We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Problem getting lappy to switch on?
Comments
-
I had to walk dog, came back and had to spend 15 mins getting it on again, it started going in a loop as it went though boot up, this sounds silly but we have 6 computers running on our home network, im presuming im gonna have to check all those? xx
Which thing do i do first, the disk clean up or the combfix?
many thanks for all ur help xxx#JusticeForGrenfell0 -
when i click on combfix, i get started on download but it comes up with error saying i cant reanme the file combofix? i didnt change anything, thats what automatically came up after clicking run xxx#JusticeForGrenfell0
-
Not sure what you ment by "reanme"
Keep pressing F8 at bootup until the safe mode selection screen pops up then select SAFE MODE and try running it then
If that doesnt work reboot and select SAFE MODE WITH NETWORKING and download it again and run from safe mode:idea:0 -
sorry, i have no lenses in, i meant rename, after i click on your link for comblink and click run, it stalls and states i cant change the name to combofix, i didnt press anything but run? xxx#JusticeForGrenfell0
-
..and welcome to the Big Guns :T
morning RIK, glad you've popped in, combofix would have been the next thing, but was going to ask either you or R_S to help out with that one, as you guys know it and I don't (yet
)
toniq - trust in the alien...I may have got you this far, but he's one of the guys who can finish you off
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
ComboFix 09-03-06.02 - stick 2009-03-08 9:45:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1159 [GMT 0:00]
Running from: c:\users\stick\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 23:02
d
w c:\programdata\SUPERAntiSpyware.com
2009-03-07 23:01
d
w c:\users\stick\AppData\Roaming\SUPERAntiSpyware.com
2009-03-07 23:01
d
w c:\program files\SUPERAntiSpyware
2009-03-07 23:01
d
w c:\program files\Common Files\Wise Installation Wizard
2009-03-07 21:14
d
w c:\users\stick\AppData\Roaming\Malwarebytes
2009-03-07 21:14
d
w c:\programdata\Malwarebytes
2009-03-07 21:14
d
w c:\program files\Malwarebytes' Anti-Malware
2009-03-07 20:42
d
w c:\program files\Trend Micro
2009-02-20 21:36 266,240 ----a-w c:\windows\System32\CSHelper.exe
2009-02-20 21:36 225,280 ----a-w c:\windows\System32\CSInstru.DLL
2009-02-12 06:39
d
w c:\program files\Windows Mail
2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 22:26
d
w c:\program files\Photosynth
2009-02-08 21:30
d
w c:\program files\SIM
2009-01-20 21:58
d
w c:\programdata\hps
2009-01-20 21:56
d
w c:\program files\CeWe Color
2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-10 18:51 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-01-10 18:51
d
w c:\program files\Java
2008-12-11 14:41 174 --sha-w c:\program files\desktop.ini
2008-12-20 11:13 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 11:13 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 11:13 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 11:13 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 11:13 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-03-08 10:12 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-08 10:12 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-08 10:12 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-22 07:58 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-22 07:58 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-22 07:58 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-08 1232896]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 511248]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-08 160592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-29 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-27 153136]
"recinfo256"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-13 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-08 160592]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A6DB402E-33E8-4BE7-9C8B-EA865CA6FDFB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C9F11ED4-7657-4C02-A17F-6506E329F222}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"!!4323425F-6B58-4AD7-8B15-18996616DD43}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F1159610-C2D7-4A63-A373-12C5B5474C17}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E3C45DD6-9099-4439-A083-FDCF989DA2DC}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"!!8043D1E6-6894-410F-BED9-1AB921B2EDDC}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [2009-02-20 266240]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 uisp;Freescale USB JW32 driver;c:\windows\System32\drivers\USBICP.sys [2008-06-21 14592]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\System32\drivers\copperhd.sys [2008-06-22 11596]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!4496b294-5bf0-11dd-b835-00030d80d3ec}]
\shell\AutoRun\command - F:\StartPortableApps.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-07 c:\windows\Tasks\User_Feed_Synchronization-{BAF5C204-08B4-4965-AE72-C9E9971FF7AC}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Lookup on Merriam Webster - [URL]file://c:\program[/URL] files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [URL]file://c:\program[/URL] files\ieSpell\wikipedia.HTM
IE: RoboForm Toolbar - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\users\stick\AppData\Roaming\Mozilla\Firefox\Profiles\vjbfs7pu.default\
FF - prefs.js: browser.search.selectedEngine - Big Snap
FF - prefs.js: browser.startup.homepage - hxxp://try.bigsnapsearch.com/
FF - prefs.js: keyword.URL - hxxp://www.bigsnapsearch.com/results.aspx?mkt=en-GB&FORM=MIFUAK&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_19.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 09:48:18
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-03-08 9:50:25
ComboFix-quarantined-files.txt 2009-03-08 09:50:08
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 58,035,089,408 bytes free
168 --- E O F --- 2009-03-08 08:54:06
thats the log from combofix xxx#JusticeForGrenfell0 -
I've rebooted and it still took 12 attempts to start xxx#JusticeForGrenfell0
-
Is it running any better?
There is a 'vundofix' program available, but I wont be able to find it till im back home tonight:idea:0 -
It's just as bad alien xxx
I really have appreciated urs and jacks help xxx#JusticeForGrenfell0 -
Run a fresh hijack log ~
Download HIJACK THIS (Click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
reboot
SCAN and post the log so we can see whats running :idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354K Banking & Borrowing
- 254.3K Reduce Debt & Boost Income
- 455.3K Spending & Discounts
- 247.1K Work, Benefits & Business
- 603.7K Mortgages, Homes & Bills
- 178.3K Life & Family
- 261.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards