uStart Page = hxxp://my.att.net/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie Trusted Zone: internet Trusted Zone: mcafee.com Trusted Quarantine? -What about that exe.e that I blocked from accessing?Is it good or bad? -Are you familiar with how to delete the quarantined vundo files in McAfee? -Do you think McAfee/Spybot/Malwarebytes For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file Install an Anti-Spyware program, and update it regularly We do not want to clean you part-way up, only to have the system re-infect itself. :) If you do not understand any step(s) provided, please do not hesitate to ask
mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-12-5 40552] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472] S3 mferkdk;McAfee Inc. For the most part yes. Allow your system to reboot. When prompted to accept the EULA, press OK. http://www.techsupportforum.com/forums/f100/vundolized-355457.html
Please try the request again. DDS (Ver_09-02-01.01) - NTFSx86 Run by Edward Hensley at 1641.64 on Thu 03/12/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.480 [GMT -4:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) FW: mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-12-5 213640] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-13 198256] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-6 206096] R2 Contents of the 'Scheduled Tasks' folder 2009-02-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53] 2009-01-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53] . . ------- Supplementary Scan ------- .
ComboFix 09-03-13.02 - Edward Hensley 2009-03-14 12:58:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.347 [GMT -4:00] Running from: c:\documents and settings\Edward Hensley\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Probably going to send you over to the hardware guys here... If for some reason your internet is not working, please press No. The system returned: (22) Invalid argument The remote host or network may be down.
Even with no obvious problems I think I might still have some infection? The system returned: (22) Invalid argument The remote host or network may be down. Unfortunately I've never used McAfee and am not positive how to empty it's quarentine. You Need to Update Windows (And other Microsoft Software) Often holes are found in Internet Explorer or Windows itself that require patching.
Follow the instructions to install the latest updates. Your cache administrator is webmaster. scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3976169789-3917778253-985156182-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\x*N*& ] "Path"="c:\\Documents and Settings\\Edward Hensley\\Application Data\\Intel\\Wireless\\" . --------------------- DLLs Loaded c:\program files\INSTALL.LOG . ((((((((((((((((((((((((( Files Created from 2009-02-14 to 2009-03-14 ))))))))))))))))))))))))))))))) . 2009-03-09 01:52 . 2009-03-09 01:52 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-09 01:52 . 2009-03-09 01:52 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-08 14:05 .
Bitbucket - Twitter My statements do not establish the official position of Microsoft, and are my own personal opinion. (But you already knew that, right?) 03-14-2009, 10:19 PM #6 This is another mirror. I'm not too good at diagnosing that stuff. Open notepad and copy/paste the text in the quotebox below into it: Code: dds:: Trusted Zone: internet Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture
They each removed vundos H etc. Your cache administrator is webmaster. This is yet another mirror. Your cache administrator is webmaster.
It seems evrything is OK now, fresh DDS.txt attached. In your next reply, please include the following:ComboFix.txt Billy3 __________________ Look buddy, I'm an Engineer, and that means I solve problems.... Please try the request again.
Quote: -Are you familiar with how to delete the quarantined vundo files in McAfee? Do you have any more questions? Thanks, Ed. How old is it?
Your cache administrator is webmaster. We Need to Clean Up Our MessPlease download OTCleanIt from one of the following mirrors and save it to your desktop:Mirror 1 Mirror A Double click the icon. Quote: I just realized I posted on "Quick reply", I hope that didn't make a difference? Generated Wed, 18 Jan 2017 16:24:46 GMT by s_hp107 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.5/ Connection
Any or all of them may interfere with the running of ComboFix. Congratulations! c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe c:\windows\system32\CTSVCCDA.EXE c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\windows\system32\gearsec.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program doesn't sound like a malware problem going on there.
I appreciate you all, just tell me what to do. The system returned: (22) Invalid argument The remote host or network may be down. Your cache administrator is webmaster. and winlogins?
mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-12-5 79304] R3 mfebopk;McAfee Inc. System Still Slow? Some questions please: -What was removed/found by combofix and other scans? Generated Wed, 18 Jan 2017 16:24:46 GMT by s_hp107 (squid/3.5.23)
mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-12-5 35272] R3 mfesmfk;McAfee Inc. If you are using Windows XP or earlier Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. GMER Rootkit scanner made a list before I could even uncheck or click scan button which was unresposive.