We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Pop up blocker.
Comments
-
An impressive selection of malware you had running there
As browntoa said, disable AVG
Run combofix
It may or may not restart itself at the end
If you cant find the log its in C drive called COMBOFIX.TXT
Split into sections and post the lot (Unless theres pages of SNAPSHOTS on which case miss that part out):idea:0 -
Ihave done as you suggested. disabled AVg and then run combofix. I looked in c drive but I cant find combofix.txt. I can see combobatch and just combo...and cfscript. if I ever do find it what should I use to open it?
Thanks!Norn Iron Club member 4730 -
i think maybe Combofix isnt installed properly...?
Every time I try to run it and follow the instructions on the website (esp the bit where it says click save ..to desktop, my only option is to run it from my downloadsl ist. it dosent ask me if I want to save it.Norn Iron Club member 4730 -
rename combofix to comboclean before you save itEx forum ambassador
Long term forum member0 -
But I never get an option to save it. it just is a download and a run option.But Ill keep bashing on!
I never get to rename it. Also, i dont see those screens that the tutorial says you should either.
i run it from my download list and all that happens is a green light runs across a bar for a few secs. Thats it.Norn Iron Club member 4730 -
Hi , just noticed that use Firefox so when you get the downloads screen up right click on combofix and select open containing folder, when it puts you into explorer right click on combofix.exe then rename to comboclean. then double click on it to start itBut I never get an option to save it. it just is a download and a run option.But Ill keep bashing on!
I never get to rename it. Also, i dont see those screens that the tutorial says you should either.
i run it from my download list and all that happens is a green light runs across a bar for a few secs. Thats it.4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy0 -
ComboFix 10-03-08.02 - Owner 09/03/2010 11:24:41.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.959.551 [GMT 0:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\comboclean.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2767205889-989584563-1685789778-1000
.
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.
2010-03-08 20:10 . 2010-03-08 20:10 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-08 20:10 . 2010-03-08 20:10
d
w- c:\program files\TrendMicro
2010-03-08 19:12 . 2010-03-08 19:12
d
w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-03-08 19:12 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-08 19:12 . 2010-03-08 19:12
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-03-08 19:12 . 2010-03-08 19:12
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-08 19:12 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-20 19:24 . 2010-02-20 19:26
d
w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2010-02-20 19:24 . 2010-02-20 19:24
d
w- c:\program files\Google
2010-02-09 22:28 . 2010-02-09 22:28
d
w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2010-02-09 22:26 . 2010-02-09 22:27
d
w- c:\program files\Common Files\Adobe
2010-02-08 20:06 . 2010-02-08 20:06
d
w- c:\documents and settings\All Users\Application Data\e-Safekey
2010-02-08 20:00 . 2010-02-08 20:00
d-s---w- c:\documents and settings\Owner\UserData
2010-02-08 19:10 . 2001-08-17 22:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-02-08 19:10 . 2004-08-04 00:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-02-07 16:49 . 2010-02-07 16:49 846312 ----a-w- c:\documents and settings\Owner\Application Data\MSNInstaller\msnauins.exe
2010-02-07 16:49 . 2010-02-07 16:49
d
w- c:\documents and settings\Owner\Application Data\MSNInstaller
2010-02-07 13:00 . 2010-02-07 13:00
d
w- c:\documents and settings\Owner\Local Settings\Application Data\IsolatedStorage
2010-02-07 12:59 . 2010-02-07 12:59
d
w- c:\documents and settings\Owner\Local Settings\Application Data\HP
2010-02-07 12:58 . 2010-02-07 12:58 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2010-02-07 12:58 . 2010-03-09 09:16
d
w- c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
2010-02-07 12:23 . 2010-02-07 12:23
d
w- c:\documents and settings\Owner\Application Data\HP
2010-02-07 12:22 . 2010-02-07 12:22
d
w- c:\documents and settings\All Users\Application Data\HP
2010-02-07 12:20 . 2010-02-07 12:20
d
w- C:\bin
2010-02-07 12:18 . 2010-02-07 12:18
d
w- c:\program files\Common Files\Sonic Shared
2010-02-07 12:18 . 2010-02-07 12:18
d
w- c:\documents and settings\All Users\Application Data\Sonic
2010-02-07 12:14 . 2010-02-07 12:14
d
w- c:\windows\system32\URTTemp
2010-02-07 12:13 . 2010-02-07 12:17
d
w- c:\program files\Common Files\HP
2010-02-07 12:11 . 2010-02-07 12:11
d
w- c:\program files\Hewlett-Packard
2010-02-07 12:10 . 2010-02-07 12:10
d
w- c:\program files\Common Files\Hewlett-Packard
2010-02-07 12:09 . 2006-02-01 02:48 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-02-07 12:09 . 2006-02-01 02:48 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-02-07 12:09 . 2006-01-04 10:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-02-07 12:09 . 2006-02-09 15:43 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-02-07 12:09 . 2006-02-09 15:45 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-02-07 12:08 . 2004-08-03 22:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-02-07 12:08 . 2004-08-03 22:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-07 12:08 . 2007-08-09 07:27 73728 ----a-w- c:\windows\system32\HPZipm12.exe
2010-02-07 12:08 . 2005-03-15 03:09 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2010-02-07 12:08 . 2005-03-15 01:35 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-02-07 12:08 . 2005-03-09 01:25 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-02-07 12:08 . 2005-03-09 01:25 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-02-07 12:08 . 2005-03-15 01:33 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-02-07 12:07 . 2010-02-07 12:11
d
w- c:\program files\HP
2010-02-07 12:06 . 2010-02-07 12:23 118667 ----a-w- c:\windows\hpoins09.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 18:09 . 2010-02-06 13:52
d
w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-07 14:36 . 2010-02-06 13:11 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-07 12:26 . 2010-02-06 13:18 21848 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-07 10:25 . 2010-02-06 13:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-07 10:25 . 2010-02-06 13:52 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-06 19:23 . 2010-02-06 19:23 0 ----a-w- c:\windows\nsreg.dat
2010-02-06 18:03 . 2010-02-06 13:42
d--h--w- c:\program files\InstallShield Installation Information
2010-02-06 18:03 . 2010-02-06 13:42
d
w- c:\program files\Common Files\InstallShield
2010-02-06 14:00 . 2010-02-06 14:00
d
w- c:\program files\Microsoft ActiveSync
2010-02-06 13:52 . 2010-02-06 13:52 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-06 13:52 . 2010-02-06 13:52 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-06 13:52 . 2010-02-06 13:52
d
w- c:\program files\AVG
2010-02-06 13:52 . 2010-02-06 13:52
d
w- c:\documents and settings\All Users\Application Data\avg9
2010-02-06 13:43 . 2010-02-06 13:42
d
w- c:\program files\Multimedia V3.54
2010-02-06 13:40 . 2010-02-06 13:40
d
w- c:\program files\C-Media 3D Audio
2010-02-06 13:13 . 2010-02-06 13:13
d
w- c:\program files\microsoft frontpage
2010-02-06 13:09 . 2010-02-06 13:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-08 22:42 . 2010-01-08 22:42 3366912 ----a-w- c:\windows\system32\GPhotos.scr
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-07 10:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [06/02/2010 13:52 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [06/02/2010 13:52 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [06/02/2010 13:52 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [06/02/2010 13:52 285392]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://ebanking.northernbank.co.uk/html/activex/e-Safekey/NB/e-Safekey.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v9cenejx.default\
FF - plugin: c:\documents and settings\Owner\Desktop\Picasa3\npPicasa3.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 11:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-03-09 11:32:39
ComboFix-quarantined-files.txt 2010-03-09 11:32
Pre-Run: 18,505,408,512 bytes free
Post-Run: 18,632,257,536 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 90A9AA39787D4F7C5850D44D3CCFA39FNorn Iron Club member 4730 -
is there light at the end of the (very long and stressy) tunnel?
Thank you to all helping along the way.
I think I should turn avg on again?Norn Iron Club member 4730 -
Turn it on for now, one of the gurus might ask for it off again, but let them decide on the combofix log first, I profess to know half of what they do,is there light at the end of the (very long and stressy) tunnel?
Thank you to all helping along the way.
I think I should turn avg on again?
4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy0 -
Id say your good to go
Give it a clean with ccleaner (If you havnt already)
Download CCLEANER
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks):idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards