Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.
Malware Removal Instructions
MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
by jmw3 » July 23rd, 2009, 8:47 pm
Hi
Restart your computer Before Windows loads, you will be prompted to choose which Operating System to start Use the up and down arrow key to select Microsoft Windows Recovery Console You must enter which Windows installation to log onto. Type 1 and press enter At the C:\Windows prompt, type the following bolded text, and press Enter : BATCH CFRECOVERY.BAT At the next prompt, type the following bolded text, and press Enter : CD \ At the next prompt, type the following bolded text, and press Enter : DIR C:\ Write down everything you see on the screen after the last command & post it here.
jmw3
MRU Emeritus
Posts: 4621Joined: February 12th, 2008, 2:36 amLocation: Port Hedland, Western Australia
by Rasmus1112 » July 25th, 2009, 8:22 pm
HI When I enter the BATCH CFRECOVERY.BAT commando I got (the system cannot find the file ore directory) so nothing there.) When I entered DIR C:\ I got all this.. 69120 atm.dll 78 autoexec.bat 0 autoexec.nav 211 boot.bak 281 boot.ini 4952 bootfont.bin 0 cakewalk projects 0 cmdcons 260272 cmldr 0 combofix 0 config.sys 39 debug.txt 0 documents and settings 0 downloads 519 hpfr3420.xml 52037 hpfr3425.log 0 io.sys 0 msdos.sys 0 msocache 47564 ntdetect.com 250576 ntldr 0 nvidia 0 program files 0 programmer 0 qoobox 0 recycler 0 rooter$ 0 system volume information 0 tlog.log 45056 unace.dll 0 windows 0 winfast workarea 0 ~mssetup.t 33 files(s) 730705 bytes 82806870016 bytes free..
Rasmus1112
Regular Member
Posts: 24Joined: July 8th, 2009, 12:09 pm
by jmw3 » July 26th, 2009, 10:39 am
Hi
Restart your computer Before Windows loads, you will be prompted to choose which Operating System to start Use the up and down arrow key to select Microsoft Windows Recovery Console You must enter which Windows installation to log onto. Type 1 and press enter At the C:\Windows prompt, type the following bolded text, and press Enter : set AllowAllPaths = true At the next prompt, type the following bolded text, and press Enter : CD C:\COMBOFIX At the next prompt, type the following bolded text, and press Enter : TYPE DREV.DAT (copy down on a piece of paper ALL that's displayed on screen) At the next prompt, type the following bolded text, and press Enter : TYPE SVCTARGET.DAT (copy down on a piece of paper ALL that's displayed on screen) At the next prompt, type the following bolded text, and press Enter : TYPE NDIS_LOG.DAT (copy down on a piece of paper ALL that's displayed on screen) At the next prompt, type the following bolded text, and press Enter : EXIT Let me know what happens & post the information that you wrote down after the relevant command prompts.
jmw3
MRU Emeritus
Posts: 4621Joined: February 12th, 2008, 2:36 amLocation: Port Hedland, Western Australia
by Rasmus1112 » July 26th, 2009, 1:34 pm
Hi when i typed the set AllowAllPaths = true commando i got this message. The SET command is currently disabled. The SET command is an optional Recovery Consol command that can only be enabled by using the the security Configuration and Analysis snap-in. and when i typed the combofix i still got the message access is denied..
Rasmus1112
Regular Member
Posts: 24Joined: July 8th, 2009, 12:09 pm
by jmw3 » July 27th, 2009, 9:00 am
Hi
We'll give these commands a go but if this doesn't work then I think we may have to try something else.
Restart your computer Before Windows loads, you will be prompted to choose which Operating System to start Use the up and down arrow key to select Microsoft Windows Recovery Console You must enter which Windows installation to log onto. Type 1 and press enter At the C:\Windows prompt, type the following bolded text, and press Enter : CD C:\Windows\System32\Config At the next prompt, type the following bolded text, and press Enter : REN Software Software.Erunt At the next prompt, type the following bolded text, and press Enter : REN Software.bak Software At the next prompt, type the following bolded text, and press Enter : EXIT Reboot your computer.
Before Windows loads, you will be prompted to choose which Operating System to start Use the up and down arrow key to select Microsoft Windows Recovery Console You must enter which Windows installation to log onto. Type 1 and press enter At the C:\Windows prompt, type the following bolded text, and press Enter : CD C:\Windows\ERDNT At the next prompt, type the following bolded text, and press Enter : BATCH CFRECOVERY.BAT At the next prompt, type the following bolded text, and press Enter : CD C:\ComboFix At the next prompt, type the following bolded text, and press Enter : TYPE DREV.DAT (copy down on a piece of paper ALL that's displayed on screen) At the next prompt, type the following bolded text, and press Enter : TYPE SVCTARGET.DAT (copy down on a piece of paper ALL that's displayed on screen) At the next prompt, type the following bolded text, and press Enter : TYPE NDIS_LOG.DAT (copy down on a piece of paper ALL that's displayed on screen) At the next prompt, type the following bolded text, and press Enter : EXIT Let me know what happens & post the information that you wrote down after the relevant command prompts.
jmw3
MRU Emeritus
Posts: 4621Joined: February 12th, 2008, 2:36 amLocation: Port Hedland, Western Australia
by Rasmus1112 » July 28th, 2009, 4:12 pm
hi This will take some time the command works and I’m trying to write it all down.. I’ll try to post some of it tomorrow
Rasmus1112
Regular Member
Posts: 24Joined: July 8th, 2009, 12:09 pm
by Rasmus1112 » July 29th, 2009, 11:45 am
HI the type drev.dat commando C:\windows\downloade program files\popcaploader.dll C:\windows\downloade program files\popcaploader.inf C:\windows\installer\358c101.msp C:\windows\installer\a3e95b.msi C:\windows\installer\e35798.msi C:\windows\system32\bin\filesystem_steam.dll C:\windows\system32\bin\friendsui.dll C:\windows\system32\bin\mss32_s.dll C:\windows\system32\bin\nattypeprobe.dll C:\windows\system32\bin\p2pcore.dll C:\windows\system32\bin\p2pvoice.dll C:\windows\system32\bin\serverbrowser.dll C:\windows\system32\bin\shaders\d3d10overlay.fxo C:\windows\system32\bin\steamservice.dll C:\windows\system32\bin\steamservice.exe C:\windows\system32\bin\vaudio_speex.dll C:\windows\system32\bin\vgui2.dll C:\windows\system32\cks\rasmus@ad.yieldmanager[1].txt C:\windows\system32\cks\rasmus@ad.yieldmanager[2].txt C:\windows\system32\cks\rasmus@blockbuster.112.2o7[1].txt C:\windows\system32\cks\rasmus@content.yieldmanager[2].txt C:\windows\system32\cks\rasmus@content.yieldmanager[3].txt C:\windows\system32\cks\rasmus@danskebank.112.2o7[1].txt C:\windows\system32\cks\rasmus@danskebank[1].txt C:\windows\system32\cks\rasmus@danskevank[2].txt C:\windows\system32\cks\rasmus@divx.112.2o7[1].txt C:\windows\system32\cks\rasmus@doubleclick[1].txt C:\windows\system32\cks\rasmus@doubleclick[2].txt C:\windows\system32\cks\rasmus@eaeacom.112.2o7[1].txt C:\windows\system32\cks\rasmus@msnportal.112.2o7[1].txt C:\windows\system32\cks\rasmus@msnportal.112.2o7[2].txt C:\windows\system32\cks\rasmus@netbank.danskebank[2].txt C:\windows\system32\cks\rasmus@statistik-gallup[1].txt C:\windows\system32\cks\rasmus@track.adform[1].txt C:\windows\system32\cks\rasmus@track.adform[2].txt C:\windows\system32\cks\rasmus@www-2.danskebank[2].txt C:\windows\system32\dtw5d\iexplore_was013.dat C:\windows\system32\ijl11.dll C:\windows\system32\korlg.ini C:\windows\system32\ldshyr.old C:\windows\system32\nwklr.ini C:\windows\system32\nwpp.ini C:\windows\system32\nwwint.ini C:\windows\system32\ppdnp.ini C:\windows\system32\pporlg.ini C:\windows\system32\srvblock.tmp C:\windows\system32\uas\acrord32_uas001.dat C:\windows\system32\uas\askhomepage_uas001.dat C:\windows\system32\uas\askinstallchecher_uas001.dat C:\windows\system32\uas\azureus_uas001.dat C:\windows\system32\uas\azureus_uas002.dat C:\windows\system32\uas\azureus_uas003.dat C:\windows\system32\uas\azureus_uas004.dat C:\windows\system32\uas\azureus_uas005.dat C:\windows\system32\uas\bitcomet_uas001.dat C:\windows\system32\uas\bitcomet_uas002.dat C:\windows\system32\uas\bitcomet_uas003.dat C:\windows\system32\uas\bitcomet_uas004.dat C:\windows\system32\uas\cometbrowser_uas001.dat C:\windows\system32\uas\cometbrowser_uas002.dat C:\windows\system32\uas\crashreporter_uas001.dat C:\windows\system32\uas\dwwin_uas001.dat C:\windows\system32\uas\excel_uas001.dat C:\windows\system32\uas\farcry2_uas001.dat C:\windows\system32\uas\firefox_uas001.dat C:\windows\system32\uas\firefox_uas002.dat C:\windows\system32\uas\firefox_uas003.dat C:\windows\system32\uas\firefox_uas004.dat C:\windows\system32\uas\firefox_uas005.dat C:\windows\system32\uas\flashutil9f_uas001.dat C:\windows\system32\uas\gameroverlayui_uas001.dat C:\windows\system32\uas\gameroverlayui_uas002.dat C:\windows\system32\uas\garena_uas001.dat C:\windows\system32\uas\googletoolbarnotifier_uas001.dat C:\windows\system32\uas\googletoolbarnotifier_uas002.dat C:\windows\system32\uas\googletoolbarnotifier_uas003.dat C:\windows\system32\uas\gtb33.tmp_uas001.dat C:\windows\system32\uas\gtb33.tmp_uas002.dat C:\windows\system32\uas\gtb38.tmp_uas001.dat C:\windows\system32\uas\gtb38.tmp_uas002.dat C:\windows\system32\uas\gtb79.tmp_uas001.dat C:\windows\system32\uas\h5_game_uas001.dat C:\windows\system32\uas\helpctr_uas001.dat C:\windows\system32\uas\helphost_uas001.dat C:\windows\system32\uas\hl2_uas001.dat C:\windows\system32\uas\hl2_uas002.dat C:\windows\system32\uas\hl2_uas003.dat C:\windows\system32\uas\hl2_uas004.dat C:\windows\system32\uas\hl2_uas005.dat C:\windows\system32\uas\hl2_uas006.dat C:\windows\system32\uas\hlsw_uas001.dat C:\windows\system32\uas\iexplore_uas001.dat C:\windows\system32\uas\iexplore_uas002.dat C:\windows\system32\uas\iexplore_uas003.dat C:\windows\system32\uas\iexplore_uas004.dat C:\windows\system32\uas\iexplore_uas005.dat C:\windows\system32\uas\iexplore_uas006.dat C:\windows\system32\uas\iexplore_uas007.dat C:\windows\system32\uas\iexplore_uas008.dat C:\windows\system32\uas\iexplore_uas009.dat C:\windows\system32\uas\iexplore_uas010.dat C:\windows\system32\uas\iexplore_uas011.dat C:\windows\system32\uas\iexplore_uas012.dat C:\windows\system32\uas\iexplore_uas013.dat C:\windows\system32\uas\javaw_uas001.dat C:\windows\system32\uas\jre-6u12-windows-i586-p-iftw_uas001.dat C:\windows\system32\uas\jre-6u12-windows-i586-p-iftw_uas002.dat C:\windows\system32\uas\jre-6u13-windows-i586-p-iftw-13974002_uas001.dat C:\windows\system32\uas\jre-6u13-windows-i586-p-iftw-13974002_uas002.dat C:\windows\system32\uas\jucheck_uas001.dat C:\windows\system32\uas\jucheck_uas002.dat C:\windows\system32\uas\jusched_uas001.dat C:\windows\system32\uas\jusched_uas002.dat C:\windows\system32\uas\launchpad_uas001.dat C:\windows\system32\uas\left4dead_uas001.dat C:\windows\system32\uas\lucoms~1_uas001.dat C:\windows\system32\uas\lucoms~1_uas002.dat C:\windows\system32\uas\mathtype_uas001.dat C:\windows\system32\uas\mirc_uas001.dat C:\windows\system32\uas\mirc_uas002.dat C:\windows\system32\uas\msiexec_uas001.dat C:\windows\system32\uas\msnmsgr_uas001.dat C:\windows\system32\uas\msnmsgr_uas002.dat C:\windows\system32\uas\msnmsgr_uas003.dat C:\windows\system32\uas\msnmsgr_uas004.dat C:\windows\system32\uas\msnmsgr_uas005.dat C:\windows\system32\uas\msnmsgr_uas006.dat C:\windows\system32\uas\msnmsgr_uas007.dat C:\windows\system32\uas\msnmsgr_uas008.dat C:\windows\system32\uas\msnmsgr_uas009.dat C:\windows\system32\uas\msnmsgr_uas010.dat C:\windows\system32\uas\msnmsgr_uas011.dat C:\windows\system32\uas\msnmsgr_uas012.dat C:\windows\system32\uas\msnmsgr_uas013.dat C:\windows\system32\uas\msnmsgr_uas014.dat C:\windows\system32\uas\msnmsgr_uas015.dat C:\windows\system32\uas\msnmsgr_uas016.dat C:\windows\system32\uas\msnmsgr_uas017.dat C:\windows\system32\uas\msnmsgr_uas018.dat C:\windows\system32\uas\msnmsgr_uas019.dat C:\windows\system32\uas\npswf32_flashutil_uas001.dat C:\windows\system32\uas\ose_uas001.dat C:\windows\system32\uas\partygamingnet_uas001.dat C:\windows\system32\uas\plantsvszombies_uas001.dat C:\windows\system32\uas\powerpnt_uas001.dat C:\windows\system32\uas\questviewer_uas001.dat C:\windows\system32\uas\rnarcade_uas001.dat C:\windows\system32\uas\setup_uas001.dat C:\windows\system32\uas\setup_uas002.dat C:\windows\system32\uas\setup_uas003.dat C:\windows\system32\uas\signupshield_uas001.dat C:\windows\system32\uas\signupshield_uas002.dat C:\windows\system32\uas\signupshield_uas003.dat C:\windows\system32\uas\simcity 4_uas001.dat C:\windows\system32\uas\sims3launcher_uas001.dat C:\windows\system32\uas\sims3launcher_uas002.dat C:\windows\system32\uas\softwareupdate_uas001.dat C:\windows\system32\uas\ssupdate_uas001.dat C:\windows\system32\uas\ssupdate_uas002.dat C:\windows\system32\uas\steam_uas001.dat C:\windows\system32\uas\steam_uas002.dat C:\windows\system32\uas\steam_uas003.dat C:\windows\system32\uas\steam_uas004.dat C:\windows\system32\uas\steam_uas005.dat C:\windows\system32\uas\steam_uas006.dat C:\windows\system32\uas\superantispyware_uas001.dat C:\windows\system32\uas\svchost_uas001.dat C:\windows\system32\uas\svchost_uas002.dat C:\windows\system32\uas\svchost_uas003.dat C:\windows\system32\uas\svchost_uas004.dat C:\windows\system32\uas\swhelp~2_uas001.dat C:\windows\system32\uas\swhelp~2_uas002.dat C:\windows\system32\uas\swhelp~2_uas003.dat C:\windows\system32\uas\swhelp~2_uas004.dat C:\windows\system32\uas\swhelper_1150596_uas001.dat C:\windows\system32\uas\uas001.dat C:\windows\system32\uas\uas002.dat C:\windows\system32\uas\uas003.dat C:\windows\system32\uas\uas004.dat C:\windows\system32\uas\uas005.dat C:\windows\system32\uas\uas006.dat C:\windows\system32\uas\uas007.dat C:\windows\system32\uas\uas008.dat C:\windows\system32\uas\uas009.dat C:\windows\system32\uas\uas010.dat C:\windows\system32\uas\uas011.dat C:\windows\system32\uas\uas012.dat C:\windows\system32\uas\uas013.dat C:\windows\system32\uas\wgatray_uas001.dat C:\windows\system32\uas\winword_uas001.dat C:\windows\system32\uas\winword_uas002.dat C:\windows\system32\uas\winword_uas003.dat C:\windows\system32\uas\winword_uas004.dat C:\windows\system32\uas\winword_uas005.dat C:\windows\system32\uas\wmplayer_uas001.dat C:\windows\system32\uas\wmplayer_uas002.dat C:\windows\system32\uas\wmplayer_uas003.dat C:\windows\system32\uas\wmplayer_uas004.dat C:\windows\system32\uas\wmplayer_uas005.dat C:\windows\system32\uas\windmlp.ini C:\windows\system32\uas\worlg.ini c:\xdfe47.dll the type svctarget.dat commando c:\combofix>type svctarget.dat <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< drivers\services >>>>>>>>>>>>>>>>>>>>> . -------\service_restore the type ndis_log.dat commando c:\combofix>type ndis_log.dat infected copy of c:\windows\system32\wininet.dll was found and disinfected restored copy from - C:\windows\system32\worlg.ini
Rasmus1112
Regular Member
Posts: 24Joined: July 8th, 2009, 12:09 pm
by jmw3 » July 29th, 2009, 1:22 pm
Hi let's see how we go with this:
Restart your computer Before Windows loads, you will be prompted to choose which Operating System to start Use the up and down arrow key to select Microsoft Windows Recovery Console You must enter which Windows installation to log onto. Type 1 and press enter At the C:\Windows prompt, type the following bolded text, and press Enter : CD C:\Windows\ERDNT At the next prompt, type the following bolded text, and press Enter : BATCH CFRECOVERY.BAT At the next prompt, type the following bolded text, and press Enter : CD ..\System32 At the next prompt, type the following bolded text, and press Enter : REN Wininet.dll Wininet.OLD At the next prompt, type the following bolded text, and press Enter : COPY C:\QooBox\Quarantine\C\Windows\System32\Wininet.dll.vir Wininet.dll At the next prompt, type the following bolded text, and press Enter : EXIT Let me know what happens & post any error messages that you may get.
jmw3
MRU Emeritus
Posts: 4621Joined: February 12th, 2008, 2:36 amLocation: Port Hedland, Western Australia
by Rasmus1112 » July 29th, 2009, 2:41 pm
Hi I have written the message I got when I typed the commandoes in the () BATCH CFRECOVERY.BAT (no text) REN Wininet.dll Wininet.OLD (the system cannot find the file ore directory specified) COPY C:\QooBox\Quarantine\C\Windows\System32\Wininet.dll.vir Wininet.dll (1 file(s) copied)
Rasmus1112
Regular Member
Posts: 24Joined: July 8th, 2009, 12:09 pm
by jmw3 » July 29th, 2009, 9:33 pm
Hi So I take it there is still problems booting normally?
jmw3
MRU Emeritus
Posts: 4621Joined: February 12th, 2008, 2:36 amLocation: Port Hedland, Western Australia
by Rasmus1112 » July 31st, 2009, 12:05 pm
hi the computer starts up juste like normale when you turn it on and still restarting when i get the glimpt og the desktop
Rasmus1112
Regular Member
Posts: 24Joined: July 8th, 2009, 12:09 pm
by jmw3 » July 31st, 2009, 12:12 pm
Hi Do you have your XP Installation Disc?
jmw3
MRU Emeritus
Posts: 4621Joined: February 12th, 2008, 2:36 amLocation: Port Hedland, Western Australia
by Rasmus1112 » August 1st, 2009, 2:44 am
yes
Rasmus1112
Regular Member
Posts: 24Joined: July 8th, 2009, 12:09 pm
by jmw3 » August 1st, 2009, 6:17 am
Hello Rasmus1112 I'm totally out of ideas on how to fix this so I think it might be time to consider either a Repair Installation or a Reformat & Re-installation of your operating system. Personally I think you should Reformat as we don't know what type of malware, if any, may still be on board so there is no guarantee that a Repair Install will fix the problem. Let me know what you decide to do.
jmw3
MRU Emeritus
Posts: 4621Joined: February 12th, 2008, 2:36 amLocation: Port Hedland, Western Australia
Driver Corrupted Expool error
by rickys » June 9th, 2018, 1:26 pm
in Software Support (including Windows)
1
22460
by mAL_rEm018
June 10th, 2018, 4:36 pm
Error 404 Website Down Account Hacked
by cedaroil » September 18th, 2018, 3:35 pm
in Infected? Virus, malware, adware, ransomware, oh my!
1
56231
by mAL_rEm018
September 18th, 2018, 3:40 pm
Blue screen error with unhappy face
by EnterDavysLocker » August 3rd, 2018, 7:09 pm
in Infected? Virus, malware, adware, ransomware, oh my!
1
8434
by Gary R
August 4th, 2018, 2:12 am
Malware attack on my windows 10
by jessicabrobert » December 10th, 2019, 9:59 am
in Infected? Virus, malware, adware, ransomware, oh my!
1
68946
by pgmigg
December 10th, 2019, 11:14 am
slow, windows firewall can't update
by deeorgan » July 4th, 2018, 7:27 am
in Infected? Virus, malware, adware, ransomware, oh my!
3
37490
by mAL_rEm018
July 9th, 2018, 6:22 pm
athw.sys is invisible to Windows, no properties
by Roach » January 20th, 2020, 3:34 am
in Infected? Virus, malware, adware, ransomware, oh my!
1
38245
by Gary R
January 20th, 2020, 10:22 am
Google chrome plus windows virus
by believeryes » March 7th, 2019, 12:27 am
in Infected? Virus, malware, adware, ransomware, oh my!
1
36853
by Gary R
March 7th, 2019, 2:19 am
virus detected on windows defender
by jwdo » April 23rd, 2024, 5:33 pm
in Infected? Virus, malware, adware, ransomware, oh my!
50
8476
by pgmigg
May 5th, 2024, 10:43 am
Laptop running slow, get Popups in Windows
by adamthemute » June 24th, 2019, 2:58 pm
in Infected? Virus, malware, adware, ransomware, oh my!
10
93818
by pgmigg
July 8th, 2019, 11:53 am
Virus/rootkit makes Windows firewall crash
by IT man » April 23rd, 2022, 7:41 am
in Infected? Virus, malware, adware, ransomware, oh my!
1
25291
by pgmigg
May 3rd, 2022, 9:19 am
Return to Infected? Virus, malware, adware, ransomware, oh my!
Who is online
Users browsing this forum: No registered users and 179 guests
Contact us: forum@malwareremoval.com
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware