We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Computer runing very slow - Hijack This and mbam run!
Comments
-
0
-
after running Hijack This and after running mbam and after using the AVG removal tool which restarted my computer and said its removed AVG.
i then tried to run combofix but it said AVG is still running0 -
Why are you trying to run ComboFix? Did someone here suggest it?0
-
nope, I just tried it and it said AVG is still running, i dont think there is a problem now, I want to install an antivirus but want to remove all others first!
Is the free one ok or the paid version?
Thanks for the help!0 -
My suggestion would be to format and reinstall windows
If your not prepared to do that then id really recommend running combofix as youve had a pretty nasty infection:idea:0 -
thanjs will run combofix as it sounds alot easier, will update here!0
-
running it now but it still says AVG scanners are active!0
-
ComboFix 10-09-06.01 - Ajvinder 06/09/2010 18:22:33.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2815.1733 [GMT 1:00]
Running from: c:\users\Ajvinder\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.
2010-09-06 17:27 . 2010-09-06 17:27
d
w- c:\users\Default\AppData\Local\temp
2010-09-06 15:41 . 2010-09-06 15:42
d
w- c:\windows\system32\ca-ES
2010-09-06 15:41 . 2010-09-06 15:41
d
w- c:\windows\system32\eu-ES
2010-09-06 15:41 . 2010-09-06 15:41
d
w- c:\windows\system32\vi-VN
2010-09-06 15:17 . 2009-04-11 06:28 777216 ----a-w- c:\windows\system32\slcc.dll
2010-09-06 15:16 . 2009-04-11 06:33 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2010-09-06 15:08 . 2010-09-06 15:08
d
w- c:\windows\system32\EventProviders
2010-09-06 13:47 . 2010-09-06 13:47
d
w- c:\users\Ajvinder\AppData\Roaming\Malwarebytes
2010-09-06 13:47 . 2010-09-06 13:47
d
w- c:\programdata\Malwarebytes
2010-09-06 13:47 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 13:47 . 2010-09-06 13:47
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-09-06 13:47 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 13:42 . 2010-09-06 13:42
d
w- c:\program files\Trend Micro
2010-08-14 11:26 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-14 10:36 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-14 10:36 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-14 10:30 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-14 10:30 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-14 10:30 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-14 10:19 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-14 10:19 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-14 10:19 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-08 17:39 . 2010-08-15 13:21
d-sh--w- c:\users\Ajvinder\AppData\Roaming\lowsec
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 15:49 . 2010-05-12 12:11
d
w- c:\users\Ajvinder\AppData\Roaming\OpenOffice.org2
2010-09-06 15:43 . 2008-10-04 10:16 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-06 15:42 . 2006-11-02 12:37
d
w- c:\program files\Windows Sidebar
2010-09-06 15:42 . 2006-11-02 12:37
d
w- c:\program files\Windows Photo Gallery
2010-09-06 15:42 . 2006-11-02 12:37
d
w- c:\program files\Windows Journal
2010-09-06 15:42 . 2006-11-02 12:37
d
w- c:\program files\Windows Collaboration
2010-09-06 15:42 . 2006-11-02 12:37
d
w- c:\program files\Windows Calendar
2010-09-06 15:42 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-09-06 15:42 . 2006-11-02 12:37
d
w- c:\program files\Windows Defender
2010-09-06 15:41 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-06 15:21 . 2009-01-05 13:08
d
w- c:\program files\Common Files\Apple
2010-09-02 10:21 . 2010-05-10 12:26
d
w- c:\programdata\Dl_cats
2010-08-15 07:30 . 2008-05-22 09:40
d
w- c:\program files\Microsoft Works
2010-08-15 07:26 . 2008-05-22 09:50
d
w- c:\programdata\Microsoft Help
2010-08-08 17:52 . 2010-03-03 19:26
d
w- c:\program files\FKRMonitor
2010-07-16 14:01 . 2008-11-21 08:23 210 ----a-w- c:\users\Ajvinder\AppData\Roaming\wklnhst.dat
2010-06-26 06:05 . 2010-08-14 10:25 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-14 10:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-14 10:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-14 10:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-24 09:44 . 2010-06-24 09:44 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3A72.tmp.exe
2010-07-03 18:23 . 2008-05-22 09:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-11-28 19:31 . 2008-05-22 09:39 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:31 . 2008-05-22 09:39 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:31 . 2008-05-22 09:39 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:31 . 2008-05-22 09:39 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:31 . 2008-05-22 09:39 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-05-22 18:22 . 2008-05-22 18:26 65536 --sha-w- c:\windows\oem\mp\boot\bootstat.dat
2008-05-22 18:23 . 2008-05-22 18:23 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
"Google Update"="c:\users\Ajvinder\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-18 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-20 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-20 81920]
"CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-04-07 306112]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-03 30192]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-10 148888]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2009-07-30 672424]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2009-07-30 16040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
c:\users\Ajvinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2009-1-1 3656]
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-4-18 995328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):29,10,7c,fc,da,4d,cb,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe [2009-07-09 98984]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-03 30192]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2006-09-28 247808]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111v.sys [2007-06-01 870400]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2009-07-09 594600]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 13:30]
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 13:30]
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-561932456-1623629331-3089525779-1000Core.job
- c:\users\Ajvinder\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 09:17]
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-561932456-1623629331-3089525779-1000UA.job
- c:\users\Ajvinder\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 09:17]
2010-09-06 c:\windows\Tasks\Recovery DVD Creator-Ajvinder.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-05-22 10:13]
.
.
Supplementary Scan
.
uStart Page = hxxp://google.co.uk/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {9C979A25-EA25-4BC0-80B4-3A97603072AA} = 196.7.0.138,196.7.142.132
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.accept.default", "application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-winntR1 - c:\winnt_\winntR1.exe
HKCU-Run-winntR2 - c:\winnt_\winntR2.exe
HKCU-Run-winnt2 - c:\winnt_\winnt2.exe
HKCU-Run-winnt3 - c:\winnt_\winnt3.exe
HKCU-Run-winnt4 - c:\winnt_\winnt4.exe
HKCU-Run-winnt5 - c:\winnt_\winnt5.exe
HKCU-Run-winnt6 - c:\winnt_\winnt6.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 18:27
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-06 18:29:42
ComboFix-quarantined-files.txt 2010-09-06 17:29
Pre-Run: 441,900,605,440 bytes free
Post-Run: 442,497,290,240 bytes free
- - End Of File - - 59805D570FDA2F00ECEB74913F7AE6E00 -
As what alienrik says, reinstall the computer. Less headache.When I was 5, my dad told me that the ice-cream van only played songs when it's out of ice-cream. Cheek!:mad:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.4K Banking & Borrowing
- 254.4K Reduce Debt & Boost Income
- 455.4K Spending & Discounts
- 247.3K Work, Benefits & Business
- 604.1K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards