Jump to content

Change Mode

gagaman

Anti-Spyware Brigade
  • Content Count

    1,452
  • Joined

  • Last visited

Everything posted by gagaman

  1. Initially I started folding for the fun. At the time (2003-2005) there where several subfolding teams at pcpitstop having a competition (do a search on Neotech2k4 or Adammaxisteam). I also contributed to the jmol project (doing translation work): a graphical molecular program that [email protected] used. I think this is not continued anymore. And I wrote the http://forums.pcpitstop.com/index.php?/topic/152666-how-to-join-the-pc-pitstop-folding-home-team/ topic (very outdated now ). So I was quite a dedicated folding member. Due to personal circumstances, I stopped folding for quite a while. Qu
  2. Seems to be a problem with their server 129.74.246.143 to which your client is trying to upload... http://fah-web.stanford.edu/pybeta/serverstat.html
  3. Hello jonTom, Thanks for your time and efforts to help me with this computer. Really appreciated!! I will pass your final advices to the lady who owns this pc. regards gagaman
  4. Hello JonTom, Thanks for your reply. I hope I did it right. When I dropped the notapad file on combofix, combofix asked to update to an newer version... I clicked ok. Then combofix seemed to update and did the job. Combofixlog ComboFix 11-11-06.01 - mama 06/11/2011 17:10:31.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2626 [GMT 1:00] Gestart vanuit: c:documents and settingsmamaBureaubladComboFix.exe gebruikte Opdracht switches :: c:documents and settingsmamaBureaubladCFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B
  5. Hello JonTom, I missed this a few posts back ... This computer has 1 HD divided in two partitions.: c:/ with the os en programs and d:/ with the data. Here is the Combofixlog ComboFix 11-11-05.02 - mama 05/11/2011 17:30:21.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2559 [GMT 1:00] Gestart vanuit: c:documents and settingsmamaBureaubladComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))
  6. Hello JonTom, Here are the requested logs: OTL-FIX Log All processes killed ========== OTL ========== No active process named explorer.exe was found! Prefs.js: "http://search.babylo...search&AF=17243" removed from browser.search.defaulturl Prefs.js: "http://search.babylo...rtrp&AF=17243=" removed from keyword.URL C:Documents and SettingsmamaApplication DataBabylonToolbar folder moved successfully. File rity] not found. File ptytemp] not found. File ptyflash] not found. File art explorer] not found. File boot] not found. OTL by OldTimer - Version 3.2.31.0 log c
  7. Hello JonTom, I did another OTL scan... I used the same instructions as you gave in your first post about OTL, so with the custom scans lines. Hope that is what you meant . OTL-LOG OTL logfile created on: 4/11/2011 17:25:04 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsmamaBureaublad Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = ) Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy 3,25 Gb Total Physical Memory | 2,65 Gb Available Physical Memory
  8. The computer is running much better now. Its a little slow at startup, but I will check the services that load at startup and disable the ones that are not necessary. Will do this after you declared this machine clean Here are the dds logs:: DDS-log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: BrowserJavaVersion: 1.6.0_29 Run by mama at 22:02:10 on 2011-11-03 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2655 [GMT 1:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Pro
  9. Hello JonTom, Thanks for the reply. I followed your instructions. Had some problems with the esetscanner... I could not find the button. So could not create a log. I did make a screenshot of the results. Will post it below. Java is updated. OTL-Log All processes killed ========== OTL ========== No active process named explorer.exe was found! Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "http://search.babylo...search&AF=17243" removed from browser.search.defaulturl Prefs.js: "Search the web (Babylon)" removed from brow
  10. Extra.TXT OTL Extras logfile created on: 3/11/2011 7:10:37 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsmamaBureaublad Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = ) Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy 3,25 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 80,21% Memory free 5,09 Gb Paging File | 4,58 Gb Available in Paging File | 89,96% Paging File free Paging file location(s): C:pagefile.sys 2046 4092 [binary data]
  11. Hello Jontom, With copy/paste I got a message that the path to the file was wrong. Check the filename. After that I navigated manually to that map and did not find the file. Therequested logs: OTL.Txt OTL logfile created on: 3/11/2011 7:10:37 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsmamaBureaublad Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = ) Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy 3,25 Gb Total Physical Memory | 2,61 Gb Ava
  12. Hi JonTom, The computer belongs to a friend of mine. I think her kids installed tahat p2p and torrent software. I uninstalled it. I will pass your remarqs about p2p over to them. I did not find the file you mentioned above to be analyzed by virustotal. On that location I did find a file with the same extension: MpKslbcf0fce7.sys. So I uploaded that. Herre is the link: http://www.virustota...5c6e-1320225890 And I wish to get rid or the remnants of Babylon The pc is behaving quite well. No popups or errors showing up now. thanks, gagaman
  13. Hello Jontom, Thanks for taking a look at this. The requested logs: DDS-log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: Run by mama at 9:51:24 on 2011-11-01 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2599 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:Program FilesEmsisoft Anti-Malwarea2service.exe C:WINDOWSsystem32svchost -k DcomLaunch svchost.exe C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe C:WINDOW
  14. Hello HJT crew, The browsers (IE, FF) on this pc had a lot of toolbars (babylon, qword, and some others). Also the startpage could not be changed. I managed to get rid of them using ccleaner, emisoft antimalware,superantispyware and pcmatic. Maybe there are still leftovers, or other malware on this computer. Please take a look at the log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:45:28, on 30/10/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.ex
  15. Hi schrauber, I uninstalled the old java and updated it with the new one. Here are the logs: Custom Scans/Fixes All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 78991 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: in
  16. Hello schrauber, Thanks for your response! The pc is working quite well now. Here are the requested logs: OTL-LOG OTL logfile created on: 28/02/2011 19:51:17 - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\jan\Bureaublad Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy 895,00 Mb Total Physical Memory | 330,00 Mb Available Physical Memory | 37,00% Memory free 2,00 Gb Pa
  17. Thanks for the instructions alwarebytes' Anti-Malware-log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 5895 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 27/02/2011 20:01:32 mbam-log-2011-02-27 (20-01-32).txt Scantype: Snelle scan Objecten gescand: 199981 Verstreken tijd: 5 minuut/minuten, 1 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd:
  18. Hi schrauber, Here is the requested log: ComboFixlog ComboFix 11-02-23.08 - jan 24/02/2011 16:33:58.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.895.504 [GMT 1:00] Gestart vanuit: c:\documents and settings\jan\Bureaublad\schrauber.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\hijackthis\hijackthis.exe
  19. Thanks for your reply... At this momentent, I cant work at that pc... Will do tomorrow evening and respond here with the log you asked for.
  20. Hello Schrauber, He did not set that proxy.
  21. Hello schrauber, Thanks for looking at this log. This is the pc of a friend of mine. I doubt he has set the proxy since he's not very familiair with computers. I will contact him asap and let you know.
  22. Hello, This pc lost internet connection. I was able to repair it. Afterwards, I cleaned it with pcmatic, ccleaner, Malwarebytes' Anti-Malware and superantispyware. At startup it showed a messag about crss.exe nnot found, but this error dissapeared after cleanup with the above tools. They found some nasty's. To be sure its clean now, I like to post a HJTlog HJT-LOG Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:13:54, on 22/02/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes
  23. Hello schrauber, Thanks alot for the help. My machine is running smoothly again. I did the cleanup with OTL. Will keep your instructions for a safe computer in mind. thanks gaga
  24. Indeed, the problems seems to be solved. I big thankyou, schrauber Here is the otl-log OTL logfile created on: 22/01/2011 18:57:16 - Run 2 OTL by OldTimer - Version 3.2.20.2 Folder = D:\Gebruikers\Peter\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free Paging
  25. Hi Schrauber, The popup from eset NOD32 is gone. So thats an improvement Here is the malwarebytelog (not in save mode) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 5564 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 21/01/2011 20:21:16 mbam-log-2011-01-21 (20-21-16).txt Scantype: Snelle scan Objecten gescand: 200003 Verstreken tijd: 3 minuut/minuten, 5 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfectee
×
×
  • Create New...