emangrvn Posted September 5, 2011 ID:473087 Share Posted September 5, 2011 Hi,First off, I really appreciate the help..My computer is a Windows XP Professional, SP2, that currently keeps rebooting when the logon screen comes up. I am able to start in safe mode, (safe mode with networking restarts as well). All scans were done in safe mode.I do see a process running, that I suspect is the cause of the problems. It shows up in the process list as 735770191:2953389524.exe.I am able to install MalwareBytes program. I am able to run the program too, but when I run a scan, the virus terminates the program. When I try to scan with GMER Rootkit Scanner, the virus also terminates the scan (I am not able to post the ark.txt because of this).Please let me know if any additional information is required...Thank you!Sorry, the results of the DDS.txt are below:.DDS (Ver_2011-08-26.01) - NTFSx86 MINIMALInternet Explorer: 7.0.5730.13Run by ~parental units at 12:51:14 on 2011-09-05Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1799 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* .============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\735770191:2953389524.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\WINDOWS\Explorer.EXEc:\PROGRA~1\mcafee.com\agent\mcagent.exe.============== Pseudo HJT Report ===============.uInternet Settings,ProxyOverride = *.localuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110718213032.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [steam] "c:\program files\steam\steam.exe" -silentuRun: [TaskTray] c:\program files\creative\sbaudigy\taskbar\CTLTray.exeuRun: [Taskbar] c:\program files\creative\sbaudigy\taskbar\CTLTask.exemRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"mRun: [updReg] c:\windows\Updreg.exemRun: [CTStartup] c:\program files\creative\splash screen\CTEaxSpl.EXE /runmRun: [Jet Detection] c:\program files\creative\sbaudigy\program\ADGJDet.exemRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kmRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1310934529962DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabTCP: DhcpNameServer = 68.87.72.134 68.87.77.134TCP: Interfaces\{1B9A0AA3-E7B2-4F96-9762-33657DE3EB21} : DhcpNameServer = 68.87.72.134 68.87.77.134Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllNotify: AtiExtEvent - Ati2evxx.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\~parental units\application data\mozilla\firefox\profiles\mux0x7j1.default\FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll.============= SERVICES / DRIVERS ===============.S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 387480]S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-7-17 84200]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-17 271480]S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-17 271480]S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-17 271480]S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-17 271480]S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-17 171168]S2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-17 188136]S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-17 141792]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-7-17 56064]S3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [2011-7-20 1758336]S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-7-17 198904]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-7-17 153280]S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-7-17 52320]S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-7-17 314088]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-7-17 88736]S3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-7-17 88736]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-7-17 84488]S4 McOobeSv;McAfee OOBE Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-17 271480].=============== Created Last 30 ================.2011-09-05 01:37:38 -------- d-----w- c:\documents and settings\~parental units\application data\Malwarebytes2011-09-05 01:37:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-09-05 01:37:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-09-05 01:37:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-09-05 01:37:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-09-04 23:37:05 -------- d-----w- c:\windows\system32\wbem\repository\FS2011-09-04 23:37:05 -------- d-----w- c:\windows\system32\wbem\Repository2011-09-04 20:35:07 -------- d-----w- c:\windows\Cache2011-09-04 20:31:10 -------- d-----w- c:\program files\proDAD2011-09-04 20:24:02 -------- d-----w- c:\program files\AdorageI-SAL2011-09-04 20:24:02 -------- d-----w- c:\program files\AdorageI-GfxDatas2011-09-04 19:57:52 -------- d-----w- c:\program files\Pinnacle2011-08-18 00:41:17 -------- d-----w- c:\windows\system32\LogFiles2011-08-13 14:56:16 45568 ----a-w- c:\windows\UniFish3.exe2011-08-13 14:55:10 -------- d-----w- c:\program files\Hasbro Interactive2011-08-13 14:48:41 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2011-08-13 14:48:41 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll2011-08-13 14:48:41 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll2011-08-13 14:48:41 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe2011-08-13 14:48:40 63488 -c----w- c:\windows\system32\dllcache\icardie.dll2011-08-13 14:48:40 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll2011-08-13 14:48:40 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll2011-08-13 14:48:40 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat2011-08-13 14:44:12 -------- d-----w- c:\windows\network diagnostic2011-08-13 14:43:33 33792 -c--a-w- c:\windows\system32\dllcache\custsat.dll2011-08-10 03:38:59 -------- d-----w- c:\documents and settings\~parental units\application data\Apple Computer2011-08-10 03:38:49 107368 ----a-w- c:\windows\system32\GEARAspi.dll2011-08-10 03:38:48 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2011-08-10 03:37:36 -------- d-----w- c:\program files\iPod2011-08-10 03:37:33 -------- d-----w- c:\program files\iTunes2011-08-10 03:37:33 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2011-08-10 03:37:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll2011-08-10 03:37:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll2011-08-10 03:37:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2011-08-10 03:37:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2011-08-10 03:37:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2011-08-10 03:37:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2011-08-10 03:37:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll2011-08-10 03:35:59 -------- d-----w- c:\documents and settings\~parental units\local settings\application data\Apple2011-08-10 03:34:57 -------- d-----w- c:\program files\Bonjour2011-08-10 03:34:22 -------- d-----w- c:\documents and settings\~parental units\local settings\application data\Apple Computer.==================== Find3M ====================.2011-09-04 22:09:54 94208 ----a-w- c:\windows\DUMP5d52.tmp2011-09-04 22:09:04 94208 ----a-w- c:\windows\DUMP5f85.tmp2011-09-04 21:57:11 94208 ----a-w- c:\windows\DUMP6c66.tmp2011-07-22 00:21:55 0 ----a-w- c:\windows\ativpsrm.bin2011-07-21 00:21:16 43 ----a-w- c:\windows\DOSSTART.BAT2011-07-18 23:22:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-07-18 18:28:21 201728 ----a-w- c:\windows\system32\HarryPotter7Screensaver.scr2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll.============= FINISH: 12:51:23.71 ===============dds.txtattach.txt Link to post Share on other sites More sharing options...
Staff screen317 Posted September 7, 2011 Staff ID:473742 Share Posted September 7, 2011 Hello and welcome to Malwarebytes.Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
emangrvn Posted September 8, 2011 Author ID:473935 Share Posted September 8, 2011 Thanks screen317...During the ComboFix scan, it reported my PC had the Rootkit.ZeroAccess virus. The ComboFix scan looked like it stopped working. I rebooted the PC after about five hours and ran it again in safe mode with networking. It looks like the PC is clean now, it boots up in regular mode. Please let me know if you think any additional action is required...Below are the results of the ComboFix and DDS.ComboFix 11-09-07.04 - ~parental units 09/07/2011 22:30:43.1.1 - x86 NETWORKMicrosoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1771 [GMT -5:00]Running from: c:\documents and settings\~parental units\Desktop\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\~parental units\WINDOWSc:\program files\messenger\msmsgsin.exec:\windows\system32\mfc100deu.dll.Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys ..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_4ff6da2b..((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))..2011-09-07 23:40 . 2004-09-29 00:22 800256 ----a-w- c:\windows\system32\drivers\ati2mtag.sys2011-09-05 17:24 . 2011-09-05 17:24 -------- d-----w- c:\documents and settings\fixit2011-09-05 17:13 . 2011-09-05 17:13 -------- d-----w- c:\documents and settings\Administrator2011-09-05 01:37 . 2011-09-05 01:37 -------- d-----w- c:\documents and settings\~parental units\Application Data\Malwarebytes2011-09-05 01:37 . 2011-09-05 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-09-05 01:37 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-09-05 01:37 . 2011-09-05 17:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-09-05 01:37 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-09-04 23:37 . 2011-09-04 23:37 -------- d-----w- c:\windows\system32\wbem\Repository2011-09-04 20:35 . 2011-09-04 20:35 -------- d-----w- c:\windows\Cache2011-09-04 20:31 . 2011-09-04 20:31 -------- d-----w- c:\program files\proDAD2011-09-04 20:24 . 2011-09-04 23:17 -------- d-----w- c:\program files\AdorageI-SAL2011-09-04 20:24 . 2011-09-04 23:17 -------- d-----w- c:\program files\AdorageI-GfxDatas2011-09-04 20:01 . 2004-03-10 21:26 26624 ----a-w- c:\windows\system32\PSDrvCheck.KOR2011-09-04 20:01 . 2004-03-10 21:26 26624 ----a-w- c:\windows\system32\PSDrvCheck.JP2011-09-04 20:01 . 2004-03-10 21:26 16896 ----a-w- c:\windows\system32\PSDrvCheck.NL2011-09-04 20:01 . 2004-03-10 21:26 26624 ----a-w- c:\windows\system32\PSDrvCheck.IT2011-09-04 20:01 . 2004-03-10 21:26 26624 ----a-w- c:\windows\system32\PSDrvCheck.FR2011-09-04 20:01 . 2004-03-10 21:26 26624 ----a-w- c:\windows\system32\PSDrvCheck.ES2011-09-04 20:01 . 2004-03-10 21:26 26624 ----a-w- c:\windows\system32\PSDrvCheck.DE2011-09-04 20:01 . 2004-03-10 21:26 26112 ----a-w- c:\windows\system32\PSDrvCheck.CHT2011-09-04 20:01 . 2004-03-10 21:26 26112 ----a-w- c:\windows\system32\PSDrvCheck.CHS2011-09-04 19:57 . 2011-09-04 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle2011-09-04 19:57 . 2011-09-04 23:18 -------- d-----w- c:\program files\Pinnacle2011-08-18 00:41 . 2011-08-18 00:41 -------- d-----w- c:\windows\system32\LogFiles2011-08-13 14:56 . 1999-05-29 08:08 45568 ----a-w- c:\windows\UniFish3.exe2011-08-13 14:55 . 2011-08-13 14:55 -------- d-----w- c:\program files\Hasbro Interactive2011-08-13 14:48 . 2010-05-04 17:20 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2011-08-13 14:48 . 2010-05-04 17:20 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll2011-08-13 14:48 . 2010-05-04 17:20 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll2011-08-13 14:48 . 2010-04-16 13:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe2011-08-13 14:48 . 2010-05-04 17:20 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll2011-08-13 14:48 . 2010-05-04 17:20 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll2011-08-13 14:48 . 2010-05-04 17:20 63488 -c----w- c:\windows\system32\dllcache\icardie.dll2011-08-13 14:48 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat2011-08-13 14:43 . 2007-08-13 23:54 33792 -c--a-w- c:\windows\system32\dllcache\custsat.dll2011-08-13 14:40 . 2011-08-21 18:53 -------- d-----w- c:\documents and settings\Andcar\Application Data\Apple Computer2011-08-13 14:40 . 2011-08-13 14:40 -------- d-----w- c:\documents and settings\Andcar\Local Settings\Application Data\Apple Computer2011-08-10 03:38 . 2011-08-10 03:39 -------- d-----w- c:\documents and settings\~parental units\Application Data\Apple Computer2011-08-10 03:38 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll2011-08-10 03:38 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2011-08-10 03:37 . 2011-08-10 03:37 -------- d-----w- c:\program files\iPod2011-08-10 03:37 . 2011-08-10 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2011-08-10 03:37 . 2011-08-10 03:38 -------- d-----w- c:\program files\iTunes2011-08-10 03:37 . 2011-08-10 03:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll2011-08-10 03:34 . 2011-08-10 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple2011-08-10 03:34 . 2011-08-10 03:38 -------- d-----w- c:\documents and settings\~parental units\Local Settings\Application Data\Apple Computer...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-09-04 22:09 . 2011-07-17 14:25 94208 ----a-w- c:\windows\DUMP5d52.tmp2011-09-04 22:09 . 2011-07-17 14:25 94208 ----a-w- c:\windows\DUMP5f85.tmp2011-09-04 21:57 . 2011-07-17 14:25 94208 ----a-w- c:\windows\DUMP6c66.tmp2011-07-21 00:21 . 2011-07-21 00:21 43 ----a-w- c:\windows\DOSSTART.BAT2011-07-18 23:22 . 2011-07-18 18:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-07-18 18:28 . 2011-07-18 18:28 201728 ----a-w- c:\windows\system32\HarryPotter7Screensaver.scr2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll2011-07-08 07:16 . 2011-07-17 22:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll2011-04-14 19:01 . 2011-07-19 02:30 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files\Steam\steam.exe" [2011-08-01 1242448]"TaskTray"="c:\program files\Creative\SBAudigy\Taskbar\CTLTray.exe" [2001-06-29 163840]"Taskbar"="c:\program files\Creative\SBAudigy\Taskbar\CTLTask.exe" [2001-09-20 122880].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]"UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112]"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-09-15 28672]"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736].c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"="c:\\Program Files\\Steam\\Steam.exe"="c:\\Program Files\\Steam\\steamapps\\common\\the sims 3\\Game\\Bin\\Sims3Launcher.exe"="c:\\Program Files\\Steam\\steamapps\\common\\the sims 3\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"="c:\\Program Files\\Steam\\steamapps\\common\\titan quest\\Titan Quest.exe"="c:\\Program Files\\Steam\\steamapps\\common\\titan quest\\help.htm"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"=.R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/17/2011 4:19 PM 84200]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/17/2011 4:19 PM 271480]R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/17/2011 4:19 PM 271480]R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/17/2011 4:19 PM 271480]R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/17/2011 4:19 PM 188136]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [7/17/2011 4:18 PM 141792]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/17/2011 4:19 PM 56064]R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [7/20/2011 7:34 PM 1758336]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/17/2011 4:19 PM 314088]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/17/2011 4:19 PM 88736]S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [7/17/2011 4:20 PM 198904]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/17/2011 4:19 PM 88736]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/17/2011 4:19 PM 84488]S4 McOobeSv;McAfee OOBE Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/17/2011 4:19 PM 271480].--- Other Services/Drivers In Memory ---.*Deregistered* - mfeavfk01.Contents of the 'Scheduled Tasks' folder.2011-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 68.87.72.134 68.87.77.134FF - ProfilePath - c:\documents and settings\~parental units\Application Data\Mozilla\Firefox\Profiles\mux0x7j1.default\..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-09-07 22:49Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&2????wd??w????????\???\??????????????w-??w\???\????????ka??????C@?\???\??????s????\??????s\????&2?A??s?&2??C@?x???`|?w\?????@ .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfehidk01]..--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1020)c:\windows\system32\Ati2evxx.dll.- - - - - - - > 'explorer.exe'(2032)c:\windows\system32\WININET.dllc:\progra~1\mcafee\SITEAD~1\saHook.dllc:\windows\system32\ieframe.dll.------------------------ Other Running Processes ------------------------.c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\progra~1\mcafee\msc\mcupdmgr.exec:\progra~1\mcafee.com\agent\mcagent.exec:\windows\system32\rundll32.exec:\windows\system32\wscntfy.exec:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exec:\program files\iPod\bin\iPodService.exec:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exec:\docume~1\ALLUSE~1\APPLIC~1\McAfee\MSC\Updates\Installs\1\msc\mcinst.exec:\program files\Common Files\McAfee\VSCore\mfehidin.exec:\program files\Common Files\McAfee\SystemCore\mcshield.exe.**************************************************************************.Completion time: 2011-09-07 22:52:59 - machine was rebootedComboFix-quarantined-files.txt 2011-09-08 03:52.Pre-Run: 100,445,929,472 bytes freePost-Run: 100,776,206,336 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn.- - End Of File - - B12A7943B8860623CE93F4D492662ED2DDS.txt.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13Run by ~parental units at 1:17:02 on 2011-09-08Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1623 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* .============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilterc:\PROGRA~1\mcafee\msc\mcupdmgr.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Steam\steam.exeC:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exeC:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exeC:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\mfevtps.exeC:\WINDOWS\explorer.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe.============== Pseudo HJT Report ===============.uInternet Settings,ProxyOverride = *.localuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110907225321.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [steam] "c:\program files\steam\steam.exe" -silentuRun: [TaskTray] c:\program files\creative\sbaudigy\taskbar\CTLTray.exeuRun: [Taskbar] c:\program files\creative\sbaudigy\taskbar\CTLTask.exemRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"mRun: [updReg] c:\windows\Updreg.exemRun: [CTStartup] c:\program files\creative\splash screen\CTEaxSpl.EXE /runmRun: [Jet Detection] c:\program files\creative\sbaudigy\program\ADGJDet.exemRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1310934529962DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabFilter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllNotify: AtiExtEvent - Ati2evxx.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\~parental units\application data\mozilla\firefox\profiles\mux0x7j1.default\.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 459728]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-7-17 89368]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-17 271480]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-17 271480]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-17 271480]R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-17 271480]R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-17 165000]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-17 159832]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-17 148520]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-7-17 57432]R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [2011-7-20 1758336]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-7-17 179248]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-7-17 59288]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-7-17 337912]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-7-17 83688]S2 0312291315454040mcinstcleanup;McAfee Application Installer Cleanup (0312291315454040);c:\windows\temp\031229~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\031229~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-7-17 198904]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-7-17 83688]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-7-17 85984]S4 McOobeSv;McAfee OOBE Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-17 271480].=============== Created Last 30 ================.2011-09-08 03:53:21 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll2011-09-08 03:28:39 -------- d-sha-r- C:\cmdcons2011-09-07 23:40:17 800256 ----a-w- c:\windows\system32\drivers\ati2mtag.sys2011-09-07 23:33:35 98816 ----a-w- c:\windows\sed.exe2011-09-07 23:33:35 518144 ----a-w- c:\windows\SWREG.exe2011-09-07 23:33:35 256000 ----a-w- c:\windows\PEV.exe2011-09-07 23:33:35 208896 ----a-w- c:\windows\MBR.exe2011-09-05 01:37:38 -------- d-----w- c:\documents and settings\~parental units\application data\Malwarebytes2011-09-05 01:37:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-09-05 01:37:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-09-05 01:37:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-09-05 01:37:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-09-04 23:37:05 -------- d-----w- c:\windows\system32\wbem\repository\FS2011-09-04 23:37:05 -------- d-----w- c:\windows\system32\wbem\Repository2011-09-04 20:35:07 -------- d-----w- c:\windows\Cache2011-09-04 20:31:10 -------- d-----w- c:\program files\proDAD2011-09-04 20:24:02 -------- d-----w- c:\program files\AdorageI-SAL2011-09-04 20:24:02 -------- d-----w- c:\program files\AdorageI-GfxDatas2011-09-04 19:57:52 -------- d-----w- c:\program files\Pinnacle2011-08-18 00:41:17 -------- d-----w- c:\windows\system32\LogFiles2011-08-13 14:56:16 45568 ----a-w- c:\windows\UniFish3.exe2011-08-13 14:55:10 -------- d-----w- c:\program files\Hasbro Interactive2011-08-13 14:48:41 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2011-08-13 14:48:41 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll2011-08-13 14:48:41 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll2011-08-13 14:48:41 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe2011-08-13 14:48:40 63488 -c----w- c:\windows\system32\dllcache\icardie.dll2011-08-13 14:48:40 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll2011-08-13 14:48:40 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll2011-08-13 14:48:40 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat2011-08-13 14:44:12 -------- d-----w- c:\windows\network diagnostic2011-08-13 14:43:33 33792 -c--a-w- c:\windows\system32\dllcache\custsat.dll2011-08-10 03:38:59 -------- d-----w- c:\documents and settings\~parental units\application data\Apple Computer2011-08-10 03:38:49 107368 ----a-w- c:\windows\system32\GEARAspi.dll2011-08-10 03:38:48 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2011-08-10 03:37:36 -------- d-----w- c:\program files\iPod2011-08-10 03:37:33 -------- d-----w- c:\program files\iTunes2011-08-10 03:37:33 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2011-08-10 03:37:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll2011-08-10 03:37:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll2011-08-10 03:37:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2011-08-10 03:37:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2011-08-10 03:37:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2011-08-10 03:37:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2011-08-10 03:37:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll2011-08-10 03:35:59 -------- d-----w- c:\documents and settings\~parental units\local settings\application data\Apple2011-08-10 03:34:57 -------- d-----w- c:\program files\Bonjour2011-08-10 03:34:22 -------- d-----w- c:\documents and settings\~parental units\local settings\application data\Apple Computer.==================== Find3M ====================.2011-09-04 22:09:54 94208 ----a-w- c:\windows\DUMP5d52.tmp2011-09-04 22:09:04 94208 ----a-w- c:\windows\DUMP5f85.tmp2011-09-04 21:57:11 94208 ----a-w- c:\windows\DUMP6c66.tmp2011-07-22 00:21:55 0 ----a-w- c:\windows\ativpsrm.bin2011-07-21 00:21:16 43 ----a-w- c:\windows\DOSSTART.BAT2011-07-18 23:22:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-07-18 18:28:21 201728 ----a-w- c:\windows\system32\HarryPotter7Screensaver.scr2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll.============= FINISH: 1:17:36.60 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted September 8, 2011 Staff ID:474186 Share Posted September 8, 2011 Hi, Next, please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me know how things are running now and what issues remain. Link to post Share on other sites More sharing options...
emangrvn Posted September 9, 2011 Author ID:474597 Share Posted September 9, 2011 Hi Screen317,Below are the contents of the files. I was not able to run the ESET program in normal mode (which I can now boot into), so I ran it in Safe Mode with Networking...log.txtESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OKesets_scanner_update returned -1 esets_gle=1esets_scanner_update returned -1 esets_gle=1esets_scanner_update returned -1 esets_gle=1# version=7# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)# OnlineScanner.ocx=1.0.0.6528# api_version=3.0.2# EOSSerial=b59d6f51e5f4ac4ba723b48ed380a976# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-09-09 11:25:13# local_time=2011-09-09 06:25:13 (-0600, Central Daylight Time)# country="United States"# lang=9# osver=5.1.2600 NT Service Pack 2# compatibility_mode=5121 16777190 100 75 0 15989523 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=54589# found=0# cleaned=0# scan_time=1054checkup.txt Results of screen317's Security Check version 0.99.7 Windows XP Service Pack 2 Out of date service pack!! Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 McAfee AntiVirus Plus McAfee Security Scan Plus Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Flash Player 10.3.181.34 Mozilla Firefox (x86 en-US..) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log```````````` Link to post Share on other sites More sharing options...
Staff screen317 Posted September 13, 2011 Staff ID:475557 Share Posted September 13, 2011 Hi,Next, it is absolutely essential that you upgrade to Windows XP Service Pack 3. Service Pack 2, which is what you currently have, has vulnerabilities that leave you wide open for re-infection. To upgrade, please visit Windows Update and download all critical updates.Let me know if the update was successful. Link to post Share on other sites More sharing options...
emangrvn Posted September 15, 2011 Author ID:476229 Share Posted September 15, 2011 The update to Service Pack 3 was successful... Link to post Share on other sites More sharing options...
Staff screen317 Posted September 15, 2011 Staff ID:476234 Share Posted September 15, 2011 Great! Please run SecurityCheck again and post its log. Link to post Share on other sites More sharing options...
emangrvn Posted September 16, 2011 Author ID:476424 Share Posted September 16, 2011 Log file from SecurityCheck... Results of screen317's Security Check version 0.99.7 Windows XP Service Pack 3 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 McAfee AntiVirus Plus McAfee Security Scan Plus Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Flash Player 10.3.183.7 Mozilla Firefox (x86 en-US..) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log```````````` Link to post Share on other sites More sharing options...
Staff screen317 Posted September 17, 2011 Staff ID:476766 Share Posted September 17, 2011 Hi,Update your version of Firefox-- ensure that you are using version 6.Go back to Windows Update and install all available updates, including Internet Explorer 8.After that, reboot.Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):ESET Online Scanner v3 Restart your computer.Let me know what issues remain.-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted October 10, 2011 Staff ID:483970 Share Posted October 10, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 14, 2011 Staff ID:485569 Share Posted October 14, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts