Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ns*.tmp file appears when running DDS: Trojan?


  • Please log in to reply
17 replies to this topic

#1 CaroC

CaroC

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 27 July 2013 - 05:25 PM

I'm cleaning up my daughter's old Acer Aspire 3690 laptop running XP SP3 for my use; removed a number of misc. badware from it (including Agent.H), ran many things recommended in these forums (including TDSSKiller, fixTDSS, MBAR, Adwcleaner, TFC), re-upped Avast, added WinPatrol (a personal favorite). Scanned with Avast, MBAM, Spybot, Emsisoft, Eset, everything comes out clean.

 

I was never able to get DDS to run, though; it would quickly reach a point at about 4/5 through the load bar, hang, and then lock up the whole computer and I would have to shut down and restart. I assumed it was malware stopping it from working, but even after everything showed clean it still wouldn't run. I then tried it with the task manager open and saw that a process would appear, always ns*.tmp or ns**.tmp (with random characters), different each time. If I kill that process quickly enough, DDS will continue and run.

 

Is this a parting gift from an old trojan? I can't find info about this type of file except a few mentions of this type of file being associated with a trojan from back in the mid 00's. It's an old laptop that hasn't been used much in several years by someone who is even more clueless about these things than I am, so it's a possibility.


Edited by hamluis, 27 July 2013 - 07:36 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 sikntired

sikntired

  • Members
  • 1,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:24 AM

Posted 27 July 2013 - 07:51 PM

I think your problem is with Avast picking these up as false positives. You might try disabling Avast and then try running DDS.

 

Don't forget to enable Avast .

 

Regards..................



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:24 PM

Posted 27 July 2013 - 07:53 PM

Hello CaroC -

As from sikntired we need to check your Antivirus and a few other installed programs.

It is best to start with a few basic scans to have a look at the systems health -

 

First - Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 
Click Go and copy / paste the result (Result.txt).

 

Thank You -


Edited by noknojon, 27 July 2013 - 07:55 PM.


#4 CaroC

CaroC
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 27 July 2013 - 10:38 PM

Thanks for your help!

 

 Results of screen317's Security Check version 0.99.71  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 WinPatrol 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java™ 6 Update 26  
 Java 7 Update 25  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastUI.exe  
 BillP Studios WinPatrol winpatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive D:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Administrator (administrator) on 27-07-2013 at 22:35:16
Running from "D:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Atheros AR5005G Wireless Network Adapter = Wireless Network Connection (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Wireless Network Connection"
 
set address name="Wireless Network Connection" source=dhcp 
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : holly
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Unknown
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Wireless Network Connection:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Atheros AR5005G Wireless Network Adapter
 
        Physical Address. . . . . . . . . : 00-19-7D-13-D0-7C
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.11
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.1
 
        DHCP Server . . . . . . . . . . . : 192.168.1.1
 
        DNS Servers . . . . . . . . . . . : 192.168.1.1
 
        Lease Obtained. . . . . . . . . . : Saturday, July 27, 2013 3:32:27 PM
 
        Lease Expires . . . . . . . . . . : Sunday, July 28, 2013 3:32:27 PM
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  74.125.225.35, 74.125.225.32, 74.125.225.41, 74.125.225.40
 74.125.225.37, 74.125.225.33, 74.125.225.39, 74.125.225.36, 74.125.225.38
 74.125.225.34, 74.125.225.46
 
 
 
Pinging google.com [74.125.225.128] with 32 bytes of data:
 
 
 
Reply from 74.125.225.128: bytes=32 time=23ms TTL=52
 
Reply from 74.125.225.128: bytes=32 time=25ms TTL=52
 
 
 
Ping statistics for 74.125.225.128:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 23ms, Maximum = 25ms, Average = 24ms
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24
 
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
 
 
 
Reply from 98.139.183.24: bytes=32 time=138ms TTL=45
 
Reply from 98.139.183.24: bytes=32 time=60ms TTL=44
 
 
 
Ping statistics for 98.139.183.24:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 60ms, Maximum = 138ms, Average = 99ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 7d 13 d0 7c ...... Atheros AR5005G Wireless Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.11  25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0     192.168.1.11    192.168.1.11  25
     192.168.1.11  255.255.255.255        127.0.0.1       127.0.0.1  25
    192.168.1.255  255.255.255.255     192.168.1.11    192.168.1.11  25
        224.0.0.0        240.0.0.0     192.168.1.11    192.168.1.11  25
  255.255.255.255  255.255.255.255     192.168.1.11    192.168.1.11  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
 
System errors:
=============
Error: (07/27/2013 01:21:13 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2789643).
 
Error: (07/27/2013 00:18:23 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2729450).
 
Error: (07/27/2013 00:16:12 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2789643).
 
Error: (07/27/2013 00:03:39 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2789643).
 
Error: (07/26/2013 11:50:22 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
 
Error: (07/26/2013 11:43:34 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
 
Error: (07/26/2013 10:02:52 PM) (Source: Service Control Manager) (User: )
Description: The Broadcom Wireless LAN Tray Service service failed to start due to the following error: 
%%2
 
Error: (07/26/2013 10:00:15 PM) (Source: Service Control Manager) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/26/2013 07:12:32 PM) (Source: Service Control Manager) (User: )
Description: The Broadcom Wireless LAN Tray Service service failed to start due to the following error: 
%%2
 
Error: (07/26/2013 07:10:53 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (07/26/2013 04:14:39 PM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
 
=========================== Installed Programs ============================
 
Adobe AIR (Version: 3.7.0.2090)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Atheros for Acer Driver 5.3.0.35_Foxconn Installation Program (Version: 5.3.0.35)
avast! Free Antivirus (Version: 8.0.1489.0)
Broadcom 802.11 Network Adapter (Version: 4.10.47.0)
CCleaner (Version: 3.07)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Driver Genius v10.0.0.712.Cracked-DJiNN (Version: 10.0)
Google Chrome (Version: 28.0.1500.72)
Java 7 Update 25 (Version: 7.0.250)
Java™ 6 Update 26 (Version: 6.0.260)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Download Manager (Version: 1.2.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.4734.1000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Realtek High Definition Audio Driver (Version: 5.10.0.6278)
Spybot - Search & Destroy (Version: 2.1.20)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2749655) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
WinPatrol (Version: 28.5.2013.0)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 61%
Total physical RAM: 502.05 MB
Available physical RAM: 192.72 MB
Total Pagefile: 1227.05 MB
Available Pagefile: 874.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.19 MB
 
========================= Partitions: =====================================
 
1 Drive c: (ACERDATA) (Fixed) (Total:25.73 GB) (Free:18.36 GB) FAT32
2 Drive d: () (Fixed) (Total:30.14 GB) (Free:20.29 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\HOLLY
 
Administrator            ASPNET                   Guest                    
HelpAssistant            SUPPORT_388945a0         
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:24 PM

Posted 28 July 2013 - 01:04 AM

Java™ 6 Update 26 (Version: 6.0.260) < Remove from Control Panel > Add / Remove Programs
Adobe Reader X (10.1.7) Update Adobe Reader to Version 11
Driver Genius v10.0.0.712.Cracked-DJiNN (Version: 10.0) < Please remove this program
Spybot - Search & Destroy (Version: 2.1.20) < This is not required Uninstall from Add / Remove in control panel
- > Also for XP remove: C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\
 

Make sure your avast! is fully updated. (seems to be the current version)
Check Windows Updates and only install any Express (important) updates offered
 

 

Download SUPERAntiSpyware Free (aka SAS)
* Double-click SAS -setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be sure it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to reboot the computer after you post the log

 

 

Please download AdwCleaner by Xplode onto your desktop.

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
* NOTE :Your computer will be rebooted automatically. A text file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

Please download ATF Cleaner by Atribune. Read the => Home Page
This program was for XP and Windows 2000 only but it has been expanded a bit now
Follow the directions for your browser (I use Internet Explorer so I click Select All).

 

 

Tell me if you still have problems, and we can do deeper scans after these ones -

 

 

Thank You -

EDIT - Go Start > Programs > Accessories > System Tools > Disk Defragmenter and run this.

It may / will take quite some time, but just let it run -


Edited by noknojon, 28 July 2013 - 01:09 AM.


#6 CaroC

CaroC
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 28 July 2013 - 03:15 AM

Thanks, AA!

 

I removed Java 6 a couple of days ago with JavaRa; the prog is gone but the add/remove entry lingers on, for some reason. 

Have updated Reader (though I'm leaning toward replacing it entirely with Foxit, actually). 

Have removed Driver Genius--I'm assuming it's nothing I need (and that "cracked" is bad? Wouldn't surprise me--the kid who reformatted this machine for my daughter did several not good things, like destroying the recovery partition).

Is Spybot a risky program? I like using both it and MBAM because they catch different things, sometimes.

Avast is good; Windows updates are all current except for net framework, which isn't updating (a problem I've been working on, so lots of event entries).

 

I'll try running DDS again (with Avast paused) after posting this; if it locks things up again I don't want to lose this reply in the reboot. If it works and doesn't create the ns*.tmp file, I'll post again and say so, and if there's still a problem I won't, unless it's a new problem.

 

 

SUPERAntiSpyware Scan Log

 
Generated 07/28/2013 at 02:50 AM
 
Application Version : 5.6.1020
 
Core Rules Database Version : 10644
Trace Rules Database Version: 8456
 
Scan type       : Quick Scan
Total Scan Time : 00:04:51
 
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
 
Memory items scanned      : 456
Memory threats detected   : 0
Registry items scanned    : 31150
Registry threats detected : 0
File items scanned        : 6363
File threats detected     : 72
 
Adware.Tracking Cookie
.doubleclick.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.oracle.112.2o7.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eset.122.2o7.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.postcount.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.postcount.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.postcount.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.postcount.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.postcount.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.postcount.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.postcount.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.postcount.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.postcount.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
insight.torbit.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.prd.inpwrd.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bs.serving-sys.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 
 
# AdwCleaner v2.306 - Logfile created 07/28/2013 at 02:11:51
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - HOLLY
# Boot Mode : Normal
# Running from : D:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.72
 
File : D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [1345 octets] - [26/07/2013 18:48:19]
AdwCleaner[S1].txt - [1261 octets] - [26/07/2013 18:49:21]
AdwCleaner[S2].txt - [847 octets] - [28/07/2013 02:11:51]
 
########## EOF - D:\AdwCleaner[S2].txt - [906 octets] ##########


#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:24 PM

Posted 28 July 2013 - 04:22 AM

Is Spybot a risky program? < No, just that you now have Malwarebytes and SUPERAntiSpyware programs that outperform Spybot in many ways. You can see this by the amount of Tracking Cookies removed by SAS -

Both MBAM and SAS update several times every day, while Spybot only updates every week.

 

How did the Defrag run, and has this made things a bit quicker ?

 

DDS is a good program if you know how to read the output, but it cures nothing (Dont Do Squat)

 

Do we need deeper scans to find ns*.tmp
 

Thanks -



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:24 PM

Posted 28 July 2013 - 04:44 AM

These relate to : Windows failed to install the following update with error 0x80070643 -
Applies to
•Microsoft Windows XP Starter Edition
•Microsoft Windows XP Home Edition
•Microsoft Windows XP Professional
First : Fix MSI software update registration corruption issues : http://go.microsoft.com/?linkid=9666880 < < To fix MSI software update registration corruption issues automatically, click the Fix it button or link. Click Run in the View Download dialog box, and then follow the steps in the Fix it wizard.

Next : Reset Windows Update components and update your computer http://go.microsoft.com/?linkid=9665683 < < To reset the Windows Update components automatically, click the Fix it button or link. Click Run in the View Download dialog box, and then follow the steps in the Fix it wizard.
Note : This Fix it Solution has two modes: Default and Aggressive. You should run the Fix it solution in Default mode to see whether it resolves your problem with Windows Update before you run it in Aggressive mode.



#9 CaroC

CaroC
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 28 July 2013 - 01:09 PM

Yeah, tracking cookies--I haven't personalized this machine yet, not until I figure out if it's safe, and I haven't set up Chrome to prevent those yet. Defrag ran fine, no problems there. I've tried that Fix It thing before, and it downloads as a prog Windows doesn't know how to read or run, strangely--windowsupdate.diagcab. Part of the problem with Windows is that the boy who reformatted did something that created or changed some files into things Windows doesn't like, and when I try to do some things, it asks for an XP disk to replace those files, but I don't have one, and my daughter doesn't have any, either. So that sucks.

 

I'm not too concerned about DDS functionality (and I can run it if I kill the tmp process), I'm more concerned about why the process is created, which, yes, is still happening. What else would you like to see?



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:24 PM

Posted 28 July 2013 - 04:41 PM

windowsupdate.diagcab. < Skip that one and only run the other Fix It link -

 

We can try to clean out all Temp Files for you -

 

Please download TFC, or Temp File Cleaner from BleepingComputer downloads
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK and reboot your computer and finish the cleanup.

Note: Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.

 

 

Thanks -



#11 CaroC

CaroC
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 28 July 2013 - 06:23 PM

After my last reply it occurred to me that I hadn't retried any of the tools after removing 3.5, so I went back to the net framework cleanup tool the MS guy recced and it worked this time--the problem may have been a bad 3.5 install. Then I retried the second tool you linked and that worked this time, so now I'm DLing lots of backed up NF updates, which is taking forever but is very satisfying. When that's done I'll clean things up again and then retry DDS to see if the problem persists and report back. Thanks for your ongoing help!

#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:24 PM

Posted 28 July 2013 - 10:19 PM

No problem -

 

Also try this Home Page of  ATF Cleaner by Atribune.
ATF Cleaner program was made for XP and Windows 2000 only, but has now expanded for Windows 7
It is a lighter, and quicker version of TFCleaner, and can be used several times per day.
Both are designed to remove the Temp File cache of junk / un-needed old .tmp files -

 

Thanks -

Edit - ns*.tmp or ns**.tmp files are usually created by Mozilla Email files and can be deleted at any time.

I think the computer had Firefox Mozilla Email at one time, and this has made these .temp files

You can manually remove all of these any time you see them.

Or use the Search Function> Start > Search > ns.tmp files and remove any that show up.


Edited by noknojon, 28 July 2013 - 10:38 PM.


#13 CaroC

CaroC
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 29 July 2013 - 05:21 AM

It's not creating temp files or nstmp files, it's starting a process in task manager called ns**.tmp (with different characters for ** every time it happens) whenever I run DDS, which stops DDS from running unless I end the ns process quickly. If I move fast enough, before my computer freezes up, I can launch rkill and it will find and stop the process. The only time I've seen the process start is when I launch DDS, though I haven't watched for it to start at any other time. Nothing is is stopping or locking up the computer, though, so DDS may be the only prog this happens to.

 

I did some Google sleuthing for that process and found an entry that mentioned files in the temp folder, and when I looked I saw a file there called nsx3.tmp, and its icon was a recycle bin. Inside it I found copies of things I had recently deleted. I Googled again for nsx3.tmp in temp folder and fake recycle bin and found this: http://www.threatexpert.com/report.aspx?md5=348dc1c94b80cf315fa03a1a24c7c9f6 It sounds similar to what I might have, though the only registry value that I've found that's like any listed there is the first one, and only up through the first set of numbers before \instance. It may be a variant of that? It doesn't sound good. I also had .bin files with language names in the temp folder, including Simp Chines and Traditional Chinese; though not exactly like similar files listed in that entry, they're close. After I deleted those files from the temp folder I'm still getting the ns**.tmp process in task manager when I open DDS, so the root of it is elsewhere, but I don't know where to look and none of the scans I've run have shown anything. There are a number of mentions of nsx3.tmp as being part of a Trojan that can be found through Googling, but that link was the closest to what I'm seeing and it didn't tell me much. 

 

Any thoughts on what else I can do to track this thing down? I don't want to have to reformat because I don't have disks, but if I can't find this thing I'm not confident about using this laptop for anything involving passwords or personal data. 



#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:24 PM

Posted 29 July 2013 - 05:50 AM

Please try DEFOGGER This download is via Major Geeks.

 

It may help you -
 

 



#15 CaroC

CaroC
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 29 July 2013 - 12:13 PM

Done. It doesn't appear to have found anything; it didn't ask me to reboot. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users