We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
hijackthis/malwarebytes file result are they ok combofix too plz
Comments
-
soz thought i had will try againCan you please open malwarebytes and post the WHOLE of the log?
Malwarebytes' Anti-Malware 1.44
Database version: 3531
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
09/01/2010 22:52:22
mbam-log-2010-01-09 (22-52-22).txt
Scan type: Quick Scan
Objects scanned: 19947
Time elapsed: 1 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
It would be highly advisable to run a FULL scan with malwarebytes (Update too):idea:0
-
hi thanks i did a full scan after deleteing those infected ones this was the result ,all clear. so is my pc ok now do you think?
Malwarebytes' Anti-Malware 1.44
Database version: 3531
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/01/2010 13:16:37
mbam-log-2010-01-10 (13-16-37).txt
Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 159528
Time elapsed: 48 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)It would be highly advisable to run a FULL scan with malwarebytes (Update too)0 -
Open notepad and copy/paste the text in RED below
File::
c:\documents and settings\User\Local Settings\Application Data\prvlcl.dat
Save this as "CFScript" (FULL file will be 'CFScript.txt')
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
all done i think does it look ok now.
ComboFix 10-01-04.01 - User 10/01/2010 19:21:45.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.510.295 [GMT 0:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\documents and settings\User\Local Settings\Application Data\prvlcl.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\User\Local Settings\Application Data\prvlcl.dat
.
((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-10 15:28 . 2010-01-10 15:28 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-10 15:28 . 2010-01-10 15:28
d
w- c:\program files\TrendMicro
2010-01-09 22:18 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 22:18 . 2010-01-09 22:18
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 22:18 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-09 21:57 . 2010-01-09 21:57
d
w- c:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 16:41 . 2008-12-05 18:32
d
w- c:\program files\Spybot - Search & Destroy
2010-01-10 16:41 . 2007-05-26 22:07
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-10 15:14 . 2009-04-06 14:41
d
w- c:\documents and settings\User\Application Data\MailWasherFree
2010-01-09 22:47 . 2006-11-11 09:01
d
w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-01-09 22:12 . 2006-10-04 05:14
d--h--w- c:\program files\InstallShield Installation Information
2010-01-09 22:11 . 2009-05-12 13:34
d
w- c:\program files\DK Multimedia
2010-01-08 20:00 . 2007-06-06 09:28
d
w- c:\documents and settings\User\Application Data\Spyware Terminator
2010-01-06 20:00 . 2007-06-06 09:27
d
w- c:\program files\Spyware Terminator
2010-01-04 20:32 . 2007-06-06 09:28
d
w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-12-28 09:04 . 2009-07-30 15:29 5691648 -c--a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-11-21 12:56 . 2007-05-27 09:22
d
w- c:\program files\Canon
2009-11-21 12:55 . 2006-10-04 05:13
d
w- c:\program files\Common Files\InstallShield
2009-11-18 17:08 . 2009-04-06 12:34 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-18 17:08 . 2009-04-06 12:34 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-18 17:08 . 2009-04-06 12:34 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-18 17:08 . 2009-04-06 12:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-18 17:07 . 2009-11-18 17:07
d
w- c:\documents and settings\All Users\Application Data\avg9
2009-11-18 17:07 . 2009-04-06 12:34
d
w- c:\program files\AVG
2009-10-29 07:45 . 2006-03-04 03:33 916480
w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-03-26 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-03-26 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-03-26 1404928]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-31 1817600]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-18 17:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [06/04/2009 12:34 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [06/04/2009 12:34 360584]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [06/06/2007 09:29 141312]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [18/11/2009 17:07 285392]
.
Contents of the 'Scheduled Tasks' folder
2010-01-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
2010-01-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 21:18]
.
.
Supplementary Scan
.
uStart Page = hxxp://google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 19:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-01-10 19:31:16
ComboFix-quarantined-files.txt 2010-01-10 19:31
ComboFix2.txt 2010-01-10 17:01
Pre-Run: 25,256,038,400 bytes free
Post-Run: 25,288,376,320 bytes free
- - End Of File - - 5AB98426166CA3748BE23451174CB1F50 -
Log looks ok to me. I personally wouldnt use Terminator and AVG together though:idea:0
-
Log looks ok to me. I personally wouldnt use Terminator and AVG together though
many thanks much appreciated
what alternative to the terminator would you suggest as i'd like to keep avg.
at the moment i have
free avg 9
zonealarm firewall
ccleaner still installed
hijackthis still installed
compofix still installed
malewarebytes still installed
spyware terminator
did have spybot search and destroy but uninstalled that yesterday.
would like to keep
avg and zonealarm
what else would you suggest as compatable with those 2 also should i leave those others installed or should i uninstall some
any advice greatly appreciated
:beer:0 -
You should never run combofix unless instructed to do so by someone who has a clue what the logs mean
I would personally advise either uninstalling terminator or simply stop it from running at startup
use MALWAREBYTES as a secondary scanner every month or so (unless of course you think you may be infected) ~ needs to be MANUALLY updated and MANUALLY run:idea:0 -
yet again many thanks
will do that with malwarebytes, should i just uninstall combofix and install if problem arises again and i'm asked too.
as too terminator it is only set up to do a scheduled scan once a day the real time thing is switched off at moment. is it ok like that or if i delete it does the other stuff i have installed cover me.
:T
QUOTE=aliEnRIK;28713397]You should never run combofix unless instructed to do so by someone who has a clue what the logs mean
I would personally advise either uninstalling terminator or simply stop it from running at startup
use MALWAREBYTES as a secondary scanner every month or so (unless of course you think you may be infected) ~ needs to be MANUALLY updated and MANUALLY run[/QUOTE]0 -
It 'should' be ok to leave it like that I suppose. Though from experience even just having certain av programs installed can cause problems:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.1K Banking & Borrowing
- 252.8K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 243K Work, Benefits & Business
- 597.4K Mortgages, Homes & Bills
- 176.5K Life & Family
- 256K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards