Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Boot Windows 7 after scan ComboFix ... Driver Combo-Fix.sys error...


  • This topic is locked This topic is locked
6 replies to this topic

#1 egonet

egonet

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 23 May 2016 - 09:17 AM

Hi,

Very problem boot after scan combofix...

 

Driver Combo-Fix.sys error... (look jpg)

 

 

This log FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-05-2016 01
Ran by SYSTEM on MININT-NOGUSUO (23-05-2016 15:22:38)
Running from F:\
Platform: Windows 7 Home Premium Service Pack 1 (X86) Language: Italiano (Italia)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3117344 2012-03-07] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Run: [combofix] => C:\DB\Combobatch.bat [8374 2016-05-22] ()
HKLM\...\RunOnce: [SpybotDeletingA8984] => command.com /c del "C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk"
HKLM\...\RunOnce: [SpybotDeletingC284] => cmd.exe /c del "C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk"
HKLM\...\RunOnce: [SpybotDeletingA723] => command.com /c del "C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk"
HKLM\...\RunOnce: [SpybotDeletingC7030] => cmd.exe /c del "C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk"
HKLM\...\RunOnce: [SpybotDeletingA6096] => command.com /c del "C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk"
HKLM\...\RunOnce: [SpybotDeletingC4871] => cmd.exe /c del "C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk"
HKLM\...\RunOnce: [SpybotDeletingA9988] => command.com /c del "C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url"
HKLM\...\RunOnce: [SpybotDeletingC4589] => cmd.exe /c del "C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url"
HKLM\...\RunOnce: [SpybotDeletingA7319] => command.com /c del "C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles"
HKLM\...\RunOnce: [SpybotDeletingC147] => cmd.exe /c del "C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles"
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKLM\...\RunOnce: [combofix] => C:\DB\CF25418.3XE /c C:\DBCombobatch.bat
HKLM\...\runonceex: [flags] => 8
HKU\ilaria e sonia\...\Run: [Facebook Update] => "C:\Users\ilaria e sonia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\ilaria e sonia\...\Run: [Dropbox Update] => C:\Users\ilaria e sonia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-18] (Dropbox, Inc.)
Startup: C:\Users\ilaria e sonia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [913144 2012-03-07] (ESET)
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699168 2012-10-11] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 bopllhx; C:\Windows\System32\drivers\ptiy.sys [52440 2016-05-22] (Malwarebytes)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-23] (DT Soft Ltd)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2012-03-14] (ESET)
S2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] ()
S3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-06] (Realtek Semiconductor Corporation                           )
S2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-18] (TuneUp Software)
S0 vkquwexg; C:\Windows\System32\drivers\Combo-Fix.sys [60416 2016-05-22] ()
S5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Vincenzo\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-23 23:47 - 2016-05-23 23:47 - 00028672 _____ C:\bcdbackup
2016-05-23 15:18 - 2016-05-23 15:22 - 00000000 ____D C:\FRST
2016-05-23 15:05 - 2016-05-23 15:05 - 00000000 ____D C:\Temp
2016-05-22 19:31 - 2016-05-22 19:31 - 00060416 _____ C:\Windows\System32\Drivers\Combo-Fix.sys
2016-05-22 19:12 - 2016-05-22 19:31 - 00000000 ___SD C:\DB
2016-05-22 19:12 - 2016-05-22 19:12 - 00000000 ____D C:\Qoobox
2016-05-22 19:12 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-22 19:12 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-22 19:12 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-22 19:12 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-22 19:12 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-22 19:12 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-22 19:12 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-22 19:12 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-22 19:11 - 2016-05-22 19:31 - 00000000 ____D C:\Windows\erdnt
2016-05-22 18:05 - 2016-05-22 18:05 - 00052440 _____ (Malwarebytes) C:\Windows\System32\Drivers\ptiy.sys
2016-05-22 17:49 - 2016-05-22 17:49 - 00000727 _____ C:\Windows\wininit.ini
2016-05-22 17:14 - 2015-08-05 18:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll
2016-05-22 17:14 - 2015-08-05 17:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2016-05-22 17:03 - 2016-05-22 18:05 - 00001116 _____ C:\Users\Vincenzo\Desktop\Security.lnk
2016-05-22 17:03 - 2016-05-22 16:37 - 05659526 ____R (Swearware) C:\Users\Vincenzo\Desktop\DB.exe
2016-05-22 17:02 - 2016-05-22 17:02 - 00000000 ____D C:\Windows\Sun
2016-05-22 17:01 - 2010-11-20 13:17 - 00270336 _____ (Microsoft Corporation) C:\sethc.exe
2016-05-22 16:59 - 2016-05-22 17:11 - 00000000 ____D C:\Program Files\SpeedFan
2016-05-22 16:55 - 2016-05-22 16:55 - 00000000 ____D C:\Program Files\Common Files\Java
2016-05-22 16:54 - 2016-05-22 16:59 - 00000045 _____ C:\Windows\System32\initdebug.nfo
2016-05-22 16:54 - 2016-05-22 16:54 - 00000000 ____D C:\Users\Vincenzo\AppData\Roaming\Sun
2016-05-22 16:54 - 2016-05-22 16:54 - 00000000 ____D C:\Users\Vincenzo\AppData\LocalLow\Sun
2016-05-22 16:54 - 2016-05-22 16:54 - 00000000 ____D C:\Users\Vincenzo\.oracle_jre_usage
2016-05-22 16:53 - 2016-05-22 17:00 - 00000000 ____D C:\ProgramData\Oracle
2016-05-22 16:53 - 2016-05-22 16:53 - 00095808 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2016-05-22 16:52 - 2016-05-22 16:52 - 00000000 ____D C:\Program Files\Java
2016-05-22 16:52 - 2009-06-10 22:39 - 00000824 _____ C:\Windows\System32\Drivers\etc\hosts.20160522-175229.backup
2016-05-22 16:43 - 2016-05-22 16:43 - 00000000 ____D C:\Users\Vincenzo\AppData\LocalLow\Oracle
2016-05-22 16:41 - 2016-05-22 16:41 - 00000000 ____D C:\Program Files\CCleaner
2016-05-22 16:40 - 2016-05-22 16:41 - 00170200 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-05-22 16:39 - 2016-05-22 17:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-22 16:39 - 2016-05-22 16:40 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2016-05-22 16:39 - 2016-05-22 16:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-22 16:39 - 2016-05-22 16:39 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-22 16:39 - 2016-03-10 13:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2016-05-22 16:39 - 2016-03-10 13:08 - 00126336 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2016-05-22 16:39 - 2016-03-10 13:08 - 00024448 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2016-05-22 16:36 - 2016-05-22 19:11 - 00000000 ____D C:\Program Files\Security
2016-05-22 16:12 - 2016-05-22 18:05 - 00002150 _____ C:\Users\Vincenzo\Desktop\Google Chrome.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-22 19:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-05-22 19:00 - 2013-02-17 21:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-05-22 18:55 - 2013-07-29 19:00 - 00000000 ____D C:\Windows\System32\MRT
2016-05-22 18:44 - 2013-02-25 00:00 - 136686448 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2016-05-22 18:42 - 2009-07-14 05:34 - 00030832 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-22 18:42 - 2009-07-14 05:34 - 00030832 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-22 18:42 - 2009-07-14 03:04 - 00000580 _____ C:\Windows\win.ini
2016-05-22 18:39 - 2013-02-16 09:57 - 01641650 _____ C:\Windows\System32\PerfStringBackup.INI
2016-05-22 18:39 - 2009-08-17 11:38 - 00743918 _____ C:\Windows\System32\perfh010.dat
2016-05-22 18:39 - 2009-08-17 11:38 - 00148092 _____ C:\Windows\System32\perfc010.dat
2016-05-22 18:06 - 2015-08-08 19:00 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-22 18:06 - 2015-08-08 18:25 - 00002709 _____ C:\Users\Public\Desktop\Skype.lnk
2016-05-22 18:06 - 2013-05-23 14:18 - 00001904 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-05-22 18:06 - 2013-05-18 19:17 - 00001024 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-22 18:06 - 2013-02-19 13:59 - 00001989 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-05-22 18:05 - 2013-11-10 23:39 - 00001038 _____ C:\Users\Vincenzo\Desktop\Football Manager 2014.lnk
2016-05-22 18:05 - 2013-02-17 21:17 - 00001113 _____ C:\Users\Vincenzo\Desktop\Documenti.lnk
2016-05-22 18:05 - 2013-02-17 19:19 - 00001831 _____ C:\Users\Vincenzo\Desktop\Spotify.lnk
2016-05-22 18:05 - 2013-02-17 19:13 - 00001028 _____ C:\Users\Vincenzo\Desktop\eMule AdunanzA.lnk
2016-05-22 18:05 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\ModemLogs
2016-05-22 17:55 - 2013-05-23 14:17 - 00000000 ____D C:\Users\Vincenzo\AppData\Roaming\DAEMON Tools Lite
2016-05-22 17:55 - 2013-02-17 19:11 - 00000000 ____D C:\Users\Vincenzo\AppData\Roaming\BitTorrent
2016-05-22 17:53 - 2013-02-15 22:15 - 00000000 ____D C:\Windows\Panther
2016-05-22 16:59 - 2013-02-17 18:55 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2016-05-22 16:59 - 2013-02-17 18:55 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2016-05-22 16:54 - 2013-02-15 22:25 - 00000000 ____D C:\users\Vincenzo
2016-05-22 16:43 - 2013-02-19 14:00 - 00000000 ____D C:\Users\Vincenzo\AppData\Local\Adobe
2016-05-22 16:03 - 2013-02-16 10:04 - 00000000 ____D C:\ProgramData\NVIDIA

Some files in TEMP:
====================
C:\Users\ilaria e sonia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpertoye.dll
C:\Users\ilaria e sonia\AppData\Local\Temp\GUR668A.exe
C:\Users\Vincenzo\AppData\Local\Temp\catchme.dll
C:\Users\Vincenzo\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Vincenzo\AppData\Local\Temp\sfareca00001.dll

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

==================== Restore Points  =========================

==================== BCD ================================

Windows Boot Manager
--------------------
identificatore          {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  it-IT
default                 {default}
displayorder            {default}
timeout                 30

Caricatore di avvio di Windows
-------------------
identificatore          {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Home Premium
locale                  it-IT
osdevice                partition=C:
systemroot              \Windows

Caricatore di avvio di Windows
-------------------
identificatore          {92693ae1-2138-11e6-8ebd-c99a6121cf10}
device                  ramdisk=[C:]\Recovery\df1fda2d-77b4-11e2-84ff-8e9c27de5a40\Winre.wim,{92693ae2-2138-11e6-8ebd-c99a6121cf10}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (ripristinato)
locale                 
osdevice                ramdisk=[C:]\Recovery\df1fda2d-77b4-11e2-84ff-8e9c27de5a40\Winre.wim,{92693ae2-2138-11e6-8ebd-c99a6121cf10}
systemroot              \windows
winpe                   Yes

Tester memoria di Windows
---------------------
identificatore          {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  it-IT

Opzioni dispositivo
--------------
identificatore          {92693ae2-2138-11e6-8ebd-c99a6121cf10}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\df1fda2d-77b4-11e2-84ff-8e9c27de5a40\boot.sdi

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 2047.12 MB
Available physical RAM: 1572.84 MB
Total Virtual: 2047.12 MB
Available Virtual: 1569 MB

==================== Drives ================================

Drive c: (Volume) (Fixed) (Total:465.76 GB) (Free:284.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive f: (MULTIBOOT) (Removable) (Total:7.19 GB) (Free:3.5 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 549ED37F)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.2 GB) (Disk ID: 2B326B5A)
Partition 1: (Active) - (Size=7.2 GB) - (Type=0C)

LastRegBack: 2015-12-30 21:52

==================== End of FRST.txt ============================

 

 

Please Help Me!

 

Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:01:39 AM

Posted 23 May 2016 - 12:40 PM

Hello egonet and welcome to BleepingComputer!  :)

 

My name is Sirawit and I'm here to help you.

 

If I don't reply after 3 days, feel free to PM me. :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right-hand corner of the topic, you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 3 days I will bump the topic, if you didn't reply in next 3 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

Firstly, I need to tell you that you should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool, it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

 

----------------

Now, please download this file to your flash drive, in the same folder as FRST.exe.

 

Attached File  fixlist.txt   221bytes   8 downloads

 

Then, rename FRST.exe to FRSTEnglish.exe

 

Next, plug your flash drive on the unbootable machine and follow the instructions below:

 

---------------

 

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

--------------------

 

 

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and go to your flash drive. Then right click on FRSTEnglish.exe and select Run as administrator.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Press Fix button.
  • It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.

-------------------

 

After the fix has been completed, please try to boot into Windows. Does it work this time?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 egonet

egonet
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 23 May 2016 - 06:41 PM

 

 

-------------------

 

After the fix has been completed, please try to boot into Windows. Does it work this time?

 

Thank you.

 

 

You are a real man savior! :warrior: 
Windows
is shared, albeit with many problems still to be fixed. :smash:

 
Thank you so much ... you've been a great help. :guitar: 
I hope the best for you in life!

Thank you, thank you ... and I do not remember if I did it, but thank you! :lmao:

 

:clapping: :bananas:  :clapping:  



#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:01:39 AM

Posted 24 May 2016 - 01:14 PM

Hi egonet.

 

Good to hear that. :)

 

Now, please copy fixlog.txt from your flash drive to your desktop. Then follow the instructions below:

 

-----------------

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Rename FRST.exe to FRSTEnglish.exe
  • Right-click FRSTEnglish then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Place a checkmark in Addition.txt box.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

--------------

 

Also, since you've ran combofix, please include its log file too. The file is located at C:\combofix.txt

 

--------------

 

In your next reply, please include these log files:

  • FRST.txt
  • Addition.txt
  • Fixlog.txt
  • C:\combofix.txt

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 egonet

egonet
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 24 May 2016 - 01:49 PM

   :huh: ... sorry... I handed over today the PC to its rightful owner ...

I will try to have less enthusiasm and quickly next time. :lol:
thank you.
:)



#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:01:39 AM

Posted 26 May 2016 - 10:55 AM

OK. I will close the topic then. :)

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:01:39 AM

Posted 26 May 2016 - 10:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users