TechSpot

logs for inspection

By tomrca
Jun 2, 2007
  1. logs for inspection
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Your logs are clean. However, I'm just concerned about your Lexmark printer. It created a folder Lx_cats in your C:\ directory, and I found several sites in google warning of spyware added by Lexmark, with that folder being a telltale sign.

    Here's a link for more information. Link.


    Regards,
    Your friendly momok =)

    This thread is for the use of tomrca only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. tomrca

    tomrca TS Rookie Topic Starter Posts: 1,000

    as will see, i have just removed "Backdoor.Hupigon.dtj" this was seated in "O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe (file missing).
    i forget at the moment, but do i need to go into safe mode to complete this fix.
    thanks, i do know about the lex printerbut i am not over bothered about that. as you know thats not a great problem really.
     
  4. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I sort of missed that one out! Sorry about that..
    By the way, there's no need to enter safe mode for that since the original file has been removed.

    Just go to start > run > services.msc

    Search for COM+ System Application Manage and disable the service from starting if you see it.

    Then go to regedit and search for COM+ System Manager and delete the entry associated with it. Your system should be clean then.

    I would also suggest clearing your AVG Antispyware quarantine folder, and then turning off and on system restore to set a new clean point for your system.


    Regards,
    Your friendly momok =)

    This thread is for the use of tomrca only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    COM+ System Application Manage (COM+ System Manager)<Disable the service name and/or the name in brackets.

    Close the services window.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    Dllhost.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Common Files\System\Dllhost.exe

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of tomrca only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. tomrca

    tomrca TS Rookie Topic Starter Posts: 1,000

    hi howard & momok.

    none of the files existed. the only trace found was in services and regedit.
    after deleting the file path in registry, it left "COM+system manager Acapella Ltd.(no file)". it wouldn't allow anymore deletions. although there was the COM+system manager in the pane on the left, i did not attempt to delete it. after saying this, as there is no processes supported by COM+system manager, is this services deletable? if so how?
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of tomrca only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. tomrca

    tomrca TS Rookie Topic Starter Posts: 1,000

    attatched is the log. i have started the service O23 - Service: COM+ System Manager - Accapella Ltd. - (no file) for the purpose of viewing it in the log
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Lol, you should stop that service again as it`s nasty.

    Have HJT fix the following.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    O23 - Service: COM+ System Manager - Accapella Ltd. - (no file)<Notice the Dllhost.exe file is no longer there.

    Other than the above, your HJT log is clean.

    Just stop the service again and you should be good to go.

    Regards Howard :)

    This thread is for the use of tomrca only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. tomrca

    tomrca TS Rookie Topic Starter Posts: 1,000

    well howard, it was my own fault getting that bug. i failed to follow my own rules about scanning anything new. i was given a programme on a CD (home made) and never scanned it for bugs. there you go, proof of the pudding! lolol:unch: :blush:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...