Search:

All looks fine, Malware reports everything is clean. Thanks for your help.

-m

That looks like it worked. After the scan it acted like it was still there Still could not uncheck the use proxy.
However, after I did a reboot the Use proxy was unchecked and both IE and Firefox...

Hi,

So I reran RogueKiller. I scanned as before then looked under the registery tab. I clicked the two PUM proxy items and deleted them.

I tried IE and the results are the same, it is looking...

Below is the RogueKiller Log:

RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website :...

Sorry, forgot to tell you, I did the IE reset as well after trying to uncheck the Use Proxy.

Cheers -m

IE does not let me uncheck the Use proxy nor allow me to delete the proxies it has set 127.0.0.1:8800

I scanned anyway with AdwClean. OK, partial success. After the scan Firefox came back alive, ...

Earlier I had an IE Proxy Hijack. I thought I had fixed it but it or something similar has raised its head again.

see:...

I am using Windows 7 and IE. I believe my browser network connection has been hijacked.
When I look at my network connection settings it is set on use proxy and the porxy
is set to 127.0.0.1:8800....

Yep, I think we are good. Some of the stuff was just closed ports and processes that needed to be restarted.

Thanks for the help. I owe you my first born.

Just for my education could you give...

You were correct about the snapshot section:

here is the comboFix file with the section removed:

ComboFix 07-11-02.3 - MIA-KITTY 2007-11-04 8:17:12.3 - NTFSx86
Microsoft Windows XP...

The comboFix file is very large 120,000 characters long. This posting program will only let me post upto 20,000 char how do I post? Or do I attach?

Mean while the HJT file is:


Logfile of...

looks like my VNC port has been closed as VNC does not appear to be working any more.

Mike

Is there anyway to find out what changes all of this has done to my computer? It looks like I have to go back and re-setup some things.

I notice that all of my secure ssh is no longer working....

What is the next step or have we finished?

Mike

Here is the new HJT log file. How am I doing?


***************************************

New HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:19 PM, on 11/2/2007...

Ok had a bit of a snag with this one. I forgot to disable script blocking in NAV. So on reboot while running ComboFix NAV sent me a warning and the system froze. I rebooted and got script blocking...

Ok I have rebooted after SuperAntiSpyware. The resulting scan log is:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/02/2007 at 05:49 PM

Application Version :...

Ok SuperAntiSpyWare has finished. It says I still have 5 items of Vundo as well as some downloaders I will continue as per the instructions but here is the Scan log file:


SUPERAntiSpyware Scan...

Thanks for the location of the VundoFix.txt file. It contains the following:


VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and...

Ok I ran VundoFix

It did not generat a text file as far as I can tell bu it did list some files in its window:

C:/windows/system32/exdramn.dll
C:/windows/system32/qomkjjg.dll

I clicked...

Ok here is the hijack this file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:04 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00...

Hi I believe I am having problems with with virtumonde and maybe others.

I have tried Norton Symantic, and MS One care, virus scanners both have reported differing viruses which I removed.

I...