Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ZeroAccess Infection [Solved]

Started by Spyderturbo007 , Nov 27 2013 08:44 AM

  • This topic is locked This topic is locked

#16
Spyderturbo007
Posted 02 December 2013 - 02:01 PM

Spyderturbo007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 760 posts
The ESET Scan is currently running. I'll post back when it's done. Here is the MiniToolBox result.

Web browsing seems to be back to normal, except the link to ESET you posted still wouldn't work. I was able to get there by going to www.eset.com/us/online-scanner-popup and can navigate to www.eset.com. I wasn't able to do that before running the tool. I suspect it's because I'm still on IE7. I downloaded IE8, but haven't upgraded yet because I wanted the OK from you before proceeding. Thanks!



MiniToolBox by Farbar Version: 13-07-2013
Ran by Admin (administrator) on 02-12-2013 at 12:49:22
Running from "C:\Documents and Settings\Admin.MAS_SERVER\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : MAS-Server

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-18-8B-83-D5-48

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.56

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 68.94.156.1

68.94.157.1

192.168.0.1

Lease Obtained. . . . . . . . . . : Monday, December 02, 2013 10:11:29 AM

Lease Expires . . . . . . . . . . : Monday, December 09, 2013 10:11:29 AM

Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: google.com
Addresses: 74.125.21.113, 74.125.21.102, 74.125.21.100, 74.125.21.139
74.125.21.101, 74.125.21.138



Pinging google.com [74.125.196.102] with 32 bytes of data:



Reply from 74.125.196.102: bytes=32 time=45ms TTL=37

Reply from 74.125.196.102: bytes=32 time=49ms TTL=37



Ping statistics for 74.125.196.102:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 49ms, Average = 47ms

Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: yahoo.com
Addresses: 98.138.253.109, 206.190.36.45, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=74ms TTL=46

Reply from 98.139.183.24: bytes=32 time=62ms TTL=46



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 62ms, Maximum = 74ms, Average = 68ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 8b 83 d5 48 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.56 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.56 192.168.0.56 20
192.168.0.56 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.56 192.168.0.56 20
224.0.0.0 240.0.0.0 192.168.0.56 192.168.0.56 20
255.255.255.255 255.255.255.255 192.168.0.56 192.168.0.56 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\rsvpsp.dll [90112] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/02/2013 10:16:01 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/02/2013 10:16:01 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/02/2013 09:42:36 AM) (Source: Application Error) (User: )
Description: Faulting application frst.exe, version 3.3.8.1, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [frst.exe!ws!]

Error: (12/02/2013 07:10:44 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/02/2013 07:09:32 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Error: (12/02/2013 07:09:32 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/02/2013 07:09:32 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Error: (12/02/2013 07:09:32 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/02/2013 07:09:32 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Error: (12/02/2013 07:09:32 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (12/02/2013 10:14:07 AM) (Source: TermServDevices) (User: )
Description: Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/02/2013 10:14:06 AM) (Source: TermServDevices) (User: )
Description: Driver Microsoft XPS Document Writer required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/02/2013 10:14:06 AM) (Source: TermServDevices) (User: )
Description: Driver Fax - HP Officejet Pro 8600 required for printer Fax - HP Officejet Pro 8600 (Network) is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/02/2013 10:14:01 AM) (Source: TermServDevices) (User: )
Description: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/02/2013 10:14:01 AM) (Source: TermServDevices) (User: )
Description: Driver HP Officejet Pro 8600 required for printer HP Officejet Pro 8600 (Network) is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/02/2013 08:23:04 AM) (Source: TermServDevices) (User: )
Description: Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/02/2013 08:23:04 AM) (Source: TermServDevices) (User: )
Description: Driver Microsoft XPS Document Writer required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/02/2013 08:23:04 AM) (Source: TermServDevices) (User: )
Description: Driver Fax - HP Officejet Pro 8600 required for printer Fax - HP Officejet Pro 8600 (Network) is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/02/2013 08:23:01 AM) (Source: TermServDevices) (User: )
Description: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/02/2013 08:23:01 AM) (Source: TermServDevices) (User: )
Description: Driver HP Officejet Pro 8600 required for printer HP Officejet Pro 8600 (Network) is unknown. Contact the administrator to install the driver before you log in again.


Microsoft Office Sessions:
=========================
Error: (12/02/2013 10:16:01 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/02/2013 10:16:01 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/02/2013 09:42:36 AM) (Source: Application Error)(User: )
Description: frst.exe3.3.8.10.0.0.000000000

Error: (12/02/2013 07:10:44 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/02/2013 07:09:32 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (12/02/2013 07:09:32 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/02/2013 07:09:32 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (12/02/2013 07:09:32 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/02/2013 07:09:32 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (12/02/2013 07:09:32 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
Atmel TPM Driver Installer 3.0.3.15 (Version: 3.0.3.15)
Broadcom Advanced Control Suite (Version: 8.80.03)
Broadcom ASF Management Applications (Version: 8.18.07)
Dell Embassy Trust Suite by Wave Systems (Version: 01.01.01.005)
Document Manager Lite (Version: 05.03.00.011)
EMBASSY Security Center (Version: 02.02.00.012)
EMBASSY Trust Suite by Wave Systems (Version: 1.1.22)
ETS Launch Pad (Version: 01.02.00.006)
ETS Upgrade (Version: 02.00.00.007)
Genie Backup Manager Pro 8.0
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel® Matrix Storage Manager
LogMeIn (Version: 4.0.982)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MCU (Version: 1.00.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
ML LIMS (Version: 1.0.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTRU Hybrid TSS v2.0.25 (Version: 2.0.25)
NVIDIA Drivers
PowerDVD 5.7
Preboot Manager (Version: 01.00.03.0010)
Private Information Manager (Version: 05.02.00.015)
Roxio DLA (Version: 5.2.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
Secure Update (Version: 05.02.00.000)
Security Wizards (Version: 01.02.00.006)
Sonic Update Manager (Version: 3.0.0)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows XP (KB894391) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB900485) (Version: 2)
Update for Windows XP (KB904942) (Version: 2)
Update for Windows XP (KB910437) (Version: 1)
Update for Windows XP (KB911280) (Version: 2)
Update for Windows XP (KB912945) (Version: 1)
Update for Windows XP (KB916595) (Version: 1)
Update for Windows XP (KB920872) (Version: 1)
Update for Windows XP (KB922582) (Version: 1)
Update for Windows XP (KB927891) (Version: 3)
Update for Windows XP (KB929338) (Version: 1)
Update for Windows XP (KB930916) (Version: 1)
Update for Windows XP (KB931836) (Version: 1)
Update for Windows XP (KB932823-v3) (Version: 3)
Update for Windows XP (KB933360) (Version: 1)
Update for Windows XP (KB936357) (Version: 1)
Update for Windows XP (KB938828) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB942840) (Version: 1)
Update for Windows XP (KB946627) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
upekmsi (Version: 02.01.00.0001)
Wave Infrastructure Installer (Version: 02.01.02.0020)
Wave Support Software (Version: 05.02.00.002)
WebFldrs XP (Version: 9.50.7523)
WinDirStat 1.1.2
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0059.1)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows XP Hotfix - KB873339 (Version: 20041117.092459)
Windows XP Hotfix - KB885250 (Version: 20050118.202711)
Windows XP Hotfix - KB885835 (Version: 20041027.181713)
Windows XP Hotfix - KB885836 (Version: 20041028.173203)
Windows XP Hotfix - KB886185 (Version: 20041021.090540)
Windows XP Hotfix - KB887472 (Version: 20041014.162858)
Windows XP Hotfix - KB888302 (Version: 20041207.111426)
Windows XP Hotfix - KB889673 (Version: 20041116.085848)
Windows XP Hotfix - KB890859 (Version: 1)
Windows XP Hotfix - KB891781 (Version: 20050110.165439)
XMComm

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 14%
Total physical RAM: 3325.58 MB
Available physical RAM: 2847.94 MB
Total Pagefile: 5208.84 MB
Available Pagefile: 4887.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.34 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:232.77 GB) (Free:219.64 GB) NTFS
3 Drive d: () (Fixed) (Total:149.01 GB) (Free:54.32 GB) NTFS
6 Drive z: (Data Storage) (Network) (Total:110.43 GB) (Free:14.7 GB) NTFS

========================= Users: ========================================

User accounts for \\MAS-SERVER

Admin Administrator Backup
Guest HelpAssistant Jim Isbill
SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
  • 0

Advertisements

#17
Machiavelli
Posted 02 December 2013 - 02:12 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

The ESET Scan is currently running. I'll post back when it's done.

:thumbsup:
  • 0

#18
Spyderturbo007
Posted 02 December 2013 - 02:27 PM

Spyderturbo007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 760 posts
C:\Documents and Settings\All Users\Documents\atuvwzigtv.lnk LNK/Exploit.CVE-2010-2568 trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\qgmkep.exe Win32/Qbot.BB trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\Aiyxqxqa\aiyxqxqa.exe Win32/Qbot.BB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000021.exe Win32/Qbot.BB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0001016.exe Win32/Qbot.BB trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\spool\drivers\avazbwqs.lnk LNK/Exploit.CVE-2010-2568 trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\spool\drivers\azbwwqf.lnk LNK/Exploit.CVE-2010-2568 trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11272013_101747\C_Documents and Settings\All Users\Documents\ajiudfrifr.lnk LNK/Exploit.CVE-2010-2568 trojan cleaned by deleting - quarantined
D:\LIMS\Install\Auslogics Defrag\Auslogics Defrag\disk-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
D:\RECYCLER\S-1-5-21-1093662273-596086515-3176666163-1005\Dd11.lnk LNK/Exploit.CVE-2010-2568 trojan cleaned by deleting - quarantined
D:\RECYCLER\S-1-5-21-1093662273-596086515-3176666163-1005\Dd12.ffk Win32/TrojanDropper.Small.NMS trojan cleaned by deleting - quarantined
D:\Documentation\ampsmdc.lnk LNK/Exploit.CVE-2010-2568 trojan cleaned by deleting - quarantined
D:\Documentation\inxxqyga.sgb Win32/TrojanDropper.Small.NMS trojan cleaned by deleting - quarantined
  • 0

#19
Machiavelli
Posted 02 December 2013 - 02:29 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Question

How is your PC running? Any issues?
  • 0

#20
Spyderturbo007
Posted 03 December 2013 - 09:31 AM

Spyderturbo007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 760 posts
I know I need to install SP3. That's next on my list once I get the "All Clean" go ahead from you. The machine is running much better and I haven't seen any of those unusual files appearing.


Results of screen317's Security Check version 0.99.77
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2012
ECHO is off.
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
  • 0

#21
Machiavelli
Posted 03 December 2013 - 09:53 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

I know I need to install SP3

Yep, please do so now.

Your PC is clean. If you are cool and nice you can give me feedback here if you like. :)

- FIRST -

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

- NEXT -

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Posted Image

- NEXT -

I want you to uninstall following programs (Start > Control Panel > Add/Remove Programs):

  • ESET

What's with MBAM?

Malwarebytes is a very good free scanner! It isn't a one demand scanner so it won't have any problems with your AntiVirus! It would be good if you scan your PC after Malware every 1-2 months (of course with Malwarebytes).
But if you like to uninstall it, then make that:

I want you to uninstall following programs (Start > Control Panel > Add/Remove Programs):

  • Malwarebytes

- NEXT -

Download File-Hippo Updatechecker http://www.filehippo.../updatechecker/ Please run it monthly - it will scan your Updatestatus. For example a program is out dated the UpdateChecker will give you a link where you can download the newest version of the respective program.

How to update programs with FileHippo Updatechecker?

  • Start FileHippo Updatechecker
  • You get redirected to a Website
  • You probably see a list of updates (if not then are probably all programs up to date)
  • Click on the first item of the list, download the Update , after that reboot the Computer and take the next item of the list!

- NEXT -

Please also update these Programs:

  • Adobe Reader
  • ServicePack
  • Internet Explorer


- NEXT -


Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide (http://www.geekstogo...g-your-machine/) written by tech expert Artellos.

Keep safe! :thumbsup:
  • 0

#22
Essexboy
Posted 05 December 2013 - 12:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP