Jump to content

RockyRocky

Members
  • Content Count

    16
  • Joined

  • Last visited

Community Reputation

0 Neutral

About RockyRocky

  • Rank
    New Member
  1. I did make a restore point but when I choose restore point it says I did not designate a operation system so would not do the restore. Thank you for the reply. But for command prompt, when I dir the files in system32\drivers, it shows the classpnp.sys (instead of .old), and its disk label is shown as X instead of C. So it is not really the actual C volumn and the change name there won't help. thanks rockyrocky
  2. Hi All: Please help! It starts that all of a sudden I could not start windows 7 safe mode. And it will hang on at classpnp.sys file. I can intermittently start in normal mode though. So I look up in the website and some guys suggested to rename the system file classpnp.sys into classpnp.old. So I went some trouble to change file ownership and change permission and then change the file name in c:\windows\system32\drivers\classpnp.sys into classpnp.old. After that I am screwed. When I tried to start windows 7 in safe mode or normal mode, I got blue green. This happened immediately after I chan
  3. Ron: Thanks. My question is did combofix did anything in regard of remove virus? You said the ntfs.sys file was not removed. My computer runs ok and apparently were not under virus attack. So exactly what has been changed then? Up to now I did not see any unusual behavior of my computer, does it mean it is ok to leave it the way it is now? No need to get SFS scan? I was afraid to cause further system file damage that I could not handle. Thanks RockyRocky
  4. Hi Ron: I am a little nervous to hear that my system file is compromised. So in the earlier scan, combofix showed that this ntfs.sys is infected. Then I run the script you sent CFscript.txt, could you let me know exactly what this script does? delete the ntfs.sys and supposely replace with a healthy one? Right now what is the situation for the ntfs.sys in my computer (windows 7), it is deleted? replaced? deleted but not replaced? The two links you send me, the first is for vista and older version, the second one is for windows 7. Should I just follow the second one? Please help me wa
  5. Ron: Thanks. Here is the log: I did not turn off anti virus software while scan with combofix, is this an issue? Since it keeps showing access denied and NircmdB.exe not found (please see attached screenshot). Is this an issue? Should I rerun this? The log says the windows/..../ntfs.sys file is missing. thanks RockyRocky ComboFix 15-02-13.02 - Fan 02/14/2015 12:16:57.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3983.2047 [GMT -5:00]Running from: C:\Users\Fan\Downloads\ComboFix.exeCommand switches used :: C:\Users\Fan\Downloads\CFScript.txtAV: Sophos Anti-Virus *En
  6. Ron: Thanks. Here attached is the log file. Please let me know what was deleted. I feel this is a powerful software, will it hurt the system? Thanks RockyRocky combofix log.txt
  7. Hi Ron: Thanks again for your help. here is protection log from malwarebytes anti malware and Pcloundcleaner: Malwarebytes Anti-Malware www.malwarebytes.org Detection, 2/12/2015 7:13:09 PM, SYSTEM, FAN-THINK, Protection, Malicious Website Protection, IP, 195.2.241.167, 27296, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 2/12/2015 7:13:10 PM, SYSTEM, FAN-THINK, Protection, Malicious Website Protection, IP, 31.184.194.52, 27297, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 2/12/2015 7:13:12 PM, SYSTEM, FAN-THINK, Protection, Malicious Website Protection, IP, 31.184.194.52
  8. Ron: Thanks for the help. Below is the log from JavaRa.I still see Malwarebytes antimalware shows malicious websites blocked. By the way why I have to remove all java? Can I reinstall Java from oracle? I have to attach log of TSSkiller because it is too large. thanks RockyRocky JavaRa: JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Mon Feb 09 23:55:44 2015 Found and removed: JavaPlugin.1000Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found an
  9. Ron: Thank you again for your help. Below is the checkup content. When I restart I feel the computer is slow again. I feel there is still something there. wiaacmgr.exe*32, cmmon32.exe*32 eat up much memory, malwarebytes anti virus keeps showing malicious website blocked... Results of screen317's Security Check version 0.99.96 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Sophos Anti-Virus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other U
  10. Ron: Thank you so much for your help. Here are all the logs I have. Looks like my computer is much better now. I will observe for several days to make sure it is really clean. Thanks again. RockyRocky JRT.txt AdwCleanerS0.txt malwarebytes anti virus.txt malwarebytes scan log.txt ESET online scanner.txt FRST.txt
  11. Ron: Also malwarebytes antimalware keeps bloking website and gives information such as attached.
  12. Ron: Thanks again. Below is the scan log of Malwarebytes anti malware. I followed all the steps in your link. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 2/7/2015Scan Time: 7:32:04 AMLogfile: Administrator: Yes Version: 0.00.0.0000Malware Database: v2015.02.07.05Rootkit Database: v2015.02.03.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Fan Scan Type: Custom ScanResult: CompletedObjects Scanned: 998004Time Elapsed: 7 hr, 24 min, 31 sec Memory: EnabledStartup:
  13. Yes, it is the same one. Please help delete the old one, keep this one. they are the same. thanks for your help
  14. Hi All: Could someone help me to remove potential virus on my windows 7? The computer suddenly slowed down. I bought Malwaregbytes premium, scanned several times, kill some virus. But computer still slow. CPU and memory are occupied by process such as wextract.exe*32, ctfmon.exe*32, wiaacmgr.exe*32, ctfmon.exe*32, dvdupgrd.exe*32, dllhost.exe*32... some other hint: User/Appdata/local/Temp keeps filling up with folders like 1a3c 1a4c... also frequently there is powershell error jumps out (powershell has stopped working) attached is the malwarebytes anti Malware scan log txt file. I also
  15. Hi Valinorum: Here is the log from farbar recovery plan. Thank you very much for your time and help. RockyRocky Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.