I give up, this is clearly way over my head.
Symptoms:
Logs attached (except aswAR.log, which is almost 25Mb).
Thanks,
Dave
Logs attached (except aswAR.log, which is almost 25Mb).can you upload aswMBR log online ...... like mediafire.com or similar
and then give us the download link ?
Hi there I will need to see the MBR
[*] Download RogueKiller and save it on your desktop.
[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png
[*]Wait for the end of the scan.
[*] The report has been created on the desktop.
[*] Click on the Delete button.
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png
[*]The report has been created on the desktop.
[*]Next click on the ShortcutsFix
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png
[*]The report has been created on the desktop.
Please post: All RKreport.txt text files located on your desktop.
aswMBR log is here: http://www.mediafire.com/?5g51f6gy8dpl5d0
going to get RogueKiller now.
Thanks for your help!
Attached are the RogueKiller logs.
Thanks again.
Could you reboot your computer to safe mode please
Reboot and press then hold F8
On the subsequent menu is there the option “repair my computer” ?
If not do you have the windows CD ?
If not then do the following
Download the following three programmes to your desktop :
Extract wintoboot to your desktop
Insert a USB drive of at least 4GB
Run Wintoboot
http://dl.dropbox.com/u/73555776/wintoboot.JPG
Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It
You will see it progressing
http://dl.dropbox.com/u/73555776/usb%20progress.JPG
It will let you know when it is done
Then copy Listparts to the same USB
http://dl.dropbox.com/u/73555776/frstwintoboot.JPG
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here
When you reboot you will see this although yours will say windows 7. Click repair my computer
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg
Select your operating system
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg
Select Command prompt
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]A Notepad window will open. Under File menu select Open.
[*]Select “Computer” and find your flash drive letter and then close Notepad.
[*]In the command window type e:\listparts64 (64bit) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.[*]Press Fix button.
[*]When it is done close the notification pop up. Click Scan and copy and paste the log (Result.txt) it makes on the flash drive.
Okay, I put the files you mentioned on a USB drive then booted from the USB Storage Device.
The System Recovery Options dialog doesn’t have an OS listed.
It does have the option of loading drivers for my hard disk.
Should I do that? If so, would they be in \windows\system32\drivers?
Thanks,
Dave
Do you have the system recovery options list … If so continue to the list parts run
I must be missing something.
When I select Fix I get a dialog that says this:
===
No fix.txt found.
Thanks for you ongoing help!
Arrgh me big numpty … Press scan please and post the results.txt here… That will tell me what partition to set as active and which one to delete
I think I’m the numpty here…
When I boot from the USB, I get a System Recovery Options dialog asking me to select my keyboard input method (I select US).
Then, I get the System Recovery Options dialog with two radio buttons:
Use recovery tools that can help fix problems starting Windows.
Select an operating system to repair.
If your operating system isn’t listed, click Load Drivers and then install drivers for your hard disks.
Restore your computer using a system image that you created earlier.
and two buttons [Load Drivers] [Next]
When I select Next (with first radio button selected), I get a System Recovery Options dialog that matches one of your screen shots with these options:
Startup Repair
System Restore
System Image Recovery
WIndows Memory Diagnostic
Command Prompt
and two buttons [Shut Down] and [Next]
I don’t know which option corresponds to “scan” to get the results.txt file.
Thanks again,
Dave
OK on the last page select the Command Prompt option
You will then have an old DOS type window
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]A Notepad window will open. Under File menu select Open.
[*]Select “Computer” and find your flash drive letter and then close Notepad.
[*]In the command window type e:\listparts and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
https://dl.dropbox.com/u/73555776/listparts.GIF
[]Click Scan
[]When it is done close the notification pop up. Click Scan and copy and paste the log (Result.txt) it makes on the flash drive.
I’ve attached result.txt.
Thanks,
Dave
OK lets get at it
Download the attached fix.txt to the same USB as listparts
Run Listparts again from the recovery console as before
Press Fix
Once done a report will be saved to the USB
Reboot the the computer
If it should fail to start
Then reboot press F8
Select Repair my computer
Select startup repair
Reboot to normal windows
Then run TDSSKiller
I ran listparts.
When I ran Startup Repair, it said “Startup Repair could not detect a problem”.
Then I ran tdsskiller (v 2.7.48, when it told me to load the 2.8.6.0 update nothing happened).
It processed 446 objects with 0 threats!
I have tried several web searches with no redirects and the browser performance seems to be 4 or 5 times faster than before.
Thanks for all of your patient and persistent help.
Please point me to a place where I can donate some $ in return.
Thanks again,
Dave
Hi could I have a quick scan with OTL please to ensure that I got it all
Here’s the OTL.txt file.
That must have been chewing up a good amount of CPU. The response of the laptop is much faster.
Thanks again,
Dave
Lets see if this speeds it up a tad more
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 1316 bytes -> C:\Users\music\AppData\Local\TempIsUwDrk1lj7pzyLNfQjuk8jQk
@Alternate Data Stream - 1279 bytes -> C:\ProgramData\Microsoft:zB5v2fV7KnfzTdjDKLUhIw
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 1140 bytes -> C:\ProgramData\Microsoft:Nzsjx9EuagfKWJHtF6
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP1B5B4F1
:Files
ipconfig /release /c
ipconfig /renew /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete
https://dl.dropbox.com/u/73555776/AdwCleaner.GIF
Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
Logs from OTL quick scan and AdwCleaner log attached.
Thanks,
Dave
One more thing I noticed:
Malwarebytes is still not launching, which I thought was one of the original symptoms of this infection (I had to rename it to get it to run).
The dialog says this:
I can run it manually, but I’ll uninstall/reinstall to see if that clears it up.