Over 1 million tech questions and answers.

go no go on DDS and boopme suggested to run this [/b

Q: go no go on DDS and boopme suggested to run this [/b

Referred from here: http://www.bleepingcomputer.com/forums/t/309799/xp-defender-trojan-hijack-browser-hijacked-help/ ~ OBHi.I was refered here and I tried to follow the Prep Guide and I was having touble so my advisor told me to only post the DDS log if that was all I could run. It took me a long time but I fnailly was able to run DDS in SAFe Mode with networking. (Hooray)Here is the DDS Log. please let me know if you need anything else:DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Robert Edwards at 0:29:37.04 on Thu 04/22/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.783 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeE:\FIX\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://m.www.yahoo.com/uSearch Page = hxxp://www.google.comuDefault_Search_URL = hxxp://www.google.com/ieuSearch Bar = hxxp://www.google.com/ieuInternet Settings,ProxyServer = http=127.0.0.1:5555uInternet Settings,ProxyOverride = uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dllTB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileuRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"uRun: [Flashpaste] c:\program files\flashpaste\flashpaste.exeuRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exemRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAYmRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exemRun: [Apoint] c:\program files\apoint\Apoint.exemRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -bootmRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.inimRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUNmRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorunmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [elvwumub] c:\documents and settings\networkservice\local settings\application data\sqasqvrwe\dpeeopftssd.exedRun: [elvwumub] c:\documents and settings\networkservice\local settings\application data\sqasqvrwe\dpeeopftssd.exeIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLTrusted Zone: intuit.com\ttlcTrusted Zone: link.com\kaceTrusted Zone: turbotax.comDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: Welnia 2.0.0.906 - hxxps://hosting.bodymedia.com/welnia/files/static/install/bmwelnia_2_0_0_906.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174014400940DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dllNotify: AtiExtEvent - Ati2evxx.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL============= SERVICES / DRIVERS ===============S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-3 135664]S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]S3 HPJNDIS5;HPJNDIS5 NDIS Protocol Driver;\??\c:\docume~1\robert~1\locals~1\temp\hp_web~1\setup\hpjndis5.sys --> c:\docume~1\robert~1\locals~1\temp\hp_web~1\setup\HPJNDIS5.SYS [?]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]=============== Created Last 30 ================2010-04-22 03:55:56 0 d-----w- c:\docume~1\alluse~1\applic~1\avG2010-04-16 03:39:23 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cadd166730c970.mof2010-04-14 23:04:48 204 ----a-w- c:\windows\system32\MRT.INI2010-04-10 05:00:35 699904 ----a-w- c:\windows\is-FDOAR.exe2010-04-10 05:00:35 357 ----a-w- c:\windows\is-FDOAR.lst2010-04-10 05:00:35 10498 ----a-w- c:\windows\is-FDOAR.msg2010-04-02 03:03:03 1469440 ------w- c:\windows\system32\inetcpl.cpl2010-03-30 04:28:19 0 d-----w- c:\windows\system32\wbem\Repository2010-03-30 03:37:12 664 ----a-w- c:\windows\system32\d3d9caps.dat2010-03-30 03:37:12 552 ----a-w- c:\windows\system32\d3d8caps.dat==================== Find3M ====================2010-04-22 03:59:25 96512 ----a-w- c:\windows\system32\drivers\atapi.sys2010-03-29 19:24:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-29 19:24:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\ntoskrnl.exe2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\ntkrnlpa.exe2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll2010-02-12 04:33:11 100864 ------w- c:\windows\system32\6to4svc.dll2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys2008-12-20 13:59:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122020081221\index.dat============= FINISH: 0:31:36.07 ===============

RELEVANCY SCORE 200
Preferred Solution: go no go on DDS and boopme suggested to run this [/b

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: go no go on DDS and boopme suggested to run this [/b

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,I am thcbytes and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.==========Boot into SafeMode with Networking and please do this.....Download and Run ComboFix (by sUBs)You must rename it before saving it.Please download ComboFix from one of these locations:Link 1Link 2Save thcbytes.exe to your Desktop <-- Important!!!==========Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.Double click on thcbytes.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next replyA word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.ComboFix SHOULD NOT be used unless requested by a forum helper ==========With your next post please provide:* Combofix.txtKind regards,~t

Read other 13 answers
RELEVANCY SCORE 43.2

hi boopme

I just want to start a new thread to tell you that I won't be able to reply to the infected and need help thread because I work the whole weekend 14 hours a day. I don't have time to run scan because that takes times and my computer is awesomely slow because of all these problems.

I don't want to reply to that thread until i run scan and post the logs there so it won't be confusing.

I won't be able to do the scan until monday. So please don't close that thread because of no reply for three days.
Thank you so much for your patience and help boopme.

A:hi boopme

hello I underestand.. Take your time . We'll keep the lights on.. there..
I am going to close this one though. Please reply in that thread so I see all your replies. I can remove them if it gets confusing... Thanks.

Read other 1 answers
RELEVANCY SCORE 43.2

hi, i had some malware that was removed and i'm just following up on some instructions by one of your VERY helpful pros.Topic referenced is here: http://www.bleepingcomputer.com/forums/t/190712/google-redirects-and-general-funnyness/ ~ OBi might not be infected with a virus, but i'd like somebody to take a look just to be sure. i know some processes are legitimate and others are trojans depending on where they are, but i don't know enough to determine that. any help in cleaning up my registry/infections is greatly appreciated.thank you for all you do.KurtDDS (Version 1.1.0) - NTFSx86 Run by MKG at 16:04:24.32 on Wed 12/31/2008Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.167 [GMT -6:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exec:\program files\ge security supra\syncservice.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\Kontiki\KService.exeC:\Program Files\GE Security Supra\ProxyDaemon.exeC:\SSL\stunnel-4.10.exeC:\WINDOWS\system32\PRISMSVC.EXEC:\WINDOWS\system32\Tablet.exeC:\WINDOWS\system32\WTablet\TabUserW.exeC:\WINDOWS\system32\Tablet.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\PRISMSVR.EXEC:\PROG... Read more

A:boopme said come here

Hello.Looks like most of it was taken care of. Let's see what we can find.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.To disable AVG:Please navigate to the system tray on the bottom right hand corner and look for this sign.Right click it-> select Quit Control Center.A warning will pop up, click YesDownload and Run ComboFixIf you have already run ComboFix, delete your copy and download a new one. If the computer in question is unable to download ComboFix, transfer it using a removable media (CDs, flash drive).Download Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES.
When the Recovery Console has been installed, you will see the prompt below. Choose YES.
When finished, ComboFix will produce a report for you. Please post the contents of the log... Read more

Read other 13 answers
RELEVANCY SCORE 43.2

Referred from here: http://www.bleepingcomputer.com/forums/topic347564.html ~ OBCouldn't run the Gmer it keep causing the blue screen of death.DDS (Ver_10-03-17.01) - NTFSx86 Run by Sam at 16:19:16.09 on 25/09/2010Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3454.1600 [GMT 1:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\... Read more

A:For Boopme

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 20 answers
RELEVANCY SCORE 43.2
Q: Boopme!

Extras.TxtOTL Extras logfile created on: 09/10/2010 16:45:24 - Run 1OTL by OldTimer - Version 3.2.14.1 Folder = C:UsersHollyDesktop64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File freePaging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)Drive C: | 453.94 Gb Total Space | 373.82 Gb Free Space | 82.35% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: HOLLY-PCCurrent User Name: HollyLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userInclude 64bit ScansCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 90 DaysOutput = StandardQuick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>] [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>].cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation) [HKEY... Read more

A:Boopme!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 3 answers
RELEVANCY SCORE 43.2

Cheers for your helpActions taken so far can be found here http://www.bleepingcomputer.com/forums/t/234967/help-with-combofix-moved/The problems.1. Google Chome wasn't Loading and I got error message:"The application failed to intialize properly (0xc000005). Click on OK to terminate the application"I fixed that buy adding --NO-SANDBOX in the "Target" box under PropertiesAll other web browsers work.--------------------------------2. Windows and Norton will not Update, the Norton troubleshoot says something like internet explorer default connection is dial up, or something along those lines...even while though IE connect though the network.--------------------------------3. Microsoft.com wont load in any web browser. Also when "boopme" was trying to help me in the other thread a lot of the links he posted wouldn't work, and if the links worked, the links to the .exe downloads wouldn't, I don't if that was just because the links where dead or my PC was blocking them.--------------------------------4. Just about every application "boopme" got me to download in order to fix these problems would in some way or another not work, one just wouldn't install, another wouldn't download updates.--------------------------------and finally this is weird, and I'm not sure if I accidentally did it, but my Clock is now in 24hour time :SOh I just thought of what it might be, I got sick of the Microsoft genuine thing popping up, so I download a patch to remove it/stop it popping up I think I ... Read more

A:Help me please "BOOPME"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 43.2

I tried twice to run DDS and it would stop. So I tried again to run Rkill and it found four processes to stop. I tried DDS again and it worked! I am posting both the Rkill log and the two DDS logs.
 
Rkill 2.6.3 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 12/14/2013 10:19:07 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * C:\Users\Boyd\AppData\Local\Temp\nsc3554.tmp\PEV.DAT (PID: 5496) [UP-HEUR]
 * C:\Users\Boyd\AppData\Local\Temp\nsc3554.tmp\PEV.DAT (PID: 5496) [T-HEUR]
 * C:\Users\Boyd\AppData\Local\Temp\nsb4E31.tmp\PEV.DAT (PID: 9124) [UP-HEUR]
 * C:\Users\Boyd\AppData\Local\Temp\nsb4E31.tmp\PEV.DAT (PID: 9124) [T-HEUR]
4 proccesses terminated!
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * Windows Defender Disabled
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 * Windows Firewall Disabled
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
&... Read more

A:DDS log, per boopme

Hello smrboyd1 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

Read other 32 answers
RELEVANCY SCORE 42.8

hi,

well let me start with list of problem i am facing:

I AM USING WINDOWS XP PROFESSIONAL WITH SP3
1 MY TASK MANAGER IS DISABLED

2 MY SYSTEM RESTORE IS DISABLED

3 MY 'RUN" COMMAND IS NOT SHOWING IN "ALL PROGRAMS"

4 MY FOLDER OPTION IS NOT VISIBLE

5 MY DRIVES DON'T OPEN ON DOUBLE CLICK EXCEPT THE C: DRIVE, I HAVE TO EXPLORE THEM TO OPEN THEM.

6 I HAVE TRIED COMBO FIX, BUT NO HELP. AFTER AT THE SCANNING IT SAYS WINDOWS RECOVERED FROM A SERIOUS PROBLEM, BUT I DON'T THINK MY
PC HAS NOT RECOVERED FROM ANY PROBLEM. IT IS STILL IN PROBLEM.

7 I TRIED INSTALLING "KASPERSKY INTERNET SECURITY 2010" BUT AFTER INSTALLING THE ACTAVTION PAGE DOESN'T OPEN. NEITHER IT SHOWS ON THE
TASK BAR.(NEAR THE TIME).

8 I TRIED AVIRA PREMIUM BUT IT ALSO DOESN'T INSTALL, NOTHING HAPPENS AFTER THE INSATLL EXTRACTION OF THE SETUP. NO ACTIVATION WINDOWS
GETS OPEN.

9 LAST BUT NOT THE LEAST I DON'T HAVE INTERNET ACCESS ON THAT PC. AND I DON'T WANT TO FORMAT IT.
So now can anyone help me..

A:HELP ME BOOPME..MY PC IN A LIKE A ZOMBIE..

Hello and welcome... You need to do all the steps as some pertain to your issue..Please follow our Removal Guide here Remove Antispyware Soft (Uninstall Guide) You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 1 answers
RELEVANCY SCORE 42.8

I'm sorry about the time

A:boopme , I'm working on

Hello,I have merged your logs to the topic they belong in which you can find here: http://www.bleepingcomputer.com/forums/t/506389/problems-with-trojan-alureon-j/Please keep all posts regarding this issue to that topic by using the More Reply Options button which you will find near the bottom right under the topic. Once you have completed the reply, then use the Add Reply button found near the bottom center below the text area.This topic is now closed to avoid potential confusion.Orange Blossom ~ forum moderator

Read other 1 answers
RELEVANCY SCORE 42.8

Referred from here: http://www.bleepingcomputer.com/forums/t/317663/pop-ups-and-pc-seems-slower/ ~ OBDDS (Ver_10-03-17.01) - NTFSx86 Run by Jeremy at 14:22:01.34 on Thu 05/20/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.516 [GMT -7:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\Program Files\Java\jre6\bin\jqs.exesvchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\DNA\btdna.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe... Read more

A:DDS log - requested by Boopme

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,I am thcbytes and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to your computer unless ... Read more

Read other 3 answers
RELEVANCY SCORE 42.8

HI,

Log attachged as requested (http://www.bleepingcomputer.com/forums/topic408020.html/page__gopid__2323129#entry2323129)

A:GMER log for boopme

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds file to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.

Read other 49 answers
RELEVANCY SCORE 42.8

Hello I wish that someone can help me solve this problem I've done numerous scans by Malware Bytes and AVG 8.5 free edition. Well I have previously asked Boopme to help and he suggested that I make a new thread so others can read it aswell. Sorry for my grammar I'm only 15 ;) and yea please make the instructions easy to follow I am only a little not nooby now in computers =D

So... my computer is like this, about like 1-2months ago i had my computer umm... well i just reinstalled windows xp I'm not sure what version though. What i find weird is that my computer has 71gigs of memory but tan when i lok at my programs it looks like i dont even have that much... well anyways my computer restarts like when i run my game GunZ (hosted by ijji) okay it lets me start game and enter the game until i have to select a server i select one as soon im about to choose character my computer restarts most of the time the second time i try (after the reboot) i can play it but im still wondering why it will do that (the reboot) well boopme please help cause even when i type my homework i get fustrated because it reboots some of the time and i didnt save my documents so please i really need to find out waht is the problem...i think it wouldnt be tempurature though.

A:Boopme help please or quietman7

..71GB memory? That's insane. Are you talking about hard drive memory or RAM memory though?Alright. Give the people more information to work with first.To check what version your Windows is,right click the My Computer icon and click Properties. Copy everything that's written under System: and Computer: and show us.If you're running Windows XP Service Pack 1, I believe there's something wrong with SP1 that makes it restart every so often.

Read other 11 answers
RELEVANCY SCORE 42.8

Referred from this topic: http://www.bleepingcomputer.com/forums/topic342629.html ~ OBOk boop me I did what you said will you help me here or some one else will? DDS (Ver_10-03-17.01) - NTFSX64 Run by Mariano at 16:39:39.95 on Mon 08/30/2010Internet Explorer: 8.0.6001.18943Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2012.631 [GMT -7:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:Windowssystem32wininit.exeC:Windowssystem32lsm.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Windowssystem32svchost.exe -k rpcssC:WindowsSystem32svchost.exe -k LocalServiceNetworkRestrictedC:WindowsSystem32svchost.exe -k LocalSystemNetworkRestrictedC:Windowssystem32svchost.exe -k netsvcsC:Windowssystem32svchost.exe -k GPSvcGroupC:Windowssystem32SLsvc.exeC:Windowssystem32svchost.exe -k LocalServiceC:Program FilesDellDellDockDockLogin.exeC:Windowssystem32svchost.exe -k NetworkServiceC:Program FilesAlwil SoftwareAvast5AvastSvc.exeC:Windowssystem32Dwm.exeC:WindowsExplorer.EXEC:Program FilesRealtekAudioHDARAVCpl64.exeC:WindowsSystem32igfxpers.exeC:Program FilesWindows Sidebarsidebar.exeC:Program Files (x86)Dell Remote Accessezi_ra.exeC:Program Files (x86)Digital Line DetectDLG.exeC:Program FilesDellDellDockDellDock.exeC:Program Files (x86)Dell DataSafe OnlineDataSafeOnline.exeC:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exeC:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exeC:Program Fi... Read more

A:Requested by boopme

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 70 answers
RELEVANCY SCORE 42.4

Dear all, dear boopme,As instructed in my original thread here, I created a new thread in this forum.As I already had an account and such, I only needed to perform steps 6 and 7 in the thread I was referred to. aswMBR log from previous thread (attach.txt attached to post):aswMBR version 0.9.9.1707 Copyright© 2011 AVAST SoftwareRun date: 2013-01-20 14:07:23-----------------------------14:07:23.921 OS Version: Windows 6.0.6001 Service Pack 114:07:23.921 Number of processors: 2 586 0xF0D14:07:23.921 ComputerName: LAILA-PC UserName: Laila14:07:24.904 Initialize success14:07:42.564 AVAST engine defs: 1301200014:08:04.920 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-114:08:04.920 Disk 0 Vendor: Hitachi_HTS543216L9A300 FB2OC40C Size: 152627MB BusType: 314:08:05.122 Disk 0 MBR read successfully14:08:05.122 Disk 0 MBR scan14:08:05.138 Disk 0 Windows VISTA default MBR code14:08:05.154 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 6314:08:05.200 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142382 MB offset 2098089014:08:05.247 Disk 0 scanning sectors +31257976014:08:05.481 Disk 0 scanning C:\Windows\system32\drivers14:08:33.861 Service scanning14:09:05.126 Modules scanning14:09:17.546 Disk 0 trace - called modules:14:09:17.577 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys ... Read more

A:Possible Rootkit (detected by boopme)

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up to date can be the ca... Read more

Read other 7 answers
RELEVANCY SCORE 42.4

It's runing a lot better but it still slows down while doing everyday activities like surfing the nets and checking email. Not sure if the hard drive is partisioned or two actuaul hard drives but one is 202 gb free and the other is 1 gb free
Process PID CPU Description Company Name
System Idle Process 0 21.13
Interrupts n/a 67.61 Hardware Interrupts
DPCs n/a 1.41 Deferred Procedure Calls
System 4 4.23
smss.exe 692 Windows NT Session Manager Microsoft Corporation
csrss.exe 844 Client Server Runtime Process Microsoft Corporation
winlogon.exe 940 Windows NT Logon Application Microsoft Corporation
services.exe 1004 Services and Controller app Microsoft Corporation
WRConsumerService.exe 1236 WRConsumerService Webroot Software, Inc.
ati2evxx.exe 1268 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 1300 Generic Host Process for Win32 Services Microsoft Corporation
ehmsas.exe 2460 Media Center Media Status Aggregator Service Microsoft Corporation
wmiprvse.exe 1740 WMI Microsoft Corporation
svchost.exe 1352 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1448 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1580 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1756 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 180 Spooler SubSystem App Microsoft Corporation
svc... Read more

Read other answers
RELEVANCY SCORE 42.4

Originally asked in "Am I Infected" and Boopme said it's a proxy issue and to ask here. Below is the original post although I downloaded Java 7 and Security Checks shows OK now.Thank you,I've got a Toshiba Satellite M115-S3094 that came with XP MCE 2005 although now System Properties tells me I'm running XP MCE 2002 SP3. I'm running Security Essentials and WinPatrol Pro resident and scan frequently with MBAM and SAS. Although I have a paid up subscription of Avast Internet Security's latest version, I'm not using it on the latest factory setting reinstall (reformatting of my hard drive for around the 30th time) and update because the sandbox thing had corrupted my sound drivers. I have CCleaner and Defraggler (replacing Windows Defragmenter) and I also run them regularly.I've had to reinstall factory setting enough times to know that it changes from MCE 2005 to 2002 somewhere between factory settings and fully updated SP3 (think it happens in the SP3 install). As we all know XP MCE is MS illegitimate child and they don't want to support the kid. It seems to be the baby they wish they didn't make but I'm stuck with it on this laptop.One reason I think I might be infected is because I'm getting the following two notifications from crypt in the Event Viewer:1)Event Type: InformationEvent Source: crypt32Event Category: NoneEvent ID: 7Date: 9/25/2011Time: 10:41:10 PMUser: N/AComputer: TOSHIBA-USERDescription:Successful auto up... Read more

A:Looks Like a Proxy Issue to Boopme

Hi -These may have been done by Boopme , but just checking.First basic check is, open Internet Explorer, Click on Tools at the top (if you do not see this press the ALT key) > Next >Click Internet options at the bottom of the dropdown list > Connections > LAN Settings , and make sure the only box ticked is the top one (Automatically detect settings).Click OK > OK and exit from there -Delete CCleaner and install ATF Cleaner (by Atribune), more suitable for XP, and also TFC Cleaner (Fully cleans / removes Temp files) - Just Google these 2 items.More items are available, but these are just the first few -Regards -

Read other 25 answers
RELEVANCY SCORE 42.4

Referred from here: http://www.bleepingcomputer.com/forums/topic391921.html ~ OBBoopme... I hope that Ive done this correctly. Here is what youve asked for: I am trying to get this right. Again I have to remind you that I am leaving shortly (just a little later then I had previously expected) Thank you again very very much for all of the help you've given me. Also for always responding quickly and not making it complicated for me to follow.btw i tried to post the file from rkunhooker but it would not let me...can it just be read from my earlier post?Merged posts. ~ OB

A:Kaygie's files for Boopme

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 8 answers
RELEVANCY SCORE 42.4

This is from the laptop that won't connect to the internet at all.

A:DDS/Gmer report for boopme

ark results.

Read other 17 answers
RELEVANCY SCORE 42.4

Referred from here: http://www.bleepingcomputer.com/forums/t/304475/mbam-found-new-objects/ ~ OBHere are my logs and attach zip file. Just like to say that RKill crashes in normal mode when it tries to stop some processes and Explorer crashs as well and computer is unresponsive but in safe mode Rkill finds nothing and works ok. DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Administrator at 16:13:53.09 on 26/03/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.958.532 [GMT 0:00]AV: avast! antivirus 4.8.1368 [VPS 100324-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\VoyagerTest\fts.exeC:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exeC:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeC:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exesvchost.exeC:\WINDOWS\arservice.exeC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exe... Read more

A:My DDS & GMER logs for Boopme

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other answers
RELEVANCY SCORE 42

Hi Boopme, this post is to continue the conversation from the thread I hi-jacked I guess I am a novice at forum etiquette as well as spyware removal! OK Boudin Brad, yes that is the malware file renaming the file so it can prevent you from running what you want ,so you will pay for their fraud tool to fix this.Try renaming that .exe to .bat and start over. You also should start your own topic so we all don't get confused telling diiferent posters what to do. But no harm done.I actually renamed the file myself to try and avert bravia.ex. I tried removing MSAS and redownloading/saving as .bat, but still get "sys admin has set policies to prevent installation."Furthermore, I don't have the "run as" option when saved under this format. I have been unable to successfully run any AV software in safe mode, renamed or not. (combofix,mbab, HJT, rootrepeal). I did get win32kdiag.exe to create a log though.I would reformat, but my computer was a grad-school issue and the windows license has expired. So i need to get creative! Any advice is appreciated.Thank you in advance for your help.-BB

A:Attn: Boopme AVP 2010 continued

I did get win32kdiag.exe to create a log though.Now that you were able to produce a log you need to post it in our HJT forum:http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/Give a brief description and tell them that this log was all you could get to run successfully The HJT team is extremely busy, so be patient and good luck

Read other 1 answers
RELEVANCY SCORE 42

I ran the Defogger, I don't think I have any Emulator tools. I was running Daemon tools, but got rid of it. I still see files in my Registry. I thought CCleaner would get rid of them. Anyway, it did not ask for a reboot. Then I followed your instructions and ran DDS (log and attachment below) and GMER (log below). I am way out of my element at this point.

P.S. I zipped the attach.txt with Winrar, but I wasn't allowed to send that so I just attached as a txt. I hope that is alright.

------------------------------------------------------------------------------------------------------------------------

DDS (Ver_10-11-27.01) - NTFSx86
Run by A Smith at 22:39:44.87 on Fri 12/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.222 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\P... Read more

A:Depthcharge-boopme, Virus\Rootkit???

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

Read other 58 answers
RELEVANCY SCORE 42

Wife says it's running slow too - (I don't think so....)

I will follow your steps from my previous inquiry from the downstairs computer -

A:BOOPME - Let's Check The Upstairs Computer Too....

Ok ,post those logs..

Read other 8 answers
RELEVANCY SCORE 42

To "boopme" - I had a similar problem that "DirtDiver" posted (security warning - DLACTRLW.EXE). I followed your instructions and everything went smoothly until I got to the part where you explain how to re-enable your Emulation drivers (i.e. double click DeFogger, etc.). I tried to but I received an error message and the following was posted on the defogger_enable notepad: defogger_enable by jpshortstuff (23.02.10.1) Log created at 22:15 on 27/01/2011 (my name) Parsing file... -=E.O.F=-Can you or anyone else help me? I was also wondering if there are any concerns I should have since I did have this virus (or whatever it was). TIA!

A:Attn: "boopme" - need additional help with DLACTRLW.EXE

Sorry, I did try to run the DeFogger twice so another defogger_disable notepad was made. It states the following: defogger_disable by jpshortstuff (23.01.10.1) Log created at 19:48 on 27/01/2011 (my name) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F.=-

Also, I have Windows XP and using Mozilla.

Read other 3 answers
RELEVANCY SCORE 42

A continuation of this thread,http://www.bleepingcomputer.com/forums/topic387398.html/page__pid__2184493#entry2184493moved here by request.Well its anadvisable to run Combofis=x on your own and your system seems un stable/ You should repost this with a DDS log.Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.No, it did not go well.No CD emulators are present, according to Defogger.I was unable to get DDS to complete its scan. To my knowledge, I have no active script blockers, although a number of years ago I implemented this registry script "fix":REGEDIT4[HKEY_CLASSES_ROOT\VBSFile\Shell]@="Edit"[HKEY_CLASSES_ROOT\VBSFile\Shell\Edit]@="&Edit"[HKEY_CLASSES_ROOT\VBSFile\Shell\Edit\Command]@="C:\\WINDOWS\\Notepad.exe %1"[HKEY_CLASSES_ROOT\VBEfile\Shell]@="Edit"[HKEY_CLASSES_ROOT\VBEfile\Shell\Edit]@="&Edit"[HKEY_CLASSES_ROOT\VBEfile\Shell\Edit\Command]@="C:\\WINDOWS\\Notepad.exe %1"I don't know if the above registry edit is affecting DDS or not...I shut down my security apps (I'm only running MSE and Commodo) and disabled their services bu... Read more

A:New malware help request -- Reply to boopme

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 17 answers
RELEVANCY SCORE 42

Following the instructions: http://www.bleepingcomputer.com/forums/topic34773.htmlRequested in: http://www.bleepingcomputer.com/forums/topic338848.htmlDownloaded and ran Defogger. As I know I had no CD emulation, it just finished rather than done anything else.DDS log:QUOTEDDS (Ver_10-03-17.01) - NTFSX64 Run by James Rowe at 19:57:54.75 on Fri 08/20/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.4086.2141 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\Dwm.exeC:\Windows\system32\taske... Read more

A:Boopme Requested I post These Logs Here

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run: Malwarebytes' Anti-Malware :Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.W... Read more

Read other 55 answers
RELEVANCY SCORE 42

Referred from here: http://www.bleepingcomputer.com/forums/topic351569.html ~ OBI'm back. After running the DoD version of Boot and Nuke, my drivers were still in place and I had a redirect on the first attempt at viewing weather.com, a site that has never failed to redirect me since I started having problems.Here is the DDS log. I've also attached the ark.txt and gmer.txt files as instructed by the Preparation Guide. I've pulled out so much hair in the last two weeks, I need to go wig shopping. Here we go again!DDS (Ver_10-10-10.03) - NTFSx86 Run by Jim_Brown at 15:41:32.22 on Sun 10/10/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.171 [GMT -4:00]AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============svchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVG\AVG10\avgchsvx.exeC:\Program Files\AVG\AVG10\avgrsx.exeC:\Program Files\AVG\AVG10\avgcsrvx.exeC:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files\AVG\AVG10\avgwdsvc.exeC:\Program Files\AVG\AV... Read more

A:DDS and gmer logs as instructed by boopme

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 22 answers
RELEVANCY SCORE 42

Referred from here: http://www.bleepingcomputer.com/forums/t/318626/infected-with-unknown/ ~ OBUNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-03-17.01)Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 5/6/2010 1:23:57 AMSystem Uptime: 5/28/2010 10:37:32 PM (0 hours ago)Motherboard: PEGATRON CORPORATION | | BeniciaProcessor: Intel? Pentium? Dual CPU E2220 @ 2.40GHz | CPU 1 | 2399/800mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 466 GiB total, 430.537 GiB free.D: is CDROM ()E: is RemovableF: is RemovableG: is RemovableH: is Removable==== Disabled Device Manager Items =============Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: PCI Simple Communications ControllerDevice ID: PCI\VEN_14F1&DEV_2F81&SUBSYS_000014F1&REV_01\4&3735DC3F&0&00E1Manufacturer: Name: PCI Simple Communications ControllerPNP Device ID: PCI\VEN_14F1&DEV_2F81&SUBSYS_000014F1&REV_01\4&3735DC3F&0&00E1Service: Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}Description: USB20 Camera Device ID: USB\VID_A168&PID_0611\6&192004ED&0&4Manufacturer: Name: USB20 Camera PNP Device ID: USB\VID_A168&PID_0611\6&192004ED&0&4Service: ==== System Restore Points ===================RP1: 5/6/2010 1:29:28 AM - System CheckpointRP2: 5/6/2010 10:41:37 AM - Installed Adobe Reader 9.3.RP3: 5/6/2010 10:46:16 AM - Installe... Read more

A:Boopme, here is the info you requested from Fumunda

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 5 answers
RELEVANCY SCORE 42

AII topic http://www.bleepingcomputer.com/forums/topic438108.html/page__gopid__2568763#entry2568763aswMBR version 0.9.9.1297 Copyright© 2011 AVAST SoftwareRun date: 2012-01-22 22:46:44-----------------------------22:46:44.537 OS Version: Windows x64 6.1.7601 Service Pack 122:46:44.537 Number of processors: 2 586 0x2A0722:46:44.537 ComputerName: ANITA-PC UserName: Anita22:46:47.174 Initialize success22:49:56.958 AVAST engine defs: 1201220122:50:08.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-122:50:08.533 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 322:50:08.549 Disk 0 MBR read successfully22:50:08.549 Disk 0 MBR scan22:50:08.564 Disk 0 Windows VISTA default MBR code22:50:08.580 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 204822:50:08.595 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 594921 MB offset 307404822:50:08.627 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14058 MB offset 122147225622:50:08.642 Service scanning22:50:11.185 Modules scanning22:50:11.185 Disk 0 trace - called modules:22:50:11.232 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 22:50:11.247 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ad6060]22:50:11.263 3 CLASSPNP.SYS[fffff8800168c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049d6050]22:50:1... Read more

A:Moderator boopme said to start new topic

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do thisHow to create a bootable Puppy USB DriveDownload and save a copy of the latest Puppy ISO fileDownload and save a copy of Unetbootin for Windows.Ins... Read more

Read other 18 answers
RELEVANCY SCORE 42

I ran SmitFraudFix in regular mode (option 1 for search) and got this:

hosts file corrupted !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

You even thought a couple weeks ago, I might be infected, after some troll was on this board and I tried to analyze his file.

Any idea how to proceed?

SmitFraudFix v2.281

Scan done at 21:37:00.32, Wed 02/06/2008
Run from C:\Documents and Settings\Jeff\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

???????????????????????? Process
???????????????????????? hosts

hosts file corrupted !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

???????????????????????? C:\
???????????????????????? C:\WINDOWS
???????????????????????? C:\WINDOWS\system
???????????????????????? C:\WINDOWS\Web
???????????????????????? C:\WINDOWS\system32

C:\WINDOWS\system32\systems.txt FOUND !

???????????????????????? C:\WINDOWS\system32\LogFiles
???????????????????????? C:\Documents and Settings\Jeff
???????????????????????? C:\Documents and Settings\Jeff\Application Data
???????????????????????? Start Menu
????????????????????????
???????????????????????? Desktop
???????????????????????? C:\Program Files
???????????????????????? Corrupted keys
???????????????????????? Desktop Component... Read more

Read other answers
RELEVANCY SCORE 42

Hi Team,

My post history can be seen through here (http://www.bleepingcomputer.com/forums/topic265272.html) so I will not go over it all again.

In summary though, I have been referred to this section of the forum (by boopme) as i have a rootkit variant and need the specialist support of the HJT team. The key thing I would point out is that all attempts to run most/all suggested spyware/malware tools have failed and so far, only win32kdiag has proved anything. Very long log posted below FYI. Hoepfully it means something to you!

Please advise next steps. Thankyou in advance for your help!
Running from: C:\Users\Mr J Bloggs\Desktop\Win32kDiag.exe

Log file at : C:\Users\Mr J Bloggs\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...

Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3550.tmp\ZAP3550.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP41B5.tmp\ZAP41B5.tmp

Mo... Read more

A:Rootkit variant confirmed by Boopme

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,I am and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!==========You have a very nasty new rootkit. Please follow my directions exactely as I have outlined!!!Step 1Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the con... Read more

Read other 28 answers
RELEVANCY SCORE 42

Referred here from: http://www.bleepingcomputer.com/forums/t/207507/redirected-searches-infection/ ~ OBWinXP SP3. Initial infection was redirecting all web searches. Mod boopme had me do several scans. He said I'm 99% clean but since I still can't update Malwarebytes. I get the following error message: "Update failed. Make sure you are connected to the internet and your firewall is set to allow Malwarebytes' Anti-malware to access the internet. DDS (Ver_09-02-01.01) - NTFSx86 Run by John at 0:34:08.81 on Wed 03/04/2009Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12============== Pseudo HJT Report ===============uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.comuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.htmluDefault_Search_URL = hxxp://www.google.com/ieuInternet Settings,ProxyServer = http=localhost:7070uInternet Settings,ProxyOverride = *.local;uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2... Read more

A:Mod boopme said 99% clean but to come here. Can't update Malwarebytes.

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply.] Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that yo... Read more

Read other 2 answers
RELEVANCY SCORE 41.2

Referred from here: http://www.bleepingcomputer.com/forums/topic372582.html ~ OBWas not asked to restart after Defogger, but I am including the log here.Defogger defogger_disable by jpshortstuff (23.02.10.1)Log created at 21:17 on 16/01/2011 (John)Checking for autostart values...HKCU\~\Run values retrieved.HKLM\~\Run values retrieved.Checking for services/drivers...-=E.O.F=-DDS.txtDDS (Ver_10-12-12.02) - NTFSx86 Run by John at 21:18:41.56 on Sun 01/16/2011Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1928 [GMT -5:00]AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}============== Running Processes ===============C:\PROGRA~1\AVG\AVG10\avgchsvx.exeC:\PROGRA~1\AVG\AVG10\avgrsx.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exesvchost.exeC:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exesvchost.exesvchost.exeC:\Program Files\Utils\System\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spools... Read more

A:Generic Host Error- Following instructions from boopme

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 15 answers
RELEVANCY SCORE 41.2

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by hellib (administrator) on HELLIB-PC on 01-05-2015 16:46:15
Running from C:\Users\hellib\Downloads
Loaded Profiles: hellib (Available profiles: hellib)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Fil... Read more

A:Windows 7 , I was instructed to post FRST by boopme

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/574994 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 41.2

Hi Boopme I have a Thinkpad X61 which now experienced the same issue with another member, you helped out on, back in 2012. I have downloaded the FRST.exe tool and have the results pasted below. Could you help? A lot of my work files are on the laptop. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2016Ran by SYSTEM on MININT-7CGQOV0 (04-10-2016 21:07:06)Running from e:\Platform: Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)Internet Explorer Version 11Boot Mode: RecoveryDefault: ControlSet001ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Registry (Whitelisted) ====================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-07-24] (Avira Operations GmbH & Co. KG)HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [831064 2016-07-18] (Avira Operations GmbH & Co. KG)BootExecute: autocheck autochk * sdnclean.exe==================== Services (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be mov... Read more

Read other answers
RELEVANCY SCORE 41.2

OTL logfile created on: 7/29/2010 5:11:56 PM - Run 1OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Scott\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free6.00 Gb Paging File | 4.00 Gb Available in Paging File | 62.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 447.21 Gb Total Space | 368.73 Gb Free Space | 82.45% Space Free | Partition Type: NTFSDrive D: | 18.55 Gb Total Space | 9.76 Gb Free Space | 52.64% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive J: | 298.09 Gb Total Space | 54.82 Gb Free Space | 18.39% Space Free | Partition Type: NTFSDrive K: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive L: | 297.44 Gb Total Space | 164.06 Gb Free Space | 55.16% Space Free | Partition Type: NTFS Computer Name: JOHNSONFAMCOMCurrent User Name: ScottLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OnSkip Microsoft Files: ... Read more

A:results5.google redirect logs per boopme

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 10 answers
RELEVANCY SCORE 40.8

SAS found Trojan.Agent/Gen-FraudPack infecting the installer CNET included in my download of Zonealarm firewall with free Antivirus. I have no idea how long it was there or if it was original but I installed ZA months ago. Couple weeks ago the ZA AV failed to update repeatedly. (ZA give an "error  1603" code.) Then MBAM failed to update as well. SAS did complete an update and found the infection. (I hadn't run either AV in some time previous. ZA had seemed effective.)
 
After SAS removed the infected files both MBAM and ZA could update but ZA has not since run a scan though MBAM has. ZA has stopped updating again, this time without any error messages. Right after the error codes first came up I tried repair instructions from the zonealarm forum without success. I've removed/cleaned/reinstalled twice following their method. Also there was another 'error code' I suspect might be from ransomware as I googled this "Error Code 127" and the few results there were looked like typical ransomware sales pages..
 
Even links to clean downloads of ZA wouldn't open from their help thread. I realize some of this is just coincidence but it seems like there may be more than just Gen-FraudPack messing up my ZA AV.
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.11.2
Run by ohn at 3:14:40 on 2013-02-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7657.5512 [GMT -5:00]
.
AV: ZoneAla... Read more

A:Boopme sent me- Trojan infecting a CNET installer, seems to be more malware als.

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
 
Link 1
Link 2
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop
 
IMPORTANT....
 
1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
 
3. Do not install any other programs until this if fixed.
 
How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html
 
Double click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall
 
Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
 
 
Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the c... Read more

Read other 6 answers
RELEVANCY SCORE 40.8

Hey,boopme asked me to post logs here in order to get some help. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/299061/search-result-redirects-under-firefox-and-ie/ ~ OBI have tried everything. Two weeks ago...I was downloading something from freakshare and a program called Security Essentials 2010 got into my computer without my knowledge. This damn program caused my desktop to go all blue and wouldn't let any programs run. I got help by finding out how to run spybot and malwarebytes on the infected machine. It took a while to be free of spyware. My problem now is that my google search results have been hijacked. I type in a query and maybe the first link works...and if I click on the second link, I get a redirect. I am also experiencing new pages opening up as well.I came upon this site amongst my searches and it seems like a very good place to have my problem fixed. Please help me! I am on Windows XP.Thanks in advance,Santos

A:boopme asked me to post here regarding browser redirects and smss32.exe

Hello.I see multiple infections here currently. Let's do the following.Download and Run CombofixPlease visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.Please include the C:\ComboFix.txt in your next reply for further review. Even if after running CF things may "feel" or "look" better, that doesn't necessarily mean we're done or your system is clean. Please continue working with me until I declare your computer is clean.With Regards,Extremeboy

Read other 16 answers
RELEVANCY SCORE 40.8

Per boopme's direction ( http://www.bleepingcomputer.com/forums/t/270645/antiviruspro-2010-nothing-will-launch-even-in-safe-mode/ ) here is the Win32kDiag report:Running from: C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exeLog file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\WINDOWS'...Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27B.tmp\ZAP27B.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A1.tmp\ZAP2A1.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE6.tmp\ZAPE6.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\temp\tempMount point destination : \Device\__max++>\^Found mount ... Read more

A:Rootkit issues - Win32kDiag report for review (sent by boopme)

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. "%userprofile%\desktop\win32kdiag.exe" -f -rWhen it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.========================Now delete any copy of combofix.exe that you have if you downloaded it previously.Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.Link 1Link 2Link 3--------------------------------------------------------------------Double click on Combo-Fix.exe & follow the prompts.When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.

Read other 91 answers
RELEVANCY SCORE 40.8

Mod edit: I'ved Merged all together ~~~boopme Edit: SORRY GUYS, didn't mean to make so many multiple posts, that was an accident. Anyways "boopme", the forums won't let me post the full content of the logs here, I'm guessing its too long, so I'll just put all the logs in the attachments.Second Edit: It won't let me upload the DDS log to attachments, so I'll just post as much of it as I can and then make a reply posting the rest of it.Hello again. I've followed step 6-9 in the instructions you (boopme) gave me and gotten my log results and created a new thread in this forum section as you requested from my previous thread here: http://www.bleepingcomputer.com/forums/t/325989/should-i-be-sceptic-about-this-block-or-unblock/. I had no problem getting the first 2 logs. The Gmer log was quiet annoying to get though. The first time I scanned, I went afk while it scanned for a while and came back to a completely black screen and nothing would happen no matter what i pressed. So i turned my computer off and back on, ran the scan again, went afk again, came back to the same thing but realized it was my screen saver that was the problem. So i set my screen saver to activate after 30 minutes of being idle rather than the measly 10 minutes it was set to. I've been meaning to change that anyways. So the third scan was successful, but the scan was so long ._. DDS Log part 1: DDS (Ver_10-03-17.01) - NTFSx86 Run by Chris at 11:31:54.28 on Sat 06/26/2010Internet Explorer: 8.0.6001.18702 Brow... Read more

A:To: boopme, Colma's log reports (rootkit problem continued)

Hi Colma,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.Please tell me if you have still the same issue, no need to post any logs or explain the history of the problem.

Read other 9 answers
RELEVANCY SCORE 40.4

Thank you for offering to help me Boopme!

Here is the result of the program you asked me to run. The computer is Windows XP Pro SP2. I was running in safe mode.

Please let me know what I should do next.

Thank you!
Caroline

Running from: C:\Documents and Settings\Molly Hude.MOLLY\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Molly Hude.MOLLY\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP670.tmp\ZAP670.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP72B.tmp\ZAP72B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP838.tmp\ZAP838.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device... Read more

A:For boopme: Multiple infections including AVR09 and TDSSserv on Windows XP

Hello Caroline,Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) "%userprofile%\desktop\win32kdiag.exe" -f -rinto the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Read other 10 answers
RELEVANCY SCORE 38

Logfile of HijackThis v1.99.1Scan saved at 3:07:54 PM, on 8/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\wscntfy.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\wuauclt.exeC:\antispyware\hijackthis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/signin.jspO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\... Read more

A:Suggested Hjt Log

Hello healing41 and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. It is clean.

Fragmentation isn't really a malware issue. It is just a natural occurance that happens over time. XP has a built-in defragmenter and there are many 3rd party disk-defragmenters. It is good to defragment a drive occasionally but unless the disk is heavily fragmented and the free disk space is less than about 10% of the drive there will probably not be a noticible performance improvement. The 2 files that will have the biggest impact from fragmentation are the swap file and the Master File Table which can only be defragmented with 3rd party defragers. NTFS file systems handle file fragmentation better than the old FAT system found on older operating systems like Win98 so an acasional defrag with the built-in XP utility should be Ok.

Cheers.

OT

Read other 1 answers
RELEVANCY SCORE 38

I noticed that my firewall settings were set to OPEN/ALWAYS/EVERYONE (essentially).  I thought, "That can't be right...that's not safe at all",
So I disabled/blocked about half of my incoming rules.   Which was immediately changed back by an unscheduled update less than an hour later.
I made screen shots of my firewall settings.  *Windows Remote Management is set to YES  PUBLIC ALLOW  SYSTEM  ANY TCP and ANY /ANY /ANY.
Peer to peer collaboration has the same settings, specifying %System...% as the part of my PC that is open to the public.  (And yes, I'm sure these are the default settings, I wiped and reinstalled offline. If you close or block your ports, they will
be overridden in minutes (including the ones marked "No Override". 

I downloaded Spybot 2.5 which detected backdoor knocking on SAM, and attempts to logon without a password.  Defender did not have a problem, as elevated permissions, impersonation, persistent logon attempts using alternate credentials is business as
usual for WIN 10.
Further, all of the choices I was given regarding how  to receive updates/reboot times/and which apps can access my personal data (pictures/docs  -  webcam/mic) are set to "**** yeah!"
So, basically, Windows 10 is a GYN is the front, and a back port Proctologist.
Anyone else think this odd?
Is there a solution...or...?

Read other answers
RELEVANCY SCORE 38

I run a Dell 550mhz with 128mb ram,
Computer runs extremely slow and hangs.
ZoneAlarm was NOT RESPONDING, so I removed it.
Internet Explorer and Mozilla errors - NOT RESPONDING

So....
I ran SPYBLASTER
I ran SPYBOT SEARCH AND DESTROY
I ran AD-AWARE
I ran REGISTER PATROL
I stopped almost all programs from beginning at startup.
I removed programs not used.
I defragmented the disk.
I removed ZoneAlarm, as it seemed to be part of the problem (NOT RESPONDING).

But now the slowness has returned so....

I ran Hijackthis, and here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 6:22:48 AM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steve\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_UR... Read more

A:Tried everything suggested, does this log help?

Hello......
Just to clarify, you have only 128MB of memory? What operating system do you have? Also, you most definitely need an anti-virus program at all times.

Edit: Sorry I just saw you have WinXP for an OS.
 

Read other 3 answers
RELEVANCY SCORE 38

My PC has been freezing. Before you yell at me this is what I've tried.
?Checked hardware, no yellow ! marks
?Checked memory...all 6 scans 2 passes...nada.
?Checked drivers...diagnostic came up empty handed
?turned off startups...disabled windows services...nothing
?Defraged, disc cleanup, reverted to an earlier state for windows...none helped
?attempted to change Anti Virus Programs since Avira & Mcafee caught nothing...
now I can't install AVG because Mcafee is still present somehow...although
I couldn't uninstall it the traditional way...I googled and found links from threads that led
me to the uninstall tool...which I ran and rebooted...it's no longer in the uninstall options..but
AVG still says it can't Install because of McAfee.

I'm basically posting this now..because I don't see any fixes different than the ones I've already tried.
Can anyone help. I did go through some of the rules and if I broke any of them in this post...I appologize. I'm in safe mode now and my screen size sucks typing this too. Thanks. I'm glad
I was able to get this typed before my PC froze again.
Windows XP, Dell Vostro 410, had it for about 2 years. It's my shop pc...I own a sign shop...this is my
backbone for now. HELP

A:I've tried everything that's been suggested

The below is compliments of Broni:You may have some hardware problems.***** Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287 (or http://www.bleepingcomputer.com/forums/topic28744.html)Make sure, you select tool, which is appropriate for the brand of your hard drive.Depending on the program, it'll create bootable floppy, or bootable CD.If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.NOTE. If your hard drive is made by Toshiba, unfortunately, you're out of luck, because Toshiba doesn't provide any diagnostic tool.====================================================================================A. If you have more than one RAM module installed, try starting computer with one RAM stick at a time.NOTE Keep in mind, the manual check listed above is always superior to the software check, listed below. DO NOT proceed with memtest, if you can go with option AB. If you have only one RAM stick installed......run memtest...1. Download - Pre-Compiled Bootable ISO (.zip)2. Unzip downloaded memtest86+-....iso.zip file.3. Inside, you'll find memtest86+-....iso file.4. Download, and install ImgBurn: http://www.imgburn.com/5. Insert blank CD into your CD drive. 6. Open ImgBurn, and click on Write image file to disc7. Click on Browse for a file... icon:8. Locate memtest86+-....iso file, and click Open button.9. Click on ImgBu... Read more

Read other 1 answers
RELEVANCY SCORE 38

I have the Inspiron 3520 with i3-2350M processor. I am currently using a single 8gb DDR3L stick in this machine that was originally bought for another laptop, but it seems fine. Would there be any issue with buying the matching stick and upgrading to 16gb? Are there known issues using low voltage ram in this machine instead of the stock? Thanks.

Read other answers
RELEVANCY SCORE 37.6

Hey, I just bought a new Macbook Pro and currently I don't believe I have any type of security on it. Any suggestions as to what I should download?
 

A:Suggested Mac Security?

Read other 6 answers