Home > General > Vundolized?

Vundolized?

mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-12-5 34216] S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-6-7 822424] =============== Created Last 30 ================ 2009-03-09 01:52 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-09 01:52 73,728 a------- c:\windows\system32\javacpl.cpl 2009-03-08 14:05 mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-12-5 40552] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472] S3 mferkdk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-12-5 40552] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472] S3 mferkdk;McAfee Inc. Thank you, Ed.

If you are not using Windows XP, you will not be prompted. I would like us to use ESET (NOD32)'s Online ScannerPlease go to ESET OnlineScan (NOD32) You will then see the Terms of Use, tick the check-box infront of YES, I accept ComboFix 09-03-13.02 - Edward Hensley 2009-03-14 22:34:26.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.468 [GMT -4:00] Running from: c:\documents and settings\Edward Hensley\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Edward Hensley\Desktop\CFScript.txt AV: That may cause it to stall.

Not knowing about this forum I used spybot search & destroy and mawarebytes(log available) and rescanned with McAffee. Uninstalling CF will clear it's quarentine. Hmm...

GMER Rootkit scanner made a list before I could even uncheck or click scan button which was unresposive. Everything is updated according to Secunia. Your cache administrator is webmaster. On the other hand, so long as you don't go restoring stuff from there there's no reason to mess with it.

within the Resolved HJT Threads forums, part of the Tech Support Forum category. We Need to Run ComboFix Note to readers of this post other than the starter of this thread: ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance When I booted up today I got a blue screen and a loud horn noise...turned off/on computer and seemed to work OK. When you are told that the RC is installed correctly, please press YES to continue scanning for malware.

Appears McAfee took care of it. uStart Page = hxxp://my.att.net/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: mcafee.com Trusted Zone: musicmatch.com\online . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Quote: -Do you think McAfee/Spybot/Malwarebytes got the problem by themselves? For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file Install an Anti-Spyware program, and update it regularly

  • Usually "quarantined" implies deleted.
  • Contents of the 'Scheduled Tasks' folder 2009-02-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53] 2009-01-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53] . . ------- Supplementary Scan ------- .
  • Generated Wed, 18 Jan 2017 16:24:46 GMT by s_hp107 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.8/ Connection
  • We Need to Clean Up Our MessPlease download OTCleanIt from one of the following mirrors and save it to your desktop:Mirror 1 Mirror A Double click the icon.
  • Unfortunately I've never used McAfee and am not positive how to empty it's quarentine.
  • mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-12-5 213640] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-13 198256] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-6 206096] R2

If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. The system returned: (22) Invalid argument The remote host or network may be down. Quote: Ran a McAfee scan and the only thing showing is something in combofix(quarantine ?) what is it?. DDS (Ver_09-02-01.01) - NTFSx86 Run by Edward Hensley at 19:32:01.18 on Mon 03/16/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.480 [GMT -4:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) FW:

Reboot and repeat the "Check for Updates" until there are no more critical updates to install In your next reply, please include the following:A new DDS.txt Billy3 __________________ Look buddy, I'm I would much rather clarify instructions or explain them differently than have something important broken. Allow your system to reboot. Please try the request again.

DDS (Ver_09-02-01.01) - NTFSx86 Run by Edward Hensley at 1641.64 on Thu 03/12/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.480 [GMT -4:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) FW: and reg. Accept Microsoft's EULA (Press Yes). Follow the instructions to install the latest updates.

This is another mirror. The system returned: (22) Invalid argument The remote host or network may be down. You shouldn't need to mess with this.

For Windows XP Systems: Install the Recovery Console:If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible),

If for some reason your internet is not working, please press No. SUPERAntiSpyware is another good scanner with h ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.4/ Connection to User Name Remember Me? The computer is a lap top (bought early 2006) still under warranty until June with Dell and kept very clean and used almost daily.

Generated Wed, 18 Jan 2017 16:24:46 GMT by s_hp107 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.6/ Connection Check Here First; It May Not Be Malware We Need to Remove ComboFixPlease go to Start -> Run Enter "ComboFix /u" (without quotes). scanning hidden autostart entries ... entries.

Such a file doesn't appear in your logs. Ha! To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.) In your next Thanks, Ed.

In your next reply, please include the following:ComboFix.txt Billy3 __________________ Look buddy, I'm an Engineer, and that means I solve problems.... Congratulations! ComboFix will run. ComboFix 09-03-13.02 - Edward Hensley 2009-03-14 12:58:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.347 [GMT -4:00] Running from: c:\documents and settings\Edward Hensley\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee

Thanks, Ed. 03-14-2009, 06:40 PM #5 Billy O'Neal The Oddball Microsoftie Join Date: Aug 2008 Location: Redmond, Washington, United States Posts: 1,838 OS: Windows 8 Hello, beefriend For the most part yes. When it finishes, ComboFix will produce a log. Probably going to send you over to the hardware guys here...

Last when you turned it on, was it "warm"? This is yet another mirror. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also, even if things appear to be running better, there is no guarantee that everything is finished.

Note: Do not mouseclick combofix's window whilst it's running. Your cache administrator is webmaster. Everything seems to be working pretty good...but I don't think I like IE7, we will see. Press OK (Or hit enter).