Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP SP2 - McAffee doesn't start, bad processes, trojans


  • Please log in to reply
32 replies to this topic

#1 JoanneMT

JoanneMT

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:10 PM

Posted 19 November 2012 - 10:34 PM

Greetings! I was a member long ago but lost all my documents. That PC runs XP SP3 and plugged into a hi speed modem. A friend gave me an old HP Pavillion that was stuck at SP1 (with a big screen that I can see). I got it to SP2, and unfortunately I did not realize that having both PCs plugged into the modem would result in XP creating a LAN for me. While I was in the process of working with my ISP to get mcafee on this maching, all kind of malware slithered onto my SP3 machine so I only use it (with the hp machine unplugged) when I want to print a document.

I have been coming to Bleeping, downloaded all suggested programs (CCleaner, MBAM, Super anti spyware, spybot search & destroy, and Prevx.) I also tried to use the Bleeping process to remove viruses that starts with Autorun. But when I got to the safe mode, the machine froze. I've used Msconfig to uncheck all the bad processes at startup, but then Task Manager shows me they are running. I even found two instances of prevx.exe 125,716k and the other showing 6,776k on task manager. McAfee stopped booting on startup and when I looked at Prevx general settings, it was set to scan, so I turned that off.

I got instructions from Mcafee on how to remove and reload (it is the only scanner the ISP will support, but now I find i have to pay them if my efforts to clear the pc fail. I haven't done that yet. I did get this HP to SP3 after much work, and immediately got a blue/black screen saying "please remove all updates recently installed". I was too tired, and didn't know how, so I tried a safe reload of the OS which wiped out my documents again. The trojans were right there, still.

The machine is getting slower and slower. I am also using IE8 only when necessary as I saw two instances of IEXPLORE.exe somewhere today. I usually use Chrome.

SPYBOT found and cleaned a malware, and found 29 other problems but wanted a payment to clean them. (i am a poor, disabled computer analyst). I also ran TDSS killer which found nothing. (or found something but wanted a payment), I cannot understand my notes, sorry.

Oh, I forgot, SPYBOT hasn't found an update other than "English" for a couple of weeks. I guess I have to uninstall and reinstall. ALSO, I've had instances of rebooting and freezes. I haven't even tried to get it to SP3 (although I found the command from microsoft) b/c the machine should be clean first, yes?

Thank you.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:06:10 PM

Posted 19 November 2012 - 11:40 PM

Spoybot is no longer recommended due to poor detection results.

Download TDSSkiller
  • Right Click it Run as Admin.
  • Click on Change parameters
  • Select TDLFS file system
  • Click the Scan button
  • Post the LOG In your next reply

    Do not change the default options on scan results


Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.

  • Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

    Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

    If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..
  • Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.



Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here or here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
For a complete visual tutorial of MBAM, see http://thespykiller.co.uk/index.php/topic,5946.0.html

Please include the following in your reply:
MBAM log
TDSSKiller log

#3 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:10 PM

Posted 20 November 2012 - 11:20 AM

Sightless, thank you for the prompt reply. I thought i sent you info on finding many copies of the same downloaded anti-virus/malware programs, and could I delete from there. After deleting Spybot and MBAM by mistake, I restarted the machine and viola, mcafee scanning started up.

Do you think I can delete all those backups and multiple-apps (of same size) now?

I am going to download tdsskiller as you suggested and run it. Does the pasted-instructions about changing file extensions only apply to MBAM? I will assume yes unless I hear from you before.

Thank you,
Joanne

#4 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:10 PM

Posted 20 November 2012 - 11:46 AM

I downloaded TDSSkiller, Click on Change parameters Select TDLFS file system. It reported "NO PROBLEMS" and I did not find a log file.

I reloaded MBAM without using the fake names. It reported no problems but gave me a Log. As has been the case, it ignores "P2P" scan options but did report 777 PDP objects scanned and aborted. Pasting in the log file since it is so short.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.19.10

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Owner :: HP-27E1513D96 [administrator]

11/20/2012 1:48:21 AM
mbam-log-2012-11-20 (01-48-21).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 777
Time elapsed: 32 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by JoanneMT, 20 November 2012 - 12:52 PM.


#5 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:10 PM

Posted 20 November 2012 - 12:54 PM

Please see above post that I edited. Thank you

#6 RaeLong

RaeLong

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 20 November 2012 - 04:14 PM

I am trying to repair a Win XP Professional Service Pack 3 and am having the same issue...I tried to run Malwarebytes but it finds nothing...When I try to run SuperAntispyware the computer just freezes and blue screens, then restarts, and then goes to the screen that says a Windows error has occurred...When I try to run Combofix it simply will not run at all...It starts to run and then freezes right before it actually starts scanning...So I know this computer has something really bad in it--something that MUST be removed AS SOON AS POSSIBLE!...

But what program should I use to remove the issues in this computer?...How can I remove them?...None of the standard programs sesms to work!...

#7 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:10 PM

Posted 20 November 2012 - 05:13 PM

Where did my post go? I erroneously hit the "report" key on Rae's entry b/c that problem is with SP3. When I saw "Report" is for offensive entries, I cancelled it, but then I must not have gone here.

When I find the instruction on removing and restoring SP3, I will post that for Rae.

For short, Malwarebytes offers a utility called "Chameleon" which automates changing its name to hide from already infected machines. Find it under MWBytes in the start - programs list.

Thank you.

#8 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:06:10 PM

Posted 20 November 2012 - 11:09 PM

Hi, RaeLong, please start your own thread.

Joanne, how is it running now? You can delete the copies of the programs you have downloaded by mistake.

Let's try one more scan

Let's try an ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications (If given the option, choose "Quarantine" instead of delete.)
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please include the following in your reply
ESET log
Any questions/comments you may have


So is your computer running XP Service pack 2 or SP3? If you still need to update to Service Pack 3, download it from here

Edited by Sightless, 20 November 2012 - 11:10 PM.


#9 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:10 PM

Posted 21 November 2012 - 11:39 AM

Sightless - thank you your continued help. Since the last thing you asked was about the SP, I am XP SP2, with updates turned on as shown by "WINVER" command: "MS WINDOWS Ver 5.1 (Build 2600.xpsp_sp2.rtm.040803-2158: Service Pack 2) Copyright 1981- 2001 MS Corp.
I clicked on the end user license agreement. THis HP Pavilion weas given to me by a friend. He used his Recovery Disk to remove his personal information. That took me to SP1 and I was able to update to SP2. Scanning the EULA, I noticed p.19 (psted in below). But I want you to know that I have had automatic updates turned on the whole time. At one point, I got it to SP3 (I used to be a software tester) but then got an ugly screen telling me to remove all recent updates. The EULA window shows nothing as to who its licensed to. Could be my problem, I saw lots of peeps on the Microsoft forum with these HP machines, not able to get SP3. The pop up about my win edition said physical memory available to windows is only 1m kb+.

I do wonder if I should shut down my scanner when running these instructions, or can I download and then unplug from the internet... If any of these are important, please advise. Yesterday, I did run MBAM with the Chameleon option. It did go to DOS and started running, but then got hung up when mcafee wanted to get its updates. I let it stay up all night, but it never got past the mcafee interruption.

I had a hard time shutting down the PC, but managed to restart it the good way (didn't unplug it). For right now, I think I have to stay with SP2 which hopefully will work with your instructions. I am going to call my friend and ask if he has the licence number for this OEM software that came with the machine.

Bless you, and thank you for being here during the holidays.

Joanne

#10 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:06:10 PM

Posted 21 November 2012 - 02:26 PM

Hi, if Mcafee is interrupting the scan process, disable it while running the ESET online scanner (you will need to be connected to the internet).

I'm not sure about your upgrade to SP3 issue though, I may direct you to another section of the forum after we make sure your computer is clean.

#11 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:10 PM

Posted 21 November 2012 - 03:06 PM

Thanks, honey. I ran super anti spyware just for fun, and it deleted a lot of cookie junk. also tried links to update to SP3, none will work. I found a fix in super anti spyware for the WinSock LSP Chain for XP. I did not run it, but researched it, and one of the problems of an "inserted link by malware into the chain" prohibits windows updates. I also saw references to this HP Pavilion and XP SP2. I really think Microsoft is just trying to get us to buy Win 7 by providing a workaround that does not. You cannot run FIXit without having SP3, and the fix for SP3 update is running FIXIT. Their first few pages on the forum is all problems with windows 8.

I will be happy to turn off mcafee while I run your program.

#12 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:06:10 PM

Posted 21 November 2012 - 03:33 PM

Please run the ESET scan and post the log.

Download and run mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

Click Go and post the result.

#13 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:10 PM

Posted 21 November 2012 - 04:59 PM

Hello again,
I haven't run ESET yet as it no longer offers a download. It's a one-time online scan, so you might need to change the instructions. I was using Chrome and then went to Explorer, got the same website from your link: http://www.eset.com/us/online-scanner/
That page also offers two free 30 day scanners. My ISP says they offer support if I keep Mcafee running, but then wants to charge for fixing my machine if it is broken. I'd like your advice once we figure this out. I can turn off Mcafee and turn on MBAM (or super antispyware) i think. Did the MiniToolBox tell you anything? Fix anything? McAfee is now opening on restart after I got rid of Prevx. Thank you.

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by HP_Owner (administrator) on 21-11-2012 at 16:34:02
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15280 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : HP-27E1513D96

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-15-F2-0B-0B-39

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 65.32.5.111

65.32.5.112

Lease Obtained. . . . . . . . . . : Wednesday, November 21, 2012 4:08:36 PM

Lease Expires . . . . . . . . . . : Wednesday, November 21, 2012 5:08:36 PM

Server: dns-redir-lb-01.tampabay.rr.com
Address: 65.32.5.111

Name: google.com
Addresses: 74.125.229.229, 74.125.229.230, 74.125.229.231, 74.125.229.232
74.125.229.233, 74.125.229.238, 74.125.229.224, 74.125.229.225, 74.125.229.226
74.125.229.227, 74.125.229.228



Pinging google.com [74.125.229.193] with 32 bytes of data:



Reply from 74.125.229.193: bytes=32 time=48ms TTL=51

Reply from 74.125.229.193: bytes=32 time=36ms TTL=51



Ping statistics for 74.125.229.193:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 48ms, Average = 42ms

Server: dns-redir-lb-01.tampabay.rr.com
Address: 65.32.5.111

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=91ms TTL=50

Reply from 72.30.38.140: bytes=32 time=83ms TTL=50



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 83ms, Maximum = 91ms, Average = 87ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 f2 0b 0b 39 ...... Intel® PRO/100 VE Network Connection - McAfee Core NDIS Intermediate Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.3 192.168.0.3 20
192.168.0.0 255.255.255.0 192.168.0.3 192.168.0.3 20
192.168.0.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.3 192.168.0.3 20
224.0.0.0 240.0.0.0 192.168.0.3 192.168.0.3 20
255.255.255.255 255.255.255.255 192.168.0.3 192.168.0.3 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)

**** End of log ****

#14 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:06:10 PM

Posted 21 November 2012 - 05:22 PM

Your log looks normal.

ESET doesn't require a download if you are using Internet Explorer (as stated in the instructions). Please run the scan (disable McAfee during the scan).

Did you have Prevx running alongside McAfee? You should never have 2 active antivirus programs running at once.

#15 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:10 PM

Posted 22 November 2012 - 11:17 AM

GOOD MORNING! Eset did its thing, but it IS a one time scan now. I don't mean to be argumentative, but that's what I got, no icon on my desktop but an option for free scan if you click on the purchase product pages. Here is the report:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

I had also gotten some additional software from McAfee. It finds suspicious files but doesn't appear to do anything with them. A virtual technician, stinger, also came, to run in sequence before mcafee antivirus plus. Here is the report. I would think C:\ProFiles|MsOffice\OFFICE11\msohev.dll looks suspicious too, but here it is:

McAfee Labs® GetSusp™ Version 3.0.0.311 built on Sep 29 2012
Copyright © 2012 McAfee, Inc. All Rights Reserved.

GetSusp initiated on Wed Nov 21 18:45:56 2012
Successfully connected to McAfee Known Files Database.

Master Boot Record(s):....1
Possibly Infected:.............0
Boot Sector(s):.................2
Possibly Infected:.............0

C:\WINDOWS\system32\drivers\etc\hosts ... is Suspicious !!!
D:\autorun.inf ... is OK.
C:\WINDOWS\system32\setup.exe ... is OK.
F:\autorun.inf ... is OK.
C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.7.0.21\SetupAdmin.exe ... is OK.
C:\Documents and Settings\HP_Owner.HP-27E1513D96\Local Settings\Application Data\Apple\Apple Software Update\SetupAdmin.exe ... is OK.
C:\Documents and Settings\HP_Owner.HP-27E1513D96\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00016a ... is OK.
C:\Documents and Settings\HP_Owner.HP-27E1513D96\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll ... is OK.

C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll ... is Suspicious !!!
C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll ... is Suspicious !!!
C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll ... is Suspicious !!!
C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll ... is Suspicious !!!
C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll ... is Suspicious !!!
C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll ... is Suspicious !!!
C:\Program Files\Internet Explorer\Plugins\npqtplugin7.dll ... is Suspicious !!!

C:\PROGRAM FILES\PREVX\PREVX.EXE ... is OK.
:\progra~1\mcafee\msc\mcregobj\11_0_6~1\mcregobj.dll ... is OK.
c:\progra~1\mcafee\msc\mcsubmgr\11_0_6~1\mcsubmgr.dll ... is OK.
c:\progra~1\mcafee\msc\mcuicfg.dll ... is OK.
c:\progra~1\mcafee\msc\mcupdshm.dll ... is OK.
:\WINDOWS\System32\alg.exe ... is OK. <------------?

C:\WINDOWS\SYSTEM32\DRIVERS\KS.SYS ... is OK.

C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll ... is OK.
nk you, Sightless, and have a blessed day.

Edited by JoanneMT, 22 November 2012 - 10:06 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users