Search:

Just to be complete...

Thanks for help. It is very much appreciated.



# DelFix v10.8 - Logfile created 31/07/2014 at 18:13:00
# Updated 29/07/2014 by Xplode
# Username : Ed and Lou 2 -...

Everything seems good. I was wondering what toip0_tmp.exe might have been if MSConfig said it had been disabled in 2012 (or is that erroneous?). I had an avast warning from a normal/safe/trusted...

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key...

Ran MSConfig and checked the startup values.

The file in question was unchecked, as in not active, and MSConfig would not allow me to delete it. I've attached a screenshot.

11719

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Ed and Lou 2 (administrator) on EDANDLOU2-PC on 28-07-2014 21:20:05
Running from C:\Users\Ed and Lou 2\Desktop...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by Ed and Lou 2 at 2014-07-28 08:35:15 Run:1
Running from C:\Users\Ed and Lou 2\Desktop
Boot Mode: Normal...

ComboFix 14-07-25.01 - Ed and Lou 2 27/07/2014 22:07:42.3.4 - x64
Running from: c:\users\Ed and Lou 2\Desktop\ComboFix.exe
Command switches used :: c:\users\Ed and Lou 2\Desktop\CFScript.txt
.
....

Can't find a Startup tab in Task Manager, looked through
Applications
Processes
Services
Performance
Networking
Users

and did not find it. Meant to post FRST logs earlier, but for some...

Searched using the system search function for toip0_tmp.exe, could not find. Will run FRST and post both logs again.

I followed instructions to show all files, hidden files, extensions, and operatiing system files. There was no exe file in the Roaming directory, only folders.

Could not run Virus Total.

I re-ran FRST completely, here are both logs:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Ed and Lou 2 (administrator) on EDANDLOU2-PC on 26-07-2014...

Got it done early, will keep an eye for your next post. Ta!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by Ed and Lou 2 (administrator) on EDANDLOU2-PC on...

Hi I can't run any scans and all tonight. But I had a query first, and I can probably do more stuff starting tomorrow night around the same time.

My question is, is there a scan result that makes...

Is this a result of MBAM having quarantined/fixed/removed it?


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014
Ran by Ed and Lou 2 at 2014-07-24 06:52:13...

Downloaded zoek.exe. Avast quarantines it. I turn off Avast and try to run as admin. Popup says 'not a valid win32 application.

ComboFix 14-07-22.01 - Ed and Lou 2 22/07/2014 22:54:47.2.4 - x64
Running from: c:\users\Ed and Lou 2\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ...

SystemLook 30.07.11 by jpshortstuff
Log created at 22:30 on 22/07/2014 by Ed and Lou 2
Administrator - Elevation successful

========== regfind ==========

Searching for "788B23~1"
No data...

Hello, there is no DLL warning for the .cpp file.

I've tried the Security Centre notification, and it still won't let me.

Hello,

I did the fix, and re-ran FRST. Logs below. Up re-start, the same DLL warning came up, and I've checked to see if I can run Windows Security Centre, but I can't.

Fix result of Farbar...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Ed and Lou 2 at 2014-07-21 23:14:15
Running from C:\Users\Ed and Lou 2\Desktop
Boot Mode: Normal...

Hello,

Almost immediately after posting logs, I remembered previous advice and then ran MBAM (it's new to me so I forgot about it). It found the ransomware, and quarantined it. However, there...

Hello again, sorry so soon,

I got the same pop-up as one month ago, asking permission to make a registry change:

(link) http://forums.spybot.info/showthread.php?70705-Repeated-registry-hijack ...

OK, many thanks, very much appreciated.
Ed

I ran avast! immediately when I read grouppolicy changed, full scan, no problems.

Can I ask, what was it? How can I avoid this again, other than all previous advice on this [wonderful] forum?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-06-2014 01
Ran by Ed and Lou 2 at 2014-06-28 23:19:02 Run:1
Running from C:\Users\Ed and Lou 2\Desktop
Boot Mode:...

Hello,
First, I am not completely confident that ERUNT has backed up the registry. A few times at start up a few warning boxes showed up, and the last one mentioned something like " the registry...

I've booted in Safe Mode (no networking) and run avast! twice, with no malware found. I rebooted normally, but can't load avast!. I've run adwcleaner and the logfile is below.


# AdwCleaner...

Hello,
-I ran Spybot Search and Destroy, updated, and nothing found.
-I rebooted to try to get the dialogue box with 'virus' found but it did not re-appear.
-I tried to run avast! (my main virus...

Hello, I will follow the above instructions. When booting up, I expected the same dialogue box, but up popped a new one, with a file path and "Could not load" as it contains a virus.

Have...

The message shows up a minute into booting up. The window is titled "User account control" and no matter how many times I click "No". It immediately pops back up.

So should I click yes and deal...

On loading, persist registry notice to from publisher microsoft. When cancelled, immediately pops up again. Suspected as not real as website visited had no need to make registry change, and nothing...

Let's reset system restore DONE


Now lets uninstall ComboFix: DONE


UPDATING WINDOWS AND INTERNET EXPLORER DONE


Download and run Secunia Personal Software Inspector (PSI) DONE

Java 7 update 5 installed.

ESET scanner run, no problems found. [no report given].

DDS log below and attach.txt attached.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer:...

ComboFix 12-07-18.04 - Ed and Lou 2 18/07/2012 22:41:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3893.2736 [GMT 1:00]
Running from: c:\users\Ed and Lou...

Hello gentlemen and gentleladies,

It has been a couple of years since I have needed your help, but I really do need some help again. My computer tells me that it is locked by the UK Met Police...

One of the elves who uses this machine got fooled by a pop-up or redirect and started a fake scan.... So I find out and ran a spybot scan to see what has happened. Spybot finds virtumonde.(sch?)...

Haven't had a problem lately. It worried me that Mcafee could remove files, then have the same problem pop up again.

Do you have a resource page, or tips, on how to use HJT regularly to check for...

Tea-timer not turning off turns out to be a problem with my memory of EXACTLY how to do it.

Re-ran HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:56, on 01/01/2009...

Curiously, disabling Tea-Timer does not carry over to re-boot. I have noticed this once before.

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31:11, on 01/01/2009...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 31, 2008
Operating System: Microsoft Windows XP Home...

Limewire is now gone.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Ed and Lou at 2008-12-31 10:57:44
Microsoft Windows XP Home Edition Service Pack 3...

log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Ed and Lou at 2008-12-28 15:36:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has...

Scanned with Ad-aware, Mcafee pops up with warning for generic.pup.z.
Mcafee says it removes it, this happens a few times.
Scan with Kaspersky online scanner, nothing shows up.
Scan with Spybot,...

I guess it's clean. Did a Java update, will check again soon. I'm suprised this time Spybot got rid of it all, with no need for extra work.


Hmm...

Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 23, 2008 12:33:05 PM
Operating System: Microsoft Windows...

Living in the Middle East, and I'm getting bombarded by computer junk...

Kaspersky to follow in next post, in about an hour.

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at...

Things are working well. Thanks for all your help. I'll finish the updates tonight. I'll let you know if anything comes back.


Ed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:53, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
...

Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 05, 2008 5:58:36 PM
Operating System: Microsoft Windows...

HJT log; kaspersky on its way

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:49, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00...