rigggary99
Members-
Content Count
13 -
Joined
-
Last visited
About rigggary99
-
Rank
Member
-
Hopefully looking abit better! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:06:47, on 04/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISP
-
Here you go: ComboFix 09-04-01.01 - Gary Riggs 2009-04-03 17:54:14.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1601 [GMT 1:00] Running from: c:\documents and settings\Gary Riggs\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------
-
GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-04-03 08:19:35 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB2D2C44A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB2D2C4E1] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB2D2C3F8] Cod
-
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:40:33, on 03/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\RUNDL
-
I have re-installed Mcafee - it had a tendancy to randomly say "your not fully protected" for about 30 secs before deciding to say it was, apparently its a bug due to a conflict. Reinstall should fix it - just incase you see anything below thats different. I have always been picky about my Pc's speed, but to be honest, I have not noticed a difference. Although its nice to see all those logs above saying "deleted" to certain pesky little buggers. Amazes me that I pay £19.99 for anti-virus and yet all these free progs do a better job! Im ever so thankfull for your time.... As requested: Logfile
-
My god that second part took aaages! SDFix: Version 1.240 Run by Gary Riggs on 02/04/2009 at 23:00 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\DOCUME~1\GARYRI~1\LOCALS~1\Temp\TMP15.tmp - Deleted C:\DOCUME~1\GARYRI~1\LOCALS~1\Temp\TMP17.tmp - Deleted C:\DOCUME~1\GARYRI~1\LOCALS~1\Temp\TMP1B.tmp - Deleted C:\DOCUME~1\GARYRI~1\LOCALS~1\Temp\TMP1F.tmp - Deleted C:\DOCUME~1\GARYRI~1\LOCALS~1\Temp\TMP24.tmp - Deleted C:\DOCUME~1\GARYRI~1\LOCALS~1\T
-
You sure can Mr Rock! Here it is: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:43:37, on 02/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~
-
Hello again, sorry for delay. Yes, after the first scan I had to reboot as Mbam told me there was one thing it could not remove. I done a reboot, then checked msconfig - then realised that I had unticked a few "dodgy" things. So I actiavated them again, and ran a scan - and it deleted the other entries (the second scan) I rebooted again, and now the scan picks up nothing, also, the entries have been removed from msconfig and scans no longer pick things up.
-
Thanks ever so much for your helping hand. Luckily I logged onto my internet banking only 1 hour after the money was taken. The type of tranfere that they done only takes 2 hours to complete, although it was taken out of my account, it was actually in a "holding" deposit at my bank waiting to be completed. Just very very lucky I cought it when I did. Could you confirm if any of the below or anythign you have seen in the log files could enable anybody to gain access to my bank / login details? I have done as you asked and below is 2 logs - I completed the first scan and it found a few things (n
-
Hey guys - Just had a very weird 2 hours... just checked my internet banking only to discover that at 4:15pm (gmt) somebody got onto my internet banking and wiped out mine and my other halfs savings. I should mention that I consider myself very computer literate, anti-virus always kept upto date etc... I am completely baffled as to how they got my details. I did notice the other day that my anti-virus went off for a few mins, within that time I cought the dreaded vundo virus - I have ran all the correct programs and apparenty I am now "clean" Please would one of you experts just have a random