42 replies to this topic

[ken545]

Check out my previous post because i just added to the fix, make sure to delete all other fixlogs and fixlists

 

Be back in the am

[mickey7]

Fix result of Farbar Recovery Scan Tool (x64) Version:09-07-2015
Ran by MITCH at 2015-07-12 20:02:32 Run:3
Running from C:\Users\MITCH\Desktop
Loaded Profiles: MITCH (Available Profiles: MITCH)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
2015-06-30 18:08 - 2015-06-30 18:08 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (38).exe
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"C:\Users\MITCH\Downloads\ReimageRepair (38).exe" => File/Folder not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 342.4 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 20:07:12 ====

 

No matter what I do, I can't get the laptop to connect to the internet.  And when I try to get the diagnostic tool to run, it states the service is not started.  I can't get them to start at all.  Otherwise I think i is looking better.  If I can get it to connect, then I can download all updates etc ... Waiting for further thoughts from you when you get back online.  In the mean time I will call the owners tomorrow while at work and see if they are amenable to a restore and finds out what if any data they need saved if they agree.

[ken545]

You didn't read my last post about me adding an item to the fix and ran the fix prior to that, this IP is from Israel and whats its doing on this computer I dont know

 

Be sure to delete all prior Fixlists and Fixlogs

 

Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.

Please copy the entire contents Inside of the code box below beginning with START and ending with END

(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).

Name the file Fixlist, Save it to your desktop where you have FRST/FRST64 or the fix wont work, . Then open up FRST/FRST64 and click on FIX (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please

 

Start
CloseProcesses:
CreateRestorePoint: 
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

[mickey7]

I don't understand.  I deleted all instances of fixlist etc.... Took the above script and created a new one.  Ran it posted the results and the info that I was going to contact the owners to try a restore.(See post 32).  What did I miss???

[ken545]

Mickey, on Post 30  i posted a script but then I edited it to add

Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152

 

In Post 31 I let you know that I edited it to add the above entry.

 

Then in Post 32 you ran the script prior to me editing it

 

So go delete all fixlist and fixlogs and run this script

Start
CloseProcesses:
CreateRestorePoint: 
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End

[mickey7]

OH OK. Must have been a delay or I posted results at same time as your update or something.. Don't know how I missed it.  I apologize.  Will rerun later today after work.  Shall I still contact owners re: restore/reinstall?

Edited by mickey7, 13 July 2015 - 09:20 AM.

[ken545]

Actually Mickey your not doing to bad considering your doing this back and forth on a thumbdrive

 

Not sure but removing that TCP/IP entry may get you back on the internet

 

As far as reformatting and reinstalling windows, with a heavily infected computer its always recommended but this is something you have to discuss with the owner and see if its what she wants to do, if you decide to do this I will link you to our windows forum for help doing this as we just do malware removal on this one

 

Also if you still cant access the net after my last fix than I can also link you to our Networking forum and I am sure they can get you back up and running

[mickey7]

OK will call them and see what they think.   Although I really think this laptop is on its last legs as it is.. They gave me a "jerry rigged" off market power cord system and the thing only runs plugged in.  Battery must be shot as well.   But I will let you know what happens later. Thanks for the support and all your patience and help getting me through this quagmire.

Edited by mickey7, 13 July 2015 - 10:05 AM.

[ken545]

Turn the laptop upside down and the battery will just snap out, look for the make and model and product number and you can find one on eBay fairly cheap, over a $100 bucks less than buying right from the manufacturer, I have been buying them like this for years for myself , family and friends and have never gotten a bad one. The last one I got was for one of my grand daughters and it was right around $30

[mickey7]

Fix result of Farbar Recovery Scan Tool (x64) Version:09-07-2015
Ran by MITCH at 2015-07-13 18:07:27 Run:4
Running from C:\Users\MITCH\Desktop
Loaded Profiles: MITCH (Available Profiles: MITCH)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}\\NameServer => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 2.4 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 18:09:16 ====

 

Still only getting a local connection. 

[ken545]

Why dont you post in our Networking forum, link them to to this thread so they can see what we have done. When they get you up and running post back here and we can continue to make sure your malware free

 

  http://forums.whatth...p?showforum=128

[mickey7]

Have been working in networking forum.  Going to try a return to owner to test how it works at their home. Thanks for your help.

[ken545]

OK Mickey, let me know how it goes