PDA

View Full Version : Am I infected?



falcon8r
2011-01-25, 22:11
SpyBot report shows the following entries:

--- Search result list ---
Microsoft.Windows.Explorer: [SBI $F1AA2176] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-1957994488-1629655555-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff

Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

Microsoft.WindowsSecurityCenter.FirewallOverride: [SBI $0C94D702] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Microsoft.Windows.System: [SBI $268E3020] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-1957994488-1629655555-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind

Microsoft.Windows.System: [SBI $CA5FA75C] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-1957994488-1629655555-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoShellSearchButton

Microsoft.Windows.System: [SBI $83581ED4] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-1957994488-1629655555-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolBarsOnTaskBar

I am not familiar enough with the Registry to tell whether these entries mean anything or not. The ones about the Security Center being disabled I understand (and have turned off because it didn't play nice with ZoneAlarm AntiVirus/Firewall), but not the rest. The only other item SpyBot found was a tracking cookie from RightMedia - ad.yieldmanager.com, which I removed. Any help will be appreciated.

ken545
2011-01-26, 20:45
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Cant really see if your infected until we see a log


Download DDS by sUBs from one of the following links. Save it to your desktop.

DDS.com (http://www.techsupportforum.com/sectools/sUBs/dds)
DDS.scr (http://download.bleepingcomputer.com/sUBs/dds.scr)
DDS.pif (http://www.forospyware.com/sUBs/dds)

Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results, click no to the Optional_Scan
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)

ken545
2011-01-31, 11:37
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.