We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Combo-fix/ Hijack this conflict?
rizla01
Posts: 7,260 Forumite
in Techie Stuff
Hi all.
Lately I have had a few problems with my set-up and having had some kind of infection. I am now getting a comnflict over what the Combofix log is telling me and what Hijackthis log is telling me.
Combo log tells me that I still have a couple of antivirus progs running. They are anti virus progs that I deleted some while back, using revo-uninstaller.
Also tells me that Comodo is still on my system but I replaced that with Online armour (Which I disabled before running Combo, tho it says that it is enabled?)
Here is the relevant part of the Combolog.
ComboFix 10-11-12.01 - Terry 12/11/2010 17:37:21.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1571 [GMT 0:00]
Running from: g:\downloads\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
And here is the Hijack log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:31, on 12/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
G:\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Online Armor\OAcat.exe
G:\Online Armor\oasrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\igfxpers.exe
G:\Online Armor\oaui.exe
G:\IObit Security 360\IS360tray.exe
F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
G:\Online Armor\OAhlp.exe
C:\Magnifier 1.09\Magnifier.exe
L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
G:\IObit Security 360\is360.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Terry\Desktop\utilities\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by150w.bay150.mail.live.com/default.aspx?rru=home&livecom=1&wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/clipextractor/{A9E3981F-6A11-4EF1-A702-3819AB03CE4F}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} -
\Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -\Roboform\roboform.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "G:\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [IObit Security 360] "G:\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [Zentimo xStorage Manager] G:\Zentimo\Zentimo.exe /startup
O4 - S-1-5-18 Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Rightmove Desktop.lnk = L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe (User 'Default user')
O4 - .DEFAULT Startup: Rightmove Desktop.lnk = L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe (User 'Default user')
O4 - Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe
O4 - Startup: Rightmove Desktop.lnk = L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe
O8 - Extra context menu item: Customize Menu - [URL]file://D:\Roboform\RoboFormComCustomizeIEMenu.html[/URL]
O8 - Extra context menu item: Fill Forms - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O8 - Extra context menu item: Identities Editor - [URL]file://D:\Roboform\RoboFormComEditIdent.html[/URL]
O8 - Extra context menu item: Locate Spot on Map by GPS - F:\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Password Generator - [URL]file://D:\Roboform\RoboFormComPasswordGenerator.html[/URL]
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O8 - Extra context menu item: Save Forms - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - F:\IExif 2.3\IExifCom.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218797834562
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O20 - Winlogon Notify: !SASWinLogon - G:\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Online Armor Helper Service (OAcat) - Emsi Software GmbH - G:\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Emsi Software GmbH - G:\Online Armor\oasrv.exe
O23 - Service: Zentimo Assistant (ZentimoService) - Unknown owner - G:\Zentimo\ZentimoService.exe
--
End of file - 7370 bytes
I think that this problem may be to do with the infection as I imagine there may still be a conflict preventing AVIRA from doing its duty correctly.
Any thoughts/Advice?
Lately I have had a few problems with my set-up and having had some kind of infection. I am now getting a comnflict over what the Combofix log is telling me and what Hijackthis log is telling me.
Combo log tells me that I still have a couple of antivirus progs running. They are anti virus progs that I deleted some while back, using revo-uninstaller.
Also tells me that Comodo is still on my system but I replaced that with Online armour (Which I disabled before running Combo, tho it says that it is enabled?)
Here is the relevant part of the Combolog.
ComboFix 10-11-12.01 - Terry 12/11/2010 17:37:21.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1571 [GMT 0:00]
Running from: g:\downloads\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
And here is the Hijack log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:31, on 12/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
G:\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Online Armor\OAcat.exe
G:\Online Armor\oasrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\igfxpers.exe
G:\Online Armor\oaui.exe
G:\IObit Security 360\IS360tray.exe
F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
G:\Online Armor\OAhlp.exe
C:\Magnifier 1.09\Magnifier.exe
L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
G:\IObit Security 360\is360.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Terry\Desktop\utilities\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by150w.bay150.mail.live.com/default.aspx?rru=home&livecom=1&wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/clipextractor/{A9E3981F-6A11-4EF1-A702-3819AB03CE4F}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} -
\Roboform\roboform.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -
\Roboform\roboform.dllO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "G:\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [IObit Security 360] "G:\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [Zentimo xStorage Manager] G:\Zentimo\Zentimo.exe /startup
O4 - S-1-5-18 Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Rightmove Desktop.lnk = L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe (User 'Default user')
O4 - .DEFAULT Startup: Rightmove Desktop.lnk = L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe (User 'Default user')
O4 - Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe
O4 - Startup: Rightmove Desktop.lnk = L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe
O8 - Extra context menu item: Customize Menu - [URL]file://D:\Roboform\RoboFormComCustomizeIEMenu.html[/URL]
O8 - Extra context menu item: Fill Forms - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O8 - Extra context menu item: Identities Editor - [URL]file://D:\Roboform\RoboFormComEditIdent.html[/URL]
O8 - Extra context menu item: Locate Spot on Map by GPS - F:\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Password Generator - [URL]file://D:\Roboform\RoboFormComPasswordGenerator.html[/URL]
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O8 - Extra context menu item: Save Forms - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - F:\IExif 2.3\IExifCom.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218797834562
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O20 - Winlogon Notify: !SASWinLogon - G:\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Online Armor Helper Service (OAcat) - Emsi Software GmbH - G:\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Emsi Software GmbH - G:\Online Armor\oasrv.exe
O23 - Service: Zentimo Assistant (ZentimoService) - Unknown owner - G:\Zentimo\ZentimoService.exe
--
End of file - 7370 bytes
I think that this problem may be to do with the infection as I imagine there may still be a conflict preventing AVIRA from doing its duty correctly.
Any thoughts/Advice?
"Unhappiness is not knowing what we want, and killing ourselves to get it."
Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))
Women and cats will do as they please, and men and dogs should relax and get used to the idea.
0
Comments
-
First thing to say is that it is unadvisable to run combofix without getting someone clued up on it asking you to run it (I'm not).
Do you still feel you have an infection?
If yes, run malwarebytes. Download Malwarebytes Anti-Malware 1.46 - FileHippo.com
UPDATE tab, CHECK FOR UPDATES, RUN FULL SCAN.
I would first check all infections are gone before checking if the avs are gone or not.0 -
Hi GM. Funnily enough i ran Combo-fix in error. It is placed on my descktop from a previous infection and when my system locked up. I was clicking on the 'Close box' 'X' and inadvertantly missed and started Combo.
I have already run Malwarebytes and it cleaned a couple of infections.
I have been trying to resolve probs on my 'puter for the last 2-3 days after a Blue Screen event and have run several programs to try to find/fix the problem, inc Panda online, Ccleaner, Glary, Spybot, Superantispyware, Malwarebytes, and more (Cant recall all of them).
Still the system locks, crashes and crawls from time to time."Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
Can you post the malwarebytes log in question? (under LOGS tab)0
-
I've run combofix lots of times and no problems. It saves a lot of time messing around. Wonder where you did run it from as log says g:\downloads\ComboFix.exe and you should be running it from desktop, as you state you did ?
I guess it's the malware causing the conflict advice tho' it looks like you didn't disable avira when running combo, which combo says you should or it will run with reduced capability.
I'd run a regcleaner (ccleaner has this) to remove any old references to your past a/v, turn off system restore and run combo again,which will create a new restore point.0 -
The emboldened entries above look like registry leftovers so perhaps you should do a CCleaner registry scan. If you removed the programs then CCleaner will pick up the redundant registry entries and you can select them for deletion.
Yep. done that too.
Here is the last Malware log that I can find.
Only a quick scan tho.
Will it need to be the full scan?
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4550
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
09/11/2010 17:10:46
mbam-log-2010-11-09 (17-10-46).txt
Scan type: Quick scan
Objects scanned: 154174
Time elapsed: 18 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
Either you have posted and old log or you didn't update MBAM before you scanned. You are also using an out of date version of Hijack This, the latest is v.2.0.40
-
Is there anything here to worry about as there seems to be a lot of files that are locked.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63B97F04-9032-2D21-7BE0-EA7F7AE7EE4B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nanhidfkkcpkpahaeliapjmohhon"=hex:6a,61,65,67,68,69,66,68,66,65,6b,6d,6d,63,
68,6f,65,68,6b,70,00,0c
"madhoahnjofkbbmejiepajomch"=hex:6a,61,65,67,68,69,66,68,66,65,6b,6d,6d,63,68,
6f,65,68,6b,70,00,56
"abbaoepgoddjdfkamchgkahkhkddfmehpc"=hex:61,62,6b,68,62,64,67,68,65,6c,67,67,
64,67,6c,6a,64,62,6a,64,63,6d,70,67,70,6a,70,6e,61,6e,6a,63,62,66,00,77
"maoppejgogbliogaieoebfhdhf"=hex:64,62,64,68,6d,66,65,66,6b,65,6e,68,6a,68,6a,
63,64,63,66,69,61,62,70,63,61,68,6c,70,6a,61,6d,68,62,65,69,6a,69,64,6c,6b,\
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8AA92D77-C3A3-884A-7EA8-1CD3D0BBD18D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7DAF699-3319-E05F-CCAA-2BCB894FA322}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naihibmkhoenfhpkbfemdhphimdc"=hex:6a,61,65,67,65,67,67,64,70,6b,6e,64,63,67,
67,63,62,69,66,6c,00,03
"macgobkcfnlbgaobohegbmmnlg"=hex:6a,61,65,67,65,67,67,64,70,6b,6e,64,63,67,67,
63,62,69,66,6c,00,56
[HKEY_LOCAL_MACHINE\software\Microsoft\EncryptionInterface*]
"l_encryption_d"="585A4A574A5F"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(528)
g:\superantispyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2872)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-12 19:52:06
ComboFix-quarantined-files.txt 2010-11-12 19:52
ComboFix2.txt 2010-11-12 17:44
ComboFix3.txt 2010-09-16 13:19
ComboFix4.txt 2010-09-16 12:28
ComboFix5.txt 2010-11-12 19:43
Pre-Run: 25,718,857,728 bytes free
Post-Run: 25,702,932,480 bytes free"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
Just upgraded Hijackthis.
Here is the logfile.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:11:38, on 12/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
G:\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Online Armor\OAcat.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\igfxpers.exe
G:\IObit Security 360\is360.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Terry\Desktop\utilities\HijackThis.exe
C:\Documents and Settings\Terry\Desktop\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\internet explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by150w.bay150.mail.live.com/default.aspx?rru=home&livecom=1&wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/clipextractor/{A9E3981F-6A11-4EF1-A702-3819AB03CE4F}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} -\Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -\Roboform\roboform.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "G:\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [IObit Security 360] "G:\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [Zentimo xStorage Manager] G:\Zentimo\Zentimo.exe /startup
O4 - S-1-5-18 Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Rightmove Desktop.lnk = L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe (User 'Default user')
O4 - .DEFAULT Startup: Rightmove Desktop.lnk = L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe (User 'Default user')
O4 - Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe
O4 - Startup: Rightmove Desktop.lnk = L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe
O8 - Extra context menu item: Customize Menu - [URL]file://D:\Roboform\RoboFormComCustomizeIEMenu.html[/URL]
O8 - Extra context menu item: Fill Forms - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O8 - Extra context menu item: Identities Editor - [URL]file://D:\Roboform\RoboFormComEditIdent.html[/URL]
O8 - Extra context menu item: Locate Spot on Map by GPS - F:\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Password Generator - [URL]file://D:\Roboform\RoboFormComPasswordGenerator.html[/URL]
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O8 - Extra context menu item: Save Forms - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - F:\IExif 2.3\IExifCom.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218797834562
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O20 - Winlogon Notify: !SASWinLogon - G:\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - G:\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - G:\Online Armor\oasrv.exe
O23 - Service: Zentimo Assistant (ZentimoService) - Unknown owner - G:\Zentimo\ZentimoService.exe
--
End of file - 7373 bytes"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
You seem to have an external drive (G) plugged in which has/had IOBit360 on it and now Online Armour. Unplug it as it's confusing matters and then run another Hijack This scan on your C: drive only. Post the logfile of the new scan.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards