|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,492
OS: N/A
|
The first log is clean
* * * * * *
The 2nd log requires these to be fixed:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Cits] "C:\WINDOWS\system32\FNTS~1\svchost.exe" -vt ndrv
O4 - HKCU\..\Run: [Nisbpvfy] C:\Program Files\Common Files\??sembly\d?xplore.exe
O4 - Startup: PowerReg SchedulerV2.exe
Run CleanUp as the 2nd user
* * * * * *
The 3rd log:
O4 - Startup: PowerReg Scheduler.exe
Delete these files/folders:
C:\Program Files\Common Files\VCClient\
C:\WINDOWS\system32\FNTS~1\
C:\Program Files\Common Files\??sembly\
C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\MSN\db\r1std8-msn-com.11d.eml
Run CleanUp as the 3rd user
* * * * * *
I'll require fresh HJT logs from the first & second user.
__________________
Question - what have you done for the community today?
|