Search:

ok, i'm just dumb or something;

how do you install IE-Spyad

i clicked download, which created a folder.

am i supposed to double click on the Install (it is a MS-Dos Batch file)?

Ken,

see post above
do you want me to run anything else


also i still have GMER and HostXpert along with RootRepeal on desktop


can i just move them to trash

Sorry, previous post refered to events prior to uninstalling
(should of looked at date)

ran ESET b/c IE wasn't running as smoothly as it did the first couple of days;
there was an event where IE...

Windows defender is notifing me about:
PEVSystemStart and procexp90.Sys

should i be concerned?

everything seems fine

thanks
helpful as always!!

Tried to uninstall Combofix last night.
As the process started, it suggested I disable AVG before it went any further to prevent damage to the antivirus program. I couldn't figure out how to do...

I an using AVG right now for active virus protection.
- WAS running McAfee as active with Lavasoft Ad-Ware scanning once every couple of weeks for malware.
I mentioned that becasue Lavasoft now...

1) I forgot to mention. I reset internet explorer last night before running combo

2) I’ll do the restore instructions tonight

3) "Make sure you keep only one AV, two are going to cause...

1) before your instructions to rerun combo fix, i had uninstalled McAfee and Ad-ware (lavasoft)
- then rebooted, maybe they were causing combo to crash the system

2) i download avg free last...

ran in normal mode after it rebooted


ComboFix 10-05-16.02 - Robert 05/17/2010 21:06:05.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.615 [GMT -5:00]
Running...

running combo in normal when an error window popped up

ERROR!!
Combofix has discovered the presence of rootkit activity and needs to restart the machine

i clicked OK

sorry

blackberry was charging, just noticed your post

cannot seem to find the combofix we saved earlier
no in the folder on desktop i have been working in for all this

nothing in folder but...

explitive!!

i searched adobe in bing and when i clicked on the link for adobe
http://www.adobe.com/products/flashplayer/

it led me to ...

3rd part
(this sucks)

.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006F0F6B
.text ...

2nd part

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[152] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B8000A ...

Well, for once I was able to post the message to the forum. That's a good sign.

I took the liberty of starting GMER again, but this time I unchecked the ones you had suggested before and I...

Ran otl

Tried to run hostsxpert
1) to me my host was hidden and asked if I wanted to make it writable
- I clicked ok
2) when I clicked restore ms host file, I got an error
- ERROR: Cannot...

Ok

A question b/c I’m not sure if I’ll have access to you this afternoon/evening:
- This is more of a statement/question: after I run the otl custom fixes; a report will be created in the folder...

"You can, but dont know how that would solve the redirects "
i know

i was referring to after the redirects were fixed

one of the blogs i was reading stated there may be an issue with the...

no, no, no

just uninstall McAfee and delete all folders and make sure registry clean, and then reinstall it

McAfee

i was thing at some point it may help to uninstall, clean/scrub the system, and reinstall McAfee
- i downloaded it through cox; free as a subscriber

i use their antivirus and firewall...

ran root again this morning in normal mode
- in both safe and normal it only took a couple of seconds to run

no time to do the new instructions, had to get to work

below is this morning's root...

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/16 23:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3...

well, that was a waste if 4+ hours.

not your fault.
i should of stopped when you sent me the notice about rootrepeal

i'll run rootrepeal now and post the report in the morning when i get up
...

aahhgg!!

i am able to start it in safemode, but i noticed that i cannot access any buttons below "scan" because of screen resolution
(tried to change it but only let me see 640 by 480)

if i...

was able to restart the program in normal mode

ran for about 2 hours and then got another blue screen

running it in safemode now

should be done in 3.5-4 hours if it takes as long as some of...

was running GMER when itt went to blue scren

canot make out the first coul=ple of letters on the right side of the screen,
but here is what i bcan see

??p: c000021a {Fatal System Error}
???...

morkee can be removed; was from a previous employer

about to start the next task

same holds true for this post


OTL Extras logfile created on: 5/16/2010 12:44:48 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Robert\Desktop\hjt\otl...

i screwed up and ran it the first time with internet explorer open.
this is the second scan; i can post the first if you would like (maybe something will show in it, that is not in the second one)
...

Before i started your final list, i typed in New Orleans in bing's search; just to test my system.
When i opened the second link - New Orleans Online - Tourism.
it led me to
alltheservices

i...

yes

i removed the old ones sunday moring 1:00 am

just removed Java SE Runtime Environment (JRE)JRE 6 Update 20 and reinstalled it

went to link you gave me and if tested fine

i just tried...

cannot tell you how things are b/c i haven't been using the computer.
didn't want to mess up what we had done so far.

I am going to do the Java instalation again for you; now.

I did it a...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
#...

2 hours and 54 minutes later and still have 7% of scan to go

so far it has found one infected file and 1 threat
- threat = Win32/Bagle.gen.zip worm

will post official report when completed...

Logfile of random's system information tool 1.07 (written by random/random)
Run by Robert at 2010-05-15 12:47:02
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (7%) free...

info.txt logfile of random's system information tool 1.06 2010-05-15 12:47:24

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE...

about to post RSIT - ran very quickly this time

question: i assume i need to turn McAfee back on since i have to connect to internet to run ESET

just ran fixes

about to run RSIT in normal

will post and then run ESET

(REMINDER: i'm communicating with you on my wife's laptop)

I am still in safemode under admiinistrator.

Should I run the first part in safemode or reboot?

If the first part should be done in safemode, when I run the RSIT scan after the reboot - what...

Since the blue screen was up i restarted the computer in safemode.

I opened as administrator and through "my computer" went to my desktop and copy/pasted combo on the administrator's desktop.

i...

HELP!!

combo start running after microsoft recovery finished

then blue screen came up; cannot make out the first letter so i'm going to type a question mark, but it shows

?_POOL_CALLER
...

downloaded combo and trying to run it
(typing this on wife's computer)

1) do i need to be connected to internet for it to run correctly
2) some kind of backup was being created, now just a dos...

the scan i posted shows that; i thnk that is what i'm reading in the firsst couple of lines.

Logfile of random's system information tool 1.07 (written by random/random)
Run by Robert at 2010-05-14 18:47:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (8%) free...

info.txt logfile of random's system information tool 1.06 2010-05-14 18:08:37

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE...

Ran the Malwarebytes I have on my computer after i updated it.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4103

Windows 5.1.2600 Service Pack 3
Internet Explorer...

At work now; computer with issues is my home computer.
So I’ll follow you instructions this afternoon when I get home.

I have Malwarebytes on my computer and it isn't finding anything - been...

Last week i got hit with Antimalware Doctor.
I'm under the impression i removed it correctly, but then FakeAlert appeard and
Artemis (Fake and Art were quarentined by McAfee).

Spybot and my...

I've never seen this one
thanks for the tip

take care
Rob