We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
AV Help :-)
Comments
-
Hurrah !! Combofix is back
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Thanks for this:
ComboFix 09-12-19.03 - charlotte 20/12/2009 16:19:53.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.735.529 [GMT 0:00]
Running from: c:\documents and settings\charlotte\My Documents\qwerty.exe
.
((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 )))))))))))))))))))))))))))))))
.
2009-12-18 00:48 . 2009-12-18 00:48
d
w- c:\program files\CCleaner
2009-12-17 23:54 . 2009-12-17 23:54 388096 ----a-r- c:\documents and settings\charlotte\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-17 23:54 . 2009-12-17 23:54
d
w- c:\program files\TrendMicro
2009-12-17 23:31 . 2009-12-17 23:31
d
w- c:\documents and settings\charlotte\Application Data\AVG8
2009-12-17 22:56 . 2009-12-17 22:56
d
w- c:\documents and settings\charlotte\Application Data\Malwarebytes
2009-12-17 22:56 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 22:56 . 2009-12-18 20:10
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 22:56 . 2009-12-17 22:56
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-17 22:56 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 20:50 . 2009-12-03 20:50
d
w- c:\documents and settings\charlotte\Bluetooth Software
2009-11-29 22:31 . 2009-11-29 22:31
d
w- c:\program files\CardRecovery
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-18 00:45 . 2009-09-20 19:24
d
w- c:\program files\Yahoo!
2009-12-18 00:43 . 2008-06-27 21:32
d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 00:40 . 2008-06-28 20:21
d
w- c:\program files\FirstClass
2009-12-18 00:40 . 2009-05-12 21:11
d
w- c:\documents and settings\All Users\Application Data\EPSON
2009-10-26 21:45 . 2008-06-28 20:09 94680 -c--a-w- c:\documents and settings\charlotte\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-22 19:21 . 2009-10-22 19:21
d
w- c:\documents and settings\charlotte\Application Data\HpUpdate
2009-10-12 20:27 . 2009-10-12 20:27 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2009-03-21 14:06 . 2004-08-04 12:00 168032 --sha-r- c:\windows\system32\vngbjjs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"PRISMSVR.EXE"="c:\program files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE" [2004-07-02 295001]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\charlotte\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-19 565309]
U.S. Robotics Wireless USB Adapter.lnk - c:\program files\U.S. Robotics\Wireless USB Manager\USR11G.exe [2004-9-8 315392]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3696:TCP"= 3696:TCP:fvfsafp
R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [27/06/2008 22:08 26624]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [31/10/2008 21:47 182101]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [31/10/2008 21:47 5689]
R3 RSC4_A02;U.S. Robotics Wireless USB Adapter Driver;c:\windows\system32\drivers\RSC4USB.sys [12/10/2009 20:28 380160]
S2 fpddpwzgw;Server Driver;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 12:00 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fpddpwzgw
.
Supplementary Scan
.
uStart Page = hxxp://forums.moneysavingexpert.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 16:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fpddpwzgw]
"ServiceDll"="c:\windows\system32\vngbjjs.dll"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(1876)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-20 16:26:06
ComboFix-quarantined-files.txt 2009-12-20 16:26
Pre-Run: 7,489,052,672 bytes free
Post-Run: 7,661,494,272 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 1CD8A5A5576075053FF944710A7A80FCUsing my phone to post - apologies in advance for any typos0 -
Log looks clean at 1st glance. As malwarebytes found what it did id recommend installing AVIRA as your main av ~
Download AVIRA (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_antivir/
UPDATE it and run a full system scan:idea:0 -
Still having the same problem, i can't connect to the internet when trying to register it (have unticked it now to see if that makes a difference)Using my phone to post - apologies in advance for any typos0
-
You dont need to register it ~ just continue without filling it in:idea:0
-
Because i've unticked it, it seems to have downloaded ok, and is just doing an update!Using my phone to post - apologies in advance for any typos0
-
Sounds like your hosts file is infected
Download HostsXpert
http://www.softpedia.com/get/Security/Security-Related/Hoster.shtml
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
(Before or after the avira scan):idea:0 -
I think thats where i may have been going wrong when i previously downloaded it...still having problem accessing windows update/norton's/kasperskys websiteUsing my phone to post - apologies in advance for any typos0
-
Post back here once youve run avira and reset the hosts file:idea:0
) This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.9K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 242.9K Work, Benefits & Business
- 619.7K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards