Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
Hey, I don't have the problem anymore! No more user accounts are being created. I think that combofix helped fix my problem. Thanks for all the help everyone!
Damn I hate it when 2 and 2 doesn't equal 4. What infection did combofix report and what did you do to rid yourself of it?
I'm not exactly sure how combofix helped fix it. I think that the virus was either caused by that eset bug beforehand or it may have been cleaned out by Malware bytes or MSE beforehand, but just not completely cleaned out when I quarantined the virus and deleted it. It must have been in my temporary files or something but combofix helped fix that.
On second thought though, it may have been gone awhile ago and I didn't recognize it until now because I never really restart my computer that much and wouldn't have noticed untill combofix ran and made me restart my computer. :)
Thanks for all the help though guys. If you want to check out the combofix report Layback Bear, please look at the log file I uploaded on a previous post.
ComboFix found and 'fixed' many infected files ... most possibly associated with P2P file sharing.
If you did a system restore after using ComboFix, they're still on your computer.
I'm kind of wondering why you didn't post the CKFiles.txt that I asked for. (need I ask more?)
If you're going to go about using an infected computer, then uninstall ComboFix by:
(For Vista / Windows 7 users)
Copy/paste ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
The CKscanner gave me these results:
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\program files (x86)\far cry\objects\glm\shipwreck\brokenwall\swr_mp_wall_ceiling_cracked_400.cgf
c:\program files (x86)\far cry\objects\glm\shipwreck\brokenwall\swr_mp_we_400z300xcrack.cgf
c:\program files (x86)\far cry\textures\decal\crack_broken\bulletspray.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\bulletspray_ddn.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\concrbrok.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\concrbrok02.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crack.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crack02.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crack03.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crack04.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crack05.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crackbroken6.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crackbroken7.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crackbroken8.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crackbroken9.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\dirty021broken.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\exploded.dds
c:\program files (x86)\far cry\textures\decal\noalpha\crackbroken_w.dds
c:\program files (x86)\far cry\textures\glm\corporate_buildings\wall\concr_d14crack.dds
c:\users\steven\desktop\stuff\steven\desktop\stuff 3\important stuff\articles and pictures\how to articles\driveway_cracking__how_to_concrete_resurface_quickly_and_easily.txt
c:\users\steven\desktop\stuff\steven\desktop\stuff 3\important stuff\articles and pictures\how to articles\dry__cracked_heels_-_how_to_handle_.txt
I don't know if combofix did anything then. The MSE or MB must have fixed the problem beforehand then and then I just didn't notice it until Combofix restarted my computer.
No wonder you have issues - cracked software is sure to be the cause of much of your trouble.
Just so there is a solid resolution to this post, since it was driving me crazy for 2 weeks. I had the same problem, contacted Eset and it turns out, the version of smart security 6 is creating the phantom user.
If you sign up for their Anti theft feature, they create the phantom user so they can access your computer in case it is stolen. So the ComboFix didnt actually fix it, it just happened to be the troubleshooting step you tried right after uninstalling Eset SS6.
Quote