Jump to content

fenzodahl512

Members
  • Posts

    59
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello, sorry for my late reply..Please delete your version of ComboFix and download a fresh version of it.. then rerun ComboFix again and post the log here..
  2. Hello.. Sorry for my late reply.. Somehow I missed the topic.. 1. How's the computer now?
  3. Please run as per my instruction above and post all logs here
  4. Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given.. Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop. During the download, rename Combofix to Combo-Fix as follows: It is important you rename Combofix during the download, but not after. **NOTE: If you are using Firefox, make sure that your download settings are as follows: Tools->Options->Main tab Set to "Always ask me where to Save the files". After that, double-click and run Combo-Fix. Let it finish its job and post the log here If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest.. Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
  5. Try reinstall Firefox.. Will you got the similar warning?
  6. Can you run ComboFix once again? If the similar things happen, pls tell me
  7. Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given.. Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop. During the download, rename Combofix to Combo-Fix as follows: It is important you rename Combofix during the download, but not after. **NOTE: If you are using Firefox, make sure that your download settings are as follows: Tools->Options->Main tab Set to "Always ask me where to Save the files". After that, double-click and run Combo-Fix. Let it finish its job and post the log here If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest.. Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
  8. Please download The Comedian.exe by Rorschach112 to your desktop Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how.. Double click the program to run it. It will only take around several minutes to run. It will do a series of tasks and tell you when each one is finished. You will be prompted to press any key after each step When it is done it will close and exit itself automatically. You can delete The_Comedian.exe once it is finished STOP! if you can't complete this step.. Tell me more about it.. NEXT Please download OTS by OldTimer and unzip it to your Desktop.. Note: You must be logged on to the system with an account that has Administrator privileges to run this program. Close ALL OTHER PROGRAMS. Double-click on OTS to start the program (if you are running on Vista then right-click the program and choose Run as Administrator). At the top, tick on Scan All Users section At File Age set it to 90 Days In the Processes, Modules, Services, Drivers and Registry section, please set on Safe List. In the Files Created Within and Files Modified Within section, set it to File Age At the bottom, tick on all Safe List and Use Company Name WhiteList option Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them: Reg - Disabled MS Config Items Reg - Drivers32 Reg - Ext Reg - IE Explorer Bar Reg - NetSvcs Reg - Safeboot Minimal Reg - Safeboot Network File - Lop Check File - Purity Scan Please copy/paste below script into Custom Scans box netsvcs %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav [*]Do NOT change any other settings. [*]Now click the Run Scan button on the toolbar. [*]Let it run unhindered until it finishes. [*]When the scan is complete Notepad will open with the report file loaded in it. [*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Attach the log in your next replies.. Don't post it.. It will be too large to fit into a single post.. NEXT Please download GMER and unzip it to your Desktop. <<mirror>> Please rename the random filename or GMER into GAMERS [*]Open the renamed program and click on the Rootkit tab. [*]Make sure all the boxes on the right of the screen are checked, EXCEPT for
  9. I saw you run ComboFix.. Please uninstall these programs first.. While they are excellent programs, I prefer not to let them interfere with our diagnosis and fixes.. 1. AVG Anti-Virus 2. McAfee VirusScan 3. McAfee Personal Firewall 4. Spybot S&D Since you already run ComboFix, please delete your version of ComboFix >> download a fresh copy >> run it again >> post the log here Link 2 Link 3
  10. Both files are ok and actually needed.. The warning appear simply because it can't access the files and they really should access it.. Please read below.. http://www.cknow.com/cms/articles/what-are...gefile-sys.html Do you have any other computer problem?
  11. Please download The Comedian.exe by Rorschach112 to your desktop Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how.. Double click the program to run it. It will only take around several minutes to run. It will do a series of tasks and tell you when each one is finished. You will be prompted to press any key after each step When it is done it will close and exit itself automatically. You can delete The_Comedian.exe once it is finished STOP! if you can't complete this step.. Tell me more about it.. NEXT Please download OTS by OldTimer and unzip it to your Desktop.. Note: You must be logged on to the system with an account that has Administrator privileges to run this program. Close ALL OTHER PROGRAMS. Double-click on OTS to start the program (if you are running on Vista then right-click the program and choose Run as Administrator). At the top, tick on Scan All Users section At File Age set it to 90 Days In the Processes, Modules, Services, Drivers and Registry section, please set on Safe List. In the Files Created Within and Files Modified Within section, set it to File Age At the bottom, tick on all Safe List and Use Company Name WhiteList option Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them: Reg - Disabled MS Config Items Reg - Drivers32 Reg - Ext Reg - IE Explorer Bar Reg - NetSvcs Reg - Safeboot Minimal Reg - Safeboot Network File - Lop Check File - Purity Scan Please copy/paste below script into Custom Scans box netsvcs %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav [*]Do NOT change any other settings. [*]Now click the Run Scan button on the toolbar. [*]Let it run unhindered until it finishes. [*]When the scan is complete Notepad will open with the report file loaded in it. [*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Attach the log in your next replies.. Don't post it.. It will be too large to fit into a single post.. NEXT Please download GMER and unzip it to your Desktop. <<mirror>> Please rename the random filename or GMER into GAMERS [*]Open the renamed program and click on the Rootkit tab. [*]Make sure all the boxes on the right of the screen are checked, EXCEPT for
  12. Please download TDSSKiller.zip and unzip it to your Desktop Run the TDSSKiller and wait until it finishes (should be just a few seconds or below a minute).. Then find the log at your %systemdrive% (drive that contains Windows) The log shall be named something like this one.. (TDSSKiller.version_date_time_log) for example.. (TDSSKiller.2.1.1_22.12.2009_19.33.44_log) Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop. During the download, rename Combofix to Combo-Fix as follows: It is important you rename Combofix during the download, but not after. **NOTE: If you are using Firefox, make sure that your download settings are as follows: Tools->Options->Main tab Set to "Always ask me where to Save the files". After that, double-click and run Combo-Fix. Let it finish its job and post the log here If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest.. Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
  13. Hello.. Lets do this first... Please download CleanUp! by stevengould.org and save it to your Desktop. Double-click CleanUp452.exe and install CleanUp! to your computer Open CleanUp! and click on Options.. button. Under General tab, choose Standard CleanUp! and then click Ok Click on the CleanUp! button. When it asked you to logoff Windows, click on Yes Let your Windows rebooted (or do it manually) and then scan again with Malwarebytes'.. Is it still there?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.