Jump to content

partner37.mydomainuser infections

Recommended Posts



DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_30

Run by Owner at 21:33:08 on 2012-04-12

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1307 [GMT 10:00]


AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled*


============== Running Processes ===============



C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch


C:\WINDOWS\System32\svchost.exe -k netsvcs





C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\D-Tools\daemon.exe


C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe



C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe


C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe



C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\cvsnt\cvsservice.exe

C:\Program Files\cvsnt\cvslock.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe


C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe


C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe



============== Pseudo HJT Report ===============


uStart Page = hxxp://search.orbitdownloader.com

uInternet Settings,ProxyOverride = <local>;*.local

uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll

uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof0.dll

mURLSearchHooks: H - No File

uWinlogon: Shell=explorer.exe,

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof0.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WacomService] c:\windows\system32\Tablet.exe

uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033

mRun: [EPSON Stylus Photo R230 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"


mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{304cd7dc-c73d-4c2f-8af5-3e56f1214afb}\IcoUltraMon.ico

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Authentication Packages = msv1_0 setuid

Hosts: www.spywareinfo.com


================= FIREFOX ===================


FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\4h5le8pu.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bfbe559bc-c9c8-4a73-81a1-ae907b6f9cdd%7D&mid=e12acdd4c9931a32b26f81998d0b5d48-764a48fdf63c851beeb7a26319778d2eee14c6bb&ds=AVG&v=〈=en&pr=pr&d=2011-10-23%2013%3A46%3A07&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - plugin: c:\documents and settings\owner\application data\igg\web3d\\NPIGGWeb3DUpdater.dll

FF - plugin: c:\documents and settings\owner\application data\igg\web3d\\NPJoyConnectShell.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll



FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false


============= SERVICES / DRIVERS ===============


R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-3-30 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-3-30 5248]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 295248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 CVS;CVSNT;c:\program files\cvsnt\cvsservice.exe [2004-8-19 35328]

R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-31 2348352]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2009-3-27 670592]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 Audsqtarwipt;Audsqtarwipt; [x]

S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2004-6-9 502784]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 Pcisene;Pcisene; [x]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-8-5 100496]

S3 VBoxNetFlt;VBoxNetFlt Service; [x]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 xcpip;TCP/IP Protocol Driver; [x]

S3 XDva262;XDva262;\??\c:\windows\system32\xdva262.sys --> c:\windows\system32\XDva262.sys [?]

S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?]

S3 XDva280;XDva280;\??\c:\windows\system32\xdva280.sys --> c:\windows\system32\XDva280.sys [?]

S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]

S3 XDva300;XDva300;\??\c:\windows\system32\xdva300.sys --> c:\windows\system32\XDva300.sys [?]

S3 XDva310;XDva310;\??\c:\windows\system32\xdva310.sys --> c:\windows\system32\XDva310.sys [?]

S3 XDva323;XDva323;\??\c:\windows\system32\xdva323.sys --> c:\windows\system32\XDva323.sys [?]

S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]

S3 XDva346;XDva346;\??\c:\windows\system32\xdva346.sys --> c:\windows\system32\XDva346.sys [?]

S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?]

S3 xpsec;IPSEC driver; [x]


=============== Created Last 30 ================


2012-04-12 10:45:28 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-11 13:38:22 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys

2012-04-11 13:38:22 -------- d-----w- c:\program files\AMD

2012-04-11 13:38:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\Downloaded Installations

2012-04-11 13:38:12 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP

2012-04-11 12:42:44 1606656 ----a-w- C:\SteamInstall.msi

2012-04-04 07:05:27 40960 ----a-r- c:\windows\system32\psfind.dll

2012-04-04 07:01:10 -------- d-----w- c:\program files\THQ

2012-03-31 15:31:55 -------- d-----w- c:\documents and settings\owner\local settings\application data\Navman_Technology_New_Zea

2012-03-31 15:29:12 -------- d-----w- c:\program files\Navman

2012-03-31 04:26:52 -------- d-----w- c:\documents and settings\all users\application data\Battle.net

2012-03-19 13:56:14 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-19 13:56:14 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll


==================== Find3M ====================


2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-31 11:14:01 293992 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-03-31 11:14:01 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-03-31 11:13:57 293992 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-02-29 23:58:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-29 23:58:00 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-29 23:58:00 5918720 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-29 23:58:00 4309760 ----a-w- c:\windows\system32\nv4_disp.dll

2012-02-29 23:58:00 2522944 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-29 23:58:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-29 23:58:00 2291712 ----a-w- c:\windows\system32\nvapi.dll

2012-02-29 23:58:00 18624512 ----a-w- c:\windows\system32\nvoglnt.dll

2012-02-29 23:58:00 17534976 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-29 23:58:00 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-02-29 23:58:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-29 20:30:31 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-02-29 20:30:24 15494464 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:30:24 143680 ----a-w- c:\windows\system32\nvcolor.exe

2012-02-29 20:30:23 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-02-29 20:30:23 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-28 18:50:30 667136 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 18:50:30 61952 ----a-w- c:\windows\system32\tdc.ocx

2012-02-28 18:50:29 81920 ----a-w- c:\windows\system32\ieencode.dll

2012-02-28 13:50:54 369664 ----a-w- c:\windows\system32\html.iec

2012-02-28 00:42:36 15036792 ----a-w- C:\Dropbox 1.2.52.exe

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-17 04:02:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2009-11-19 11:08:02 3749224 ----a-w- c:\program files\common files\adlmint_libFNP.dll

2009-11-19 11:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll

2009-11-07 12:05:22 3977616 ----a-w- c:\program files\RegistryEasy.exe


============= FINISH: 21:34:28.95 ===============

Link to post
Share on other sites


Logs will be closed if you haven't replied within 3 days

Sorry about the delay in responding :(

We look for post with 0 replies, so when you replied to your own topic, we assumed you were being helped.

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Overall my computer performs quite fast, only when initially opening firefox that it seems to lag/slow a bit (I assume its from loading plugins and extensions)

The problem I had is when I try to open a certain websites (this websites are deemed to be safe), it seems to trigger the malware/infection because it would immediately cause 2 popups, and from then on, any random website I access (any website that I frequently visit) would be redirected to partner37.mydomainuser.com...

here are my Malwarebytes scan

Malwarebytes Anti-Malware


Database version: v2012.04.16.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Owner :: HOME1-1C141FE58 [administrator]

16/04/2012 3:58:32 PM

mbam-log-2012-04-16 (15-58-32).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 597563

Time elapsed: 2 hour(s), 4 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)


Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.