Author Topic: Hello and HELP!  (Read 16799 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Hello and HELP!
« Reply #15 on: September 24, 2012, 11:29:19 PM »
OK I will reverse the order of my fixes


1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Quote
File::
c:\windows\system32\services.exe.8924842A9B75BE9F
c:\windows\system32\drivers\ilcmxdxa.sys
c:\windows\system32\services.exe.0033B18275FEDB62
c:\windows\system32\services.exe.6DBFD142BA226F8D
c:\windows\system32\services.exe.C81440A147EC482D
c:\windows\system32\services.exe.C9A62BC68A76D16D
c:\windows\system32\services.exe.D070384C43052D6E
c:\windows\system32\services.exe.18CBE06FAB4A4B18
c:\windows\system32\drivers\vkwqboja.sys
c:\windows\system32\services.exe.7CC78F41CD9BDA22
c:\windows\system32\services.exe.A24116A8480A5B67
c:\windows\system32\services.exe.E6C3985694C3C40C
c:\windows\system32\services.exe.C40FF2BC95A06385
c:\windows\system32\services.exe.60EB0703A38CC965
c:\windows\system32\services.exe.9EE25D89C1A79A9F
c:\windows\system32\services.exe.F0A28DC33AF95ED7
c:\windows\system32\services.exe.86F6AFF59CC8008A
c:\windows\system32\services.exe.9D3FCDBC5A7338A9
c:\windows\system32\services.exe.15B52FAE7B414254
c:\windows\system32\services.exe.F89C6578CD369B48
c:\windows\system32\services.exe.6088442F0979929E
c:\windows\system32\services.exe.84CA2FC7AD7BCBA2
c:\windows\system32\services.exe.8A937F506CA44F54
c:\windows\system32\drivers\jcxmmwef.sys
c:\windows\system32\drivers\nccicidz.sys

Driver::
jcxmmwef
nccicidz
vpodkgqw

Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Guts717

  • Guest
Re: Hello and HELP!
« Reply #16 on: September 25, 2012, 01:54:25 AM »
Ok, Here is the new log file. And I'm noticing that some site's are once again becoming difficult to visit. I had looked around to see if any of the problems were still there.

Guts717

  • Guest
Re: Hello and HELP!
« Reply #17 on: September 25, 2012, 02:42:48 AM »
Update: firefox just crashed on me and then windows did shortly after. I got a blue screen telling me that it had encountered a serious problem and had to shut down.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Hello and HELP!
« Reply #18 on: September 25, 2012, 03:27:11 PM »
    Could you now retry TDSSKiller please, download a fresh copy but rename it to winlogon  .. If it fails I will need a look at the mbr

    • Download RogueKiller  and save it on your desktop.
       
      NOTE: If using IE8 or better Smartscreen Filter will need to be disabled

    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ... 
    •     Click on Scan
   
 

  • Wait for the end of the scan. 
  • The report has been created on the desktop.

Guts717

  • Guest
Re: Hello and HELP!
« Reply #19 on: September 25, 2012, 06:17:25 PM »
OK, I ran the program again and it say's it found two more files on my pc. I didn't delete them or anything yet, i only got the file and am posting it in this reply.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Hello and HELP!
« Reply #20 on: September 25, 2012, 07:12:02 PM »
Did TDSSKiller run ?

Guts717

  • Guest
Re: Hello and HELP!
« Reply #21 on: September 25, 2012, 07:19:56 PM »
Sorry, I did do that and it didn't run.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Hello and HELP!
« Reply #22 on: September 25, 2012, 07:26:01 PM »
Could you download the following programme to a USB stick please

Listparts64

The reboot the computer and immediately press then hold F8 
Is there an option called "Repair my Computer"
If so select that
If not let me know and I will give some links to make the USB bootable
Insert the USB

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • A Notepad window will open. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and then close Notepad.
  • In the command window type  e:\listparts64 (64bit)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • Press Scan button.
  • When it is done close the notification pop up. Click Scan and copy and paste the log (Result.txt) it makes on the flash drive.

Guts717

  • Guest
Re: Hello and HELP!
« Reply #23 on: September 25, 2012, 10:44:44 PM »
Ok, I used another pc to download the program to a usb drive just to be safe. But, when i put the usb drive into my pc and then select repair computer, it say's:
Quote
Windows faied to start. A recent hardware or software change might be the problem:

1. insert your windows installation disc and restart your computer.
2. choose your language settings, and then click "next."
3. click "repair your computer."

if you do not have this disc, contact your system administrator or computer manufacturer for assistance.

status 0 cx000000f

info: the boot selection failed because a required device is inaccessible.

What should I do now?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Hello and HELP!
« Reply #24 on: September 25, 2012, 11:16:30 PM »
OK lets use the same USB but this time we will put the recovery console on to it as well

Download the following three programmes to your desktop :

 
1.  WiNTBootIc
2.  Windows 7 64bit RC
3.  Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot



Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing



It will let you know when it is done
Then copy FRST to the same USB




Insert the USB into the sick computer and start the computer.  First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

 
When you reboot you will  see this although yours will say windows 7. Click repair my computer

 
Select your operating system

 
Select Command prompt

 
At the command prompt type the following  :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Guts717

  • Guest
Re: Hello and HELP!
« Reply #25 on: September 25, 2012, 11:51:36 PM »
Ok, I downloaded all of that on to another pc and tried to perform the first step. But, once I run that program and press do it, it runs just for a few seconds and then says:

drive formatted.

flashing failed.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Hello and HELP!
« Reply #26 on: September 26, 2012, 04:11:02 PM »
Sounds like the USB is not compatible, this does not happen often enough to warrant  a warning .. Do you have another USB drive ?

Guts717

  • Guest
Re: Hello and HELP!
« Reply #27 on: September 26, 2012, 07:29:33 PM »
I will have to buy a new one I'm afraid. Which, won't be till later tonight.  :( But, I'll let do as you instructed as soon as I get it and have the post hopefully updated before tomorrow. Thank you for all of your help so far!  :)

Guts717

  • Guest
Re: Hello and HELP!
« Reply #28 on: September 27, 2012, 09:12:40 AM »
And.. I got it!  ;D

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Hello and HELP!
« Reply #29 on: September 27, 2012, 02:59:48 PM »
I see it  ;D

Download the attached fixlist.txt to the same USB drive as FRST
Restart the computer as before to the recovery console
Run FRST and click Fix

A log will be generated on the USB drive

Reboot to normal windows

Once there then please run TDSSKiller and attach the log along with the FRST fix log