|
|
gareth5506
regular
Reg'd: Thu
Posts: 59
|
|
Here's the log I received:
ComboFix 09-10-28.08 - Owner 30/10/2009 12:31.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.959.479 [GMT 0:00]
Running from: C:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\inst.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.
2009-10-28 11:30 . 2009-10-28 11:30 -------- d-----w- C:\HostsXpert 4.2 - Hosts File Manager
2009-10-28 11:28 . 2009-10-28 11:28 353485 ----a-w- C:\HostsXpert.zip
2009-10-24 13:48 . 2009-10-29 12:11 -------- d-----w- C:\$AVG8.VAULT$
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 12:42 . 2008-04-16 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-10-30 12:24 . 2009-10-30 12:24 3427862 ----a-r- C:\ComboFix.exe
2009-10-30 11:55 . 2009-01-30 10:38 2161 --sha-w- c:\windows\system32\mmf.sys
2009-10-29 11:31 . 2009-03-07 11:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Spotify
2009-10-24 15:12 . 2005-10-09 14:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-19 17:53 . 2005-09-07 14:16 66704 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-26 12:54 . 2009-09-26 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-09-26 12:54 . 2009-09-26 12:53 -------- d-----w- c:\program files\AVS4YOU
2009-09-26 12:53 . 2009-09-26 12:53 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-09-12 15:05 . 2009-09-12 12:41 -------- d-----w- c:\program files\Disable Startup
2009-09-12 15:05 . 2009-02-01 17:34 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-09-12 12:05 . 2009-02-01 17:34 -------- d-----w- c:\program files\DNA
2009-09-11 14:18 . 2004-08-10 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 09:51 . 2009-03-21 15:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 09:51 . 2009-03-21 15:35 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 09:51 . 2007-01-13 12:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 08:00 . 2004-08-10 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-11 12:47 . 2007-07-23 13:25 69632 ----a-w- c:\windows\system32\realbap1.dll
2009-08-11 12:47 . 2007-07-23 13:25 45568 ----a-w- c:\windows\system32\realbsf1.dll
2009-08-06 19:24 . 2005-09-03 11:28 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 19:24 . 2005-09-03 11:28 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 19:24 . 2005-09-03 11:27 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 19:24 . 2005-05-26 03:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 19:24 . 2005-09-03 11:27 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 19:24 . 2004-08-10 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 19:23 . 2005-09-03 11:27 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 19:23 . 2005-09-03 11:27 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-08-10 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-05-30 10:17 . 2009-05-30 10:17 13464320 ----a-w- c:\program files\Songbird.exe
2009-05-27 11:11 . 2009-05-27 11:10 8961432 ----a-w- c:\program files\cuteftppro.exe
2009-05-25 12:45 . 2009-05-25 12:45 3925567 ----a-w- c:\program files\FileZilla_3.2.4.1_win32-setup.exe
2009-05-16 12:19 . 2009-05-16 12:19 200903 ----a-w- c:\program files\FMD-Setup.exe
2005-10-24 14:52 . 2005-10-09 14:39 560 ----a-w- c:\program files\Global.sw
2005-10-09 15:13 . 2005-10-09 15:13 3735766 ----a-w- c:\program files\Mp3Splitter.zip
2005-10-09 13:53 . 2005-10-09 13:53 246168 ----a-w- c:\program files\px3_ac3_to_wav.rar
2008-09-20 10:11 . 2008-09-20 10:09 24 --sh--w- c:\windows\S1659999E.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NOMAD Detector"="c:\program files\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE" [2002-03-05 18432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WatchDog"="c:\program files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 191488]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"NOMAD Detector"="c:\program files\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE" [2002-03-05 18432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-01-10 143360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-9 113664]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2005-9-7 102455]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-9-3 565248]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 09:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RealDownload.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RealDownload.lnk
backup=c:\windows\pss\RealDownload.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Media Center Test Kit 2.0 RTM R1\\MCDiag.exe"=
"c:\\Program Files\\Media Center Test Kit 2.0 RTM R1\\MCEHostRemote.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\SadMan Software\\Fives and Threes\\FivesAndThrees.exe"=
"c:\\Program Files\\Winmx\\WinMX.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/03/2009 15:35 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/03/2009 15:35 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/03/2009 15:34 297752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [07/08/2008 09:40 24652]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [07/09/2005 10:02 130112]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [07/09/2005 09:44 11841]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [07/09/2005 10:01 296259]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [07/09/2005 09:44 611444]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [30/01/2009 10:38 2560]
S3 MCMonServer;MCMonServer;c:\program files\Common Files\McMon\McMonServer.exe [21/07/2004 15:01 282808]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Name-Space Handler: ftp\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\system32\nzdd.dll
Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\system32\nzdd.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ohp367dl.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???&???????????????E?@?Disc Detector?A????? ?A? ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?? ????B???@?????P?????@?@ ??????~?B~??????????@?"?????????????????B?????? ???????????????????P??????r?B
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???d????&3?????\??? ??? ???\???\???????????5?B~e?B~\???\?????????a??????C@?\???\??????sd???\??????s\????&3?A??s?&3??C@?x???`|?w\?????@
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:74,3a,ea,7a,01,1a,f6,06,21,62,93,b5,cb,23,e3,91,85,38,0e,f8,ce,56,2c,
d2,a4,f2,d0,33,2d,ee,33,13
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,be,55,66,4e,06,ba,4c,d8,66,9a,0f,4f,39,c4,a1,1d,fa,72,08,2f,25,9c,e8,b6,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\D26BD25DC85E777542CA969E56548E46]
"1"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,22,26,64,2f,88,eb,a4,7b
"2"=hex:2e,2a,64,cc,69,b1,fa,45
"3"=hex:cf,b3,57,12,37,cf,28,eb,1c,26,23,e1,4c,00,90,b5,73,b3,02,ef,d5,ea,84,
9c,e4,b0,e0,f7,7d,4b,73,60,65,ec,dc,82,fc,9d,b5,0f,bc,7c,99,a0,d3,bb,17,d3,\
"4"=hex:d2,0d,ce,4a,5d,73,c2,70
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:9c,0f,26,c5,43,55,e2,9e,79,40,de,a7,ca,bc,f3,99,99,4d,91,38,55,4f,0b,
a5,8f,9b,e5,fc,d6,5f,45,dd,f6,df,ab,53,85,3c,a2,16,6d,58,d5,44,e1,b2,db,fb,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,6b,8d,dd,0b,84,72,f6,
f2,3d,a6,3c,a0,07,7d,db,f3,88,a8,6c,3f,5c,60,94,94,50,c0,20,2f,ff,27,64,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:3d,7b,8c,93,7f,aa,3a,8c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
Completion time: 2009-10-30 12:47
ComboFix-quarantined-files.txt 2009-10-30 12:46
Pre-Run: 140,477,865,984 bytes free
Post-Run: 141,644,918,784 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - 5A2A9A85D3EEC540587FF529A872DFE4
Any wiser what the problem is? I'm not, lol!
Thanks,
Gareth
|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31982
Loc: belfast
|
|
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Killall::
File::
c:\windows\S1659999E.tmp
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
This will start ComboFix again.(it may ask you to reboot your computer)
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
 
When the only tool you own is a hammer, every problem begins to look like a nail. 
|
gareth5506
regular
Reg'd: Thu
Posts: 59
|
|
Combofix got to the bit where it says the log shall be located at C:/combofix.txt and nothing happened for a while, so I thought it had finished. So I clicked the 'X' at the top! Now there is no log file or CFScript.txt.
Shall I do the same processes as last time or would it be dangerous to do so?
Sorry!
Gareth
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31982
Loc: belfast
|
|
follow the same instructions, make sure ALL of your security programs are disabled, and just leave it a bit longer to finish.
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
gareth5506
regular
Reg'd: Thu
Posts: 59
|
|
Here is the latest log:
ComboFix 09-10-30.01 - Owner 31/10/2009 13:47.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.959.462 [GMT 0:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\S1659999E.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\S1659999E.tmp . . . . failed to delete
.
---- Previous Run -------
.
c:\windows\S1659999E.tmp . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.
2009-10-30 12:24 . 2009-10-31 12:59 3430299 ----a-r- C:\ComboFix.exe
2009-10-28 11:30 . 2009-10-28 11:30 -------- d-----w- C:\HostsXpert 4.2 - Hosts File Manager
2009-10-28 11:28 . 2009-10-28 11:28 353485 ----a-w- C:\HostsXpert.zip
2009-10-24 13:48 . 2009-10-29 12:11 -------- d-----w- C:\$AVG8.VAULT$
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 13:58 . 2009-01-30 10:38 2161 --sha-w- c:\windows\system32\mmf.sys
2009-10-31 13:57 . 2009-10-31 13:57 0 ------w- c:\windows\S1659999E.tmp
2009-10-31 13:46 . 2008-04-16 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-10-30 13:58 . 2009-03-07 11:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Spotify
2009-10-24 15:12 . 2005-10-09 14:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-19 17:53 . 2005-09-07 14:16 66704 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-26 12:54 . 2009-09-26 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-09-26 12:54 . 2009-09-26 12:53 -------- d-----w- c:\program files\AVS4YOU
2009-09-26 12:53 . 2009-09-26 12:53 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-09-12 15:05 . 2009-09-12 12:41 -------- d-----w- c:\program files\Disable Startup
2009-09-12 15:05 . 2009-02-01 17:34 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-09-12 12:05 . 2009-02-01 17:34 -------- d-----w- c:\program files\DNA
2009-09-11 14:18 . 2004-08-10 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-28 09:51 . 2009-03-21 15:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 09:51 . 2009-03-21 15:35 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 09:51 . 2007-01-13 12:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 08:00 . 2004-08-10 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-11 12:47 . 2007-07-23 13:25 69632 ----a-w- c:\windows\system32\realbap1.dll
2009-08-11 12:47 . 2007-07-23 13:25 45568 ----a-w- c:\windows\system32\realbsf1.dll
2009-08-06 19:24 . 2005-09-03 11:28 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 19:24 . 2005-09-03 11:28 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 19:24 . 2005-09-03 11:27 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 19:24 . 2005-05-26 03:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 19:24 . 2005-09-03 11:27 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 19:24 . 2004-08-10 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 19:23 . 2005-09-03 11:27 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 19:23 . 2005-09-03 11:27 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-08-10 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-05-30 10:17 . 2009-05-30 10:17 13464320 ----a-w- c:\program files\Songbird.exe
2009-05-27 11:11 . 2009-05-27 11:10 8961432 ----a-w- c:\program files\cuteftppro.exe
2009-05-25 12:45 . 2009-05-25 12:45 3925567 ----a-w- c:\program files\FileZilla_3.2.4.1_win32-setup.exe
2009-05-16 12:19 . 2009-05-16 12:19 200903 ----a-w- c:\program files\FMD-Setup.exe
2005-10-24 14:52 . 2005-10-09 14:39 560 ----a-w- c:\program files\Global.sw
2005-10-09 15:13 . 2005-10-09 15:13 3735766 ----a-w- c:\program files\Mp3Splitter.zip
2005-10-09 13:53 . 2005-10-09 13:53 246168 ----a-w- c:\program files\px3_ac3_to_wav.rar
.
((((((((((((((((((((((((((((( SnapShot@2009-10-30_12.44.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-31 13:58 . 2009-10-31 13:58 16384 c:\windows\temp\Perflib_Perfdata_41c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NOMAD Detector"="c:\program files\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE" [2002-03-05 18432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WatchDog"="c:\program files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 191488]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"NOMAD Detector"="c:\program files\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE" [2002-03-05 18432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-01-10 143360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-9 113664]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2005-9-7 102455]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-9-3 565248]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 09:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RealDownload.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RealDownload.lnk
backup=c:\windows\pss\RealDownload.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Media Center Test Kit 2.0 RTM R1\\MCDiag.exe"=
"c:\\Program Files\\Media Center Test Kit 2.0 RTM R1\\MCEHostRemote.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\SadMan Software\\Fives and Threes\\FivesAndThrees.exe"=
"c:\\Program Files\\Winmx\\WinMX.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/03/2009 15:35 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/03/2009 15:35 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/03/2009 15:34 297752]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [30/01/2009 10:38 2560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [07/08/2008 09:40 24652]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [07/09/2005 10:02 130112]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [07/09/2005 09:44 11841]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [07/09/2005 10:01 296259]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [07/09/2005 09:44 611444]
S3 MCMonServer;MCMonServer;c:\program files\Common Files\McMon\McMonServer.exe [21/07/2004 15:01 282808]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Name-Space Handler: ftp\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\system32\nzdd.dll
Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\system32\nzdd.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ohp367dl.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 13:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???Z???????????????E?@?Disc Detector?A????? ?A? ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?? ????B???@?????P?????@?@ ??????~?B~??????????@???????????????????B?????? ??????????????????????????r?B
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???X????&3?????\??? ??? ???\???\???????????5?B~e?B~\???\?????????a??????C@?\???\??????sX???\??????s\????&3?A??s?&3??C@?x???`|?w\?????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:74,3a,ea,7a,01,1a,f6,06,21,62,93,b5,cb,23,e3,91,85,38,0e,f8,ce,56,2c,
d2,a4,f2,d0,33,2d,ee,33,13
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,be,55,66,4e,06,ba,4c,d8,66,9a,0f,4f,39,c4,a1,1d,fa,72,08,2f,25,9c,e8,b6,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\D26BD25DC85E777542CA969E56548E46]
"1"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,22,26,64,2f,88,eb,a4,7b
"2"=hex:2e,2a,64,cc,69,b1,fa,45
"3"=hex:cf,b3,57,12,37,cf,28,eb,1c,26,23,e1,4c,00,90,b5,73,b3,02,ef,d5,ea,84,
9c,e4,b0,e0,f7,7d,4b,73,60,65,ec,dc,82,fc,9d,b5,0f,bc,7c,99,a0,d3,bb,17,d3,\
"4"=hex:d2,0d,ce,4a,5d,73,c2,70
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:9c,0f,26,c5,43,55,e2,9e,79,40,de,a7,ca,bc,f3,99,99,4d,91,38,55,4f,0b,
a5,8f,9b,e5,fc,d6,5f,45,dd,f6,df,ab,53,85,3c,a2,16,6d,58,d5,44,e1,b2,db,fb,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,6b,8d,dd,0b,84,72,f6,
f2,3d,a6,3c,a0,07,7d,db,f3,88,a8,6c,3f,5c,60,94,94,50,c0,20,2f,ff,27,64,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:3d,7b,8c,93,7f,aa,3a,8c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Creative\Sharedll\Mediadet.exe
.
**************************************************************************
.
Completion time: 2009-10-31 14:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-31 14:03
ComboFix2.txt 2009-10-30 12:47
Pre-Run: 141,622,738,944 bytes free
Post-Run: 141,586,837,504 bytes free
- - End Of File - - EFB0F3717705ADC3AA7FCF54ED6CD835
So what do you think the problem is?
Thanks,
Gareth
P.S. After the very first Combofix run, I don't get the lssass.exe dialogue box coming up on boot up anymore.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31982
Loc: belfast
|
|
What problems do you still have ?
we'll do the cleanup then let me know if there are still any problems.
combofix cleanup.
Time for some housekeeping
- Click START then RUN
- Now type Combofix /u in the runbox and click OK
[list] 
When shown the disclaimer, Select "2"[/list]
The above procedure will:
- Delete the following:[list]
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.[/list]
Then :-
Download and scan with CCleaner - CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
- Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Then select "Cookies"
Move any cookies you wish to retain, e.g. login cookies, in the left-hand window to the right-hand window by highlighting them and clicking the right arrow in the centre.
- Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all entries in the Mozilla Firefox Section.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
- Click the "Run Cleaner" button.
- A pop up box will appear advising this process will permanently delete files from your system.
- Click "OK" and it will scan and clean your system.
- Click "exit" when done.
then DEFRAG your C:\ drive.
to help speed up your system.
then let us know how the computer is running.
HOW DID I GET INFECTED
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
gareth5506
regular
Reg'd: Thu
Posts: 59
|
|
Thank you for all your help. I don't have any problems now that I know of. Do I still have to do all that? I've noticed the runtime error 53 has gone also that I used to experience on shutdown.
Thanks again,
Gareth
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31982
Loc: belfast
|
|
follow all of that, we need to remove combofix and do the clean up.
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
gareth5506
regular
Reg'd: Thu
Posts: 59
|
|
I've done another stupid thing!
I typed in Combofix /u and it said that I had AVG running and leave it on at my own risk. So instead of clicking ok (I thought doing so would take Combofix to the next step), I clicked the 'X' on the dialogue box so that I could switch AVG off and rerun Combofix. However, when I clicked on the 'X' it said Combofix was now uninstalled, which it clearly isn't. I went to run and typed in Combofix /u again, but it said that it couldn't find Combofix.
Is there a way round this or have I really messed up this time?
Thanks,
Gareth
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31982
Loc: belfast
|
|
try this :-
* Click START then RUN and type cmd and click OK to open a command prompt
* Type cd Desktop at the command prompt and hit enter.
* The prompt should change to show you are on at your Desktop folder now.
* Now type COMBO-FIX.EXE. /u and hit the enter key which should run ComboFix's uninstaller.
o Note: The space between the exe and the /U, it must be there.
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
gareth5506
regular
Reg'd: Thu
Posts: 59
|
|
It came back with a message saying that the file is not recognised as as an internal or external command, operable program or batch file.
I saved it in the C drive folder, not the desktop. Is that the problem?
Gareth
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31982
Loc: belfast
|
|
Quote:
Please download ComboFix from Here or Here to your Desktop.
you need to read the instructions and follow them exactly, otherwise we run into problems.
type C:\Combofix /u in the runbox and click OK
take note, there is a space between combofix and /u
see if that works.
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
