Jump to content


Advanced Member
  • Content Count

  • Joined

  • Last visited

Everything posted by Btuvi

  1. I have AVG, Windows (Scotty the dog), Ad-Aware. I shut these down including firewall. On link you sent PC Status will run until "Send results to Pitstop" and then it gets stuck on run (the wheel just keeps turning)- same as before.
  2. Here are results. If I understand this correctly I don't see a problem. Every this was green. Hop # Avg ms Loss % Graph Address 1 1 (173-18-132-221.client.mchsi.com) 2 8 3 11 4 10 5 11 6 23 7 43 (cr2.attga.ip.att.net) 8 43 (cr1.ormfl.ip.att.net) 9 42 (gar4.miufl.ip.att.net) 10 97 11 57 (g1-1.br2.dfw.terremark.net) 12 58 13 98 (daa.g920.ispa.data
  3. I still cannot start up in safe mode. (I have been able to in the past.) The only choice I have is "Normal". Seems to me I need to be able to have this option available.
  4. I have checked and rechecked and can find nothing that would be blocking sending test results (PC Status) to pitstop. However, I cannot start up in safe mode - though I have been able to do so in the past.
  5. And here are results of Kscan. Apparently I'm problem free. What say you? KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, October 31, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: Last database update: Sunday, October 31, 2010 01:06:37 Records in database: 4194713 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Comput
  6. When I run test is zips through until it gets to send results to pitstop. I've tried trouble shooting but no luck. What now? Thanks.
  7. Here is the first step (MalwareBytes) No problems. Will do Kaspersky tonight. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4999 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/30/2010 1:24:29 PM mbam-log-2010-10-30 (13-24-29).txt Scan type: Quick scan Objects scanned: 133678 Time elapsed: 7 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected:
  8. From the beginning I thought I would approach this as if it were a classroom. Didn't do any good though. I was lost from the getgo. I did learn a couple of things. You enjoy a challenge and are helpful and patience. Good on you. I'll follow the latest instructions but when we come to the end I wish you would take the time to explain to me what we did. The explanation need not be lengthy and should not include technical language. Not every one is as computer savvy as we and I might want to tell someone else in simple language what happened. Apparently problem is solved.
  9. I've tried going to 6 or 8 different websites and have yet to be re-directed. I will post another reply later in the day to confirm that. Thanks
  10. After reboot I saw an icon named "all", opened it, and below are the results. Hope this is what you are looking for. Shortly I will post results regarding being re-directed. reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation old REG_MULTI_SZ = SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain deleted SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheEntryTtlLimit deleted SYSTEM\CurrentControlSet\Services
  11. Jon Tom, Here is the first part (OTM) - I think. Are clipboard and notepad the same thing? C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTM by OldTimer - Version log created on 10292010_052826 C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTM by OldTimer - Version log created on 10292010_052826
  12. Is this it? LOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000037" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination "\Device\USBFDO-1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD" .\debug.cpp(400) : Destination "\Device\VideoPdo0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicL
  13. The below is not what I was expecting to see but here it is: •Click once on "Desktop". •The contents of your desktop will be displayed in the window on the right. •Locate "bootkit_remover.rar" and click on it once to highlight it. •Once it is highlighted, click on the "Extract" button at the top of the PeaZip window. •Click on "OK". •Close PeaZip. You should now have an icon on your desktop called "remover" •Double click on "remover". •A Window will open. •It will show a Black screen with some data on it. •Right click on the scree
  14. I downloaded BOOTKIT but Windows would not open so I downloaded Peazip and followed instructions - except, though I searched for it, I could not find Remover.exe. Probably me again so tell me what I'm missing and I'll try again.
  15. This is MBRCheck. Next I'll do BOOTKIT and add a second reply. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000005d Kernel Drivers (total 124): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EE000 \WINDOWS\system32\hal.dll 0xF7F18000 \WINDOWS\system32\KDCOM.DLL 0xF7E28000 \WINDOWS\system32\BOOTVID.dll 0xF79C9000 ACPI.sys 0xF7F1A000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF79B8000 pci.sys 0xF7A18000 isapnp.sys 0xF7
  16. Apparently it was just coincidence that I was not redirected to the few websites I tried. I still have the same problem.
  17. I have tried going to several different websites and have not been redirected so maybe something is fixed.
  18. Jon Tom, I thought that you were adding your own posts someway but, as usual, I discovered that I am the culprit. I'm the culprit too regarding Combofix. When the screen popped up saying that Malware Gen had been discovered instead of recognizing that this was an AVG discovery I assumed the program had run and discovered the problem. I had two choices: Quarentine or Allow. I chose Quarentine and effectively disabled the program. Realizing this I ran Combo Fix again, hit allow, and allowed it to do it's job. Results below: Thanks ComboFix 10-10-26.03 - Owner 10/27/2010 14:41:
  19. Jon Tom, I downloaded combo fix, disabled avg free and adaware, and ran program. No mention of Microsoft Windows Recovery Console so program ran and found malware.gen. I did a restart and found that 195 processes terminated, 67 files removed, and 3 registry keys deleted. I clicked on details and tried to copy paste here but it wouldn't allow me to copy. I then went online to get to pitstop and immediately was redirected to another site - so apparently problem not solved. What next? Do I have Micro Windows Recovery Console? Should I download it?
  20. Ok, here's what I got. A box popped up stating: (Host File marked as a "system file" and can NOT be manipulated. Press OK to remove the system file attribute.) The first time I saw this I clicked OK and had to then start from scratch. The second time I first clicked on Restore MS Host File and a box popped up stating: (Error: Cannot create file "C:\Windows\System32\Drivers\ETC\Host I did not see Make Read ONly though I did see Make Writable. I still have the same problem. Your thoughts?
  21. Jon Tom, I tried running gmer from safe mode but couldn't get into safe mode (which I have done before) so ran Rootkit Unhooked. See results below. RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #1 ============================================== >Drivers ============================================== 0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2189952 bytes 0x804D7000 RAW 2189
  22. Jon Tom, I followed your instructions and downloaded to desktop and then extracted files. At no time did I see gmer.exe - only "application". I tried at both sites you recommended. Before I was able to follow instructions regarding IAT etc a box popped up insisting I put disk in drive d. That was as far as I got though I tried numerous times.
  23. Jon Tom, Please be aware that I appreciate all your help and will follow your instructions. You folks have always been extremely and I am always thankful.
  24. After running DDS I was advised to post one and zip and post the other after saving to desktop. Apparently I don't know how to save either to desk top nor do I know how to zip. So, I'm going to try and paste. Hope this works and doesn't add to your difficulty. If so please let me know and explain how to save to desktop and zip. Thanks. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-10-21.02) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 4/7/2008 6:04:15 PM System Uptime: 10/15/2010 6:10:25 AM (173 hours ago) Motherbo
  25. Thanks Jacee. And the solution is?
  • Create New...