

    Should I be worried!?
Page 1
    • dogmaryxx
    • By dogmaryxx 7th Apr 10, 5:14 PM
    • 2,209 Posts
    • 2,601 Thanks
    dogmaryxx
    • #2
    • 7th Apr 10, 5:14 PM
    • #2
    • 7th Apr 10, 5:14 PM
    Download MALWAREBYTES (Make sure you click 'DOWNLOAD LATEST VERSION')
    http://www.filehippo.com/download_ma..._anti_malware/
    Open malwarebytes and go to UPDATE and click 'check for updates'. After its updated go to SCANNER and click PERFORM FULL SCAN then click SCAN
    Post the COMPLETE log here AFTER youve deleted everything it finds


    reboot

    Download HIJACK THIS (Make sure you click 'DOWNLOAD THIS VERSION')
    http://www.filehippo.com/download_hijackthis/2894/
    Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
    (do NOT do anything else with Hijack but scan and post the FULL log)
    • Pythagorous
    • By Pythagorous 7th Apr 10, 5:15 PM
    • 698 Posts
    • 90 Thanks
    Pythagorous
    • #3
    • 7th Apr 10, 5:15 PM
    • #3
    • 7th Apr 10, 5:15 PM
    Thanks will do now.
    • Pythagorous
    • By Pythagorous 7th Apr 10, 5:25 PM
    • 698 Posts
    • 90 Thanks
    Pythagorous
    • #4
    • 7th Apr 10, 5:25 PM
    • #4
    • 7th Apr 10, 5:25 PM
    Currently running malwarebytes and already showing 9 infected objects!!

    The XP security pop ups are now relentless - shooks.
  • RussJK
    • #5
    • 7th Apr 10, 5:56 PM
    • #5
    • 7th Apr 10, 5:56 PM
    'XP Security' may well be a rogue app, and you need to remove that as well:
    http://www.2-spyware.com/remove-xp-security.html

    Glad you haven't payed for it.
    After you finish the Malware Bytes scan, try the Microsoft post-infection scan as well:
    http://onecare.live.com/site/en-gb/default.htm
    • Browntoa
    • By Browntoa 7th Apr 10, 7:11 PM
    • 35,628 Posts
    • 41,772 Thanks
    Browntoa
    • #6
    • 7th Apr 10, 7:11 PM
    • #6
    • 7th Apr 10, 7:11 PM
    malwarebytes should remove it , if not we have another stronger tool that should do it
    I'm the Board Guide of the Referrers ,Telephones, Pensions , Shop Don't drop ,over 50's , Boost your income and Discount Code boards which means I volunteer to help get your forum questions answered and keep the forum runnning smoothly .However, please remember, board guides don't read every post. If you spot an inappropriate or illegal post please report it to forumteam@moneysavingexpert.com Any views are mine and not the official line of MoneySavingExpert.
    • Pythagorous
    • By Pythagorous 7th Apr 10, 7:17 PM
    • 698 Posts
    • 90 Thanks
    Pythagorous
    • #7
    • 7th Apr 10, 7:17 PM
    • #7
    • 7th Apr 10, 7:17 PM
    Thanks guys. Appreciate all the help. Malware still running (1hr 56 mins!!), but hopefuly will have some info soon.
    • Pythagorous
    • By Pythagorous 7th Apr 10, 7:37 PM
    • 698 Posts
    • 90 Thanks
    Pythagorous
    • #8
    • 7th Apr 10, 7:37 PM
    • #8
    • 7th Apr 10, 7:37 PM
    Well guys after 2hrs and 10 mins of waiting here it is...

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3966

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    07/04/2010 20:33:08
    mbam-log-2010-04-07 (20-33-08).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 211614
    Time elapsed: 2 hour(s), 10 minute(s), 24 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 5
    Files Infected: 8

    Memory Processes Infected:
    C:\Documents and Settings\Alan\Local Settings\Application Data\vma.exe (Rogue.MultipleAV) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Documents and Settings\Alan\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alan\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alan\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alan\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alan\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.

    Files Infected:
    C:\System Volume Information\_restore{4488DE73-09D1-43E5-A8F7-F1EDDB4EB85D}\RP171\A0041736.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4488DE73-09D1-43E5-A8F7-F1EDDB4EB85D}\RP171\A0041737.exe (Adware.ShoppingReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alan\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alan\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alan\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alan\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alan\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alan\Local Settings\Application Data\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
    • Pythagorous
    • By Pythagorous 7th Apr 10, 8:02 PM
    • 698 Posts
    • 90 Thanks
    Pythagorous
    • #9
    • 7th Apr 10, 8:02 PM
    • #9
    • 7th Apr 10, 8:02 PM
    & the hippo file

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:54:52, on 07/04/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17023)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\O2\bin\sprtsvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Xobni\XobniService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\Program Files\O2\bin\sprtcmd.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents and Settings\Alan\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.XXXXXcom/Remote/tsweb.aspx?Server=XXX&Port=4125&iFS=1&XXX&redirect Printers=1&redirectAudio=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: PriceGong - {4D3F3F3A-0E4B-4085-9032-7D072072319A} - C:\Program Files\PriceGong\2.0.0\PriceLoadIE.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\s wg.dll
    O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Dropbox.lnk = C:\Documents and Settings\Alan\Application Data\Dropbox\bin\Dropbox.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Dropbox.lnk = C:\Documents and Settings\Alan\Application Data\Dropbox\bin\Dropbox.exe (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Alan\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251197639953
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251212321406
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = XXXXX
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = XXXXX
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = XXXXX
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
    O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

    --
    End of file - 16922 bytes
    • dogmaryxx
    • By dogmaryxx 7th Apr 10, 9:29 PM
    • 2,209 Posts
    • 2,601 Thanks
    dogmaryxx
    These need to be fixed in Hijack This (I think) but wait for Browntoa/aliEnRIK to confirm as they are the experts

    C:\Program Files\AskBarDis\bar\bin\AskService.exe

    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.XXXXXcom/Remote/tsweb.a...edirectAudio=2

    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe

    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    • Pythagorous
    • By Pythagorous 8th Apr 10, 7:48 AM
    • 698 Posts
    • 90 Thanks
    Pythagorous
    Thanks Dogmary. Hopefully someone will be along to confirm soon
    • aliEnRIK
    • By aliEnRIK 8th Apr 10, 11:20 AM
    • 17,559 Posts
    • 8,209 Thanks
    aliEnRIK
    Uninstall the ASK TOOLBAR (also known as ASK BAR DIS)
    and the PDFFORGE TOOLBAR (if possible)

    TICK and FIX these (Some shouldnt be there so long as the aboves uninstalled so dont worry if theyre not) ~
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.XXXXXcom/Remote/tsweb.a...edirectAudio=2
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = XXXXX ***ALL OF THEM***
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

    reboot

    Hows it running now?
    • Pythagorous
    • By Pythagorous 13th Apr 10, 7:58 PM
    • 698 Posts
    • 90 Thanks
    Pythagorous
    Thanks Alienrik. Have only just seen your reply. I seem to have issues with disappearing programs etc as per my other thread here :-(

    http://forums.moneysavingexpert.com/showthread.html?p=31831203&posted=1#post31831203
    • Pythagorous
    • By Pythagorous 13th Apr 10, 8:24 PM
    • 698 Posts
    • 90 Thanks
    Pythagorous
    Actually looks like I'm still screwed with viruses. Before I had a chance to go in and make the changes Alienrik suggested I've started getting windows security alerts popping up left right and centre. The Antivirus suit then scans and shows lots of critical status malwares, my malwarebytes program that was previously installed seems to have disappeared and when I go into IE I can't get past a page that says "Internet Explorer warning - visiting this website may harm your computer. The only other page I can go to is a page asking me to purchase the antivirus suite software that is showing the malware in the scan.

    Where the eck do i go from here?

    Please help!!

    PS I'm typing this from my trusty mac
    • Pythagorous
    • By Pythagorous 13th Apr 10, 8:51 PM
    • 698 Posts
    • 90 Thanks
    Pythagorous
    As an update I rebooted and although the laptop now doesn't have the virus messages popping up I can't seem to get IE to load any pages. It is showing as being connected to the internet, but I now just get a completely blank white page as it constantly tries to connect.

    Anyone please able to help?
    • aliEnRIK
    • By aliEnRIK 14th Apr 10, 5:36 AM
    • 17,559 Posts
    • 8,209 Thanks
    aliEnRIK
    Does firefox work?

    If so ~

    Please run COMBOFIX
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Shut down your anti virus
    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out

    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download

    .................................................. ...........


    Here’s how you can disable all addons/extensions and run IE 7 or even IE 8 without them:

    * Go to Start > Run
    * Type iexplore -extoff
    * Press Enter


    Run Firefox Without Extensions

    Similarly, if you’re having any problems with Firefox, you could disable addons and run it in safe mode. Here’s how:

    * Go to the Run dialog by going to Start > Run
    * Type firefox -safe-mode
    * A window will popup asking things that you want to disable or reset (eg: reset/disable bookmarks/toolbars, etc.)
    * Give the right choices, and press ‘Restart’ for the changes to take effect
    • Pythagorous
    • By Pythagorous 14th Apr 10, 8:04 AM
    • 698 Posts
    • 90 Thanks
    Pythagorous
    Hi AlienRik,

    Here is the combo report. I somehow managed to get firefox and IE to work again.

    ComboFix 10-04-13.02 - Alan 14/04/2010 8:31.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1289 [GMT 1:00]
    Running from: c:\documents and settings\Alan\My Documents\Downloads\ComboFix.exe
    AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Alan\Application Data\.#\MBX@113C@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@113C@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@113C@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@11D8@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@11D8@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@11D8@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@1210@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@1210@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@1210@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@1270@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@1270@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@1270@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@12D0@394180.###
    c:\documents and settings\Alan\Application Data\.#\MBX@12D0@3941B0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@12D0@3941E0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@13A0@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@13A0@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@13A0@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@1538@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@1538@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@1538@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@157C@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@157C@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@157C@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@15D8@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@15D8@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@15D8@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@1770@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@1770@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@1770@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@554@394180.###
    c:\documents and settings\Alan\Application Data\.#\MBX@554@3941B0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@554@3941E0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@860@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@860@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@860@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@8C0@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@8C0@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@8C0@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@9AC@394180.###
    c:\documents and settings\Alan\Application Data\.#\MBX@9AC@3941B0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@9AC@3941E0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@9F0@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@9F0@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@9F0@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@BDC@394180.###
    c:\documents and settings\Alan\Application Data\.#\MBX@BDC@3941B0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@BDC@3941E0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@C90@394180.###
    c:\documents and settings\Alan\Application Data\.#\MBX@C90@3941B0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@C90@3941E0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@CF0@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@CF0@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@CF0@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@DDC@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@DDC@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@DDC@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@DE4@394180.###
    c:\documents and settings\Alan\Application Data\.#\MBX@DE4@3941B0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@DE4@3941E0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@F0@394180.###
    c:\documents and settings\Alan\Application Data\.#\MBX@F0@3941B0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@F0@3941E0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@F48@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@F48@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@F48@394220.###
    c:\documents and settings\Alan\Application Data\.#\MBX@F78@394180.###
    c:\documents and settings\Alan\Application Data\.#\MBX@F78@3941B0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@F78@3941E0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@FE8@3941C0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@FE8@3941F0.###
    c:\documents and settings\Alan\Application Data\.#\MBX@FE8@394220.###


    .
    ((((((((((((((((((((((((( Files Created from 2010-03-14 to 2010-04-14 )))))))))))))))))))))))))))))))
    .

    2010-04-13 20:01 . 2010-04-13 23:31 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\saolbvtie
    2010-04-10 14:54 . 2010-04-13 23:55 -------- d-----w- c:\program files\PeerBlock
    2010-04-08 11:32 . 2010-04-08 11:32 -------- d-----w- c:\windows\system\Iosubsys
    2010-04-08 11:32 . 2006-11-03 10:01 212992 ----a-r- c:\windows\system32\drivers\RevHDD.exe
    2010-04-08 11:32 . 2006-10-12 13:53 17828 ----a-r- c:\windows\system32\drivers\SPIF225.sys
    2010-04-07 19:54 . 2010-04-07 19:54 -------- d-----w- c:\program files\Trend Micro
    2010-04-07 17:18 . 2010-04-07 17:18 -------- d-----w- c:\documents and settings\Alan\Application Data\Malwarebytes
    2010-04-07 17:18 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-07 17:18 . 2010-04-07 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-07 17:18 . 2010-04-07 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-07 17:18 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-02 16:20 . 2010-04-02 16:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Xobni

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2010-04-14 07:22 . 2010-02-15 19:15 -------- d-----w- c:\documents and settings\Alan\Application Data\PriceGong
    2010-04-14 07:21 . 2009-09-03 07:37 -------- d-----w- c:\documents and settings\Alan\Application Data\Dropbox
    2010-04-13 23:55 . 2009-08-30 15:31 -------- d-----w- c:\documents and settings\Alan\Application Data\Azureus
    2010-04-13 22:44 . 2009-09-01 19:29 -------- d-----w- c:\documents and settings\Alan\Application Data\HPAppData
    2010-04-10 20:15 . 2009-12-26 11:54 -------- d-----w- c:\documents and settings\Alan\Application Data\vlc
    2010-04-08 10:44 . 2007-08-01 10:24 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-04-05 10:13 . 2009-11-22 10:09 -------- d-----w- c:\documents and settings\Alan\Application Data\TuneUpMedia
    2010-03-11 21:21 . 2007-08-01 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-03-11 12:38 . 2007-08-01 08:21 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-03-11 12:38 . 2007-08-01 08:21 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-03-11 12:38 . 2007-08-01 08:21 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-02-26 08:54 . 2009-10-12 12:16 91696 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\Uninstall.exe
    2010-02-26 08:53 . 2010-02-26 08:53 13264416 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
    2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\Dropbox.exe
    2010-02-25 14:14 . 2009-11-22 10:09 -------- d-----w- c:\program files\TuneUpMedia
    2010-02-19 22:24 . 2009-10-15 16:51 -------- d-----w- c:\documents and settings\Alan\Application Data\VSO
    2010-02-19 17:52 . 2010-02-19 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2010-02-19 17:51 . 2010-02-19 17:51 -------- d-----w- c:\documents and settings\Alan\Application Data\Office Genuine Advantage
    2010-02-15 19:21 . 2010-02-15 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Winferno
    2010-02-15 19:15 . 2010-02-15 19:15 -------- d-----w- c:\program files\Xobni
    2010-02-15 19:15 . 2010-02-15 19:15 -------- d-----w- c:\program files\Winferno
    2010-02-15 19:15 . 2010-02-15 19:15 -------- d-----w- c:\program files\PriceGong
    2010-02-12 10:03 . 2010-03-07 14:17 293376 ------w- c:\windows\system32\browserchoice.exe
    2009-10-14 15:12 . 2009-10-14 15:12 1372952 ----a-w- c:\program files\APUserManual.pdf
    2009-10-14 14:39 . 2009-10-14 14:39 8412 ----a-w- c:\program files\APQuickStart.pdf
    2009-10-13 12:23 . 2009-10-13 12:23 7266304 ----a-w- c:\program files\Achieve.exe
    2009-10-13 12:23 . 2009-10-13 12:23 1298432 ----a-w- c:\program files\efxstd.DLL
    2009-10-12 12:28 . 2009-10-12 12:28 265259 ----a-w- c:\program files\AchieveHelp.chm
    2008-12-09 10:24 . 2008-12-09 10:24 87713 ----a-w- c:\program files\Default.dat
    2008-10-29 09:23 . 2008-10-29 09:23 11611 ----a-w- c:\program files\APKeyboardReference.pdf
    2008-10-21 14:28 . 2008-10-21 14:28 115339 ----a-r- c:\program files\Sample.ach
    2007-11-28 09:49 . 2007-11-28 09:49 458752 ----a-w- c:\program files\Infragistics.Win.Misc.v7.1.dll
    2007-11-28 09:49 . 2007-11-28 09:49 425984 ----a-w- c:\program files\Infragistics.Win.UltraWinEditors.v7.1.dll
    2007-11-28 09:49 . 2007-11-28 09:49 253952 ----a-w- c:\program files\Infragistics.Win.UltraWinTabControl.v7.1.dll
    2007-11-28 09:49 . 2007-11-28 09:49 1675264 ----a-w- c:\program files\Infragistics.Win.UltraWinChart.v7.1.dll
    2007-11-28 09:49 . 2007-11-28 09:49 159744 ----a-w- c:\program files\Infragistics.Win.UltraWinPrintPreviewDialog. v7.1.dll
    2007-11-28 09:49 . 2007-11-28 09:49 106496 ----a-w- c:\program files\Infragistics.Win.UltraWinDataSource.v7.1.dll
    2006-08-23 14:40 . 2006-08-23 14:40 69632 ----a-w- c:\program files\SecurityManager.dll
    2006-05-11 19:44 . 2006-05-11 19:44 126976 ----a-w- c:\program files\MiniComm.DLL
    2006-02-15 02:32 . 2006-02-15 02:32 225280 ----a-w- c:\program files\tx12_htm.dll
    2006-02-13 12:02 . 2006-02-13 12:02 663552 ----a-w- c:\program files\tx12.dll
    2006-02-10 12:02 . 2006-02-10 12:02 274432 ----a-w- c:\program files\TXTextControl.dll
    2006-02-09 05:00 . 2006-02-09 05:00 479232 ----a-w- c:\program files\tx12_doc.dll
    2006-02-09 05:00 . 2006-02-09 05:00 360448 ----a-w- c:\program files\tx12_rtf.dll
    2006-02-09 03:20 . 2006-02-09 03:20 530 ----a-w- c:\program files\tx12_ic.ini
    2006-02-09 03:20 . 2006-02-09 03:20 106496 ----a-w- c:\program files\tx12_ic.dll
    2006-02-02 02:01 . 2006-02-02 02:01 53248 ----a-w- c:\program files\tx12_wnd.dll
    2006-02-02 02:01 . 2006-02-02 02:01 258048 ----a-w- c:\program files\tx12_css.dll
    2006-02-01 02:21 . 2006-02-01 02:21 126976 ----a-w- c:\program files\tx12_tls.dll
    2006-01-28 10:25 . 2006-01-28 10:25 196608 ----a-w- c:\program files\Office.dll
    2006-01-28 10:23 . 2006-01-28 10:23 389120 ----a-w- c:\program files\Microsoft.Office.Interop.Outlook.dll
    2005-11-11 01:32 . 2005-11-11 01:32 303104 ----a-w- c:\program files\tx12_xml.dll
    2005-09-16 18:29 . 2005-09-16 18:29 90112 ----a-w- c:\program files\achbn.exe
    2005-08-08 11:14 . 2005-08-08 11:14 16384 ----a-w- c:\program files\uis.exe
    2005-07-26 01:13 . 2005-07-26 01:13 217088 ----a-w- c:\program files\tx12_png.flt
    2005-07-26 01:12 . 2005-07-26 01:12 516096 ----a-w- c:\program files\tx12_pdf.dll
    2005-07-06 11:12 . 2005-07-06 11:12 16384 ----a-w- c:\program files\stdole.dll
    2005-07-04 02:45 . 2005-07-04 02:45 61440 ----a-w- c:\program files\tx12_tif.flt
    2005-07-04 02:02 . 2005-07-04 02:02 49152 ----a-w- c:\program files\tx12_bmp.flt
    2005-07-04 01:14 . 2005-07-04 01:14 33280 ----a-w- c:\program files\tx12_wmf.flt
    2005-07-04 01:13 . 2005-07-04 01:13 172032 ----a-w- c:\program files\tx12_jpg.flt
    2005-07-04 01:04 . 2005-07-04 01:04 49152 ----a-w- c:\program files\tx12_gif.flt
    2005-05-31 14:27 . 2005-05-31 14:27 503808 ----a-w- c:\program files\ActiproSoftware.UIStudio.Dock.dll
    2005-05-31 14:27 . 2005-05-31 14:27 176128 ----a-w- c:\program files\ActiproSoftware.Shared.dll
    2005-05-31 14:27 . 2005-05-31 14:27 147456 ----a-w- c:\program files\ActiproSoftware.WinUICore.dll
    2005-05-17 15:12 . 2005-05-17 15:12 36864 ----a-w- c:\program files\BICommon.dll
    2005-01-12 15:24 . 2005-01-12 15:24 623 ----a-w- c:\program files\Achieve.exe.manifest
    2004-09-01 15:19 . 2004-09-01 15:19 20480 ----a-w- c:\program files\EPR.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D3F3F3A-0E4B-4085-9032-7D072072319A}]
    2010-01-25 12:38 99704 ----a-w- c:\program files\PriceGong\2.0.0\PriceLoadIE.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2009-07-28 20:49 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2009-07-28 20:49 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2009-07-28 20:49 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alan\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2010-01-08 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "CFSServ.exe"="CFSServ.exe -NoClient" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-01 142104]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-01 162584]
    "Persistence"="c:\windows\system32\igfxpers.ex e" [2007-06-01 138008]
    "RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
    "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 651264]
    "HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
    "SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2006-05-25 65536]
    "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 53248]
    "TFncKy"="TFncKy.exe" [BU]
    "TDispVol"="TDispVol.exe" [2005-12-27 73728]
    "TPSMain"="TPSMain.exe" [2005-08-11 266240]
    "Zooming"="ZoomingHook.exe" [2005-06-06 24576]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
    "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-07-28 671376]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2008-11-04 435096]

    c:\documents and settings\Alan\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Alan\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
    "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
    "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\O2\\bin\\wificfg.exe"=
    "c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
    "c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
    "c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
    Last edited by Pythagorous; 14-04-2010 at 8:07 AM.
    • Pythagorous
    • By Pythagorous 14th Apr 10, 8:05 AM
    • 698 Posts
    • 90 Thanks
    Pythagorous
    R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 17:19 202280]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856]
    R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016]
    R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [12/10/2009 17:33 46824]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/08/2009 19:29 102448]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 00:44 135664]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mo n.sys [12/01/2008 18:32 23888]
    S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [10/04/2010 15:54 14424]
    S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys --> c:\windows\system32\DRIVERS\TpChoice.sys [?]
    S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928]
    S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [30/08/2009 16:31 464264]
    S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [30/08/2009 16:31 234888]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 23:44]

    2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 23:44]

    2009-06-02 c:\windows\Tasks\Registration reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2007-08-01 00:12]

    2009-06-02 c:\windows\Tasks\Registration reminder 2.job
    - c:\windows\system32\OOBE\oobebaln.exe [2007-08-01 00:12]

    2009-06-02 c:\windows\Tasks\Registration reminder 3.job
    - c:\windows\system32\OOBE\oobebaln.exe [2007-08-01 00:12]

    2010-04-14 c:\windows\Tasks\RegPowerClean.job
    - c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean. exe [2010-02-15 14:48]

    2010-04-14 c:\windows\Tasks\RPCReminder.job
    - c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.ex e [2010-02-15 14:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\ofv3nlgg.default\
    FF - prefs.js: browser.startup.homepage - hxxp:
    FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
    FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
    FF - component: c:\program files\PriceGong\2.0.0\FF\components\PriceLoadFF.dl l
    FF - plugin: c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\ofv3nlgg.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\Alan\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserpl us_2.6.0.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.d ll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-RevHDD - c:\windows\SYSTEM\RevHDD.exe
    SafeBoot-Symantec Antvirus
    AddRemove-The Action Machine_is1 - c:\program files\The Action Machine\unins000.exe



    ************************************************** ************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    ************************************************** ************************
    .
    Completion time: 2010-04-14 08:38:17
    ComboFix-quarantined-files.txt 2010-04-14 07:38

    Pre-Run: 106,677,862,400 bytes free
    Post-Run: 106,958,471,168 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 6EC01DA6657B28D4CC50FC3E5AA59261
    • aliEnRIK
    • By aliEnRIK 14th Apr 10, 10:03 AM
    • 17,559 Posts
    • 8,209 Thanks
    aliEnRIK
    Your computers a total mess

    You run this combofix log at your own risk, but you need to do SOMETHING. I really recommend formatting and starting afresh though

    If you wish to proceed ~

    Open notepad and copy/paste the text in RED below

    File::
    c:\program files\tx12_htm.dll
    c:\program files\tx12.dll
    c:\program files\tx12_doc.dll
    c:\program files\tx12_rtf.dll
    c:\program files\tx12_ic.ini
    c:\program files\tx12_ic.dll
    c:\program files\tx12_wnd.dll
    c:\program files\tx12_css.dll
    c:\program files\tx12_tls.dll
    c:\program files\tx12_xml.dll
    c:\windows\system32\drivers\RevHDD.exe
    c:\windows\system32\drivers\SPIF225.sys
    c:\program files\efxstd.DLL
    c:\program files\MiniComm.DLL
    c:\program files\Office.dll
    c:\program files\SecurityManager.dll
    c:\program files\Microsoft.Office.Interop.Outlook.dll
    c:\program files\achbn.exe
    c:\program files\uis.exe
    c:\program files\tx12_png.flt
    c:\program files\tx12_pdf.dll
    c:\program files\stdole.dll
    c:\program files\tx12_tif.flt
    c:\program files\tx12_bmp.flt
    c:\program files\tx12_wmf.flt
    c:\program files\tx12_jpg.flt
    c:\program files\tx12_gif.flt
    c:\program files\BICommon.dll
    c:\program files\Achieve.exe.manifest
    c:\program files\EPR.dll
    c:\program files\Achieve.exe
    c:\program files\AchieveHelp.chm
    c:\program files\Default.dat
    c:\program files\APKeyboardReference.pdf
    c:\program files\Sample.ach
    c:\program files\Infragistics.Win.Misc.v7.1.dll
    c:\program files\Infragistics.Win.UltraWinEditors.v7.1.dll
    c:\program files\Infragistics.Win.UltraWinTabControl.v7.1.dll
    c:\program files\Infragistics.Win.UltraWinChart.v7.1.dll
    c:\program files\Infragistics.Win.UltraWinPrintPreviewDialog. v7.1.dll
    c:\program files\Infragistics.Win.UltraWinDataSource.v7.1.dll
    c:\program files\AskBarDis\bar\bin\askBar.dll
    c:\program files\AskBarDis\bar\bin\AskService.exe
    c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
    c:\windows\system32\OOBE\oobebaln.exe



    Save this as "CFScript"

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.



    • aliEnRIK
    • By aliEnRIK 14th Apr 10, 10:03 AM
    • 17,559 Posts
    • 8,209 Thanks
    aliEnRIK
    Uninstall REGISTRY POWER CLEANER too
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

133Posts Today

1,092Users online

Martin's Twitter