Jump to content

qotsarock

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by qotsarock

  1. I've tried to run Combofix multiple times, for hours at a stretch, but it never seems to progress. Any other next steps? Thanks.
  2. The program caught two items on the first scan and cleaned them. None on the second scan. Logs attached.mbar-log-2013-05-14 (21-17-42).txtmbar-log-2013-05-15 (19-46-20).txt
  3. That seems to have worked. The txt file ran successfully (I can't seem to access the log file though). I can boot into Windows with no MoneyPak warning showing up. Should I run some additional scans? Thanks!
  4. I tried the OTL scanner but got an error: Target is not windows 2000 or later.
  5. Here's the first log Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-05-2013 01 Ran by SYSTEM on 12-05-2013 22:51:08 Running from D:\ Windows 7 Ultimate (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode [x] HKLM\...\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup [602624 2009-04-05] () HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-03-18] (Apple Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-18] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-01-12] (Adobe Systems Incorporated) HKLM\...\Run: [MigAutoPlay] "C:\ProgramData\MigAutoPlay.exe" [47896 2013-03-12] () HKLM\...\Winlogon: [shell] C:\ProgramData\MigAutoPlay.exe [x ] () HKU\Administrator\...\Run: [GoogleChrome] C:\Users\Administrator\ms.exe [ 2012-10-25] (www.hp.com) ========================== Services (Whitelisted) ================= S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [x] S3 idsvc; "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x] S4 NetTcpPortSharing; "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2008-01-18] (Intel Corporation) S3 fasttx2k; C:\Windows\system32\DRIVERS\fasttx2k.sys [156672 2003-06-10] (Promise Technology, Inc.) S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [48256 2020-02-01] (JMicron Technology Corp.) S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S2 PARPEPPY; C:\Windows\system32\PARPEPPY.SYS [10256 1998-02-20] (Zenographics, Inc.) S3 cpuz132; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x] S4 WerSvc; S4 WSearch; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-12 22:50 - 2013-05-12 22:50 - 00000000 ____D C:\FRST ==================== One Month Modified Files and Folders ======== 2020-02-01 20:02 - 2009-08-30 02:44 - 00048256 ____A (JMicron Technology Corp.) C:\Windows\System32\Drivers\jraid.sys 2013-05-12 22:51 - 2010-03-15 21:20 - 00000000 ____D C:\users\Administrator 2013-05-12 22:50 - 2013-05-12 22:50 - 00000000 ____D C:\FRST 2013-05-12 21:41 - 2010-03-15 21:28 - 00717336 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-12 21:41 - 2010-03-15 21:18 - 01425430 ____A C:\Windows\WindowsUpdate.log 2013-05-12 21:36 - 2009-07-14 00:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-12 21:36 - 2009-07-14 00:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-12 21:28 - 2012-09-19 21:14 - 00008366 ____A C:\Windows\setupact.log 2013-05-12 21:28 - 2009-07-14 00:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-12 21:27 - 2013-03-13 22:22 - 121814130 ____A C:\Windows\MEMORY.DMP Other Malware: =========== C:\Users\Administrator\ms.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2009-08-28 02:04] - [2010-03-15 21:23] - 0811520 ____A (Microsoft Corporation) ED33264518DD8BC4030406602C857589 C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2013-02-21 22:37] - [2012-09-06 12:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 55% Total physical RAM: 382.3 MB Available physical RAM: 172 MB Total Pagefile: 326.13 MB Available Pagefile: 200.68 MB Total Virtual: 2047.88 MB Available Virtual: 1994.02 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Drive c: () (Fixed) (Total:37.27 GB) (Free:23.84 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (UDISK 12X) (Removable) (Total:0.12 GB) (Free:0.1 GB) FAT Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 37 GB) (Disk ID: EEA4EEA4) Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 119 MB) (Disk ID: 4086684D) Partition 1: (Active) - (Size=119 MB) - (Type=06) Last Boot: 2013-03-06 16:15 ==================== End Of Log ============================
  6. Thanks. I'll need to find a PS/2 keyboard and will report back when I do.
  7. Gateway PIII PC from 2001. I'll dig around for another keyboard. I don't think I have a keyboard with an old style connector any more. Yes, I can burn either CD or dvd.
  8. Thanks. Two issues: 1) I am in advanced boot options and do not see an option "repair your computer and 2) I can't scroll down using the arrow key. I'm wondering if the latter is due to the fact that this is a pretty old computer and I am trying to use a USB keyboard.
  9. Hi all, I would appreciate some help with this. I am assisting an elderly gentleman in cleaning his (old Pentium 3) computer with Windows 7 ultimate. He appears to have the FBI Moneypak virus. I can get to advanced boot options at boot but cannot select safemode (this may have something to do with the fact that I have only a USB keyboard and mouse to connect to this old machine). Any advice on next steps is appreciated! Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.