[Daemon]

Go to Jotti's malware scan

Copy and paste the following file path into the "File to upload & scan" box on the top of the page:

C:\WINDOWS\YOURAPP.EXE

Click on the submit button. Please post the results in your next reply. Repeat for:

C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\CMMGR32.EXE

[Advertisements]

Result was same for all three files:

'The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file'

This occured in normal settings as well as with both Avast On-Access Protection and Windows Firewall turned off.

[Tactical Monkey]

Result was same for all three files:

'The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file'

This occured in normal settings as well as with both Avast On-Access Protection and Windows Firewall turned off.

[Daemon]

May not be there anymore. Do this so you can see hidden files and folders - click here to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

Use Window Explorer to see if you can find them - let me know.

[Tactical Monkey]

It apears that all of them are present, they all show 0 KB.

[Daemon]

That at least correlates with the combofix output. They are legitimate names, I just didn't expect to see them in the results.

There doesn't appear to be anything lurking on your system. I assume you are still having the same problem connecting to servers - are you using the same machine to post here?

Try uninstalling and reinstalling the Norton Firewall to see if you can get that back up again. Let me know.

[Tactical Monkey]

Excellent. Norton Firewall is back up and running. Updates worked and other programs seem to be working correctly.
Any idea where in all that the problem was solved, or what did it in the first place?

Many thanks.

[Daemon]

Probably in the first few steps when we removed CWS.

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. * Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

To help keep you clean follow the recommendations in Tony's article here:

So how did I get infected in the first place?

Do you require any further assistance or should I close the topic?

[Tactical Monkey]

Close away. Thanhs again for the help -
As an aside, I'd never cleaned my restore points before - so I gained almost a meg of space on that drive, which will be super helpful for my much needed defrag.

Cheers!

[Daemon]

You're welcome - glad to help



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.