We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
Help please - can't remove Personal Antivirus and Mcafee won't update
Comments
-
Hi alienrik, I've done everything you said up to now but am stuck with the Combofix. When I click on your link I follow the instructions but don't get far. A box comes up saying 'You cannot rename ComboFix as ComboFix[1]. Please use another name ...
But there's no exe file to right click on or anything. I just press ok and then the box disappears and nothing happens.
(Angus is my dog, not me ...)
0 -
right click the combofix file > rename it to something like qwerty and press enter
the reason why you can't see the .exe extention is that you have Hide extensions for known file types ticked in folder options0 -
Hi, am sorry if I look really stupid but I've been trying for ages now and just can't find anywhere to right click to change the name. It just goes straight from the run the program to a tiny little Combofix box with green dashes in it to the error message about can't rename as combofix 1.
I've right clicked on everything I can see and nothing happens except it goes blank and I have to start again.
How do I take the hide extensions thing off? Would that be easier?
Thanks(Angus is my dog, not me ...)0 -
When you download it. SAVE AS QWERTY:idea:0
-
Sorry managed it at last - really was having a blonde moment I think!
ComboFix 09-05-02.4 - Rebecca Jackson 02/05/2009 13:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.129 [GMT -12:00]
Running from: c:\documents and settings\Rebecca Jackson\Desktop\QWERTY.exe
AV: avast! antivirus 4.8.1335 [VPS 090501-0] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))))
.
2009-05-02 22:33 . 2009-05-02 22:33
d
w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-02 22:33 . 2009-05-02 22:33
d
w c:\program files\SUPERAntiSpyware
2009-05-02 22:33 . 2009-05-02 22:33
d
w c:\documents and settings\Rebecca Jackson\Application Data\SUPERAntiSpyware.com
2009-05-02 11:23 . 2009-05-02 11:23
d
w c:\documents and settings\Rebecca Jackson\Application Data\Red Kawa
2009-05-02 11:14 . 2009-05-02 11:14
d
w c:\program files\Regensoft
2009-05-02 11:14 . 2009-05-02 11:14
d
w c:\program files\AviSynth 2.5
2009-05-02 11:14 . 2009-05-02 11:14
d
w c:\program files\Red Kawa
2009-05-02 05:10 . 2009-05-02 05:10
d
w c:\program files\Trend Micro
2009-05-01 06:36 . 2009-05-01 06:36
d
w c:\program files\Alwil Software
2009-05-01 02:54 . 2009-05-01 02:54
d
w c:\documents and settings\Rebecca Jackson\Application Data\Malwarebytes
2009-05-01 02:54 . 2009-04-07 03:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 02:54 . 2009-04-07 03:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 02:53 . 2009-05-01 02:53
d
w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 02:53 . 2009-05-01 02:54
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 22:23 . 2009-04-30 22:23
d
w c:\windows\McAfee.com
2009-04-30 10:14 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-30 05:03 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-30 03:59 . 2009-04-30 03:59
d
w c:\program files\Common Files\Uninstall
2009-04-30 03:58 . 2009-05-01 05:13
d
w c:\program files\PAV
2009-04-28 23:24 . 2009-04-28 23:24
d
w c:\program files\log vc aim
2009-04-16 01:05 . 2008-05-03 11:55 2560
w c:\windows\system32\xpsp4res.dll
2009-04-16 01:05 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-07 05:52 . 2009-04-16 10:52
d
w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-07 05:48 . 2009-05-02 03:17
d
w c:\program files\Circl Developement
2009-04-07 05:48 . 2009-04-07 05:48
d
w c:\program files\Windows Live
2009-04-07 05:48 . 2009-04-07 05:51
d
w c:\program files\Messenger Plus! Live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 01:26 . 2006-09-06 03:59 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 00:59 . 2009-04-30 10:08 330 ---ha-w c:\windows\Tasks\MP Scheduled Scan.job
2009-05-02 22:32 . 2008-07-08 23:33
d
w c:\program files\Common Files\Wise Installation Wizard
2009-05-02 22:00 . 2008-10-05 11:37 350 ----a-w c:\windows\Tasks\At83.job
2009-05-02 22:00 . 2008-10-05 11:22 350 ----a-w c:\windows\Tasks\At59.job
2009-05-02 22:00 . 2008-11-22 04:21 350 ----a-w c:\windows\Tasks\At107.job
2009-05-02 04:08 . 2006-09-07 02:01
d
w c:\program files\MSN Messenger
2009-04-30 06:06 . 2006-09-06 23:09
d--h--w c:\program files\InstallShield Installation Information
2009-04-30 04:47 . 2006-09-06 03:55 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-28 23:19 . 2008-02-24 06:32 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-18 13:00 . 2008-10-05 11:37 350 ----a-w c:\windows\Tasks\At74.job
2009-04-18 13:00 . 2008-10-05 11:21 350 ----a-w c:\windows\Tasks\At50.job
2009-04-18 13:00 . 2008-11-22 04:21 350 ----a-w c:\windows\Tasks\At98.job
2009-04-18 12:47 . 2008-10-05 11:21 350 ----a-w c:\windows\Tasks\At49.job
2009-04-18 12:30 . 2008-11-22 04:21 350 ----a-w c:\windows\Tasks\At97.job
2009-03-13 07:26 . 2009-03-13 07:26
d
w c:\program files\Microsoft Silverlight
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 00:06 . 2009-03-06 00:06
d
w c:\program files\Safari
2009-03-06 00:01 . 2007-08-20 15:57
d
w c:\program files\iTunes
2009-03-06 00:00 . 2009-03-06 00:00
d
w c:\program files\iPod
2009-03-05 23:50 . 2009-03-05 23:49
d
w c:\program files\QuickTime
2009-03-05 23:48 . 2007-08-20 15:55
d
w c:\program files\Common Files\Apple
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 07:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-04 12:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-05 07:22 . 2006-12-25 19:50 27640 ----a-w c:\documents and settings\Rebecca Jackson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-05 07:11 . 2006-09-06 03:42 67 --sha-w c:\windows\Fonts\desktop.ini
2009-02-05 07:08 . 2006-09-06 03:54 23444 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-05 06:24 . 2009-02-05 06:25 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2006-09-07 02:05 . 2006-09-07 02:05 8 --sha-r c:\windows\system32\F084E71B5F.sys
2006-12-22 09:44 . 2006-09-07 02:05 5538 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 77892]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"HostManager"="c:\program files\Common Files\AOL\1184763857\ee\AOLSoftware.exe" [2006-11-17 50736]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-07 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-20 5674352]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-31 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-31 51984]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-23 00:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1184763857\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=(Angus is my dog, not me ...)0 -
ComboFix 09-05-02.4 - Rebecca Jackson 02/05/2009 13:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.129 [GMT -12:00]
Running from: c:\documents and settings\Rebecca Jackson\Desktop\QWERTY.exe
AV: avast! antivirus 4.8.1335 [VPS 090501-0] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))))
.
2009-05-02 22:33 . 2009-05-02 22:33
d
w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-02 22:33 . 2009-05-02 22:33
d
w c:\program files\SUPERAntiSpyware
2009-05-02 22:33 . 2009-05-02 22:33
d
w c:\documents and settings\Rebecca Jackson\Application Data\SUPERAntiSpyware.com
2009-05-02 11:23 . 2009-05-02 11:23
d
w c:\documents and settings\Rebecca Jackson\Application Data\Red Kawa
2009-05-02 11:14 . 2009-05-02 11:14
d
w c:\program files\Regensoft
2009-05-02 11:14 . 2009-05-02 11:14
d
w c:\program files\AviSynth 2.5
2009-05-02 11:14 . 2009-05-02 11:14
d
w c:\program files\Red Kawa
2009-05-02 05:10 . 2009-05-02 05:10
d
w c:\program files\Trend Micro
2009-05-01 06:36 . 2009-05-01 06:36
d
w c:\program files\Alwil Software
2009-05-01 02:54 . 2009-05-01 02:54
d
w c:\documents and settings\Rebecca Jackson\Application Data\Malwarebytes
2009-05-01 02:54 . 2009-04-07 03:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 02:54 . 2009-04-07 03:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 02:53 . 2009-05-01 02:53
d
w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 02:53 . 2009-05-01 02:54
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 22:23 . 2009-04-30 22:23
d
w c:\windows\McAfee.com
2009-04-30 10:14 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-30 05:03 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-30 03:59 . 2009-04-30 03:59
d
w c:\program files\Common Files\Uninstall
2009-04-30 03:58 . 2009-05-01 05:13
d
w c:\program files\PAV
2009-04-28 23:24 . 2009-04-28 23:24
d
w c:\program files\log vc aim
2009-04-16 01:05 . 2008-05-03 11:55 2560
w c:\windows\system32\xpsp4res.dll
2009-04-16 01:05 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-07 05:52 . 2009-04-16 10:52
d
w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-07 05:48 . 2009-05-02 03:17
d
w c:\program files\Circl Developement
2009-04-07 05:48 . 2009-04-07 05:48
d
w c:\program files\Windows Live
2009-04-07 05:48 . 2009-04-07 05:51
d
w c:\program files\Messenger Plus! Live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 01:26 . 2006-09-06 03:59 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 00:59 . 2009-04-30 10:08 330 ---ha-w c:\windows\Tasks\MP Scheduled Scan.job
2009-05-02 22:32 . 2008-07-08 23:33
d
w c:\program files\Common Files\Wise Installation Wizard
2009-05-02 22:00 . 2008-10-05 11:37 350 ----a-w c:\windows\Tasks\At83.job
2009-05-02 22:00 . 2008-10-05 11:22 350 ----a-w c:\windows\Tasks\At59.job
2009-05-02 22:00 . 2008-11-22 04:21 350 ----a-w c:\windows\Tasks\At107.job
2009-05-02 04:08 . 2006-09-07 02:01
d
w c:\program files\MSN Messenger
2009-04-30 06:06 . 2006-09-06 23:09
d--h--w c:\program files\InstallShield Installation Information
2009-04-30 04:47 . 2006-09-06 03:55 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-28 23:19 . 2008-02-24 06:32 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-18 13:00 . 2008-10-05 11:37 350 ----a-w c:\windows\Tasks\At74.job
2009-04-18 13:00 . 2008-10-05 11:21 350 ----a-w c:\windows\Tasks\At50.job
2009-04-18 13:00 . 2008-11-22 04:21 350 ----a-w c:\windows\Tasks\At98.job
2009-04-18 12:47 . 2008-10-05 11:21 350 ----a-w c:\windows\Tasks\At49.job
2009-04-18 12:30 . 2008-11-22 04:21 350 ----a-w c:\windows\Tasks\At97.job
2009-03-13 07:26 . 2009-03-13 07:26
d
w c:\program files\Microsoft Silverlight
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 00:06 . 2009-03-06 00:06
d
w c:\program files\Safari
2009-03-06 00:01 . 2007-08-20 15:57
d
w c:\program files\iTunes
2009-03-06 00:00 . 2009-03-06 00:00
d
w c:\program files\iPod
2009-03-05 23:50 . 2009-03-05 23:49
d
w c:\program files\QuickTime
2009-03-05 23:48 . 2007-08-20 15:55
d
w c:\program files\Common Files\Apple
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 07:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-04 12:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-05 07:22 . 2006-12-25 19:50 27640 ----a-w c:\documents and settings\Rebecca Jackson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-05 07:11 . 2006-09-06 03:42 67 --sha-w c:\windows\Fonts\desktop.ini
2009-02-05 07:08 . 2006-09-06 03:54 23444 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-05 06:24 . 2009-02-05 06:25 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2006-09-07 02:05 . 2006-09-07 02:05 8 --sha-r c:\windows\system32\F084E71B5F.sys
2006-12-22 09:44 . 2006-09-07 02:05 5538 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 77892]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"HostManager"="c:\program files\Common Files\AOL\1184763857\ee\AOLSoftware.exe" [2006-11-17 50736]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-07 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-20 5674352]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-31 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-31 51984]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-23 00:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1184763857\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=(Angus is my dog, not me ...)0 -
big log ~ but theres still some missing? (I think you missed the ACTUAL 2nd part):idea:0
-
I'll repost both parts because getting mixed up
ComboFix 09-05-02.4 - Rebecca Jackson 02/05/2009 13:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.129 [GMT -12:00]
Running from: c:\documents and settings\Rebecca Jackson\Desktop\QWERTY.exe
AV: avast! antivirus 4.8.1335 [VPS 090501-0] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))))
.
2009-05-02 22:33 . 2009-05-02 22:33
d
w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-02 22:33 . 2009-05-02 22:33
d
w c:\program files\SUPERAntiSpyware
2009-05-02 22:33 . 2009-05-02 22:33
d
w c:\documents and settings\Rebecca Jackson\Application Data\SUPERAntiSpyware.com
2009-05-02 11:23 . 2009-05-02 11:23
d
w c:\documents and settings\Rebecca Jackson\Application Data\Red Kawa
2009-05-02 11:14 . 2009-05-02 11:14
d
w c:\program files\Regensoft
2009-05-02 11:14 . 2009-05-02 11:14
d
w c:\program files\AviSynth 2.5
2009-05-02 11:14 . 2009-05-02 11:14
d
w c:\program files\Red Kawa
2009-05-02 05:10 . 2009-05-02 05:10
d
w c:\program files\Trend Micro
2009-05-01 06:36 . 2009-05-01 06:36
d
w c:\program files\Alwil Software
2009-05-01 02:54 . 2009-05-01 02:54
d
w c:\documents and settings\Rebecca Jackson\Application Data\Malwarebytes
2009-05-01 02:54 . 2009-04-07 03:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 02:54 . 2009-04-07 03:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 02:53 . 2009-05-01 02:53
d
w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 02:53 . 2009-05-01 02:54
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 22:23 . 2009-04-30 22:23
d
w c:\windows\McAfee.com
2009-04-30 10:14 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-30 05:03 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-30 03:59 . 2009-04-30 03:59
d
w c:\program files\Common Files\Uninstall
2009-04-30 03:58 . 2009-05-01 05:13
d
w c:\program files\PAV
2009-04-28 23:24 . 2009-04-28 23:24
d
w c:\program files\log vc aim
2009-04-16 01:05 . 2008-05-03 11:55 2560
w c:\windows\system32\xpsp4res.dll
2009-04-16 01:05 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-07 05:52 . 2009-04-16 10:52
d
w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-07 05:48 . 2009-05-02 03:17
d
w c:\program files\Circl Developement
2009-04-07 05:48 . 2009-04-07 05:48
d
w c:\program files\Windows Live
2009-04-07 05:48 . 2009-04-07 05:51
d
w c:\program files\Messenger Plus! Live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 01:26 . 2006-09-06 03:59 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 00:59 . 2009-04-30 10:08 330 ---ha-w c:\windows\Tasks\MP Scheduled Scan.job
2009-05-02 22:32 . 2008-07-08 23:33
d
w c:\program files\Common Files\Wise Installation Wizard
2009-05-02 22:00 . 2008-10-05 11:37 350 ----a-w c:\windows\Tasks\At83.job
2009-05-02 22:00 . 2008-10-05 11:22 350 ----a-w c:\windows\Tasks\At59.job
2009-05-02 22:00 . 2008-11-22 04:21 350 ----a-w c:\windows\Tasks\At107.job
2009-05-02 04:08 . 2006-09-07 02:01
d
w c:\program files\MSN Messenger
2009-04-30 06:06 . 2006-09-06 23:09
d--h--w c:\program files\InstallShield Installation Information
2009-04-30 04:47 . 2006-09-06 03:55 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-28 23:19 . 2008-02-24 06:32 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-18 13:00 . 2008-10-05 11:37 350 ----a-w c:\windows\Tasks\At74.job
2009-04-18 13:00 . 2008-10-05 11:21 350 ----a-w c:\windows\Tasks\At50.job
2009-04-18 13:00 . 2008-11-22 04:21 350 ----a-w c:\windows\Tasks\At98.job
2009-04-18 12:47 . 2008-10-05 11:21 350 ----a-w c:\windows\Tasks\At49.job
2009-04-18 12:30 . 2008-11-22 04:21 350 ----a-w c:\windows\Tasks\At97.job
2009-03-13 07:26 . 2009-03-13 07:26
d
w c:\program files\Microsoft Silverlight
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 00:06 . 2009-03-06 00:06
d
w c:\program files\Safari
2009-03-06 00:01 . 2007-08-20 15:57
d
w c:\program files\iTunes
2009-03-06 00:00 . 2009-03-06 00:00
d
w c:\program files\iPod
2009-03-05 23:50 . 2009-03-05 23:49
d
w c:\program files\QuickTime
2009-03-05 23:48 . 2007-08-20 15:55
d
w c:\program files\Common Files\Apple
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 07:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-04 12:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-05 07:22 . 2006-12-25 19:50 27640 ----a-w c:\documents and settings\Rebecca Jackson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-05 07:11 . 2006-09-06 03:42 67 --sha-w c:\windows\Fonts\desktop.ini
2009-02-05 07:08 . 2006-09-06 03:54 23444 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-05 06:24 . 2009-02-05 06:25 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2006-09-07 02:05 . 2006-09-07 02:05 8 --sha-r c:\windows\system32\F084E71B5F.sys
2006-12-22 09:44 . 2006-09-07 02:05 5538 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 77892]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"HostManager"="c:\program files\Common Files\AOL\1184763857\ee\AOLSoftware.exe" [2006-11-17 50736]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-07 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-20 5674352]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-31 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-31 51984]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-23 00:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1184763857\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=(Angus is my dog, not me ...)0 -
This is definitely all of it - i've double checked
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44edf72e-ea0b-11dd-99a0-00038a000015}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44edf732-ea0b-11dd-99a0-00038a000015}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89df1c9f-dd0c-11dc-9896-00038a000015}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89df1ca3-dd0c-11dc-9896-00038a000015}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9f16ce0-4d39-11dd-98e2-00038a000015}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9f16ce1-4d39-11dd-98e2-00038a000015}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-30 00:34]
2009-05-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 07:20]
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9e.exe
.
Supplementary Scan
.
uStart Page = hxxp://www.facebook.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: {193AD1D4-F7CF-4269-8916-C026ECFC39F5} = 205.188.146.145
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 13:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(612)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(3100)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-03 13:37
ComboFix-quarantined-files.txt 2009-05-03 01:36
Pre-Run: 7,972,651,008 bytes free
Post-Run: 8,313,602,048 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
202 --- E O F --- 2009-05-01 21:15(Angus is my dog, not me ...)0 -
Open notepad and copy/paste the text in RED below
File::
c:\windows\Tasks\At83.job
c:\windows\Tasks\At59.job
c:\windows\Tasks\At107.job
c:\windows\Tasks\At74.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At98.job
c:\windows\Tasks\At49.job
C:\windows\Tasks\At97.job
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
then ~
Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
http://www.filehippo.com/download_ccleaner/
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
Run LSPFIX
Download HostsXpert
http://www.softpedia.com/get/Security/Security-Related/Hoster.shtml
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
then run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/virusscanner
Please post the complete log it creates:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 348.9K Banking & Borrowing
- 252.4K Reduce Debt & Boost Income
- 452.7K Spending & Discounts
- 241.8K Work, Benefits & Business
- 618.4K Mortgages, Homes & Bills
- 176K Life & Family
- 254.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards