lpr

Member
  • Content Count

    24
  • Joined

  • Last visited

Everything posted by lpr

  1. Thanks for the info. Browser redirects have stopped. The only unusual thing remaining is that on the online Wall Street Journal site, videos will not play. I've reinstalled Adobe Flash Player version 10, several times, but the videos do not play. WSJ helpline says it could some kind of blocking software. Do you think a-squared is preventing the flash player to work?
  2. hi Kevin - Ran the script, as requested. Ran without incident and the computer restarted. Things seem to be working just fine. I'm curious what the script removed? Please advise. All the best, lpr
  3. Please find attached the requested files/logs. By the way, your help is very much appreciated and speaks volumes for the commitment Emsi Software has to customer service. All the best, lpr
  4. Pusuant to your questions, please find the answers below. When do you get the pop ups? They seemed to appear randomly. When only visiting certain sites? Yes, but I did not note the site and terminated the brower and pop-up immediately upon observing the pop-up window. Every time you open a webpage? No, only randomly and the pop-ups are not appearing today. When you are just using the computer, without the browser open? Only with a brower open.
  5. Today, I noticed a few pop-up windows with advertisements. I cancelled them. It seems like something may still be lingering. Attached is the last a-squared scan.
  6. Also for what it is worth, I noticed in the Device Manager, under "Non-Plug and Play Devices" there is a SASKUTIL present with a yellow exclaimation point.
  7. Please find attached hereto the requested report generated by RootRepeal. Any indications of residual problems from removal of the rootkit or the operation of other malware? All the best, lpr
  8. One thing I did notice that seems a bit strange is that some applications do not start after a double-click on the associated icon. A second attempt usuallys starts, but its strange that it won't start on the first attempt. Any suggestions? lpr
  9. Things are running quite well, by all appearances. Can you summarize what was rootkit was found, and can it be confirmed that its no longer operating? All the best, lpr
  10. Please find attached hereto the requested log.
  11. As requested, please find the attached logs. Does it look like we are "out of the woods", so to speak? Best regards, lpr
  12. Thanks much, lynx. Very helpful. All the best, lpr
  13. Additionally, the a-squared 'pop-up' message "connection attempt to suspicious host" is appearing frequently. I'm unsure if this is related or unrelated to the TLD3 issue we are addressing. All the best, lpr
  14. As requested please find attache hereto the following logs: 1. ComboFix.txt 2. ISeeYou With resepct to machine behvaior characteristics, the following observations are made: 1. At first, both IE8 and FireFox appear to no longer be redirecting, although speed seems to be improving; 2. Both IE8 and FireFox start-up very slow (about 40 seconds for the first browser window to appear, although speed seems to be improving. 3. Browser tabs load slow (about 30 seconds with a "connecting" message appearing in the tab) before the new tab appears, although speed seems to be improving. 4. Application software (i.e. Word, Excel) seem to load slowly. Otherwise, major improvement over waht we were experiencing before. Are we "out of the woods", so to speak? All the best, lpr
  15. Can you shed some light on the proper interpretation of the "result" column of the online analysis of HighJack Free. For example: If it says there are three "good" and seventeen "bad", what does that mean? Are there seventeen "bad" dlls or other processes running on the machine it analyzed? Please advise, or refer to a manual that explains this analayses.
  16. Scans logs attached, as requested. Before running ComboFix, it was discovered through a GMER log review that it appears the machine was/is infected with TDL3 rootkit. ComboFix also identified that a rootkit, perhaps the same, was operating. I also noted that after the ComboFix run, the a-squared scan identified the TDSS rootkit sitting in the ComboFix quarantine, which I believe is related to the TDL3 rootkit found by ComboFix. I quarantined the TDSS rootkit found by a-squared as you will see. It appears the browser redirects are still happening in IE, but at least for now, not in FireFox. The redirects in IE are getting blocked by a-squaredGuard. Given that these blocks are happening, I presume the TDL3 or TDSS rootkits are still operative on my machine. Please advise.
  17. Sorry for the "full quotation" replies. I was unfamiliar with what was meant by "full quotation", but I beleive I now understand. I agree with you. a-squared is not detecting the broswer redirect that I'm experiencing. Attached is the ISeeYouXP log, as requested. Also, please find the web address of the online analysis prepared by HiJackFree. I presume this linkage is what you meant by "attached required log files by ....HiJackFree". If there is a way to create a log file from HiJack Free, I'm not sure otherwise how to do it. http://analyze.hijackfree.com/analyze/?id=0047a8b6-599d-46ff-a95d-266ef8b7f0dd
  18. One additional attachment is below that didn't appear to attach to my last email. lpr
  19. ~WHOLE QUOTATION REMOVED {Lynx} Pursuant to your instructions, please find attached hereto the requested files. It may also be noteworthy and useful to your analyses to know of the following characteristics: 1. While IE8 is the default browser, it does not show up as an installed program on the control panel list of installed software; 2. Outlook 2007 starts continually with the message that it is restoring files becuase of improper termination when in fact it was shut down in normal fashion. Best regards, lpr
  20. Will do, and thanks for your timely reply.
  21. ~WHOLE QUOTATION without any comments REMOVED {Lynx}
  22. Are there any known solutions to detect what is causing a browser redirect problem? a-squared deep scan shows nothting.