Jump to content

Moneypak Virus FBI warning.... Help!


Recommended Posts

I turned on the computer, logged in, and got a FBI warning with the moneypak page.  It is not allowing me to reboot in safe mode with networking...

 

I followed some previous steps and have applied the FRST.exe file as suggested...

 

Where do I go from here?... as it appears that the script content from previous posts is unique to each individual.

Link to post
Share on other sites

Okay this should get you going. Let me know if you encounter any trouble.

 

---------------

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Let me know how things go. If you at any point have trouble using FRST, please stop and post back here to let me know.


-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
 

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

OK here is what i got running FRST.exe:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02
Ran by SYSTEM on 17-07-2013 14:12:57
Running from K:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKU\Administrator\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)
HKU\Craig\...\Run: [Weather] - C:\Program Files\AWS\WeatherBug\Weather.exe 1 [ 2009-10-20] (AWS Convergence Technologies, Inc.)
HKU\Craig\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Craig\...\Run: [iSUSPM] - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [x]
HKU\Craig\...\Run: [Google Update] - "C:\Users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2012-06-20] (Google Inc.)
HKU\Craig\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Craig\AppData\Local\Temp\fiuhempovaqntlvfj.exe [ 2013-07-17] (NVIDIA Corporation) <===== ATTENTION
HKU\Craig\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [ 2013-06-12] (Adobe Systems Incorporated)
HKU\Craig\...\Winlogon: [shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Craig\...\Command Processor: "C:\Users\Craig\AppData\Local\Temp\fiuhempovaqntlvfj.exe" <===== ATTENTION!
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
 
========================== Services (Whitelisted) =================
 
S2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130620.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-02-14] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130626.001\IDSvix86.sys [386720 2013-06-05] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130627.001\NAVENG.SYS [93272 2013-06-03] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130627.001\NAVEX15.SYS [1611992 2013-06-03] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-18] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)
S3 RimUsb; System32\Drivers\RimUsb.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-17 14:12 - 2013-07-17 14:12 - 00000000 ____D C:\FRST
2013-07-17 08:23 - 2013-07-17 08:23 - 01097645 _____ C:\Users\Craig\AppData\Roaming\2433f433
2013-07-17 08:23 - 2013-07-17 08:23 - 01097645 _____ C:\Users\Craig\AppData\Local\2433f433
2013-07-17 08:23 - 2013-07-17 08:23 - 01097642 _____ C:\ProgramData\2433f433
2013-07-11 23:22 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 23:22 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-11 23:22 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-11 23:22 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-11 23:22 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-11 23:22 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-11 23:22 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-11 23:22 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-11 23:22 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-11 23:22 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-11 23:22 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-11 23:22 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-11 23:22 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-11 23:22 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-11 23:22 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-11 23:22 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-11 08:52 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 08:52 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 08:52 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 08:52 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
 
==================== One Month Modified Files and Folders =======
 
2013-07-17 14:12 - 2013-07-17 14:12 - 00000000 ____D C:\FRST
2013-07-17 09:50 - 2009-07-13 20:39 - 00071257 _____ C:\Windows\setupact.log
2013-07-17 09:44 - 2009-11-07 21:09 - 00308000 _____ C:\Windows\PFRO.log
2013-07-17 09:44 - 2009-07-13 20:34 - 00014272 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 09:44 - 2009-07-13 20:34 - 00014272 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 09:43 - 2009-11-06 23:08 - 01958498 _____ C:\Windows\WindowsUpdate.log
2013-07-17 08:23 - 2013-07-17 08:23 - 01097645 _____ C:\Users\Craig\AppData\Roaming\2433f433
2013-07-17 08:23 - 2013-07-17 08:23 - 01097645 _____ C:\Users\Craig\AppData\Local\2433f433
2013-07-17 08:23 - 2013-07-17 08:23 - 01097642 _____ C:\ProgramData\2433f433
2013-07-11 23:59 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 23:47 - 2009-07-13 20:33 - 00508192 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-11 23:45 - 2009-07-13 23:49 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 23:45 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 23:26 - 2009-11-07 05:25 - 00739906 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-11 23:17 - 2009-11-07 05:27 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-10 06:06 - 2009-11-07 08:57 - 00000000 ____D C:\Users\Craig\AppData\Local\Google
2013-07-09 08:07 - 2012-06-27 05:42 - 00000000 ____D C:\Windows\System32\Drivers\N360
2013-07-09 08:07 - 2009-11-07 08:16 - 00000000 ____D C:\Users\Craig\AppData\Local\WeatherBug
2013-07-09 08:05 - 2012-06-27 05:44 - 00002241 _____ C:\Users\Public\Desktop\Norton 360.lnk
2013-07-09 08:05 - 2009-07-13 18:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-06-22 18:56 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-06-18 12:06 - 2012-06-27 05:44 - 00142496 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-18 12:06 - 2012-06-27 05:44 - 00007611 _____ C:\Windows\System32\Drivers\SYMEVENT.CAT
 
Files to move or delete:
====================
C:\Users\Craig\GoToAssistDownloadHelper.exe
C:\ProgramData\7619792.pad
C:\ProgramData\l_0_00_re.pad
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-05-28 23:03:17
Restore point made on: 2013-06-10 16:51:24
Restore point made on: 2013-06-12 23:01:24
Restore point made on: 2013-06-22 18:55:17
Restore point made on: 2013-06-30 10:01:54
Restore point made on: 2013-07-07 20:00:31
Restore point made on: 2013-07-11 23:01:02
 
==================== Memory info =========================== 
 
Percentage of memory in use: 37%
Total physical RAM: 1013.18 MB
Available physical RAM: 636.07 MB
Total Pagefile: 1013.18 MB
Available Pagefile: 638.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:229.47 GB) (Free:36.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:186.31 GB) (Free:4.3 GB) NTFS
Drive j: (My Book) (Fixed) (Total:465.65 GB) (Free:77.21 GB) FAT32
Drive k: (Lexar) (Removable) (Total:14.92 GB) (Free:4.99 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=229 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 186 GB) (Disk ID: 8BE403AA)
Partition 1: (Not Active) - (Size=186 GB) - (Type=07 NTFS)
 
========================================================
Disk: 6 (Size: 466 GB) (Disk ID: 44FDFE06)
Partition 1: (Not Active) - (Size=466 GB) - (Type=0C)
 
========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
 
 
LastRegBack: 2013-07-15 09:47
 
==================== End Of Log ============================
Link to post
Share on other sites

Please do the following:

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

HKU\Craig\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Craig\AppData\Local\Temp\fiuhempovaqntlvfj.exe [ 2013-07-17] (NVIDIA Corporation) <===== ATTENTION
HKU\Craig\...\Winlogon: [shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Craig\...\Command Processor: "C:\Users\Craig\AppData\Local\Temp\fiuhempovaqntlvfj.exe" <===== ATTENTION!
C:\Users\Craig\GoToAssistDownloadHelper.exe
C:\ProgramData\7619792.pad
C:\ProgramData\l_0_00_re.pad
2013-07-17 08:23 - 2013-07-17 08:23 - 01097645 _____ C:\Users\Craig\AppData\Roaming\2433f433
2013-07-17 08:23 - 2013-07-17 08:23 - 01097645 _____ C:\Users\Craig\AppData\Local\2433f433
2013-07-17 08:23 - 2013-07-17 08:23 - 01097642 _____ C:\ProgramData\2433f433

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove.

Link to post
Share on other sites

Sorry I am taking so long... Goin back n forth between PC n Mac...  here is the fix log:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-07-2013 02
Ran by SYSTEM at 2013-07-17 15:28:21 Run:1
Running from K:\
Boot Mode: Recovery
 
==============================================
 
HKU\Craig\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Craig\AppData\Local\Temp\fiuhempovaqntlvfj.exe [ 2013-07-17] (NVIDIA Corporation) <===== ATTENTION
HKU\Craig\...\Winlogon: [shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Craig\Software\Microsoft\Command Processor\\AutoRun => Value not found.
HKU\Craig\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Craig\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Craig\AppData\Local\Temp\fiuhempovaqntlvfj.exe [ 2013-07-17] (NVIDIA Corporation) <===== ATTENTION
HKU\Craig\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
 
==== End of Fixlog ====
Link to post
Share on other sites

Glad to hear you can log on normally. Let's start getting rid of the rest of it:

 

----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.