Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About negster22

  • Rank
    Elite Member

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Location
    Westchester County, NY

Recent Profile Visitors

11,313 profile views
  1. Yes, it does. Check out this MBAM compatibility chart located here: https://www.malwarebytes.com/pdf/reviews/AVTestingReport.pdf
  2. Great outcome and great job, too. Thank you!!
  3. You're welcome & good job! You're infection is removed and you're able to perform a complete scan with MBAM on all drives now with 0 detections found, so our work s just about done now. We have to perform a few "housekeeping" steps to remove the clean-up tools that we used!! To remove Combofix and it's quarantine folder: Click Start -> Run, and copy/paste the following bolded text in the Open: box and select OK: combofix /uninstall This will do the following: Uninstall Combofix and all its associated files and folders. Flush your system restore points and create a n
  4. Very good job! Those two logs look fine. You can uninstall the ESET Online Scanner from the Control Panel -> Add/Remove Programs feature. I want you to try to run a complete MBAM scan now in normal mode. If you encounter an Application Hang on mbam.exe again, then I will do something about the DRM drivers. After which, I'll have you try running a complete scan again. One of the drivers shows up in your RogueKiller log here: ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED (prosync1.sys @ 0xBA5B26C1) So try that for now, and let
  5. That worked out well. Good job! ==========================Download TFC (Temporary File Cleaner) to your desktop:http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/ Select the green "Download" Button to download TFC.exeClose any open windows.Double click the TFC icon to run the programTFC will close all open programs itself in order to run,Click the Start button to begin the process.Allow TFC to run uninterrupted.The program should not take long to finish it's jobOnce its finished it should automatically reboot your machine,if it doesn't, manually reboot to ensure
  6. Star Force Protection is DRM copyright protection software probably installed with one of your games. It has a total of four low level drivers loaded and there is a possibility that it may be the culprit in stalling MBAM. But, I don't want to do anything with it yet because I want to proceed in a stepwise fashion. Right now, I am having you run a fixlist that will delete a Kaspersky antivirus driver. I'm not sure why it's running on your system. Maybe TDSSKIller put it there because it wasn't in your Combofix log, and you ran combofix prior to running TDSSKiller. Open notepad. Select F
  7. These two items in your MBAM scan are inconsequential as they are only present in your system restore data: I am working on a fix for you based on the items in the FRST tool log. Some questions for you so I know what direction to take: Did you create this text file: C:\Documents and Settings\Gordon\Desktop\aa.txt And this Desktop shortcut to iMesh? C:\Documents and Settings\All Users\Desktop\iMesh.lnk
  8. Please read my reply above first. Due to the inability to reach Bleeping Computer, I'm giving you an alternate download for AdwCleaner (it is the Xplode, the author's website): http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner Just click the green arrow on the right to download. An alternate download for the FRST tool can be found >>HERE<<
  9. You should be able to download AdwCleaner so I'm wondering if you are seeing what I am seeing or if you are being redirected. When you click the download link I provided, you should be taken to the AdwCleaner download page on the Bleeping Computer website. Once there you need only click the top button indicated by the red arrow in the image below, to download Adwcleaner.exe (there is no installer or setup file). Double-clicking AdwCleaner.exe will launch the program. Let me know if you are seeing what I am seeing please. ------------------------------------------------------------
  10. That looks good so far. Normally, a quick scan is adequate. I'll look for your next reply.
  11. Try this COMBOFIX DOWNLOAD:http://download.bleepingcomputer.com/sUBs/ComboFix.exe or for the renamed version which should download very quickly with no interference >>HERE<<. You do have to be careful avoid ads soliciting you to download programs on the computer security help sites. That is often how the sites support themselves but it can get confusing when trying to download anti-malware tools. That's fine. We will continue tomorrow and have a Good night!
  12. Let's concentrate on removing the malware from your C:\ drive for now and you can try scanning your F:\ drive in the background. What MBAM found is called a PUP short for Potentially Unwanted Program. it just started scanning for these type of nuisance programs that often come bundled with free software. FYI: https://helpdesk.malwarebytes.org/entries/23482988-What-are-the-PUP-detections-are-they-threats-and-should-they-be-deleted- I did notice in your Combofix log these recently created (10-8) entries: Did you just install the program OpenIt because c:\documents and settings\Gor
  13. Good news!! Your TDSSKiller log is clean. It will take me a while to review your Combofix log for anything else that needs to be removed. While I'm doing that I'd like you to see if MBAM will complete a quick scan now. Try that and be sure to update it first. Post the MBAM log. The run this Adware Removal Program: Download : ADWCleaner to your desktop. NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete. Close all programs and click on the AdwCleaner icon. Click on Scan and follow the promp
  14. I prefer that you copy/paste replies please. TDSSKIller will confirm whether your infection is removed. It looks like Combofix was successful in replacing the patched driver with a legitimate copy so that is good news.
  15. I would be more concerned if it said you were about view pages over an insecure connection. It's probably related to ComboFix resetting a number of Internet Explorer's settings to make it more secure, including making it the default browser. Please post C:\combofix.txt so I can see what is happening on your computer and how Combofix dealt with your infection. Also, if you have the TDSSKIller log already please include that.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.