Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by negster22

  1. Yes, it does. Check out this MBAM compatibility chart located here: https://www.malwarebytes.com/pdf/reviews/AVTestingReport.pdf
  2. Great outcome and great job, too. Thank you!!
  3. You're welcome & good job! You're infection is removed and you're able to perform a complete scan with MBAM on all drives now with 0 detections found, so our work s just about done now. We have to perform a few "housekeeping" steps to remove the clean-up tools that we used!! To remove Combofix and it's quarantine folder: Click Start -> Run, and copy/paste the following bolded text in the Open: box and select OK: combofix /uninstall This will do the following: Uninstall Combofix and all its associated files and folders. Flush your system restore points and create a n
  4. Very good job! Those two logs look fine. You can uninstall the ESET Online Scanner from the Control Panel -> Add/Remove Programs feature. I want you to try to run a complete MBAM scan now in normal mode. If you encounter an Application Hang on mbam.exe again, then I will do something about the DRM drivers. After which, I'll have you try running a complete scan again. One of the drivers shows up in your RogueKiller log here: ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED (prosync1.sys @ 0xBA5B26C1) So try that for now, and let
  5. That worked out well. Good job! ==========================Download TFC (Temporary File Cleaner) to your desktop:http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/ Select the green "Download" Button to download TFC.exeClose any open windows.Double click the TFC icon to run the programTFC will close all open programs itself in order to run,Click the Start button to begin the process.Allow TFC to run uninterrupted.The program should not take long to finish it's jobOnce its finished it should automatically reboot your machine,if it doesn't, manually reboot to ensure
  6. Star Force Protection is DRM copyright protection software probably installed with one of your games. It has a total of four low level drivers loaded and there is a possibility that it may be the culprit in stalling MBAM. But, I don't want to do anything with it yet because I want to proceed in a stepwise fashion. Right now, I am having you run a fixlist that will delete a Kaspersky antivirus driver. I'm not sure why it's running on your system. Maybe TDSSKIller put it there because it wasn't in your Combofix log, and you ran combofix prior to running TDSSKiller. Open notepad. Select F
  7. These two items in your MBAM scan are inconsequential as they are only present in your system restore data: I am working on a fix for you based on the items in the FRST tool log. Some questions for you so I know what direction to take: Did you create this text file: C:\Documents and Settings\Gordon\Desktop\aa.txt And this Desktop shortcut to iMesh? C:\Documents and Settings\All Users\Desktop\iMesh.lnk
  8. Please read my reply above first. Due to the inability to reach Bleeping Computer, I'm giving you an alternate download for AdwCleaner (it is the Xplode, the author's website): http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner Just click the green arrow on the right to download. An alternate download for the FRST tool can be found >>HERE<<
  9. You should be able to download AdwCleaner so I'm wondering if you are seeing what I am seeing or if you are being redirected. When you click the download link I provided, you should be taken to the AdwCleaner download page on the Bleeping Computer website. Once there you need only click the top button indicated by the red arrow in the image below, to download Adwcleaner.exe (there is no installer or setup file). Double-clicking AdwCleaner.exe will launch the program. Let me know if you are seeing what I am seeing please. ------------------------------------------------------------
  10. That looks good so far. Normally, a quick scan is adequate. I'll look for your next reply.
  11. Try this COMBOFIX DOWNLOAD:http://download.bleepingcomputer.com/sUBs/ComboFix.exe or for the renamed version which should download very quickly with no interference >>HERE<<. You do have to be careful avoid ads soliciting you to download programs on the computer security help sites. That is often how the sites support themselves but it can get confusing when trying to download anti-malware tools. That's fine. We will continue tomorrow and have a Good night!
  12. Let's concentrate on removing the malware from your C:\ drive for now and you can try scanning your F:\ drive in the background. What MBAM found is called a PUP short for Potentially Unwanted Program. it just started scanning for these type of nuisance programs that often come bundled with free software. FYI: https://helpdesk.malwarebytes.org/entries/23482988-What-are-the-PUP-detections-are-they-threats-and-should-they-be-deleted- I did notice in your Combofix log these recently created (10-8) entries: Did you just install the program OpenIt because c:\documents and settings\Gor
  13. Good news!! Your TDSSKiller log is clean. It will take me a while to review your Combofix log for anything else that needs to be removed. While I'm doing that I'd like you to see if MBAM will complete a quick scan now. Try that and be sure to update it first. Post the MBAM log. The run this Adware Removal Program: Download : ADWCleaner to your desktop. NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete. Close all programs and click on the AdwCleaner icon. Click on Scan and follow the promp
  14. I prefer that you copy/paste replies please. TDSSKIller will confirm whether your infection is removed. It looks like Combofix was successful in replacing the patched driver with a legitimate copy so that is good news.
  15. I would be more concerned if it said you were about view pages over an insecure connection. It's probably related to ComboFix resetting a number of Internet Explorer's settings to make it more secure, including making it the default browser. Please post C:\combofix.txt so I can see what is happening on your computer and how Combofix dealt with your infection. Also, if you have the TDSSKIller log already please include that.
  16. This is the whole point. Renaming an anti-malware executable is one of the ways to thwart malware. I could have you rename Combofix.exe as you download it,, but this is a genuine version that is already renamed for that purpose. Knowing this, I hope you feel confident about following my instructions as given. Please proceed.
  17. Thanks for the information you provided. Just end process on Combofix.exe, and we'll try another similar approach. You have an infection which is showing you the file attributes of the legitimate version of atapi.sys but the one (driver) that is really loaded is infected and needs to be replaced. Delete Combofix from your desktop and download this renamed version, also to your desktop. Next, boot into Safe Mode. To start the computer in safe mode: 1. Click Start and then click Shut Down. 2. In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK. 3. As y
  18. Hello and Welcome to Malwarebyte's Malware Help Forum! First, please download and run the AVG Removal Tool that is appropriate for your system from this page: http://www.avg.com/us-en/utilities Then, DOWNLOAD AND RUN SECURITY CHECK BY SCREEN317: http://screen317.spywareinfoforum.org/SecurityCheck.exe It will open a command window and do some processing to check the status of security programs and other programs that may be vulnerable on your computer. Please post back the log that it creates when it's finished. Next, please Run ComboFix by following the steps provided in this sequence: Her
  19. Download DDS and save it to your desktop from HERE or HERE. Temporarily disable your antivirus and antimalware real-time protection by following the directions that apply for your specific antivirus here: http://www.bleepingc...opic114351.html Double-click dds.scr (right-click and choose Run with Administrator if your have Vista or Windows 7) to run the program. When done, DDS will open two (2) logs: DDS.txt Attach.txt [*]Save both reports to your desktop [*]Please copy and paste dds.txt into your next reply and hold on to attach.txt for now. Re-enable your antivirus and anti-malware progra
  20. Hi and Welcome! I would like to help you but I need more information. Please post a complete description of your problem and what you have done to rectify it so far. If you have run troubleshooting or Malware Removal programs such as MBAM, I need to see those logs. Please follow the instructions in the following topic and copy/paste the logs that are generated into your next reply: http://forums.malwarebytes.org/index.php?showtopic=9573 Thank you!
  21. If you feel that is the case, then reformatting is a good option since you've already backed everything up. Reformatting will certainly get rid of the clutter and other nonessential items that you've accumulated.
  22. A CAB file is a compressed installation file. Even it were infected it would pose no threat because it would have to be decompressed to become active. However, I don't think that detection poses any risk - it is just an anomaly of AVAST scanning: A decompression bomb is a file that unpacks to an enormous amount of data - thus "flooding" the unpacking engine. It's quite hard to detect such files reliably, so it's possible that it gives some false alarms ocassionally. You should configure AVAST so it dos NOT scan archives. Not only would this eliminate these detections that are causing you und
  23. Concerning the "Password Protected" Files in Google Chrome's Cache - they are not an issue to be concerned with: FYI: http://forum.avast.com/index.php?topic=82491.0
  24. What you have posted indicates that AVAST didn't install properly and is missing important files. This may only have to do with the updating of AVAST definitions because all the missing files are in the /defs subfolder. FYI: http://forum.avast.com/index.php?topic=17121.0
  25. I fully understand your lack of internet issues. No need to apologize though it is appreciated. This is the AVAST USER MANUAL in PDF Format: http://files.avast.com/files/manuals/user-manual-home-eng.pdf If you go to page 41, it will tell you how to create a Report file: Save the Report as a TXT file by using the Text File radio button under "Type of File", and then attach it to your next reply.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.