Jump to content

danglinfury

Members
  • Posts

    17
  • Joined

  • Last visited

Everything posted by danglinfury

  1. Sorry for the delay. I've installed AVG, Spybot and a firewall utility on the laptop. I've also had the 'security' conversation with my relative. Hopefully I'm done for a while! Thanks for all your help!
  2. Everything updated fine. The machine appears to be stable, no crashes or BSODs. Thanks for all of your help!
  3. Here are the contents of the OTL fix log: All processes killed ========== OTL ========== C:\Windows\assembly\Desktop.ini moved successfully. File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found. File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found. File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found. File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found. File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found. File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found. Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found. Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found. Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found. Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found. Mount Point C:\Windows\system64 removed successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Emily ->Temp folder emptied: 74810 bytes ->Temporary Internet Files folder emptied: 163973529 bytes ->Java cache emptied: 1205385 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 76652 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 51593 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 17585878 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 175.00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: Emily ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Emily ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06282013_175305 Files\Folders moved on Reboot... C:\Users\Emily\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9DUGPHE\xd_arbiter[1].htm moved successfully. C:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9DUGPHE\xd_arbiter[2].htm moved successfully. C:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHG6TNT7\index[1].htm moved successfully. C:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPXCCX42\fastbutton[1].htm moved successfully. C:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CVMJTTGT\like[1].htm moved successfully. C:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  4. Ok, here we go, another round of logs. No crashes this time. esetscan 6-27-13.txt Extras.Txt JRT.txt OTL.Txt AdwCleanerR1.txt AdwCleanerS2.txt
  5. Sorry about that, I should have caught that. Here is a full log. TDSSKiller.2.8.18.0_27.06.2013_17.18.30_log.txt
  6. Ok, sorry for the delay. I wasn't able to get everything to run properly at first. The machine hard booted a few times. I'm not sure if its hardware related or related to the malware. I was eventually able to run all of the tools and I've attached the logs below. The PC seems to be stable now. It hasn't crashed for a few hours. checkup.txt ComboFix.txt mbar-log-2013-06-25 (21-51-02).txt system-log.txt TDSSKiller.2.8.18.0_25.06.2013_19.01.57_log.txt
  7. Hi D-FRED-BROWN, Thanks again for helping me out. It'd take me forever to clean this up (I'd probably just reformat, but I think my relatives wouldn't be happy about losing all their data, we're going to have a conversation about backing things up as well.) I ran the Farbar fix and was able to boot back into Windows. I've attached the log as requested. Thanks again, Danglinfury Fixlog.txt
  8. Hello, I've been volunteered to fix another PC for another relative. This one is stumping me as well. I believe the system is infected by at least one rootkit and other assorted malware. When I try to run MBAR the system freezes and I eventually have to hard boot. Additionally any time I try to access the internet the machine BSODs. I've managed to run the farbar scan tool and I've attached a copy of the farbar scan output I was able to create. Any help you can provide will be much appreciated! Thanks, Danglinfury FRST.txt
  9. I loaded up the apps per your recommendations and I plan to relay the importance of the same to my family when I return this PC. Thanks again for all your help and sorry for the delay, real life intervened. I am going to open the a thread for laptop #2 now. Thanks again!
  10. Thanks D-FRED-BROWN! Those updates worked fine. I have another laptop I was volunteered to clean up (I'm sure you know the feeling). It has a rootkit or 2 on it as well as other assorted malware. I've tried running MBAR but the machine hard boots before the scan completes. Is farbar necessary to clean rootkits these days? Should I open another thread for this PC? I was hoping to clean this one up myself. I hate to impose further, you've been a huge help!
  11. Ok, finished that round as well. The laptop seems to be running along fine. I haven't noticed any aberrant behavior for the last day or so. Here are the logs. 06232013_144428.log AdwCleanerS2.txt
  12. Ok, finished that round. I think this may be the most infected PC I've ever worked on. AdwCleanerR1.txt esetscan.txt Extras.Txt JRT.txt OTL.Txt log.txt
  13. Here is the scan link: https://www.virustotal.com/en/file/15362a48eff3ddd6c6d9b333cb7f5fe835b60a256b29467ad749dcfac6c761d3/confirmation/?ajax=false&detection-ratio=0/46&blob=AMIfv949Dn8Tw1RycTdAoM0jTENg1Pu3fgYPij-oT-bY1Jm1U7g2bbmLgLXtHKPmmUJlGuulqgv8DFIUGEoih6pz-sUOzw6FDSN9wVa_5scD0fysU8NZtR89YUA2ycWE-tTnWZiMMJQHNGGtjE5EaIo7kFIFBA3UpfCs0ACxJAxKQnOFYh0ObEE&last-analysis=1359009616&filename=C:%5CUsers%5CMatt%5CDesktop%5CCAXHWAZL.sys I definitely hit clean-up when I ran MBAR. The tool removed 1535 viruses, etc. on the first run/cleanup!
  14. Here it is; the results of one more MBAR scan. system-log.txt mbar-log-2013-06-22 (09-12-40).txt
  15. Ok I think I managed to run all of that correctly. Here are the outputs. The computer appears to be back to normal at this point. I plan to load some AV and AM utilities before returning the laptop. Is there anything specific I should do next as far as this virus goes? checkup.txt ComboFix.txt mbar-log-2013-06-20 (20-41-20).txt system-log.txt TDSSKiller.2.8.18.0_20.06.2013_20.34.09_log.txt
  16. Hi D-FRED-BROWN, Thanks for helping me out. I'd love to know how you did that! I've attached my fixlog and I am able to log into Windows. Where do we go from here? C:\ProgramData\20D335367C48AB99000020D31467AFE1 => Moved successfully. C:\ProgramData\1.bmp => Moved successfully. C:\Users\Matt\AppData\Local\2433f433 => Moved successfully. C:\Users\Matt\AppData\Roaming\2433f433 => Moved successfully. C:\ProgramData\2433f433 => Moved successfully. C:\ProgramData\20D335367C48AB99000020D31467AFE1 => File/Directory not found. C:\ProgramData\1.bmp => File/Directory not found. C:\$Recycle.Bin\S-1-5-21-1942894320-713181200-141143642-1001\$693540b43f80fa17592f57901d1b0e79 => Moved successfully. C:\Users\Matt\GoToAssistDownloadHelper.exe => Moved successfully. C:\Users\Matt\AppData\Roaming\skype.dat => Moved successfully. Thanks, Ray
  17. Hello. I am trying to fix a laptop running Win7 64bit for a relative. This machine is infected with the Moneypak virus to the point that I cannot access safe mode or anything else for that matter. I've attached a copy of the farbar scan output I was able to create. I hope I did that correctly. I'd love to know the magic you are using to create the custom scripts used to enable someone to boot into windows. Anyway, any help you can provide is much appreciated. FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.