We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Hijack this help please
Comments
-
The link to AVG9 says page could not be found. I tried to find it from Google but got the same message0
-
Hi AlienRik, I removed the entries you mentioned although I recieved a message saying registry editor had been disabled by the administrator (only me uses the comp) but it seems to have removed them anyway - not sure what this is but I have removed an entry with spybot regarding this every time I have run it. i am about to try the program you mentioned now and will post log0
-
OK that took longer than I expected.
ComboFix 09-11-13.04 - Administrator 12/11/2009 23:24.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.447.168 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\Qwerty.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1340307497-2614723990-4250122306-500
c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
c:\windows\AUTOLNCH.REG
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\poPCaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\SYSInfo.ocx
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_IPRIP
\Service_Iprip
((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.
2009-11-12 22:31 . 2009-11-12 22:31
d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-11-12 22:23 . 2009-11-12 22:23
d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-12 22:18 . 2009-11-12 22:18
d
w- c:\windows\ie8updates
2009-11-12 22:10 . 2009-11-12 22:15
dc-h--w- c:\windows\ie8
2009-11-12 22:04 . 2009-10-02 04:44 92160
w- c:\windows\system32\dllcache\iecompat.dll
2009-11-12 22:03 . 2009-08-29 08:08 12800
w- c:\windows\system32\dllcache\xpshims.dll
2009-11-12 22:03 . 2009-08-29 08:08 246272
w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-12 18:07 . 2009-11-12 18:07
d
w- c:\program files\Trend Micro
2009-11-12 16:04 . 2009-11-12 16:04
d
w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-12 16:04 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-12 16:04 . 2009-11-12 16:04
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-11-12 16:04 . 2009-11-12 16:04
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-12 16:04 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-12 15:06 . 2009-11-12 15:06 1 ----a-w- c:\windows\system32\qsfff.dat
2009-11-12 15:06 . 2009-11-12 15:06 1 ----a-w- c:\windows\system32\idmf.dat
2009-11-12 15:06 . 2009-11-12 15:06 1 ----a-w- c:\windows\system32\fdscd.dat
2009-11-11 15:39 . 2009-11-11 23:20
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-11 15:39 . 2009-11-11 15:49
d
w- c:\program files\Spybot - Search & Destroy
2009-11-11 15:17 . 2009-11-11 15:17
d
w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert
2009-11-09 16:14 . 2009-11-11 10:26 0 ----a-w- c:\windows\Esuloso.bin
2009-11-09 16:14 . 2009-11-11 17:06 120 ----a-w- c:\windows\Byipelozu.dat
2009-11-09 16:14 . 2009-11-09 16:14
d
w- c:\documents and settings\Administrator\Local Settings\Application Data\{91103DE8-50CF-4E66-BCE3-0D5CE6DF99BF}
2009-11-09 16:10 . 2009-11-09 16:10 33792 ----a-w- c:\windows\system32\gqcj38.dll
2009-10-21 11:56 . 2009-10-21 11:55 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-10-18 11:36 . 2009-10-18 11:36
d
w- c:\windows\Cache
2009-10-18 11:35 . 2009-10-18 11:35
d
w- c:\program files\Coupon Printer
2009-10-18 11:35 . 2009-10-18 11:35 31 ---ha-w- c:\windows\UKCpInfo.sys
2009-10-17 12:46 . 2009-10-17 12:45 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 22:56 . 2007-03-06 19:37
d
w- c:\program files\Virtools Web Player 3.0
2009-11-12 21:46 . 2006-07-11 06:07
d
w- c:\program files\Common Files\Symantec Shared
2009-11-12 13:02 . 2007-02-07 15:14
d
w- c:\program files\Lavasoft
2009-11-11 14:55 . 2008-05-25 20:34
d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 13:23 . 2009-03-24 18:53
d
w- c:\documents and settings\All Users\Application Data\JollyBear
2009-10-30 13:21 . 2009-03-16 19:46
d
w- c:\program files\MostFun
2009-10-30 12:24 . 2009-10-03 15:08
d
w- c:\documents and settings\Administrator\Application Data\Gaijin Ent
2009-10-26 18:04 . 2009-07-09 19:14
d
w- c:\documents and settings\All Users\Application Data\Fugazo
2009-10-26 17:29 . 2009-03-24 15:29
d
w- c:\documents and settings\All Users\Application Data\TERMINAL Studio
2009-10-26 17:13 . 2009-03-16 19:46
d
w- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2009-10-14 10:32 . 2007-01-27 12:55
d
w- c:\program files\Common Files\Adobe
2009-10-12 16:50 . 2009-07-23 18:19
d
w- c:\documents and settings\All Users\Application Data\My Games
2009-10-09 08:46 . 2009-10-09 08:46
d
w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-07 09:32 . 2009-06-11 15:45
d
w- c:\program files\Stopbuddy
2009-10-07 09:30 . 2006-07-11 05:40
d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 12:10 . 2009-10-06 12:10
d
w- c:\documents and settings\Administrator\Application Data\Skinux
2009-10-03 16:29 . 2009-10-03 16:16
d
w- c:\documents and settings\All Users\Application Data\UClick
2009-10-03 16:29 . 2009-10-03 16:16
d
w- c:\documents and settings\Administrator\Application Data\UClick
2009-09-25 15:20 . 2007-02-21 18:49
d
w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-09-25 15:20 . 2007-02-21 18:49
d
w- c:\documents and settings\Administrator\Application Data\PlayFirst
2009-09-11 14:18 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 14:09 . 2009-08-20 14:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 18:03 . 2009-08-16 18:03 524 ----a-w- c:\windows\eReg.dat
2009-08-15 18:29 . 2009-08-15 17:37 159744 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\MostFun\gamedownloader.exe
2009-08-15 09:40 . 2008-05-25 19:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-15 09:40 . 2007-02-01 19:24 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-15 09:40 . 2008-05-25 19:21 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2007-02-15 15:31 . 2007-02-15 15:31 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-01-14 22:30 . 2007-01-14 22:30 56 --sha-w- c:\windows\SMINST\hpboot.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-16 08:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 454656]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"Motive SmartBridge"="c:\progra~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe" [2005-09-22 438359]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-04 2028312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 09:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 15:08 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^blueyonder Instant Support Tool.lnk]
backup=c:\windows\pss\blueyonder Instant Support Tool.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
backup=c:\windows\pss\DVD Check.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/05/2008 19:21 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/05/2008 19:21 108552]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/07/2008 11:01 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/07/2008 11:00 297752]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [08/12/2006 02:49 2368]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E7F780A5-FC7C-45C5-882E-256832665E0A}]
rundll32 gqcj38.dll,laspi
.
.
Supplementary Scan
.
uStart Page = hxxp://forums.moneysavingexpert.com/forumdisplay.html?s=&daysprune=&f=36
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://www.blueyonder.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://www.crtvg.es/camweb/camera.cab
.
- - - - ORPHANS REMOVED - - - -
BHO-{2C5EB892-1B87-449E-A13F-7BC1112C99EB} - (no file)
WebBrowser-{472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
HKLM-Run-Workflow -
\Workflow.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 23:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-2541423913-2234353754-4243743288-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,f8,6e,e3,cd,46,da,4a,9d,e5,2f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,f8,6e,e3,cd,46,da,4a,9d,e5,2f,\
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\IfxWlxEN.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll
- - - - - - - > 'lsass.exe'(952)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
- - - - - - - > 'explorer.exe'(1972)
c:\windows\system32\WININET.dll
c:\progra~1\BLUEYO~1\SMARTB~1\SBHook.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\DllHost.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\IFXSPMGT.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\IFXTCS.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2009-11-13 00:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-13 00:06
Pre-Run: 30,024,077,312 bytes free
Post-Run: 29,957,156,864 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - C9C807039B45EF4D9C61FE66A7BCFBB40 -
Your computers seriously infected
I would personally recommend formatting the hardrive and reinstalling windows
If you wish to go on ~
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\fdscd.dat
c:\windows\system32\idmf.dat
c:\windows\system32\qsfff.dat
c:\windows\Esuloso.bin
c:\windows\Byipelozu.dat
c:\windows\system32\gqcj38.dll
c:\windows\UKCpInfo.sys
c:\documents and settings\All Users\Application Data\NeoEdge Networks\MostFun\gamedownloader.exe
Save this as "CFScript" (FULL file will be 'CFScript.txt')
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
.....................................................
Download CCLEANER
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
..................................................................
Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon
***DO NOT UPGRADE TO FULL VERSION***
...............................................................
reboot
Download GLARY UTILITIES
http://www.glaryutilities.com/download/gusetup_slim.exe
Run the ONE CLICK scan
Then goto SYSTEM TOOLS-WINDOWS STANDARD TOOLS and click 'SYSTEM FILE CHECKER'
...................................................................
Download HostsXpert
http://www.softpedia.com/get/Security/Security-Related/Hoster.shtml
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
......................................................................
Download SUPERANTISPYWARE (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_superantispyware/
UPDATE and PERFORM COMPLETE SCAN
(Then goto console and LOGS and post the log it created then untick it from STARTING UP WITH WINDOWS):idea:0 -
Oh dear, this looks like a big job. What am I seriously infected with. Woukld you have any idea when or for how long. I haven't noticed any problems until a couple of days ago. I have had AVG running since I got the computer a couple of years ago.0
-
I have just checked the Bank website. Thsi is the first I have checked since the downloads etc later last night. The website is fine this morning ???? Not sure what to do now. I dont have an installation disc for windows as it was pre installed on the computer although I have the back up discs that I made as soon as I got it.0
-
Your call ~ use the backup discs or continue with the instructions I gave:idea:0
-
I am a bit anxious being an amateur. What exactly will the above instructions do to the computer? I am goiong away for the weekend later on this afternoon and won't have internet access till Monday. Would I be better to wait or could I download all the programs you mention above and work on it while away?0
-
I doubt youd have any trouble with any of them
You need to be connected to the net when you run SUPER ANTISPYWARE for it to update
Other than that it 'should' be plain sailing
CCLEANER and GLARY will remove dead registries etc
Hosts will reset the hosts file (Nothing to worry about, but its better to reset it than hope its clean)
Combofix will remove the items ive selected to remove
Dr web and SAS are 'on demand' virus scanners:idea:0 -
Hi AlienRik and thanks again for all your help.
I have downloaded all the programs above and copied your instructions so I will have a go at it over the weekend.
Is there anything I need to backup before I start?
S.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards