Hello Jeff:
My Outlook email is back to normal. The storage device had its hooks in it and I uninstalled all of the features I did not want, and that solved that one issue.
Also, I just made a...
Type: Posts; User: GreenWithEnvy; Keyword(s):
Hello Jeff:
My Outlook email is back to normal. The storage device had its hooks in it and I uninstalled all of the features I did not want, and that solved that one issue.
Also, I just made a...
Hello Jeff:
I am confirming that my PC is in good shape and you can close this thread.
Thank you thank you thank you so much for assisting me in getting rid of this malware. Please post...
Hi Jeff. My system is running well. I mentioned some of these things before. These are things that don't seem right to me.
When I send email, I get a pop-up window that someone is trying to...
ComboFix 12-04-17.01 - Mike Hoover 04/20/2012 8:18.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.284 [GMT -4:00]
Running from: c:\temp\ComboFix.exe
Command switches...
Adobe and Java were downloaded per instructions.
This took a looooooooooooooong time to run:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17109 (vista_gdr.120227-1644)
#...
Here is the Malwarebytes log and it was a full scan, not a quick scan:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.19.04
Windows XP Service Pack 3...
It is behaving pretty well. The last two times I booted it this morning, it did not recognize my new external hard drive. I'm not sure what going on there. I had to unplug and replug the USB jack...
I rescanned, chose delete, and then rebooted. Then I ran the scan again. Here is the log:
07:57:05.0140 2948 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
07:57:05.0625...
Hi Jeff. Here is the log. The tool said it found a suspicious object, but not a malicious object, so I did not cure it as instructed.
04:31:42.0625 2772 TDSS rootkit removing tool 2.7.29.0 Apr...
I posted the beginning of the log first. Then the end of the log second, and then all of the stuff in the middle. It's all there.
Mike
- 2003-09-03 00:25 . 2010-06-15 10:18 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2003-09-03 00:25 . 2012-04-14 14:49 114688 ...
+ 2001-08-17 18:52 . 2001-08-17 18:52 179584 c:\windows\SYSTEM32\DLLCACHE\dac2w2k.sys
- 2001-08-23 10:00 . 2001-08-23 10:00 350208 c:\windows\SYSTEM32\DLLCACHE\d3drm.dll
+...
- 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\SYSTEM32\DLLCACHE\http.sys
+ 2004-08-04 05:41 . 2004-08-04 05:41 685056 c:\windows\SYSTEM32\DLLCACHE\hsfcxts2.sys
+...
+ 2002-08-29 10:00 . 2008-04-14 00:12 102400 c:\windows\SYSTEM32\DLLCACHE\rcbdyctl.dll
- 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\SYSTEM32\DLLCACHE\rastls.dll...
+ 2002-08-29 10:00 . 2002-08-29 10:00 5632 c:\windows\SYSTEM32\DLLCACHE\kbdblr.dll
+ 2008-07-21 00:29 . 2008-04-14 00:09 6144 c:\windows\SYSTEM32\DLLCACHE\kbdbhc.dll
+...
+ 2001-08-17 18:52 . 2001-08-17 18:52 12032 c:\windows\SYSTEM32\DLLCACHE\amsint.sys
+ 2002-08-29 10:00 . 2008-04-13 18:31 37760 c:\windows\SYSTEM32\DLLCACHE\amdk7.sys
+...
+ 2002-08-29 10:00 . 2008-04-14 00:11 23552 c:\windows\SYSTEM32\DLLCACHE\mciwave.dll
+ 2002-08-29 10:00 . 2002-08-29 10:00 25264 c:\windows\SYSTEM32\DLLCACHE\mciseq.drv
-...
+ 2012-04-15 12:08 . 2001-08-18 02:36 86097 c:\windows\SYSTEM32\DLLCACHE\reslog32.dll
+ 2002-08-29 10:00 . 2002-08-29 10:00 12800 c:\windows\SYSTEM32\DLLCACHE\replace.exe...
((((((((((((((((((((((((((((( SnapShot@2012-04-10_20.28.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-18 11:48 . 2012-04-18 11:48 16384 ...
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default...
ComboFix 12-04-17.01 - Mike Hoover 04/18/2012 7:28.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.76 [GMT -4:00]
Running from: c:\temp\ComboFix.exe
Command switches...
Hello Jeff. I have not attempted to load software or in any way alter the computer. I only ran Combofix as instructed. The site is telling me the text is too long. I cut it in half and it was...
I will follow your instructions tonight and post the Combofix log.
I'm running the Microsoft Fixit Center downloader off my C drive, not off of a USB drive of any kind, so I'm not understanding...
I see that webroot is an antil-malware program. No, I definitely never used that.
I do have an issue where I cannot run Microsoft Fixit Center anymore. Or download and install the latest...
I don't know what webroot is, so the odds are that I didn't have it.
My firewall started up on reboot.
I have a number of suspicious processes/services and I'm going to list them. If you know if I can delete them with no ill affects, please let me know. None have...
Hi Jeff, I don't want you to think that I'm deathly afraid of Combofix, but I purchased an external harddrive and backed up my C drive before running it. So when you see Seagate and Memeo in the...
I did set a restore point this morning. Truthfully, I'm not sure if that's the same as a complete back-up or not. I hope that it is.
It does seem that the infection was neutralized. I don't see...
Well, trust me, it wasn't just resetting the modem, because I tried that a number of times. It was a combination of one of the other fixes I implemented and then resetting the modem that finally...
First of all, my internet access may be a bit shaky yet. Just now I had to renew my ip address again.
I tried about 50 different things over the last day and half. And then I unplugged my modem...
Oh my god, I just got my Internet Access back. This is momentous! I've been working on this for a day and a half.
Awaiting further instructions.
Well, I worked on trying to restore the internet connection for about 11 hours straight. No luck. I've tried all kinds of things, including uninstalling and reinstalling the tcp/in driver. But I...
Here is FSS.txt:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\netbt]
"Type"=dword:00000001
"Start"=dword:00000001...
OK Jeff. I will do that.
Just to let you know, even though I don't know what I'm doing, I have the PC now recognizing my two CD/DVD drives and I can run them. Also, I have my PC's audio back,...
I did as you instructed and it didn't help. The "local area connection" is connected but I cannot get the system to pull my ip address. I had tried the ipconfig /renew previously to see if that...
Here it is Jeff:
Farbar Service Scanner Version: 01-03-2012
Ran by Mike Hoover (administrator) on 13-04-2012 at 15:12:05
Running from "C:\Temp"
Microsoft Windows XP Home Edition Service Pack 3...
You asked me if I could access the Internet in safe mode. The answer is no. I tried safemode with networking and I still could not access the Internet. I looks like it's loading a bunch of drivers...
First, here is my Combofix log:
ComboFix 12-04-10.02 - Mike Hoover 04/13/2012 1:14.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.236 [GMT -4:00]
Running from:...
Thank you Jeff. I have created the txt file on my thumbdrive and will transfer it to my home PC tonight as instructed. I will bring my work laptop home with me tonight and maybe I can get on the...
Hi Jeff. I didn't see your post about booting in safe mode until now. Below are the logs. I thought combofix would create a differently named log for each run, but it just overwrote the same log...
Tomorrow, I will post the logs that were requested and then wait for your next instructions. I'll put the logs on a thumb drive and then post them from my work PC. I had to run Combofix three...
Is it possible to use that recovery tool that Combofix downloaded to get some of my system files back? I did try to do a system restore, but Windows doesn't make it through the process and says it...
Well, my PC is pretty much toast after running Combofix. I have no connection to the Internet and my PC doesn't recognize my CD ROM Drives so I can't reload my drivers. Basically, Combofix deleting...
Well, I started a thread this morning, subscribed to it and bookmarked it, and it has vanished off the website. So here it is again.
Edit
Previous topic is still open. :)
Hi. I'm looking...
Hi. I'm looking for some assistance to remove some malware on my PC. I have SpyBot and Malwarebytes. Spy Doctor doesn't pick up a problem when I scan.
Malwarebytes does and it always finds a dll...