add remove programe

View previous topic View next topic Go down

Solved add remove programe

Post by crazy_5n1p3r on Thu Oct 16, 2008 6:04 pm

this is my log file
[You must be registered and logged in to see this link.]

crazy_5n1p3r
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-09-17
Gender Gender : Male
OS OS : egypt
Points Points : 30046
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: add remove programe

Post by Belahzur on Thu Oct 16, 2008 6:10 pm

I don't see any presence of malware, but I think we might have found the problem of the removal problem.
====


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O20 - Winlogon Notify: byxxyay - C:\WINDOWS\


  • Press "Fix Checked"
  • Close Hijack This.

====

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe that you downloaded to install the newest version.

=====

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: add remove programe

Post by crazy_5n1p3r on Fri Oct 17, 2008 9:38 am

[You must be registered and logged in to see this link.]

so wt is the new?>

crazy_5n1p3r
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-09-17
Gender Gender : Male
OS OS : egypt
Points Points : 30046
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: add remove programe

Post by crazy_5n1p3r on Fri Oct 17, 2008 9:52 am

[You must be registered and logged in to see this link.]

crazy_5n1p3r
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-09-17
Gender Gender : Male
OS OS : egypt
Points Points : 30046
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: add remove programe

Post by Doctor Inferno on Fri Oct 17, 2008 9:53 am

Hello there, please post all your log files in your posts instead of uploading them to file hosts.

Thank you.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104584
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: add remove programe

Post by Belahzur on Fri Oct 17, 2008 11:15 am

Hello.

The leftovers were from a previous vundo infection, I want to make sure it's gone before I give you the all clean.

Then download Combofix from [You must be registered and logged in to see this link.]

Do not run it just yet.

Then download the Microsoft Recovery Console from [You must be registered and logged in to see this link.] and save it as it's originally named, next to ComboFix.exe.



Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. Once it's done that, it will ask if you want to continue with the malware scan, select Yes and allow it to scan. Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Post the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: add remove programe

Post by crazy_5n1p3r on Fri Oct 17, 2008 11:59 am

[img][You must be registered and logged in to see this link.][/img]

ComboFix 08-10-16.08 - Administrator 10/17/2008 13:32:00.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.73 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\server.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\o01PrEz
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 11:42 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-17 11:42 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-17 11:42 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-17 11:42 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-17 09:34 410,976 ----a-w C:\WINDOWS\system32\deploytk.dll
2008-10-15 17:38 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-10-15 17:15 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-10-15 17:14 --------- d-----w C:\Program Files\Kaspersky Lab
2008-10-15 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-13 14:55 --------- d-----w C:\Program Files\Microsoft Office Outlook Connector
2008-10-12 15:54 --------- d-----w C:\Program Files\Common Files\Windows Live
2008-10-11 13:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-11 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-09 16:54 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-10-09 16:54 610,304 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-10-09 16:54 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-10-09 16:54 2,535,424 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-10-09 16:54 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-10-09 16:54 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-10-09 16:54 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
2008-10-09 16:54 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-10-09 16:54 --------- d-----w C:\Program Files\Real_SC
2008-10-09 16:44 --------- d-----w C:\Documents and Settings\Administrator\Application Data\COWON
2008-10-09 16:40 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-09 16:40 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-10-09 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-09 16:35 --------- d-----w C:\Program Files\JetAudio
2008-10-08 17:45 11,111,586 ----a-w C:\WINDOWS\galele.scr
2008-10-06 10:45 --------- d-----w C:\Program Files\QuickTime
2008-09-27 10:20 --------- d-----w C:\Program Files\WinPcap
2008-09-26 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\NSPData
2008-09-26 14:10 --------- d-----w C:\Program Files\NetServer
2008-09-26 13:55 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-26 13:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IDM
2008-09-26 12:47 --------- d-----w C:\Program Files\IMMonitor
2008-09-25 15:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-09-23 20:16 --------- d-----w C:\Program Files\Java
2008-09-22 02:03 9,737 ----a-w C:\WINDOWS\system32\Hussin .dll
2008-09-20 14:07 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-18 17:24 --------- d-----w C:\Program Files\ACD
2008-09-17 19:47 5,376 ----a-w C:\WINDOWS\system32\drivers\MS1000.sys
2008-09-17 15:20 51,733 ----a-w C:\WINDOWSplugin1.dat
2008-09-17 14:40 352,256 ----a-w C:\WINDOWS\system32\IJL151.dll
2008-09-17 12:15 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-09-17 11:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-09-17 11:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 11:24 --------- d-----w C:\Program Files\Notepad2
2008-09-17 11:24 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-17 11:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Notepad2
2008-09-17 11:23 --------- d-----w C:\Program Files\Yahoo!
2008-09-17 11:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-17 11:21 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-17 11:21 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-17 11:21 --------- d-----w C:\Program Files\AIMP MMC PRO
2008-09-17 11:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-07-29 18:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.

------- Sigcheck -------

08/03/2004 09:56 PM 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe

08/03/2004 09:56 PM 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

08/03/2004 09:56 PM 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe

08/03/2004 08:14 PM 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

08/03/2004 08:00 PM 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

12/01/2007 12:01 AM 2196736 bdf4d158d041df70f0030f986d0769c2 C:\WINDOWS\system32\ntkrnlpa.exe
03/02/2005 03:34 AM 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

11/30/2007 11:57 PM 2320896 3b74c30a7a0b58023c42d40da4fd6a5c C:\WINDOWS\system32\ntoskrnl.exe
03/02/2005 03:59 AM 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

11/07/2007 09:43 PM 1771008 6789ff56bfcf65d1a21f7de463c548b1 C:\WINDOWS\explorer.exe

08/03/2004 09:56 PM 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe

08/03/2004 09:56 PM 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe

08/03/2004 09:56 PM 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/15/2008 08:39 AM 931248]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [10/27/2007 07:51 AM 3810544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/06/2008 12:45 PM 413696]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [07/29/2008 08:20 PM 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [10/27/2007 07:51 AM 3810544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [01/05/2007 08:29 PM 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^RAR Password Cracker.lnk]
backup=C:\WINDOWS\pss\RAR Password Cracker.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 07/15/2008 08:39 AM 931248 C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 10/27/2007 07:51 AM 3810544 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [08/17/2001 12:50 PM 77824]
R3 slnt;Realtek RTL8139 Family PCI Fast Ethernet NIC;C:\WINDOWS\system32\DRIVERS\slnt.sys [06/22/2004 09:17 AM 18004]
S2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [10/17/2008 11:34 AM 152984]
S3 xAntiArp;xAntiArpSpoof Service;C:\WINDOWS\system32\DRIVERS\xAntiArp.sys [ ]

NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs


*Newly Created Service* - HELPSVC
.
Contents of the 'Scheduled Tasks' folder

2008-10-17 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe []
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\jre6\bin\jusched.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = [You must be registered and logged in to see this link.]
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm

O16 -: {41ACD49D-1974-791A-0981-AA9872721044} - [You must be registered and logged in to see this link.]
C:\WINDOWS\Downloaded Program Files\boards.inf
C:\WINDOWS\Downloaded Program Files\boards.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-10-17 13:43:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 10/17/2008 13:45:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-17 11:45:48

Pre-Run: 3,554,390,016 bytes free
Post-Run: 3,494,559,744 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

250 --- E O F --- 2008-09-18 00:41:41

crazy_5n1p3r
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-09-17
Gender Gender : Male
OS OS : egypt
Points Points : 30046
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: add remove programe

Post by Belahzur on Fri Oct 17, 2008 12:33 pm

Wow. Let me think

Okay, first, we need to fix the broken netsvcs key.
This is a big text file and pasting it here would be too big for the forum to fit it all to make sure you can see it all, so I've put it at rapidshare.
[You must be registered and logged in to see this link.]

Download that, and run the .reg file.
Click yes to the registry merge prompt.
====

Now open a new notepad file.
Input this into the notepad file:

Driver::
xAntiArp

FileLook::
C:\WINDOWS\system32\Hussin .dll

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: add remove programe

Post by crazy_5n1p3r on Fri Oct 17, 2008 5:24 pm

[You must be registered and logged in to see this link.]
nothing new

crazy_5n1p3r
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-09-17
Gender Gender : Male
OS OS : egypt
Points Points : 30046
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: add remove programe

Post by Belahzur on Fri Oct 17, 2008 5:45 pm

Lots new for me. We fixed the broken netsvc registry problem.
Okay, one more thing before we tidy up. Right On!
Lets make sure these restrictions aren't causing problems too.


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideRunAsVerb"=dword:00000000
    "NoResolveTrack"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"=dword:00000000
    "NoResolveSearch"=dword:00000000

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"=dword:00000000
    "NoResolveTrack"=dword:00000000
    "NoResolveSearch"=dword:00000000

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.

====

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log with a fresh copy of HijackThis log.
===

I'll let you go if MBAM comes back clean.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: add remove programe

Post by crazy_5n1p3r on Fri Oct 17, 2008 6:32 pm

ok ok ok
finally i found it :
start
rung
regedit
edit
find
and i entered the name of programs so they have been removed
[img][/img]

but i still have a problem i can`t install msn

crazy_5n1p3r
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-09-17
Gender Gender : Male
OS OS : egypt
Points Points : 30046
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: add remove programe

Post by Belahzur on Fri Oct 17, 2008 6:58 pm

What key were they under?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: add remove programe

Post by Doctor Inferno on Tue Oct 21, 2008 2:07 pm

Your issue regarding installing messenger have been split from this topic and moved here:

[You must be registered and logged in to see this link.]


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104584
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum