My Logs from Malware Removal

missbetty · Oct 9, 2008

Here are my logs that were requested, I do think I got rid of it but these logs will tell the truth. The RKFree program is a program I put on myself for personal reasons, helps me with passwords, and I am the only one using this machine. (Hope I got this in the right spot) And I couldn't find the ComboFix.txt to add with the logs.

Doc13% · Oct 9, 2008

Hi

The combofix log is usually located on your C Drive

C:\ComboFix.txt please also upload this for review

missbetty · Oct 10, 2008

I did a search for combo fix and it came back with nothing, so not sure what else I can do to look for it. I had the search look in hidden folders also but nothing.

TimW · Oct 10, 2008

The log is right where you were told it would be:

Code:

"C:\"
$AVG8~1.VAU   Sep 20 2008              "$AVG8.VAULT$"
boot.bak      Oct  7 2008         210  "Boot.bak"
boot.ini      Oct  7 2008         281  "boot.ini"
caisslog.txt  Oct  7 2008      305124  "caisslog.txt"
CMDCONS       Oct  7 2008              "cmdcons"
combofix.txt  Oct  7 2008      162334  "ComboFix.txt" [COLOR=DarkRed]<-------Here![/COLOR]

Kestrel13! · Oct 10, 2008

Hi

I’m not seeing an awful lot to do, but let’s tend to a couple of things…

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

1) We don't recommend putting anything in the Trusted Zone unless it is absolutely necessary. Do you really require excite.com to be in your Trusted Zone? If not let hijackthis fix the entries when we do the below.

2) Run C:\MGtools\analyse.exe by double clicking on it. (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O15 - Trusted Zone: http://www.excite.com
O15 - Trusted Zone: *.excite.com
Click to expand...

After clicking Fix, exit HJT.

3) Next I would like for you to navigate to:

C:\Documents and Settings\Betty Hicks\Application Data\ 65824F

Open up the folder entitled 65824F and without clicking on any of the contents, could you just make note of what is in there and let me know in your next post please. Thanks.

4) I see from your logs that you currently have Xoftspy installed. I would advise you to uninstall this using add and remove programs unless you paid for it.

5)

run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this

and also please attach the combofix log we previously requested which will be found at:

C:\ComboFix.txt

Thanks
Kestrel13!

missbetty · Oct 11, 2008

Hi Tim,

I went and looked and for the life of me I can not find that text. I took a screen shot to show you what I'm looking at and attaching it to this post. I know I did not delete anything related to any of the programs I used to clean the machine. Hope you can help me find this file. Lol

Betty

Kestrel13! · Oct 11, 2008

continue on with the above instructions Missbetty and I will get back to you regarding the combofix log

Log in or Sign up

My Logs from Malware Removal

missbetty Private E-2

Attached Files:

SUPERAntiSpyware Scan Log - 10-07-2008 - 13-38-45.log

mbam-log-2008-10-07 (15-00-27).txt

MGlogs.zip

Doc13% aka Kestrel13! aka Emms

missbetty Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

missbetty Private E-2

Attached Files:

Local Disk C Contents.gif

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member