View Single Post
  #38 (permalink)  
Old 04-15-2007, 06:27 PM
Pizza53 Pizza53 is offline
Junior Member
 
About:
Join Date: Apr 2007
Location: Southern Ontario Canada
Posts: 8
Pizza53 is on a distinguished road

Default


Quote:
Originally Posted by Pizza53 View Post
Hello,

Here is a zip file of hackthisJE.log.

This is the log of my fathers computer where we have the gc.ca problem and I ran Adaware and Spybot. When I ran spybot I found 4 errors relating to Micorosoft.Windows.Security.InternetExplorer:Setti ngs...
where the registry for
HKEY_LOCAL_MACHINE\Software\Internet Exploreer\Main\FeatureControl\FEATURE_LOCALMACHINE _LOCKDOWN\explorer.exe!=W=1

Mircosoft.WindowsSecurityCenter.AntivirusDisableNo tify:Settings...
where the registry for
HKEY_LOCAL_MACHINE\Software\Security Center\AntiVirusDisableNotify!=dword:0

Mircorsoft.WindowsSecurity Center.FirewallDisableNotify:Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Microsoft WindowsSecurityCenter_disabled: Settings....
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wscsvc\Start!=W=2

I removed these using Spybot.

Today I looked at his system and the Window Security Center told me that he did not have any antivirus, but at that moment the Nortons on his machine was doing an update and I had it scan, but the Security Center did not recognise that the program Nortons was on and running.... sheesh...

I ran Hijack This and got the following log.

Thanks for any help that you can give me.

Pizza53

Just noticed the following in the log...

O17 - HKLM\System\CCS\Services\Tcpip\..\{18483498-4575-4C26-A6A1-BBA73B54A840}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{3482D08E-2DA5-4264-B691-5C40CE4F7A77}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.43 85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\..\{18483498-4575-4C26-A6A1-BBA73B54A840}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.43 85.255.112.165

Same as what was seen in the log of Boardwalker...

Is there anything else that could cause the other probem, or should I reset the registry back from what spybot had removed....