ComboFix

Please attach the C:\Qoobox\Quarantine folder so we can see what needs replacing.

 

Download the new fixed version of combofix.exe and save it to your Desktop. DO NOT RUN IT YET!!! Just make sure you have the new version downloaded and saved.

Now download this file > http://download.bleepingcomputer.com/sUBs/CFDQ-UsrPrf.exe

You should be able to run it from any location but save it to your Desktop if possible. As long as Qoobox has not been tampered with, the tool shall be able to automatically do the below.

• restore all the required files/folders
• restore the perms
• set the correct attributes for desktop.ini

Now run the CFDQ-UsrPrf.exe program by double clicking on it.

• Immediately after you run it, YOU MUST NOT reboot your PC. Don't do anything else but continue on with the below..
• Now immediately run the new version of ComboFix that you saved to your Desktop earlier. This should cause a reboot of your PC after running if malware was detected and removed.
• After reboot attach the C:\combofix.txt log.
• Also please run the MGtools.exe program as specified here:Using MGtools Then attach the requesetd C:\MGlogs.zip file
• (See: HOW TO: Attach Items To Your Post )

Now tell us how things are working.

• Do things seem to have been restored?
• What malware problems are you having?

 

@TimW,

I don't believe this user has the problem of the old ComboFix bug which deleted user files. The Dequarantine and Combofix.txt log show a current CF version and no deletion of and user files. ComboFix was just run from an incorrect location. There was however an infection in atapi.sys

 

@ Chaslang: Yes, I saw the replacement of the atapi.sys file. And no listing of previous run removals.

@grizzly8u: Please follow all the instructions here;

READ & RUN ME FIRST. Malware Removal Guide

So we can see what your issues are.

PS: Make sure you put ComboFix directly on your desktop.

 

Why were you using Hiram's boot disc? Was it during that usage that you lost documents?

We can't see what is happening in your system without you doing the Read and Run First instructions ( you can leave out running ComboFix ).

 

Do run the scans so we can see what you attach. Thing is, the documents may have gone south when you had to use Hiram's and may not be retrievable.

 

The scans ( RootRepeal, SAS, MBAM, MGtools.exe ) will not remove or hurt any chance of recovery. It is just to see if there is malware present. I am afraid you may need to post in the software forum as well to get assistance in file recovery software.

 

I'll be here when you are ready.

 

You are still missing the requested log from MGtools.

 

Your logs are clean. You have numerous user account under C:\Documents and Settings. Some appear to have been corrupt as some point.

However, this is not a malware issue. You do need to post in the software forum for further assistance.

Sinne you are not having any malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Go to add/remove programs and uninstall HijackThis.
7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
8. If you are running Vista, Windows XP or Windows ME, do the below:
   
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   
   • How to Protect yourself from malware!

 

No, it is not a concern. It is Microsoft SMS client.