Jump to content

rmal75

Members
  • Content Count

    29
  • Joined

  • Last visited

About rmal75

  • Rank
    Member

Previous Fields

  • System Specifications:
    Dell Windows XP Pro SP2 Intel 1.8 P4 786MB Ram 80GB HD DVDRW
  1. :beer: :beer: :beer: :beer: :beer: :beer: :beer: :beer: Success!!! Thanks!
  2. No results in all 3 sixa searches. All seems to be good... Do you suggest that I keep Ewido running? I am also running Mircosoft's Anti spyware program. Keep that too? What about a Firewall? Can you recommend one?
  3. SIXA coonection has not returned since i deleted it almost 2 days ago. My machine is running great right now and I don't notice any threats. I'm scared to say that its finally clean but it sure feels like we are getting close. I will lets you know if I find anything related to this SIXA connection.
  4. 06/21/05 18:36:47 [info]: BlackLight Engine 1.0.14 initialized 06/21/05 18:36:47 [info]: OS: 5.1 build 2600 (Service Pack 2) 06/21/05 18:36:47 [Note]: 4005 0 06/21/05 18:36:51 [Note]: 4006 0 06/21/05 18:36:51 [Note]: 4019 0 06/21/05 18:36:51 [Note]: 4019 1 06/21/05 18:36:51 [Note]: 4019 2 06/21/05 18:36:51 [Note]: 4019 3 06/21/05 18:36:51 [Note]: 4019 4 06/21/05 18:36:52 [Note]: FSRAW library version 1.7.1011 06/21/05 18:38:05 [Note]: 4019 5 06/21/05 18:38:05 [Note]: 4019 6 06/21/05 18:38:05 [Note]: 4019 7 06/21/05 18:38:05 [Note]: 4019 8 06/21/05 18:40:30 [Note]: 4
  5. "Please download and run F-Secure Blacklight <<link and let us know the results." Nothing found..... "Did you scan wininet.dll?" Yes nothing was found..... "attrib -h -r -s C:\WINDOWS\inf\conscorr.inf" Nothing Found... "del C:\WINDOWS\inf\conscorr.inf" Nothing found...
  6. Enumerating Windows NT/2000/XP services Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system) aeaudio: system32\drivers\aeaudio.sys (manual start) Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start) AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system) Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system) Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start) Application Management: %SystemRoot%\system32\svchost.exe
  7. HJT Log con't...... Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry valu
  8. No instances of SIXA found..... StartupList report, 6/21/2005, 6:33:08 PM StartupList version: 1.52.2 Started from : C:\Documents and Settings\Ryan \Desktop\HJT\HijackThis-1.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WI
  9. OK I'm at work now. I'll habve to continue this tonight when I get home. But are we close? This morning it seemed to be running quite well. But I'm afraid that when I get home there will be a whole new batch of malware on my machine. SHould I be turning it off when I'm not there? Or disconnecting from the internet? Also, have you seen this SIXA thing before? What is that? Thanks for all your help....
  10. Also, The files: C:\WINDOWS\Downloaded Program Files\f3initialsetup* C:\WINDOWS\inf\conscorr.inf were not present when I went to delete them in safe mode.
  11. Here is my ne HJT log. Also I found something very alarming. When I click on View Network Connections, I see my LAN connection then I see anothe connection under Broadband named SIXA, status: Disconnected, Firewalled, WAN Miniport (PPPOE), Phone number or host address: 5, Owner: System. Last night I deleted it because I didn't know what it was and now it is back. Please advise. I'm thinking about wiping the HD clean... Logfile of HijackThis v1.99.1 Scan saved at 9:43:08 PM, on 6/20/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.
  12. Incident Status Location Adware:Adware/SaveNow No disinfected Windows Registry
  13. Please edit these logs so that my name doesn't appeard in future Google Searches.... HJT log: Logfile of HijackThis v1.99.1 Scan saved at 2:39:27 PM, on 6/18/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc
  14. Ok Im going to do it now but how do i keep getting nailed with this malware? Is it the websites I go to? I never click on links that i dont trust. Where is this all coming from?
  15. Ok I have completely lost contol of my computer and I am about to kill myself. I just completed removal of Access Control and I come home from work today and my Wallpaper has been changed and there are Spy Sheriff icons and programs all over the place. Please please please help me.... Logfile of HijackThis v1.99.1 Scan saved at 12:57:04 AM, on 6/18/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32
×
×
  • Create New...