Please review logs...

Discussion in 'Malware Help (A Specialist Will Reply)' started by insan_art, Nov 5, 2010.

  1. insan_art

    insan_art Private First Class

    Hey again guys and gals. Have some logs for you to review. I meant to post these a week ago - been busy.

    This is my pastor's laptop - HP running XPSP2 (SP3 is the only thing I didn't update since I've had problems with this update in the past on certain systems, so I decided to tackle that once the system is clean)...

    Root Repeal crashed, but otherwise the rest of the scans ran completely. RR crash log is attached on next post, if needed.

    Thanks for all of your help!
     

    Attached Files:

    insan_art, Nov 5, 2010
    #1
  2. insan_art

    insan_art Private First Class

    Attaching Root Repeal crash report...
     

    Attached Files:

    insan_art, Nov 5, 2010
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.
     
    Kestrel13!, Nov 5, 2010
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    1. If you did not deliberately set this proxy yourself then please include it in the HJT fix below:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    After clicking Fix exit HJT.

    2. C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini <--- Right click this file and check out the properties, let me know what information you could glean.

    3. C:\{C8C25B18-4244-4C23-BC82-AAF996FB99C3} <--- What's inside of this folder? Tell me exactly or show me with a screenshot.

    4. Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    5. Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let me know how things are running!
     
    Kestrel13!, Nov 5, 2010
    #4
  5. insan_art

    insan_art Private First Class

    Hi Kestrel, thanks so much for the reply. I apologize for taking so long to get back to you.

    So, I know nothing about the Proxy server. I think I tried disabling it at one point when the internet was acting screwy, but otherwise, I don't know where it came from.

    There is some confusion (on my part) about the fact that the computer has COMPUSERVE (yes, compuserve) on there as a secondary ISP. Could it possibly have had something to do with that? (my pastor used to use CS in Jersey before he moved here - I'm trying to get him to LET GO of it, since, after discussing it with him, it apparently serves no purpose at this point).

    Ran MGtools, fixed all 4 lines.

    Attached are screenshots of the two things you asked me to explore. Not much info found about either (and actually the second "folder" you asked about seemed to only be a file?)

    fixME.reg merge was successful.

    MGlogs are attached as well.

    The system seems to be running much smoother since I started cleaning. It's hard for me to tell, it's not my system, but I have worked on a bit before and except for the new Norton software on there (don't EVEN get me started about that!) it is running much better than when I first played with it a while ago.

    Thanks much!
     

    Attached Files:

    insan_art, Nov 12, 2010
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Please go to virustotal and upload the following files for analysis, and let me know the results.

    • C:\{C8C25B18-4244-4C23-BC82-AAF996FB99C3}
    • C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    Could you please get this: {C8C25B18-4244-4C23-BC82-AAF996FB99C3} into a zipped file and attach it for me in your next post? To do this, see the below:

    Please go to start > Run and paste in the following:
    log retrievable @ C:\collect.zip

    Also delete all files in the below bold folders except ones from the current date (Windows will not let you delete the files from the current day).
     
    Kestrel13!, Nov 12, 2010
    #6
  7. insan_art

    insan_art Private First Class

    Kestrel, I apologize for taking so long with this one. It has been difficult for me to be able to work on this system consistently. I hope that I don't have to start all over again (since I'm in the middle of cleaning my own system!). The user is still using the system and from what I can tell, things are running much, much better.

    Uploaded the files in question to Virustotal. Both came back with no results.

    Attached is the file you asked to be zipped (collect.zip).

    Deleted all the temp files.

    Thank you again for all of your help! I'm so sorry I'm taking up double your time today with both this old thread and the other one from my own system.
     

    Attached Files:

    insan_art, Dec 13, 2010
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Just to be sure as it's been some time now:

    Run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    Kestrel13!, Dec 13, 2010
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds