Jump to content

VyeBrante

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Great, thank you so much! I'm trying out a different browser with an ad blocker to hopefully prevent this from happening again. Three times was three too many. Thanks again for all the help and keep up the great work!
  2. Came back clean this time. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6448 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/26/2011 2:12:30 PM mbam-log-2011-04-26 (14-12-30).txt Scan type: Full scan (C:\|) Objects scanned: 287704 Time elapsed: 1 hour(s), 42 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. I hope I don't jump the gun with this, but I noticed in other people's threads that after Combofix logs came MalwareBytes. So I ran the scan and here is the log from it. Sorry if you weren't ready for that yet. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6444 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/25/2011 10:45:51 PM mbam-log-2011-04-25 (22-45-51).txt Scan type: Full scan (C:\|) Objects scanned: 287382 Time elapsed: 1 hour(s), 18 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Hillaree B\Local Settings\Application Data\caj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Hillaree B\Local Settings\Application Data\caj.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\hillaree b\application data\Sun\Java\deployment\cache\6.0\19\fc45753-5c338d05 (Spyware.Agent) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\documents and settings\hillaree b\local settings\application data\caj.exe.vir (Spyware.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1\A0000129.exe (Spyware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\50px1.dll (Spyware.Agent) -> Quarantined and deleted successfully.
  4. ComboFix 11-04-25.02 - Hillaree B 04/25/2011 18:32:47.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1429 [GMT -6:00] Running from: c:\documents and settings\Hillaree B\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Hillaree B\Local Settings\Application Data\caj.exe c:\documents and settings\Hillaree B\WINDOWS c:\windows\system32\drivers\etc\lmhosts . . ((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 ))))))))))))))))))))))))))))))) . . 2011-04-24 18:51 . 2011-04-24 18:51 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2011-04-24 18:51 . 2011-04-24 18:51 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2011-04-24 18:51 . 2011-04-24 18:51 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2011-04-24 18:51 . 2011-04-24 18:51 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2011-04-24 18:51 . 2011-04-24 18:51 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2011-04-24 18:51 . 2011-04-24 18:51 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2011-04-24 18:51 . 2011-04-24 18:51 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2011-04-24 18:51 . 2011-04-24 18:51 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2011-04-24 18:50 . 2011-04-24 18:50 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2011-04-24 18:50 . 2011-04-24 18:50 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2011-04-24 18:50 . 2011-04-24 18:50 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2011-04-24 18:50 . 2011-04-24 18:50 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2011-04-24 18:50 . 2011-04-24 18:50 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2011-04-24 18:50 . 2011-04-24 18:50 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2011-04-24 18:50 . 2011-04-24 18:50 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2011-04-24 18:50 . 2011-04-24 18:50 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2011-04-24 18:50 . 2011-04-24 18:50 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2011-04-24 06:56 . 2011-04-24 06:56 192512 --sha-w- c:\windows\system32\50px1.dll 2011-04-23 09:30 . 2011-04-23 09:30 -------- d-----w- c:\documents and settings\Hillaree B\Local Settings\Application Data\Mozilla 2011-04-20 04:44 . 2011-04-20 04:44 -------- d-----w- c:\program files\iPod 2011-04-20 04:44 . 2011-04-20 04:45 -------- d-----w- c:\program files\iTunes 2011-04-20 04:42 . 2011-04-20 04:42 -------- d-----w- c:\program files\Apple Software Update 2011-04-20 04:42 . 2011-04-20 04:42 -------- d-----w- c:\program files\Bonjour 2011-04-15 04:48 . 2011-04-15 04:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2011-04-06 22:20 . 2011-04-06 22:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 22:20 . 2011-04-06 22:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-04-04 04:19 . 2011-04-04 04:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-04 02:31 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-04 02:31 . 2011-04-04 02:41 -------- d-----w- c:\program files\com 2011-04-04 02:31 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-04 01:44 . 2011-04-04 02:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-04-04 00:21 . 2011-04-04 00:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-04-03 20:39 . 2011-04-03 20:39 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-04-03 20:38 . 2011-04-03 20:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-04-03 20:37 . 2011-04-03 20:37 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-07 05:33 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2004-08-10 17:51 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2004-08-10 17:51 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec 2011-02-18 23:36 . 2010-11-30 04:49 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-18 23:36 . 2010-11-30 04:49 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-17 13:18 . 2004-08-10 17:51 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-08-10 17:51 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2009-04-15 06:29 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2004-08-10 17:50 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-11 13:25 . 2004-08-10 18:01 229888 ----a-w- c:\windows\system32\fxscover.exe 2011-02-09 13:53 . 2004-08-10 17:51 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-10 17:51 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2004-08-10 17:51 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 07:58 . 2004-08-10 18:01 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-10 18:01 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-03-18 17:53 . 2011-04-23 09:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-10-14 04:28 . 2011-04-24 09:19 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-23 2423752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-19 167936] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-12-10 1228800] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-11 2183168] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-07 184320] "eezPixTray"="c:\program files\AnvSoft Photo Manager\eezPix.exe" [2008-07-02 1541632] "WTClient"="WTClient.exe" [2007-04-11 40960] "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-19 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-19 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-19 137752] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] . c:\documents and settings\Hillaree B\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-05 07:33 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/25/2010 11:20 PM 691696] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/14/2010 10:34 PM 84072] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/13/2009 12:03 AM 210216] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/14/2010 10:34 PM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [7/14/2010 10:34 PM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [7/14/2010 10:34 PM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [7/14/2010 10:34 PM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/14/2010 10:34 PM 55840] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/13/2008 5:18 AM 105984] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/14/2010 10:34 PM 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/14/2010 10:34 PM 88544] R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [11/17/2010 6:36 PM 21744] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/14/2010 10:34 PM 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/14/2010 10:34 PM 84264] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MFEAPFK01 *NewlyCreated* - PCDSRVC{E9D79540-57D5953E-06020101}_0 *Deregistered* - mfeapfk01 *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50] . 2011-04-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13] . 2011-04-26 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080513 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab FF - ProfilePath - c:\documents and settings\Hillaree B\Application Data\Mozilla\Firefox\Profiles\a1n7k48l.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-25 18:39 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3788481623-1086940715-1039912556-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{207B00C4-7220-3D47-4D77-E55AFFFDF23D}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "hajnfnampjhpceln"=hex:66,61,6a,6e,64,6c,6f,64,61,6d,61,61,00,50 "hajnfnamfjdpoege"=hex:64,63,6c,61,68,64,6d,6d,67,6e,6a,62,68,66,62,70,63,6b, 68,61,6b,64,62,68,70,6e,64,64,6d,6d,62,70,6e,6b,61,6c,6f,70,6e,6c,61,6f,63,\ "iajnfnamfkkpafggfe"=hex:63,61,67,68,6a,6d,00,6d "nappdchbifgbmnkhmoocigecbjnk"=hex:69,61,70,6b,61,6f,66,6d,69,70,6f,6f,6c,62, 65,62,6c,62,00,61 "mabbkmgiojglfpafkbniphedkk"=hex:69,61,70,6b,61,6f,66,6d,69,70,6f,6f,6c,62,65, 62,6c,62,00,00 "ialnmkkifccheheila"=hex:62,61,66,68,00,6f . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1088) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\System32\BCMLogon.dll c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll c:\windows\system32\igfxdev.dll . Completion time: 2011-04-25 18:41:47 ComboFix-quarantined-files.txt 2011-04-26 00:41 . Pre-Run: 61,812,899,840 bytes free Post-Run: 61,756,624,896 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 0D479961BEE43C044B4D5DC9292CCAC4 There is that log. Now that that has run, I can get on the Internet again and the security message doesn't come up anymore. I can get into MalwareBytes again and it is running an update right now. Only thing wrong I can see right now is that it doesn't recognize that Windows Automatic updates are on, as has happened before and I can fix. I just have to run back to work for now but so far so good.
  5. Here you go: . DDS (Ver_11-03-05.01) - NTFSx86 Run by Hillaree B at 11:54:09.93 on Mon 04/25/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1536 [GMT -6:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\STacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\Drivers\WTSRV.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\DellTPad\Apoint.exe C:\Documents and Settings\Hillaree B\Local Settings\Application Data\caj.exe C:\WINDOWS\system32\WTClient.exe C:\Program Files\AnvSoft Photo Manager\eezPix.exe C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DellTPad\HidFind.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Hillaree B\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080513 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110424031927.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [eezPixTray] c:\program files\anvsoft photo manager\eezPix.exe FT 0 mRun: [WTClient] WTClient.exe mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe" mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\hillar~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\hillar~1\applic~1\mozilla\firefox\profiles\a1n7k48l.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-7-14 386840] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-7-14 84072] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67656] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-13 210216] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-14 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-14 271480] R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-14 271480] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-14 171168] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-14 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-14 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-14 55840] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-5-13 105984] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-5 152960] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-14 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-7-14 88544] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-5 52104] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-7-14 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-14 84264] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-5 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-5 40552] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872] . =============== Created Last 30 ================ . 2011-04-24 09:19:27 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll 2011-04-24 06:56:42 524288 --sha-w- c:\docume~1\hillar~1\locals~1\applic~1\caj.exe 2011-04-24 06:56:42 192512 --sha-w- c:\windows\system32\50px1.dll 2011-04-20 04:44:42 -------- d-----w- c:\program files\iPod 2011-04-20 04:44:38 -------- d-----w- c:\program files\iTunes 2011-04-20 04:42:04 -------- d-----w- c:\program files\Bonjour 2011-04-06 22:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 22:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-04-04 04:19:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-04 02:31:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-04 02:31:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-04 02:31:39 -------- d-----w- c:\program files\com . ==================== Find3M ==================== . 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec 2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe . ============= FINISH: 11:54:27.26 ===============
  6. Symptoms of the laptop right now, in case you need to know, are that it can't get on the Internet. MalwareBytes was already installed, but it won't run. McAfee and SUPERAnti Spyware still open but don't clear it off. It also runs on Windows XP. Not sure what else I should tell you, but I will wait for instruction this time to make sure it's done right.
  7. Awesome. Got it uninstalled now. So can we work on the laptop next then?
  8. Before, it was just my desktop, and yes, it is running fine after the Combofix. Then my laptop got infected as well. I haven't done anything with it yet as I would like to do it right this time and have someone guide me. So it's two computers now, but it was just one to begin with. All the logs have been from the desktop.
  9. Well, never mind. Whether or not my laptop WAS okay doesn't matter now as the XP Security Virus popped up on me again. Thank you again, Deviant Art. And I was even trying out a different browser to see if it was more secure. Apparently not. So now my laptop's got it too. MalwareBytes is disabled, but SUPERAnti Spyware can still run.
  10. There you go. This has also got me wondering, after MalwareBytes cleared the thing from my laptop, I didn't take any additional steps. I cleaned it up following solutions I found online without anyone guiding me through it. I haven't had any trouble with it, but should I maybe be concerned about it still? This log is from the desktop though.
  11. ComboFix 11-04-23.01 - Owner 04/23/2011 23:44:44.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1438 [GMT -7:00] Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\Owner\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll c:\documents and settings\All Users\Application Data\Tarma Installer c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico c:\documents and settings\Owner\Local Settings\Temp\1.tmp\F_IN_BOX.dll c:\program files\Search Toolbar c:\program files\Search Toolbar\icon.ico c:\program files\Search Toolbar\SearchToolbarUninstall.exe c:\program files\Search Toolbar\SearchToolbarUpdater.exe c:\windows\system32\drivers\etc\lmhosts c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2011-03-24 to 2011-04-24 ))))))))))))))))))))))))))))))) . . 2011-04-23 09:17 . 2011-04-18 10:23 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-04-23 06:56 . 2011-04-23 06:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software 2011-04-23 06:55 . 2011-04-23 06:55 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{AA5544E4-9BBC-419B-9204-40B5924D26AA} 2011-04-23 05:48 . 2011-04-23 07:00 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-04-16 18:22 . 2011-04-16 18:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer 2011-04-16 05:34 . 2011-04-16 05:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Vara Software 2011-04-16 05:34 . 2011-04-16 18:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Wirecast 2011-04-16 05:34 . 2011-04-16 05:34 -------- d-----w- c:\program files\Common Files\eSellerate 2011-04-16 05:34 . 2011-04-16 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Telestream 2011-04-16 05:33 . 2011-04-16 05:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ManyCam 2011-04-16 05:33 . 2011-04-16 05:33 -------- d-----w- c:\documents and settings\Owner\Application Data\ManyCam 2011-04-16 05:33 . 2011-04-16 05:33 -------- d-----w- c:\program files\ManyCam 2011-04-16 05:24 . 2011-04-16 05:42 -------- d-----w- c:\documents and settings\Owner\Application Data\BitZipper 2011-04-16 05:14 . 2011-04-16 05:14 -------- d-----w- c:\program files\Ustream 2011-04-15 10:09 . 2011-04-15 10:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\CrashRpt 2011-04-15 06:20 . 2011-04-16 05:50 -------- d-----w- c:\program files\Livestream Procaster 2011-04-14 10:39 . 2011-04-14 10:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2011-04-13 21:13 . 2011-04-14 00:49 -------- d-----w- c:\program files\CamStudio . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-19 00:00 . 2009-10-13 11:46 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-03-07 05:33 . 2009-10-13 10:01 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2004-08-04 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-08-04 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2010-02-19 20:59 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2004-08-04 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2004-08-04 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 07:58 . 2009-10-13 09:59 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2009-10-13 09:59 677888 ----a-w- c:\windows\system32\mstsc.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-19 2012912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-20 136544] "QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2010-01-16 206120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "WTClient"="WTClient.exe" [2007-04-11 40960] "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-29 1485208] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/13/2009 4:46 AM 64512] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/19/2010 1:48 PM 84072] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/18/2011 5:00 PM 2146496] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/19/2010 1:48 PM 271480] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/19/2010 1:48 PM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/19/2010 1:48 PM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [2/19/2010 1:48 PM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [2/19/2010 1:48 PM 141792] R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728] R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\Qwest\Quickcare\bin\sprtsvc.exe [4/8/2010 4:52 PM 206120] R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\Qwest\Quickcare\bin\tgsrvc.exe [4/8/2010 4:52 PM 185640] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/19/2010 1:48 PM 55840] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/19/2010 1:48 PM 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/19/2010 1:48 PM 88544] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872] S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [3/8/2011 1:32 PM 29184] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [4/18/2011 5:00 PM 15232] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/19/2010 1:48 PM 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/19/2010 1:48 PM 84264] S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [8/23/2010 3:12 PM 1521544] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2011-04-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-19 16:22] . 2011-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-515967899-839522115-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-04 20:29] . 2011-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-515967899-839522115-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-04 20:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ . - - - - ORPHANS REMOVED - - - - . BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Client\YontooIEClient.dll HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe HKLM-Run-RegWork - c:\program files\RegWork\RegWork.exe AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-23 23:55 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1008) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(148) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\WTClient.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\System32\Drivers\WTSRV.EXE c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\rundll32.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Completion time: 2011-04-23 23:58:58 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-24 06:58 . Pre-Run: 686,822,072,320 bytes free Post-Run: 688,379,822,080 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - C5E1886B408D2277E78D805A4D6257BA
  12. I only followed the steps I stated, I didn't do anything else, if that helps. Here is that log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6424 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/23/2011 5:04:51 AM mbam-log-2011-04-23 (05-04-51).txt Scan type: Full scan (C:\|) Objects scanned: 232972 Time elapsed: 49 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03} (Spyware.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{750FDF0E-2A26-11D1-A3EA-080036587F03} (Spyware.Agent) -> Value: {750FDF0E-2A26-11D1-A3EA-080036587F03} -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Owner\Local Settings\Application Data\dsl.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\Owner\application data\Sun\Java\deployment\cache\6.0\15\d513e4f-2174a81c (Spyware.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{8212b3eb-7785-4e05-95c4-86380c9679a7}\RP194\A0018910.exe (Spyware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\32l5o.dll (Spyware.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Owner\local settings\Temp\0.8613030112329321.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
  13. Not 100% sure, but I think it was from an ad on Deviant Art. It's happened to me before. A status update: The scan completed and cleared 10 threats, one marked as a hijacker. The pop up "virus scanner" is gone now. As what happened with my laptop, it turned off Windows Automatic Updates and the system wouldn't recognize that they could be turned on. This time though, I took down what error and solution it gave me, in the off chance it'll help someone else. When I'd check for an update manually, it gave me an [Error number: 0x80070424]. I put that in a search on the Microsoft site and it took me to http://support.microsoft.com/kb/971058 . I did the automatic Fix It tool thing and it ran for a minute, and then restarted my computer. Now everything seems to be okay, from what I can tell. So in case anyone else has that problem with the updates not being on, that's where to go. So I hope I'm okay now? Sorry if this takes up a tech's time, but I was a bit confused. Seems my computer decided to take care of itself. But if anyone has any other suggestions, I will do that too.
  14. The only real anti-virus program I have is McAfee. I also have MalwareBytes and SUPERAnti Spyware, but those are scanners. Different, from what I understand.
  15. Um, sorry to post yet again but I don't see an edit button. Figured I'd also mention I noticed while fixing the .exe issue that searches aren't working so seems there's a hijacker in there. I'm not sure if that's an issue with the XP Security virus or something separate.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.