Jump to content

Issues with registry


dannyp
 Share

Recommended Posts

Having some issues with the computer. Here's the log files. Any help would be appreciated.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5544

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/20/2011 6:38:21 PM

mbam-log-2011-01-20 (18-38-21).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 286734

Time elapsed: 21 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

________________________________________________________________________________

__________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:08:55 PM, on 1/20/2011

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe

F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O1 - Hosts:

ark.zip

Attach.zip

Link to post
Share on other sites

Hi,

My internet wasn't working the day before yesterday and has been down, until day, but I keep getting a pop up from malwarebytes that that it successfully blocked access to a potentially dangerous site. Even though the machine isn't in use and I couldn't get on line. Hope this helps.

Link to post
Share on other sites

Here are the two most recent protection logs from Malwarebytes. I am not noticing any more issues with my web connection.

Hope this helps.

62.45.138.133 (Type: outgoing, Port: 49537, Process: skype.exe)

IP-BLOCK 62.45.138.133 (Type: outgoing, Port: 49541, Process: skype.exe)

IP-BLOCK 62.45.138.133 (Type: outgoing, Port: 49542, Process: skype.exe)

IP-BLOCK 62.45.138.133 (Type: outgoing, Port: 50051, Process: skype.exe)

IP-BLOCK 62.45.138.133 (Type: outgoing, Port: 50052, Process: skype.exe)

IP-BLOCK 62.45.138.133 (Type: outgoing, Port: 50053, Process: skype.exe)

IP-BLOCK 62.45.138.133 (Type: outgoing, Port: 50570, Process: skype.exe)

IP-BLOCK 62.45.138.133 (Type: outgoing, Port: 50571, Process: skype.exe)

IP-BLOCK 62.45.138.133 (Type: outgoing, Port: 50572, Process: skype.exe)

IP-BLOCK 62.45.138.133 (Type: outgoing, Port: 51298, Process: skype.exe)

IP-BLOCK 62.45.138.133 (Type: outgoing, Port: 51299, Process: skype.exe)

IP-BLOCK 62.45.138.133 (Type: outgoing, Port: 51300, Process: skype.exe)

IP-BLOCK 62.45.138.133 (Type: outgoing, Port: 51706, Process: skype.exe)

IP-BLOCK 62.45.138.133 (Type: outgoing, Port: 51707, Process: skype.exe)

IP-BLOCK 62.45.138.133 (Type: outgoing, Port: 51708, Process: skype.exe)

________________________________________________________________________

IP-BLOCK 64.62.181.43 (Type: outgoing, Port: 52232, Process: firefox.exe)

IP-BLOCK 64.62.181.43 (Type: outgoing, Port: 52233, Process: firefox.exe)

IP-BLOCK 64.62.181.43 (Type: outgoing, Port: 52234, Process: firefox.exe)

IP-BLOCK 64.62.181.43 (Type: outgoing, Port: 52240, Process: firefox.exe)

IP-BLOCK 64.62.181.43 (Type: outgoing, Port: 52244, Process: firefox.exe)

IP-BLOCK 62.45.2.54 (Type: outgoing, Port: 4703, Process: skype.exe)

IP-BLOCK 62.45.2.54 (Type: outgoing, Port: 4703, Process: skype.exe)

IP-BLOCK 62.45.2.54 (Type: outgoing, Port: 4703, Process: skype.exe)

Link to post
Share on other sites

  • Staff

Hi dannyp,

The first two are just lines in your Host file (default and legitimate). You can check out and modify your Hosts file in detail using HostXpert.

The problem with HijackThis is that it often reports O23 (Windows Services) data incorrectly on 64bit computers. As such, those entries being there are not malicious.

Hope that answers your questions. Do not hesitate to ask if there's anything else I can help with.

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.