Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dynamer DTC Problems


  • Please log in to reply
15 replies to this topic

#1 JAL3San Antonio

JAL3San Antonio

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX
  • Local time:07:25 PM

Posted 02 December 2013 - 10:06 PM

I originally posted in the Win 7 form and my thread was moved to the security form. When I got a reply there, it advised me to post in this section. Please accept my apologies if I have posted in the wrong place.

 

 

I think I have problems with Dynamer DTC.

 

I suspect it started when I tried to download iTunes. I thought I was at the Apple site but apparently was not. I immediately started getting annoying audio ads while connected to the web with Firefox and my system became very slow.

 

Ad-Aware found a bunch of stuff that was removed. That fixed the audio ads but not the slowness.

 

MS Security essentials has found "Dynamer!DTC" and cleaned it twice. Mal-Aware Bytes has found it once. It seems to be the gift that keeps on giving.

 

I have noticed several other things.

 

MS Security essentials seems to be even slower than normal. When I last stopped it, I had to shut down to take the laptop to work, it had been running almost 35 hours and the task bar showed only about 5% complete.

 

Mal-Aware bytes was faster but is finding no problems now.

 

I tried to do a system restore to a date before the trouble started. It got stuck on the "initializing" page for most of a day before I had to shut down.

 

I have tried to restore once since. I was not able to because it wanted to check my disk "integrity", a time consuming procedure. I did let it complete the utility the first time and no problems were found. Apparently, the flag did not get reset.

 

The reason integrity needed to be checked to begin with was that a few weeks ago, I such down in the middle of a boot when I got a page to come to the hospital. I am a chaplain.

 

Any advice and help would be most appreciated.

 

A bit more info:

 

I am worried about doing my Christmas shopping online because of the possibility of transmitting my account info.

 

I am a hospital chaplain. The affected laptop is my personal one. I take it to the hospitals I serve (6 of them) when I go. That is why powering up and shutting down takes place so often.

 

Sometimes, instead of being on call, I do an overnight shift at a hospital. There are no patients to see except during emergencies. My laptop is the only thing that keeps me from dying of boredom on these overnights. I prepare my sermons and lesson plans for the churches I serve on it as well.  Why is this germane? Because this week, I am doing overnights every night. Much of the advice I receive will be implemented as able, while I sit in the chaplain's office waiting for an emergency but when the pager goes off, I go. If there are any issues that must be "seen through without interruption" I need to know about it so I can act accordingly.

 

Thank you,



BC AdBot (Login to Remove)

 


#2 JAL3San Antonio

JAL3San Antonio
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX
  • Local time:07:25 PM

Posted 03 December 2013 - 12:03 AM

I just rebooted the laptop after arriving at the hospital and have new phenomena to report

 

1. The computer attempted to "check the disk" when starting up this time. It has not done that for several times. I aborted by pressing the space key.

 

2. After pressing the space key, another "check disk" routine came up. It too was aborted with the space key.

 

3. This was followed by yet a third message (all thus far on the black boot screen) saying that my installed antivirus was doing something. Too fast for me to follow, it came up with a "Successful" message and then the rest of the boot routine was normal. I have never seen anything like this before.

 

4. On entering Windows, the MS Security essentials icon in the tray was red. I opened it and it listed the dynamer!dtc file and something called "add candy". I told it to remove them and it ostensibly did but I have no confidence in the result.

 

5. The icon remained red and showed that MS Security Essentials was off, even though it was set for on. About a minute later, the icon turned green.



#3 JAL3San Antonio

JAL3San Antonio
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX
  • Local time:07:25 PM

Posted 03 December 2013 - 12:05 AM

I just re-read the policy for this forum and see that I have sabotaged myself by posting the additional information and moving myself to the back of the line. I will refrain from doing this again.

 

As for this post, I figured an extra 60 seconds would make little difference.



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 PM

Posted 07 December 2013 - 10:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/516173 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 JAL3San Antonio

JAL3San Antonio
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX
  • Local time:07:25 PM

Posted 07 December 2013 - 10:39 PM

I believe that the description of the problems given initially should suffice but I will add this.

 

My system seems to be running better with fewer warnings from AV software but it is still not running as fast as it did. I may be clear but I do not trust the messages I have gotten.

 

My only remedial steps have been to run MS Sercurity Essentials several times. It used to give a warning about the Dynamer thing each time but no longer does so. The last time it was run, it hung up after a day and a half and I had to shut down.

 

I have run Malaware Bytes twice. The first time it cleared things out but it has not found anything since.

 

I have run Ad-Aware twice with the same results as for Malaware bytes.

 

I have attempted one restore to a previous time but that failed.

 

I am running WIndows 7 Professional. It is the 64 bit version.

 

I do not have the original disks for Win7. It was installed on my system when I bought it.

 

The DDS ap has been running for about 10 minutes now without concluding. I am leaving it open for now in case it decides to finish.

 

THank you for your assistance.



#6 JAL3San Antonio

JAL3San Antonio
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX
  • Local time:07:25 PM

Posted 07 December 2013 - 11:04 PM

I tried running the DDS utility again. This time I started from a clean boot. Made sure the windows firewall was off and disabled the MS Essentials. It still did not complete.

 

I await further instructions.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 PM

Posted 08 December 2013 - 10:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
==============

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#8 JAL3San Antonio

JAL3San Antonio
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX
  • Local time:07:25 PM

Posted 08 December 2013 - 04:18 PM

Thank you.

 

Rogue Killer has just completed. The log results are posted below. After posting, I will shut down Firefox and go to the next step.

 

============

 

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : john [Admin rights]
Mode : Remove -- Date : 12/08/2013 15:14:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][SUSP PATH] ASUS Patch 10430001 : C:\Windows\AsPatch10430001.exe - -e [x] -> DELETED
[V2][SUSP PATH] {8131B307-E568-4BE0-96E4-55BF6CCDBB3B} : C:\Users\john\Desktop\ComboFix.exe [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9750420AS +++++
--- User ---
[MBR] 0ead0c2be44aca3e2cf57b939247a2b7
[BSP] a6dfcef95bdca6f6c690eb797753f4a9 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12082013_151417.txt >>
RKreport[0]_S_12082013_151353.txt


 



#9 JAL3San Antonio

JAL3San Antonio
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX
  • Local time:07:25 PM

Posted 08 December 2013 - 04:37 PM

ADWCleaner has been run. I have told it to go ahead and clean. It has been hung up on the "deleting folders" step for about 6 minutes now. That seems long to me but I am going to leave it running and check back in half an hour or so.

 

JAL



#10 JAL3San Antonio

JAL3San Antonio
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX
  • Local time:07:25 PM

Posted 08 December 2013 - 05:14 PM

The ADW finished and I rebooted as directed. The log contents follow.

 

======

 

# AdwCleaner v3.014 - Report created 08/12/2013 at 15:27:54
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : john - JOHNWIN7
# Running from : C:\Users\john\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\orbitdownloader
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\john\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\john\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\john\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\john\AppData\Roaming\Systweak
Folder Deleted : \\JAL3-SERVER\Users\john\My Documents\Tutorials
File Deleted : C:\Users\Public\Desktop\jZip.lnk
File Deleted : C:\Windows\SysWOW64\AdpeakProxy.ini
File Deleted : C:\Windows\SysWOW64\AdpeakProxyOff.ini
File Deleted : C:\Windows\System32\AdpeakProxy.ini
File Deleted : C:\Windows\System32\AdpeakProxyOff.ini
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\qf5iiobj.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\qf5iiobj.default\user.js
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Orbit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\Orbit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\qf5iiobj.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [5864 octets] - [08/12/2013 15:20:10]
AdwCleaner[R1].txt - [5924 octets] - [08/12/2013 15:24:37]
AdwCleaner[S0].txt - [5722 octets] - [08/12/2013 15:27:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5782 octets] ##########
 



#11 JAL3San Antonio

JAL3San Antonio
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX
  • Local time:07:25 PM

Posted 08 December 2013 - 05:24 PM

JRT has completed. THe log follows

 

=====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by john on Sun 12/08/2013 at 16:17:44.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{08DE6B7A-BEEA-4A17-9BEE-1F924628A441}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\john\appdata\local\{1EDC7991-29E4-4DA6-86EE-6B056C173233}
Successfully deleted: [Empty Folder] C:\Users\john\appdata\local\{BB23A500-3755-466B-A670-7389F8E3F6B8}
Successfully deleted: [Empty Folder] C:\Users\john\appdata\local\{E53247D6-9A01-4B01-9719-1F78816332C4}



~~~ FireFox

Emptied folder: C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\qf5iiobj.default\minidumps [38 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/08/2013 at 16:23:03.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#12 JAL3San Antonio

JAL3San Antonio
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX
  • Local time:07:25 PM

Posted 08 December 2013 - 08:09 PM

I ran combofix as directed. While it was doing its thing, I was paged to the hospital. When I got back, I found the blue screen of death.

 

It said something about "Bad Pool Error"

 

Upon restarting, a box popped up with the following:

 

=====

 

Problem signature:
  Problem Event Name:    BlueScreen
  OS Version:    6.1.7601.2.1.0.256.48
  Locale ID:    1033

Additional information about the problem:
  BCCode:    19
  BCP1:    0000000000000020
  BCP2:    FFFFFA800D7E4000
  BCP3:    FFFFFA800D7E4880
  BCP4:    000000000C880000
  OS Version:    6_1_7601
  Service Pack:    1_0
  Product:    256_1

Files that help describe the problem:
  C:\Windows\Minidump\120813-32495-01.dmp
  C:\Users\john\AppData\Local\temp\WER-123162-0.sysdata.xml

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt
 


I have now gone through an successfully competed the directions given except for Combofix. I await further direction.

 

Thank you.



#13 JAL3San Antonio

JAL3San Antonio
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX
  • Local time:07:25 PM

Posted 09 December 2013 - 12:34 AM

From the previous post:

 

I found the   C:\Windows\Minidump\120813-32495-01.dmp file but have no idea how to read it. I am attaching it, in case it is of use.

 

The other file I could not find. I found the folder but no xml fiie

 

Apparently I cannot attach the dmp file because I don't have permission and need to contact the admin. As far as I know, I am the admin.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 PM

Posted 09 December 2013 - 10:26 AM

This error is quite often related to hardware usually RAM, but it could be driver related so it may help to look at the minidump files from the crashes with a debugger.

Check the validity of your operating files.
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

===

Download Memtest86 extract the ISO file memtest.iso to your hard disc, and using your CD writing software, burn the ISO file to a CD as an image (for instance, if you are using Nero, you would select "Burn Image" from the menu). You don't need to do anything else to it to try to create a bootable disc.

After you have burned the ISO file to disc, you should have one folder on the disc containing two files:
BOOT <-- folder
BOOT.CAT <-- file
MEMTEST.IMG <-- file

Just boot from the CD, and the memory test should begin automatically.

Reading and understanding the dump file is not my forte.
If you have to go that way you will need to start a new topic in the
Windows 7 Forum
http://www.bleepingcomputer.com/forums/forum167.html

Try the fixes I gave you first and if all fails contact the Windows 7 experts.

Keep me posted.

#15 JAL3San Antonio

JAL3San Antonio
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX
  • Local time:07:25 PM

Posted 10 December 2013 - 12:51 AM

Please accept my apologies for not responding sooner. I have been busy at the hospitals and churches I serve.

 

I did download the memtest.ico file. I hope to have an opportunity to create the disk and give things a try tomorrow afternoon. I'm doing the overnight shift at one of the hospitals now and suspect that when I get home I will be in no condition to push buttons on a computer, especially if doing so might have lasting consequences.

 

Based upon what has taken place thus far, would you have a reasonable degree of confidence that I can safely conduct commerce over the web and type in passwords?

 

Thanks again for the assistance you have provided thus far.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users