Unsolved
This post is more than 5 years old
2 Posts
0
1710
Can´t change internet home page, computer slow down
Hi there,
This is a fist-time post.
Sympthoms: I can't change my internet's home page, it is blocked and my computer is getting slower every minute even though i've got more than 30 GB of empty space and internet gets slower also
Results of HiJackThis log are below. If I have posted this in the wrong forum or in an incorrect manner please let me know as this is new to me.
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 06:49:24 p.m., on 30/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\McAfee\Common Framework\FrameworkService.exe
C:\Archivos de programa\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\McAfee\Common Framework\UdaterUI.exe
C:\Archivos de programa\McAfee\Common Framework\McTray.exe
C:\Archivos de programa\Apoint\Apoint.exe
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Archivos de programa\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Archivos de programa\Apoint\Apntex.exe
C:\Archivos de programa\Telefonica\Speedy\SATConMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\McAfee\VirusScan Enterprise\Mcshield.exe
C:\DOCUME~1\Usuario\CONFIG~1\Temp\service.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?gcht=HC&o=14469&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Archivos de programa\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Archivos de programa\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Archivos de programa\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [Windows Services] service.exe
O4 - HKCU\..\Run: [tspcm] C:\Archivos de programa\Telefonica\Speedy\SATConMon.exe
O4 - HKCU\..\Run: [Windows Update] C:\DOCUME~1\Usuario\CONFIG~1\Temp\service.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://c:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Archivos de programa\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Archivos de programa\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Archivos de programa\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe
--
End of file - 8497 bytes
kevinf80_1d0ac6
1.1K Posts
0
July 31st, 2010 06:00
Hi There,
Currently reviewing your log, will post back shortly...
Kevin
kevinf80_1d0ac6
1.1K Posts
0
July 31st, 2010 06:00
I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
Please proceed as follows :-
Step 1
Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to ALLOW the changes. Instructions available HERE
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
On the Scanner tab:
Back at the main Scanner screen:
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Step 2
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
Combofix
Don`t forget Combofix must be saved to your desktop. <--Very important
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important
Please include the C:\ComboFix.txt in your next reply for further review.
Examples of how to disable realtime protection available at the following link :-
Disable realtime protection
Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.
Step 3
Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
What i`d like to see in your reply :_
Also can you clarify a point for me, You have a Proxy running for IE as seen from your HJT log:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 did you set this up or are you aware of it.
Kevin.
estherpiscore
2 Posts
0
August 2nd, 2010 11:00
Kevin,
what do you mean with: "You have a Proxy running for IE as seen from your HJT log:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 did you set this up or are you aware of "?
I really don't handle the sprecific internet language so I didn't undestand wha you wrote, Sorry for my ignorance.
Here are the logs you requested:
MALAWAREBYTES's log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4373
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
31/07/2010 11:38:28 a.m.
mbam-log-2010-07-31 (11-38-28).txt
Scan type: Quick scan
Objects scanned: 139562
Time elapsed: 30 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows services (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\HomePage (Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\windowsupdate.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usuario\Configuración local\Temp\eraseme_00728.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usuario\Configuración local\Temp\eraseme_03248.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usuario\Configuración local\Temp\eraseme_23338.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usuario\Configuración local\Temp\eraseme_42552.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usuario\Configuración local\Temp\eraseme_45340.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usuario\Configuración local\Temp\eraseme_46372.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usuario\Configuración local\Temp\eraseme_51646.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usuario\Configuración local\Temp\eraseme_57656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usuario\Configuración local\Temp\eraseme_60077.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usuario\Configuración local\Temp\eraseme_75750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usuario\Configuración local\Temp\eraseme_78118.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usuario\Configuración local\Temp\eraseme_86265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usuario\Configuración local\Temp\service.exe (Backdoor.IRCBot) -> Delete on reboot.
Combofix's log:
ComboFix 10-07-30.04 - Usuario 31/07/2010 12:19:42.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.54.3082.18.511.315 [GMT -3:00]
Running from: c:\documents and settings\Usuario\Escritorio\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Usuario\Datos de programa\inst.exe
.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.
2010-07-31 14:05 . 2010-07-31 14:05 -------- d-----w- c:\documents and settings\Usuario\Datos de programa\Malwarebytes
2010-07-31 14:04 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 14:04 . 2010-07-31 14:04 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-07-31 14:04 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 14:04 . 2010-07-31 14:04 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-07-27 04:06 . 2010-07-27 04:06 388096 ----a-r- c:\documents and settings\Usuario\Datos de programa\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-07-27 04:06 . 2010-07-27 04:06 -------- d-----w- c:\archivos de programa\TrendMicro
2010-07-14 14:00 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 13:01 . 2010-07-09 13:01 74752 ----a-w- c:\windows\cadkasdeinst01e.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 12:47 . 2009-10-21 06:48 -------- d-----w- c:\archivos de programa\Foxit Software
2010-06-18 11:38 . 2009-10-21 06:46 -------- d-----w- c:\documents and settings\Usuario\Datos de programa\Vso
2010-06-16 03:09 . 2010-06-16 03:09 176183 ----a-w- C:\Z3.exe
2010-06-14 14:31 . 2009-10-20 09:36 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 03:22 . 2010-06-14 03:22 96 ----a-w- C:\quitar.bat
2010-06-10 15:15 . 2004-08-20 12:00 99612 ----a-w- c:\windows\system32\perfc00A.dat
2010-06-10 15:15 . 2004-08-20 12:00 525866 ----a-w- c:\windows\system32\perfh00A.dat
2010-05-06 10:33 . 2004-08-20 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tspcm"="c:\archivos de programa\Telefonica\Speedy\SATConMon.exe" [2005-02-16 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\archivos de programa\Apoint\Apoint.exe" [2003-11-07 114688]
"ATIPTA"="c:\archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"McAfeeUpdaterUI"="c:\archivos de programa\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"ShStatEXE"="c:\archivos de programa\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"HPWUTOOLBOX"="c:\archivos de programa\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" [2005-07-23 352256]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\McAfee\\Common Framework\\FrameworkService.exe"=
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [20/10/2009 07:26 a.m. 71961]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-07-22 c:\windows\Tasks\Análisis bajo demanda.job
- c:\archiv~1\McAfee\VIRUSS~1\ScnCfg32.Exe [2006-11-30 11:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?gcht=HC&o=14469&l=dis
uInternet Settings,ProxyServer = proxy:8080
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\a4m196cr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?gcht=HC&o=14469&l=dis
FF - plugin: c:\archivos de programa\DivX\DivX Plus Web Player\npdivx32.dll
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-31 12:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-31 12:26:48
ComboFix-quarantined-files.txt 2010-07-31 15:26
Pre-Run: 44.659.494.912 bytes libres
Post-Run: 45.437.022.208 bytes libres
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - C260D7C38CF8CBF55EE8B307A410A15D
Security Checks's log:
Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
McAfee VirusScan Enterprise
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player 10.0.42.34
Mozilla Firefox (3.0.19) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VirusScan Enterprise Mcshield.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise SHSTAT.EXE
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
Thanks for all, I really appreciate what you are doing.
kevinf80_1d0ac6
1.1K Posts
0
August 2nd, 2010 14:00
Hi estherpiscore,
Please proceed as follows :-
Step 1
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <----- Disable realtime protection
3. Open notepad and copy/paste the text inbetween the dotted lines below into it:
--------------------------------------------------------------------------------------------------------------------
KillAll::
File::
C:\Z3.exe
C:\quitar.bat
c:\windows\system32\perfc00A.dat
c:\windows\system32\perfh00A.dat
RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
--------------------------------------------------------------------------------------------------------------------
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Step 2
Run an online virus scan with Kaspersky from HERE. This scan is very thorough and may take several hours to run, please allow it to complete.
1. At the main page. Press on "Accept". After reading the contents.
2. At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.
The following animation may help.
Kaspersky Gif
What i`d like in your reply :-
Kevin