rigggary99

Hopefully looking abit better! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:06:47, on 04/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISP

Here you go: ComboFix 09-04-01.01 - Gary Riggs 2009-04-03 17:54:14.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1601 [GMT 1:00] Running from: c:\documents and settings\Gary Riggs\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------

GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-04-03 08:19:35 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB2D2C44A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB2D2C4E1] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB2D2C3F8] Cod

Weird, although the HJT log says: O20 - AppInit_DLLs: pvfwnn.dll smuwtr.dll c:\windows\system32\zamopage.dll Zamopage does not actually exist... When I try to upload, it says "Error, cant upload" as the files does not exist....

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:40:33, on 03/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\RUNDL

I have re-installed Mcafee - it had a tendancy to randomly say "your not fully protected" for about 30 secs before deciding to say it was, apparently its a bug due to a conflict. Reinstall should fix it - just incase you see anything below thats different. I have always been picky about my Pc's speed, but to be honest, I have not noticed a difference. Although its nice to see all those logs above saying "deleted" to certain pesky little buggers. Amazes me that I pay £19.99 for anti-virus and yet all these free progs do a better job! Im ever so thankfull for your time.... As requested: Logfile

My god that second part took aaages! SDFix: Version 1.240 Run by Gary Riggs on 02/04/2009 at 23:00 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\DOCUME~1\GARYRI~1\LOCALS~1\Temp\TMP15.tmp - Deleted C:\DOCUME~1\GARYRI~1\LOCALS~1\Temp\TMP17.tmp - Deleted C:\DOCUME~1\GARYRI~1\LOCALS~1\Temp\TMP1B.tmp - Deleted C:\DOCUME~1\GARYRI~1\LOCALS~1\Temp\TMP1F.tmp - Deleted C:\DOCUME~1\GARYRI~1\LOCALS~1\Temp\TMP24.tmp - Deleted C:\DOCUME~1\GARYRI~1\LOCALS~1\T

You sure can Mr Rock! Here it is: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:43:37, on 02/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~

Hello again, sorry for delay. Yes, after the first scan I had to reboot as Mbam told me there was one thing it could not remove. I done a reboot, then checked msconfig - then realised that I had unticked a few "dodgy" things. So I actiavated them again, and ran a scan - and it deleted the other entries (the second scan) I rebooted again, and now the scan picks up nothing, also, the entries have been removed from msconfig and scans no longer pick things up.

Thanks ever so much for your helping hand. Luckily I logged onto my internet banking only 1 hour after the money was taken. The type of tranfere that they done only takes 2 hours to complete, although it was taken out of my account, it was actually in a "holding" deposit at my bank waiting to be completed. Just very very lucky I cought it when I did. Could you confirm if any of the below or anythign you have seen in the log files could enable anybody to gain access to my bank / login details? I have done as you asked and below is 2 logs - I completed the first scan and it found a few things (n

Hey guys - Just had a very weird 2 hours... just checked my internet banking only to discover that at 4:15pm (gmt) somebody got onto my internet banking and wiped out mine and my other halfs savings. I should mention that I consider myself very computer literate, anti-virus always kept upto date etc... I am completely baffled as to how they got my details. I did notice the other day that my anti-virus went off for a few mins, within that time I cought the dreaded vundo virus - I have ran all the correct programs and apparenty I am now "clean" Please would one of you experts just have a random