Search:

Thankyou for your excellent help and the time you put in with a some what computer illiterate person.

I will down load your recomendations, and read the manuals so that i hopefully wont need to...

I am crossing my fingers that you will give be a clean bill of health ;)


Logfile of HijackThis v1.99.1
Scan saved at 02:49:24, on 2006-12-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE:...

Angelfire, your a genius, the security centre is working, everything seems to be as it should be....Thanks for your time and help.

Thanks for everything....let me know if i need send anymore...

Angelfire,

I hope that everything is ok, you need not apologise nor go out of your way to help...take all the time you need.

I have downloaded the file, i can now access the security centre but...

Angelfire,

Sorry for the delay, i missed your last post.....anyway...

Followed your instructions and am still unable to access my sercurity centre, again it tells me it is unable to locate the...

Followed your instructions to the letter, still comes up with the same message.

Merry xmas by the way.

And i wont be gong anywhere, i am at your mercy so you take as long as you need.

I have sent the email to you....

uhmmm consider me dumb but i am a little perplexed with the following lines, can you please ellaborate..

Make sure there are NO blank lines before REGEDIT4...

I need to email it......sorry.

And to answer your questin about the computer running ok...it seems to be fine...however i cannot access my sercurity center at all..it tells me this.....

Swedish...

This is going to be huge do you want me to keep posting or is there are certain part of the log you want?

.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlActivateActivationContext + 1E 7C91762B 7 Bytes [ 80, 24, 00, 00, 80, 57, 00 ]...

.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFindCharInUnicodeString + 2F 7C915B98 176 Bytes [ 39, 75, E4, 74, 03, 6A,...

.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlGetLongestNtPathLength + 21 7C914800 102 Bytes [ 00, 8B, 00, 89, 45, E0,...

.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDeleteCriticalSection + A5 7C91192F 9 Bytes [ 15, 54, 12, 94, 60, 8B, F8,...

.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSuspendProcess + B 7C90E845 12 Bytes [ FF, 85, F6, 75, 08, 6A, 08,...

7C90DBBC 18 Bytes [ 00, 00, 89, 50, 08, 89, 48, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtLockProductActivationKeys + D ...

.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAccessCheckAndAuditAlarm + 3 7C90D3A6 55 Bytes [ 90, 90, 90, 90, 90, 8B, FF,...

.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!sin + 39 7C901718 34 Bytes [ 85, BC, FD, FF, FF, 50, FF,...

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!_abnormal_termination + 104 ...

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-24 03:45:26
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\vsdatant.sys ...

i cant seem to be able to post the gmer log...seems that when i try the ie slows right down then it fails to find the website....did that make any sense?

Yes i had nortons before, but i got rid of it, it was actually during that phase that i seemed to get all these viruses...my fault.

Yes Shaba was my previous handler and i have nothing against...

VundoFix V6.2.13

Checking Java version...

Sun Java not detected
Scan started at 13:43:38 2006-12-01

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\mljgf.dll

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\irmhbyit

*******************

Script file located at:...

************************* Rustock.b-fix -- By ejvindh *************************
2006-12-22 16:10:45,21

******************* Pre-run Status of system *******************

Rootkit driver PE386 is...

Logfile of HijackThis v1.99.1
Scan saved at 17:04:22, on 2006-12-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:...

Being a typical guy i was inpatient so i proceeded with the the other actions, I PROMISE I WONT DO IT AGAIN.

Ok logs from everything...

AVG Anti-Spyware - Scan Report...

Angelfire 777, i only had one log produced from the rustbfix...avenger txt...

should i continue on with the remaining actions...?

I have submitted the file to uploadmalware....

here is a...

Logfile of HijackThis v1.99.1
Scan saved at 14:31:32, on 2006-12-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:...

VundoFix V6.2.13

Checking Java version...

Sun Java not detected
Scan started at 13:43:38 2006-12-01

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\mljgf.dll

SDFix: Version 1.51
****************

2006-12-22 - 14:03:45,52

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Stage One - Safe Mode

I have somehow picked a what i suspect to be malware...and i am not sure where i got it from...however i suspect it was from a spam mail....anyway here is my HJT.LOG

And my windows security centre...

Shaba, looks like i spoke too soon. After rebooting the computer it was turned off again, even after setting it to automatic, obviously i have some type of conflict there, but i haven't the foggiest...

Shaba, you have just been elevated to one of my smartest person alive catergories... yes the security center is up and running.

All seems good.

Do i need do anything else?

If not thankyou...

Shabas, thx for your help and patience.... ok, ran the through the steps, and it still isn't working.... ran a spybot test as well and it came back clean...

So now where do we go...

again thx...

Kaspersky Online Scanner 5.0.83.0 (Kaspersky Online Scanner)
estimated size: 6040
install location: C:\WINDOWS\system32\KASPER~1\KASPER~1
uninstall cmd:...

--- Process list ---
PID: 0 ( 0) [System]
PID: 700 ( 4) \SystemRoot\System32\smss.exe
PID: 772 ( 700) \??\C:\WINDOWS\system32\csrss.exe
PID: 804 ( 700)...

--- Browser helper object list ---
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
BHO name:
CLSID name:
Path: C:\Program\Delade filer\Symantec...

Ok security centre still not working.

Copy of spybot report.


--- Search result list ---
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
...

System seems to be working ok now, however, i ran a sybot check and it told me i had several problems.

My security centre still isn't working, is this due to the nortons program?

Apart from...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 02, 2006 9:32:38 PM
Operating System: Microsoft Windows XP...

Shaba, i was in complete panic, thanks for the asurances.... ;)

as requested, a fresh hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 21:33:23, on 2006-12-02
Platform: Windows XP...

Kaspersky report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 02, 2006 3:25:08 PM
Operating System:...

virustotal log:

STATUS: FINISHEDComplete scanning result of "fcplugin.dll", received in VirusTotal at 12.02.2006, 18:05:29 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.46 12.02.2006 ...

Shabas, as requested the associated reports....how come the Kaspersky says it found so many viruses yet my program and every other says nothing?

Highjack log:

Logfile of HijackThis v1.99.1...

a new hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 22:15:34, on 2006-12-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running...

Ewido log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:51:00 2006-12-01...

c:\ vundofix.txt


VundoFix V6.2.13

Checking Java version...

Sun Java not detected
Scan started at 13:43:38 2006-12-01

Hi shaba, well i believe i did everything as asked and correctly but i guess i'll find out from you shortly....:red:

as requested:

c:\rapport.txt

SmitFraudFix v2.126

Scan done at...

Shaba's, as requested:

Logfile of HijackThis v1.99.1
Scan saved at 22:04:28, on 2006-11-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running...

Hi Shaba and thnx,

I have changed the HJT.exe, and followed the link you posted on the smitfraudFix... However when i go in and double click the smitfraudfix.cmd
it opens up and responds thus:- ...