[x]

Welcome to CyberAnswers.org

CyberAnswers is a place to get free computer help as well as give computer assistance or perhaps just to talk tech..

We would like you to Join Cyberanswers Forums Today.

Why join Cyberanswers forums ?

You will become able to give and get free Computer help
Show your tech skills with millions around the web through us
Talk about hot topics and computing issues
Ask questions and get answers from generous volunteers.
Tweak your computer system
Learn what makes your computer tick
Access to downloads as a member & lot more!

Register Now - Its FREE

Already a member then CLOSE this window and Login.

JOIN US CLOSE

Home Help Search Members Articles Login Register

Welcome,Guest. Please login or register.

cyberanswers.org > Internet > Spyware / Virus Removal > can sumone check my log please :)

September 09, 2010, 09:39:44 AM

Pages: [1]

« previous next »

Author Topic: can sumone check my log please :) (Read 461 times)

koupe	can sumone check my log please :) « on: January 15, 2009, 03:37:09 PM »
Techie Posts: 6

Pancake	can sumone check my log please :) « Reply #1 on: January 15, 2009, 04:38:41 PM »
Administrator Group: Administrator Sr. Member Posts: 378	Looks like you have a Vundo infection.This should fix it. Please download Malwarebytes' Anti-Malware from one of these places: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html http://www.besttechie.net/tools/mbam-setup.exe Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply along with a fresh HijackThis log. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. --------------------------- An Australian Member of Eddy =============================== Preventing Malware and hints on how to avoid Re-infection

koupe	can sumone check my log please :) « Reply #2 on: January 15, 2009, 09:42:36 PM »
Techie Posts: 6	well my internet is still not actually making a connection , so the software wasnt able to auto update but i ran it and this is what i got. ( honestly i think i messed sumthin upon my own with my internet settings but any way this is wat i got ... Malwarebytes' Anti-Malware 1.33 Database version: 1654 Windows 5.1.2600 Service Pack 2 1/15/2009 9:58:00 PM mbam-log-2009-01-15 (21-58-00).txt Scan type: Quick Scan Objects scanned: 51223 Time elapsed: 4 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 1 Registry Data Items Infected: 8 Folders Infected: 2 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CPV (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AVSystemCare (Rogue.AVSystemcare) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eloforeqonofa (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\drivers\seneka.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\senekargiktapq.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\ikoqaquzuwocuc.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\b.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekagxvkqowy.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\senekansflxbey.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. and here is my hjt Deckard's System Scanner v20071014.68 Run by KO King on 2009-01-15 22:35:25 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as KO King.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:35:26 PM, on 1/15/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Documents and Settings\KO King\Desktop\dss.exe C:\DOCUME~1\KOKING~1\Desktop\KOKING~1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\KO King\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://camera.mesalands.edu:60007/kxhcm10.ocx O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) - O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 6394 bytes -- Files created between 2008-12-15 and 2009-01-15 ----------------------------- 2009-01-15 21:43:49 0 d-------- C:\Documents and Settings\KO King\Application Data\Malwarebytes 2009-01-15 21:43:42 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-15 21:43:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-01-14 15:23:53 233472 -----n--- C:\WINDOWS\system32\wpcap.dll 2009-01-14 15:23:53 61440 -----n--- C:\WINDOWS\system32\WanPacket.dll 2009-01-14 15:23:53 81920 -----n--- C:\WINDOWS\system32\Packet.dll 2009-01-14 15:23:53 32512 -----n--- C:\WINDOWS\system32\drivers\npf.sys 2009-01-14 15:23:52 0 d-------- C:\Program Files\Makayama Interactive 2009-01-12 13:01:17 31232 --a------ C:\WINDOWS\system32\pcload.exe 2009-01-03 19:52:23 0 d-------- C:\Documents and Settings\KO King\Application Data\GTek 2008-12-27 23:37:35 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks 2008-12-27 23:37:22 0 d-------- C:\Documents and Settings\KO King\LocalLow 2008-12-18 04:21:15 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet -- Find3M Report --------------------------------------------------------------- 2009-01-15 12:31:53 0 d-------- C:\Program Files\Common Files 2009-01-15 00:04:59 0 d-------- C:\Program Files\SiteAdvisor 2009-01-14 22:57:13 0 d-------- C:\Program Files\Common Files\Adobe 2009-01-14 22:41:07 0 d-------- C:\Documents and Settings\KO King\Application Data\Adobe 2009-01-14 02:32:09 0 d-------- C:\Program Files\Yahoo! 2009-01-14 02:32:05 0 dr-h----- C:\Documents and Settings\KO King\Application Data\yahoo! 2009-01-14 01:56:39 0 d-------- C:\Program Files\Google 2009-01-14 01:19:43 0 d--h----- C:\Program Files\InstallShield Installation Information 2009-01-13 21:39:15 0 d-------- C:\Program Files\HP 2009-01-13 19:01:09 0 d-------- C:\Program Files\Vidalia Bundler 2009-01-13 17:49:31 0 d-------- C:\Program Files\MSN Messenger 2009-01-10 01:31:49 32 --a------ C:\WINDOWS\system32\msvcsv60.dll 2009-01-10 01:31:49 32 --a------ C:\WINDOWS\msocreg32.dat 2009-01-08 14:27:23 2515 --a------ C:\Documents and Settings\KO King\Application Data\SAS7_000.DAT 2009-01-07 02:38:07 0 d-------- C:\Documents and Settings\KO King\Application Data\Azureus 2009-01-02 01:24:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-12-17 04:20:36 756 --a------ C:\Documents and Settings\KO King\Application Data\wklnhst.dat 2008-12-13 23:47:06 0 d-------- C:\Program Files\program files;Edirol 2008-12-09 03:19:21 0 d-------- C:\Program Files\program files;Synth1 2008-12-04 19:20:10 0 d-------- C:\Documents and Settings\KO King\Application Data\Mozilla 2008-12-01 01:32:45 0 d-------- C:\Documents and Settings\KO King\Application Data\Nuance 2008-12-01 01:28:18 0 d-------- C:\Program Files\Common Files\ScanSoft Shared 2008-12-01 01:28:13 0 d-------- C:\Program Files\Common Files\InstallShield 2008-12-01 01:28:10 0 d-------- C:\Program Files\Common Files\Nuance 2008-12-01 01:27:36 0 d-------- C:\Program Files\Nuance 2008-11-26 06:29:38 0 d-------- C:\Program Files\Steinberg 2008-11-25 06:08:29 0 d-------- C:\Documents and Settings\KO King\Application Data\Steinberg 2008-11-25 05:34:00 0 d-------- C:\Program Files\Syncrosoft 2008-11-25 03:37:11 0 d-------- C:\Program Files\MagicDisc 2008-11-23 10:23:47 0 d-------- C:\Documents and Settings\KO King\Application Data\Antares 2008-11-23 00:52:35 0 d-------- C:\Program Files\Antares Audio Technologies 2008-11-17 03:49:17 0 d-------- C:\Program Files\DivX 2008-10-27 08:34:25 262144 --a------ C:\ntuser.dat -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [09/09/2008 10:39 PM] "VVSN"="C:\Program Files\VVSN\VVSN.exe" [] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/19/2005 03:50 PM] "Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [02/09/2006 11:52 AM] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 12:23 PM] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 07:23 AM] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 09:50 AM] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [12/13/2005 03:45 PM] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 10:11 PM] "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [12/18/2005 01:18 PM] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 11:56 PM] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/22/2005 10:57 AM] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [08/01/2005 04:26 PM] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/10/2005 11:05 PM] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [10/11/2005 05:25 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 10:00 AM] C:\Documents and Settings\KO King\Start Menu\Programs\Startup\ MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [11/25/2008 3:36:20 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 3:44:06 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"=0 (0x0) "NoActiveDesktopChanges"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"=0 (0x0) "NoActiveDesktopChanges"=0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"=1 (0x1) "NoActiveDesktopChanges"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MSK80Service"=2 (0x2) "MpfService"=3 (0x3) "McSysmon"=3 (0x3) "McShield"=2 (0x2) "McProxy"=2 (0x2) "McODS"=3 (0x3) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) "McAfee SiteAdvisor Service"=2 (0x2) "MBackMonitor"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 -- End of Deckard's System Scanner: finished at 2009-01-15 22:35:46 ------------

Pancake	can sumone check my log please :) « Reply #3 on: January 15, 2009, 11:11:11 PM »
Administrator Group: Administrator Sr. Member Posts: 378	One more check to see if all is cleaned.... Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please download from one of these webpages . http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. Double-click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. --------------------------- An Australian Member of Eddy =============================== Preventing Malware and hints on how to avoid Re-infection**

koupe	can sumone check my log please :) « Reply #4 on: January 16, 2009, 02:48:14 PM »
Techie Posts: 6

Pancake	can sumone check my log please :) « Reply #5 on: January 16, 2009, 03:34:44 PM »
Administrator Group: Administrator Sr. Member Posts: 378	That looks ok.You should be fine now.... This will clear away any of the files and folders that were created by ComboFix. Go to : Start > Run then copy and paste the following highlighted text below into the box and click OK. ComboFix /u --------------------------- An Australian Member of Eddy =============================== Preventing Malware and hints on how to avoid Re-infection

koupe	can sumone check my log please :) « Reply #6 on: January 16, 2009, 04:00:21 PM »
Techie Posts: 6	thank u so much. i realy would like to learn mora about viruses and hacking... i know a lil bit but obviously not nearly enough. could u point me in the right direction on sum ebooks to get me started ?

securityguard123	can sumone check my log please :) « Reply #7 on: January 17, 2009, 12:50:15 AM »
Techie Posts: 3	I also recommend Malwarebytes on malware removal. I have a good experience in that tool that I thought I need to reformat my system. another one is CCleaner for garbage disposal. --------------------------- ::Local Security Guard:: ::Internet Security::

koupe	can sumone check my log please :) « Reply #8 on: January 23, 2009, 01:02:24 PM »
Techie Posts: 6	thanks a lot pancake and security

Pancake	can sumone check my log please :) « Reply #9 on: January 23, 2009, 04:30:41 PM »
Administrator Group: Administrator Sr. Member Posts: 378	There are no books on hacking or malware.You will need to go to an online school and the teach you.If you can get in its free.Contact one of the moderaters here to see if you can enroll. http://malwareremoval.com/forum/index.php --------------------------- An Australian Member of Eddy =============================== Preventing Malware and hints on how to avoid Re-infection

0 Members and 1 Guest are viewing this topic.

Pages: [1]

« previous next »