Sorry for the delay in responding. I did as you suggested and all seems to be working well. Thanks again for providing this awesome service.
Type: Posts; User: Drewski; Keyword(s):
Sorry for the delay in responding. I did as you suggested and all seems to be working well. Thanks again for providing this awesome service.
Sorry Blade, I must have been half asleep when I replied earlier. Here is the lof file from AdAware
Logfile created: 3/19/2012 07:46:12
Ad-Aware version: 9.6.0
Extended engine: 3
Extended...
Hi Blade,
I used CCleaner and I don't think a log is available.
Please help me remove this malware
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dell XPS Andy at 10:45:48 on 2012-03-19
Microsoft Windows 7 Home Premium ...
Hi
The new topic is for a diferent PC than the one shown in the above post.
My vista based PC is exhibiting the following abnormalities.
Microsoft net Framework will not install from windows update.
IE 8 will not install.
A screen from some progam flashes across my...
Nevermind..i figured it out...
Error msg......Windows can not find Combo Fix???
I got it to work....many updates to download....is it safe?? ;)
Otherwise the computer appears to running lke new.
I can't properly express my thanks for your help and expertise. Is there any...
Can i run an anti virus like spybot of malwarebytes on the folder?
[Error number: 0x8DDD0018
The site cannot continue because one or more of these Windows services is not running:
Automatic...
Check how? Visual inspection? Kaspersky? It is a big file.
Also, can you tell me how to get windows update to respond??? I can't connect at all
Here is the full scan..note the trojan in Outlook
Saturday, January 23, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version:...
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, January 23, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13...
It was in the users list and I deleted it.
Will run kaspersky now
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy...
Hi,
Help Assistant folder was deleted per your instructions.
However, there is another folder called HelpAssistant.Gateway that I did not delete.
Here is the log
Stealth MBR...
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy...
Blade,
Good news, the internet explorer now works and I didn't get the microsoft outlook error msg.
Here is the dds.txt log
You did not ask for the attach.txt log so I didn't include it....
i am not able to determine the process, nothing unusual shows, just outlook ms services etc
outlook error message
A data file did not close properly the last time it was used and is being checked...
IE still wont open in my user, IE window opens and then fails to respond, don't know if it opens in another user but it didnt last time i tried
Firefox now simply fails to run/freezes after some...
Results for atapi.sys.vir
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.20 -
AhnLab-V3 5.0.0.2 2010.01.20 -
AntiVir 7.9.1.146 2010.01.20 -...
Here is the SystemLook Log
Yes, I do have Recovery Console available
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:38 on 19/01/2010 by Andy (Administrator - Elevation...
Here is the ComboFix log.
SystemLook log to follow
ComboFix 10-01-18.03 - Andy 01/19/2010 18:58:42.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1519.1156 [GMT...
ComboFix 10-01-18.03 - Andy 01/19/2010 13:04:56.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1519.1155 [GMT -5:00]
Running from: c:\documents and...
No I am not familiar with the port openings.
I do not have a good understanding of port openings.
"A word of warning: Neither I nor sUBs are responsible for any damage you may have caused...
Here is the partial log...I am having trouble running it to completion as takes a long time and it hangs
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-18 21:51:25
Windows...
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Hi,
After 9 hours of inactivity and after the Combofix was run, I got a minidump error with a blue screen as follows.
IRQL_NOT_LESS_OR_EQUAL
STOP 0x0000000A (0x00000000, 0x0000001C,...
Here is the log.
ComboFix 10-01-14.02 - Andy 01/14/2010 19:40:54.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1519.1156 [GMT -5:00]
Running from: c:\documents and...
HI,
After booting to normal mode, there is a process that runs for some 15 or 20 minutes that i cannot identify. While it is running, the computer responds very slowly. I had hoped that killbox...
Hi,
Things got more complicated.
Add/Remove programs would not start
I had to restore to an earlier point to get the system to run.
I ran a few of the virus programs to try to clear.
Here is...
I will be away from my computer for a few days, please keep the thread open
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install...
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0
; Results at 1/7/2010 1:13:23 PM for strings:
; 'optionvalue'
; 'safeboot_option'
;...
Here is the log.
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0
; Results at 1/6/2010 1:07:21 PM for strings:
; 'safeboot\option'
;...
I will rerun it but the Windows task manager says the program is "Not Responding"
I have tried to run the program twice and it stops responding after reading for about 5 seconds
Hi Blade,
Run it in safe mode or regular windows?
i believe I was not in safe mode. What makes you think I was?
Here is the zip file with the combo-fix logs
Yes it is
When I go to add/remove programs and the SP3 install, there is no "remove" option offered. What do you suggest?
Hi Blade,
Because of the lag between the time I posted the HJT log and your initial response, I was able to remove the lock on the admin account but I still think I have a problem because the hard...
DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Andy at 8:02:32.73 on Mon 01/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional ...
I am the sole user of my computer and the Admin.
Malware has eliminated my ability to act as the Admin on the system even though I am still listed as the Admin.
A new account with Admin privileges...
At one point in safe mode, there were three folders in the temp folder in addition to the BITA files. I was able to delete two of the three folders and after that I think the BITA files were gone.
Phil,
After your 8:15 AM post, I reviewed some of your previous suggestions and think this is what worked.
I booted to safe mode
I turned off system restore
rebooted to safe mode
removed the...
Below is the log. The temp file looks clean and i think you got it :bigthumb:
02/09/08 08:33:04 [Info]: BlackLight Engine 1.0.67 initialized
02/09/08 08:33:04 [Info]: OS: 5.1 build 2600...
ComboFix 08-02.05.3 - Andy 2008-02-09 7:57:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1139 [GMT -5:00]
Running from: C:\Documents and...
I am signed in as the admin
Yes, there is one other user but that temp folder is empty.
Also, despite deleteing the files in the temp folder in safe mode, the following reappear when I reboot...