Unsolved
This post is more than 5 years old
4 Posts
0
1220
Possible Malware Infection ?
I am re-posting this at the suggestion of admin.
My yahoo contacts apparently were hacked into over the weekend. I'm trying to make sure my comp. is clean. Please review this and let me know if you notice anything suspicious. Thanks.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:00:06 PM, on 6/22/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\mgabg.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\stickies.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\Users\Dan\Programs\HeyJoe\HeyJoe.exe
C:\Program Files\Second Copy 97\sc97.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Users\Dan\Programs\Ditto\Ditto.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Users\Dan\Programs\KeePass\KeePass.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\MailWasher\MailWasher.exe
P:\PMAIL\Programs\winpm-32.exe
C:\Users\Dan\Programs\2xExplorer\2xExplorer.exe
C:\Users\Dan\Programs\HiJackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:81
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [stickies] C:\WINNT\stickies.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HelpCenter] C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe /P HelpCenter
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKCU\..\Run: [Hey, Joe!] C:\Users\Dan\Programs\HeyJoe\HeyJoe.exe
O4 - HKCU\..\Run: [Second Copy 97] C:\Program Files\Second Copy 97\sc97.exe /InitialWait=5
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [Mail Box Dispatcher] C:\Program Files\Mail Box Dispatcher 2\mboxd2.exe
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe"
O4 - HKCU\..\Run: [Ditto] C:\Users\Dan\Programs\Ditto\Ditto.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: Download using Download &Express - C:\Documents and Settings\A-Z\Desktop\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: pdaConverter - C:\Program Files\pdaConverter 1.3\convert_url.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O15 - Trusted Zone: admin.1and1.com
O15 - Trusted Zone: http://cafemail.aeccafe.com
O15 - Trusted Zone: http://www.aecvizpro.biz
O15 - Trusted Zone: http://*.aecvizpro.biz
O15 - Trusted Zone: *.aecvizpro.com
O15 - Trusted Zone: http://www.amazon.com
O15 - Trusted Zone: http://www.amsouth.com
O15 - Trusted Zone: *.amsouth.com
O15 - Trusted Zone: http://www.atmosenergy.com
O15 - Trusted Zone: *.atmosenergy.com
O15 - Trusted Zone: http://webmail.att.net
O15 - Trusted Zone: *.bellsouth.com
O15 - Trusted Zone: *.capitolone.com
O15 - Trusted Zone: resources.cardmemberservices.com
O15 - Trusted Zone: *.cardmemberservices.com
O15 - Trusted Zone: resources.chase.com
O15 - Trusted Zone: *.comast.com
O15 - Trusted Zone: http://www.comcast.com
O15 - Trusted Zone: http://www.corel.com
O15 - Trusted Zone: http://www.cudrc.com
O15 - Trusted Zone: *.discovercard.com
O15 - Trusted Zone: customersupport.dishnetwork.com
O15 - Trusted Zone: http://www.dishnetwork.com
O15 - Trusted Zone: http://www.dougurquhartmusic.com
O15 - Trusted Zone: http://www.e-thepeople.org
O15 - Trusted Zone: *.ebay.com
O15 - Trusted Zone: *.equifax.com
O15 - Trusted Zone: http://www.francey.org
O15 - Trusted Zone: service.geico.com
O15 - Trusted Zone: http://www.geico.com
O15 - Trusted Zone: ssl1.gmti.com
O15 - Trusted Zone: *.guru.com
O15 - Trusted Zone: http://www.hotbuy4u.com
O15 - Trusted Zone: http://www.kall8.com
O15 - Trusted Zone: http://www.linkedin.com
O15 - Trusted Zone: http://www.linkshare.com
O15 - Trusted Zone: *.mail.com
O15 - Trusted Zone: *.mtemc.com
O15 - Trusted Zone: *.mycheckfree.com
O15 - Trusted Zone: http://www.mydomain.com
O15 - Trusted Zone: onnet.ohionational.com
O15 - Trusted Zone: www.paypal.com
O15 - Trusted Zone: securebank.regions.com
O15 - Trusted Zone: http://www.regions.com
O15 - Trusted Zone: *.secure.registerapi.com
O15 - Trusted Zone: *.samsclub.com
O15 - Trusted Zone: http://www.sourceforge.net
O15 - Trusted Zone: *.sourceforge.net
O15 - Trusted Zone: www.spiritofamericacard.com
O15 - Trusted Zone: *.suntrust.com
O15 - Trusted Zone: my.t-mobile.com
O15 - Trusted Zone: http://www.t-mobile.com
O15 - Trusted Zone: www.*.t-mobile.com
O15 - Trusted Zone: http://forums.techguy.org
O15 - Trusted Zone: http://www.usbank.com
O15 - Trusted Zone: http://www.webmd.com
O15 - Trusted Zone: http://www.wochurch.org
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
--
End of file - 9406 bytes
============================
This is the HJT log from a second computer, if you would look at it also.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:14:13 PM, on 6/22/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\users\Cathy\ProgramFiles\HeyJoe\HeyJoe.exe
C:\Program Files\Second Copy 97\sc97.exe
C:\users\Dan\ProgramFiles\Ditto\Ditto.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\svchost.exe
C:\users\Dan\ProgramFiles\2xExplorer\2xExplorer.exe
C:\users\Dan\ProgramFiles\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [Hey, Joe!] C:\users\Cathy\ProgramFiles\HeyJoe\HeyJoe.exe
O4 - HKCU\..\Run: [Second Copy 97] C:\Program Files\Second Copy 97\sc97.exe /InitialWait=5
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [Ditto] C:\users\Dan\ProgramFiles\Ditto\Ditto.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184049104031
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8E02B57-81A8-4CF0-A3F5-776EBC0CAB15}: NameServer = 4.2.2.2,4.2.2.3
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 5687 bytes
kevin27_b3d29f
1.5K Posts
0
June 28th, 2010 14:00
Hi acevizpro,
Sorry for the delay in getting to you, its been mayhem around here the last few weeks.
Welcome to Dell Community Malware Removal Forums,
Sorry for the delay in getting to you, I'm K27 and i will be reviewing your log for you.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.
The most important thing of you I will ask is that you let me know if you are not going to able to replying with in three (3) days. The reason I ask this, is that the spare time us volunteers give up is in short supply and could be used to help others or to do real life things. Failure to reply within three(3) days will result in this thread being closed and I will stop checking it for replies. If you are going to be unable to reply, that's fine, but please let me know.
1) Please download HostsXpert from here:
http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=
Create a new folder C:\Program Files\HostsXpert and unzip your download into that folder.
Run HostsXpert. Click "Make Writable?" if that is the first item at the top of the left hand side. If not, do not click on that button.
Click on "Download" and then "MVPs Hosts", and choose "Merge File".
When the download completes and the file is merged, click "File Handling", and then "Make ReadOnly?". Then exit HostsXpert.
2) Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
MBAM will automatically start and you will be asked to update the program before performing a scan.
On the Scanner tab:
Back at the main Scanner screen:
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
3) I need to see some additional information about what is happening in your machine.
Please perform the following scan:
1. DDS.txt
2. Attach.txt
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control here
4) YOU MUST DISABLE ALL REAL TIME PROTECTION BEFORE RUNNING THE NEXT TOOL,
Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Next, please perform a rootkit scan:
.
If the ARK tool crashes your machine or causes a Blue Screen error, please post the log results from the first inital quick scan,this can be saved in the same way as the full scan in the above instructions.
Please COPY/PASTE the MBAM log, BOTH DDS logs and the ARK log back to this thread,
Thanks
K27
aecvizpro
4 Posts
0
June 28th, 2010 14:00
Thanks for your reply. Looks like you have a good set of steps that you use to resolve issues. Unfortunately, I have already run MBAM and fixed one item. Should I keep a copy of the above post for future problems, if any ?
kevin27_b3d29f
1.5K Posts
0
June 28th, 2010 15:00
Hi,
Please post the log from when MBAM removed the one item.
I would also like you to update and run MBAM again when you get to that step as sometimes it takes a few runs for MBAM to remove things.
Also your host file in infected and as such needs resetting, that is taken care of with step one of my instructions.
As for the other logs I have requested, them tools do no cleaning what so ever, all they do is tell me what is going on with the system, most if not all of the data in them will be legitimate and should not be acted upon by someone untrained in there use. Once we are finished cleaning the system we will remove the tools we use as one wrong move with them could render the machine an expensive paperweight.
Please post back the MBAM log from when you run the tool on your own(can be found in the logs tab), the fresh MBAM log after you have updated it (can be done via the updates tab), both DDS logs and the ARK log.
Thanks,
K27.
kevin27_b3d29f
1.5K Posts
0
July 2nd, 2010 07:00
This topic is now marked as Inactive.....
The fixes in this topic were written specifically for this user, following them may cause harm to your machine and render it a brick (useless)
If you are the original poster and would like further assistance please post a fresh HJT log and details of the problems you are having.
All other user's, please read THIS page and then please start a New Topic at the top of the Malware Removal Forum by clicking the button.
Thanks,
K27.