hjt log!

[Osiris]

When you click that link, nothing happens? I just clicked it as was prompted to run or save

 

[Osiris]

Run this online scan

F-Secure Support pages: F-Secure Online Virus Scanner

and post the results

 

[Mega_Mark]

I guess the link doesn't work because I was using Mozilla browser, switch over to IE and ran it. So now at location:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System
theres a "DisableTaskmgr" now and thats it. Should I delete it?

I'm running that scanner now, I'll post it when its done.

 

[Mega_Mark]

Scanning Report
Tuesday, February 24, 2009 08:26:33 - 09:00:50
Computer name: PAL
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 10 malware found
TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Doubleclick (spyware)
System
TrackingCookie.Mediaplex (spyware)
System
TrackingCookie.Revsci (spyware)
System
TrackingCookie.Webtrends (spyware)
System
TrackingCookie.Yieldmanager (spyware)
System
Trojan-Downloader:W32/Small.HBU (virus)
C:\RECYCLER\S-1-5-21-583907252-1767777339-725345543-1003\DC43.EXE (Renamed)
Trojan.BAT.Zapchast (virus)
C:\WINDOWS\ICON_TMP\SETUP.BAT (Renamed)
W32/Horst.gen33 (virus)
C:\PROGRAM FILES\VERSALSOFT\INTERNETDOWNLOAD\INSTALL.DLL
W32/Zlob.CNNZ (virus)
C:\PROGRAM FILES\VERSALSOFT\INTERNETDOWNLOAD\VDTB.DLL

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 34586
System: 4141
Not scanned: 9
Actions:
Disinfected: 0
Renamed: 2
Deleted: 0
None: 8
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\NERO1002626\UNIT_APP_75\TOOLBAR.EXE

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 3.0.0
F-Secure Blacklight: 0.0.0
F-Secure Hydra: 3.6.8511, 2009-02-24
F-Secure Pegasus: 1.20.0, 1969-11-31
F-Secure AVP: 7.0.171, 2009-02-24
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

 

[Mega_Mark]

Works now! Does that mean that the system restore should work as well?

 

[Osiris]

When was it fixed? After the reg entry or after the scan?

Is system restore disabled? If it is, go ahead and create a new restore point which will be clean. If its not disabled then it may be infected so dont use it.

 

[Mega_Mark]

Fixed after the scan.

System restore wasn't disabled, so I'll just leave it be. Hopefully I won't have to use it.
You're my hero, I can't thank you enough!

 

[Osiris]

Alright then, now get outa here

 

[Mega_Mark]

Cheers!