Software > Computer viruses and spyware
Help! Fatal System Error when trying to rid malware
evilfantasy:
If your antivirus tries to block this then please allow it to run.
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1
Link #2
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
For Windows XP Systems install the Recovery Console:
- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
- If for some reason your Internet is not working click No.
- If you are not using Windows XP, you will not be prompted.
- When prompted to accept the EULA click OK.
- Accept Microsoft's EULA (Click Yes).
- When you are told that the RC is installed correctly click YES to continue scanning for malware.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
sjn2009:
Well here are the logs you asked for.
[attachment deleted by admin]
evilfantasy:
Open HijackThis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
- O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJ
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
----------
Download the OTMoveIt3 by OldTimer
Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.
* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)
--- Code: ---:Processes
explorer.exe
:files
c:\windows\SYSTEM32\qknrxguf.ini
c:\windows\SYSTEM32\ntnkcamu.ini
c:\temp\MTGOInstall
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
--- End code ---
* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.
---
Let me know how the computer is running now.
sjn2009:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\SYSTEM32\qknrxguf.ini moved successfully.
c:\windows\SYSTEM32\ntnkcamu.ini moved successfully.
c:\temp\MTGOInstall moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_578.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01192009_222941
evilfantasy:
How is the computer is running now?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version