Home > Possible Infection > Possible Infection Ran Combofix Log Attached

Possible Infection Ran Combofix Log Attached

Share this post Link to post Share on other sites This topic is now closed to further replies. Press Scan button. Constantly restarts. Blindly typing into search engines led me to the following site which contained info about the Primary IDE's Direct Memory Access (DMA) possibly being set from Ultra DMA Mode 5 to this contact form

Back to top #3 Fion Fion Topic Starter Members 9 posts OFFLINE Local time:08:44 PM Posted 11 December 2008 - 10:36 PM Here is the hijackthis log:Logfile of random's system Please post the "C:\ComboFix.txt" for further review ****Note: Do not mouseclick combofix's window while it's running. Yes, my password is: Forgot your password? That may cause it to stall. https://www.bleepingcomputer.com/forums/t/185961/possible-infection-ran-combofix-log-attached/

Infection restricted only to that User. So, I tried Panda's online system scan and it brought up 9 items. MyWay dir does not exist, so it could not be uninstalled, so I removed the registry entry via CCleaner. I'll run a new log and attach once you up the Combo-Do.txt file.

  • File Attachment: log.txt Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos1 Stats Re: Browser redirect issues - possible Happili infection? (help, Quads...) Posted: 14-May-2012 | 1:17AM •
  • This applies only to the originator of this thread.
  • Thanks in advance, G Jun 20, 2007 #14 momok TS Rookie Posts: 2,265 Hi, Your logs look clean now.
  • Then attach the below logs: * C:\ComboFix.txt * C:\MGlogs.zip TimW, Jun 1, 2009 #13 wormgod Private E-2 Here are the two logs.
  • TechSpot is a registered trademark.
  • Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos1 Stats Re: Browser redirect issues - possible Happili infection? (help, Quads...) Posted: 13-May-2012 | 8:24PM • Permalink The file

I also wanted to say a BIG thank you to all those who have helped me along the way. Very annoying. Already have an account? Regards, Your friendly momok =) This thread is for the use of Gazington only.

I'm going out of town for a few days, so I will start the cleanup when I get back. Click apply/ok for each service you disable. Dark_Matter: Attached is the latest ComboFix log. possible infection ran combofix log attached Started by Fion , Dec 11 2008 10:05 PM This topic is locked 11 replies to this topic #1 Fion Fion Members 9 posts OFFLINE

Ran CCleaner. Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). Several functions may not work. TechSpot Account Sign up for free, it takes 30 seconds.

That may cause it to stall.2. news Should you have any further problems, please post in this thread. Hope you can help getting rid of my pesky trojans!Regards,Robin Attached File(s) ComboFix.txt ( 15,37K ) Number of downloads: 10 Robin R View Member Profile 14.11.2008 23:44 Post #4 You need to turn that off and leave it off.

Restarted and re-ran MBR.exe and got the same output in the log (i.e. "malicious code"). weblink Instructions shown here*note, your PC will restart after running the code, so save and exit all non-essential programs and documents prior to running.CODEbeginSetAVZGuardStatus(True);SearchRootkit(true, true); DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}'); DelBHO('{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}'); DelBHO('{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}'); DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}'); QuarantineFile('C:\mbenwjpy.exe',''); QuarantineFile('C:\Windows\System32\TDSScrrx.dll',''); QuarantineFile('C:\ddmjd.exe',''); Using the site is easy and fun. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators

However I could'nt disable AVG for some reason. O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm813XXUS O15 - Trusted Zone: http://www.bomis.com O15 - Trusted Zone: http://www.xfm.co.uk O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - Yes, my password is: Forgot your password? navigate here After you have completed all of the steps, you need to post your hardware specs: OS, Processor, Ram, HDD, etc....

Do not "re-run" Combofix. On checking out my Primary IDE's DMA.... So I immediatly logged off and logged on Admin user.

Things are a lot better.

Please remove ComboFix by going to Start > Run (or type it in the search field in the Start menu), and type: combofix /uninstall 2. Find attached ComboFix log file: ------------------------------BEGIN ----------------------------------------- ComboFix 10-06-01.01 - Admin 06/02/2010 8:39.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.481 [GMT 10:00] Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Change file age to 60 days Press the  An OTL.txt will be created. Then I installed Malware Bytes and Super Antispyware.

Is it possible the program did that?Thanks anyway!Robin dawgg View Member Profile 15.11.2008 16:58 Post #5 Helper Group: Moderators Posts: 9309 Joined: 6.04.2006 From: London Hello.Its not over yet - Join the community here, it only takes a minute. G Jun 21, 2007 #17 momok TS Rookie Posts: 2,265 Let us know the results then. his comment is here Thanks for all your help in getting me down the right path.

My antivirus and firewall had not been loaded on restart. As far as undoing changes, I have never needed to, so I do not know. It seemed to be going great guns but, unfortunately, it hung after the scan appeared to finish. After ComboFix finished and the PC restarted, to my absolute WTF moment, I found that it had made massive changes to my system including removing AVG Antivirus and whole lot of

Have also attached an up-to-date Combofix log. Regards, Your friendly momok =) Jul 3, 2007 #22 (You must log in or sign up to reply here.) Show Ignored Content Topic Status: Not open for further replies. Many thanks again for the advice! Ask a question and give support.

Check  Click the  button. This shows that you have TWO anti-virus programs on the computer. This will ask Combofix to execute the instructions within my file. Am still puzzled on how I got the infection.

GetLogs.bat kept hanging and generating "NTVDM encountered a system error" messages, so I finally killed it and just re-ran the MGTools.exe that I originally downloaded. Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix. Avenger log and MGLogs.zip are attached. Regards, Your friendly momok =) This thread is for the use of Gazington only.

Do not mouse-click Combofix's window while it is running. This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults. Quads armygirl44 Contributor4 Reg: 12-May-2012 Posts: 23 Solutions: 0 Kudos: 0 Kudos0 Re: Browser redirect issues - possible Happili infection? (help, Quads...) Posted: 12-May-2012 | 9:48PM • Permalink Unfortunately, whatever's wrong Quads armygirl44 Contributor4 Reg: 12-May-2012 Posts: 23 Solutions: 0 Kudos: 0 Kudos0 Re: Browser redirect issues - possible Happili infection? (help, Quads...) Posted: 13-May-2012 | 12:54AM • Permalink File insight says