Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojans, Exploits, Backdoors, DDoSs, TrojanDownloaders, & PWSs,..


  • This topic is locked This topic is locked

#16
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please re-run MBAM and make sure those detected registry entries will be fix.

Please run Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a full scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

Advertisements


#17
eagleericb

eagleericb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I am running the Malwarebytes now. I could not get the OTL fix to run. It seemed to have shut down just about everything as the start menu and all icons on desktop disappeared with only the OTL screen and my desktop pic showing in the backround. I let it sit for hrs but it did nothing. I clicked on the program and it noted that it was not responding so I shut down the computer and tried again.. same thing.

I think I am at the point that I need to start over. I am going to read your link from your first response. Please confirm if you agree and the best way to wipe it clean to ensure we are good to go.

Thanks.
  • 0

#18
eagleericb

eagleericb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here's both logs starting with the protection log.

2012/01/27 08:15:22 -0500 HOME-COMPUTER Eric Britz MESSAGE Executing scheduled update: Daily
2012/01/27 08:15:35 -0500 HOME-COMPUTER Eric Britz MESSAGE Scheduled update executed successfully: database updated from version v2012.01.26.04 to version v2012.01.27.02
2012/01/27 08:15:35 -0500 HOME-COMPUTER Eric Britz MESSAGE Starting database refresh
2012/01/27 08:15:35 -0500 HOME-COMPUTER Eric Britz MESSAGE Stopping IP protection
2012/01/27 08:15:36 -0500 HOME-COMPUTER Eric Britz MESSAGE IP Protection stopped
2012/01/27 08:16:29 -0500 HOME-COMPUTER Eric Britz MESSAGE Database refreshed successfully
2012/01/27 08:16:29 -0500 HOME-COMPUTER Eric Britz MESSAGE Starting IP protection
2012/01/27 08:16:45 -0500 HOME-COMPUTER Eric Britz MESSAGE IP Protection started successfully
2012/01/27 08:49:40 -0500 HOME-COMPUTER Eric Britz IP-BLOCK 77.79.4.98 (Type: outgoing)
2012/01/27 08:49:43 -0500 HOME-COMPUTER Eric Britz IP-BLOCK 77.79.4.98 (Type: outgoing)
2012/01/27 08:49:49 -0500 HOME-COMPUTER Eric Britz IP-BLOCK 77.79.4.98 (Type: outgoing)
2012/01/27 11:02:48 -0500 HOME-COMPUTER MESSAGE Starting protection
2012/01/27 11:03:00 -0500 HOME-COMPUTER MESSAGE Protection started successfully
2012/01/27 11:03:03 -0500 HOME-COMPUTER MESSAGE Starting IP protection
2012/01/27 11:03:42 -0500 HOME-COMPUTER Eric Britz MESSAGE IP Protection started successfully
2012/01/27 11:39:14 -0500 HOME-COMPUTER MESSAGE Starting protection
2012/01/27 11:39:27 -0500 HOME-COMPUTER MESSAGE Protection started successfully
2012/01/27 11:39:30 -0500 HOME-COMPUTER MESSAGE Starting IP protection
2012/01/27 11:40:07 -0500 HOME-COMPUTER Eric Britz MESSAGE IP Protection started successfully
2012/01/27 14:12:57 -0500 HOME-COMPUTER MESSAGE Starting protection
2012/01/27 14:13:10 -0500 HOME-COMPUTER MESSAGE Protection started successfully
2012/01/27 14:13:13 -0500 HOME-COMPUTER MESSAGE Starting IP protection
2012/01/27 14:13:55 -0500 HOME-COMPUTER Eric Britz MESSAGE IP Protection started successfully
2012/01/27 14:15:38 -0500 HOME-COMPUTER Eric Britz MESSAGE Starting database refresh
2012/01/27 14:15:38 -0500 HOME-COMPUTER Eric Britz MESSAGE Stopping IP protection
2012/01/27 14:15:38 -0500 HOME-COMPUTER Eric Britz MESSAGE IP Protection stopped
2012/01/27 14:15:51 -0500 HOME-COMPUTER Eric Britz MESSAGE Database refreshed successfully
2012/01/27 14:15:51 -0500 HOME-COMPUTER Eric Britz MESSAGE Starting IP protection
2012/01/27 14:16:07 -0500 HOME-COMPUTER Eric Britz MESSAGE IP Protection started successfully






Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18372
Eric Britz :: HOME-COMPUTER [administrator]

Protection: Enabled

1/27/2012 2:16:35 PM
mbam-log-2012-01-27 (14-16-35).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 348719
Time elapsed: 7 hour(s), 23 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#19
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

I think I am at the point that I need to start over. I am going to read your link from your first response. Please confirm if you agree and the best way to wipe it clean to ensure we are good to go.

Do you intend to do a reformat and fresh reinstall of Windows? Is that correct? If yes then that is a good choice. :thumbsup:
  • 0

#20
eagleericb

eagleericb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Reformatted and reinstalled.... yeah! Thank you again for your efforts in trying to clean this out. I should have taken your advice from the start but it was definately a learning experience to work with you to try and clear the bug. Take care and Thanks Again!
Eric
  • 0

#21
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP