combofix432
New Member
Hi guys, i have been trying to remove malwares from a computer that i suspect has been infected for over a year. the operating system is an upgraded windows 8.1. Since i wanted to run combofix, i restored it to windows 8 using the factory setting and at the same time keeping all my files.
Then i began running tsdkiller, Rkill, combofix, roguekiller, malwarebytes anti malware, hitmanpro, eset online scanner, emsisoft emergency kit in the written order. In the middle of this i needed to restart the computer after running combofix. this turned out to be difficult because all of a sudden the restart button stopped working. it said epowerbutton.exe not working. so i had to use win+i to get to another restart button to restart the pc. At the end of using all the above tools nothing was found. Hitman pro found the most by finding cookies in my web browser. This made me very suspicious knowing that the pc has been infected for over a year.
when i looked at the combofix log, it contained locked registery keys that are hard for me to recognize if they are legit or not. i even became more suspicious when i run GMER rootkit , it says ''C:\WINDOWS\system32\config\system:The process cannot access the file because it is being used by another process''. then after i press ok it continues to scan but when i press stop it says the same thing again and also ''C:\user\selam\ntuser.dat.The process cannot access the file because it is being used by another process''.
when i use GMER on my other clean computer none of this happens! it works perfectly. To make matters worse even the BIOS(firmware) seems to have been manipuilated or corrupted because i can't boot from the cd rom. and i made sure to make cd rom the first one in the boot order. i used windows installation cd, hirens boot cd 15.2 and still it wont boot from the cd rom.
i am not a computer guy and i dont have the skill to root out the problem. i suspect a malware that is able to hide itself somehow. i will post the combofix log below. some of the headers is in swedish but everything else is in english. thank you for your support!
Then i began running tsdkiller, Rkill, combofix, roguekiller, malwarebytes anti malware, hitmanpro, eset online scanner, emsisoft emergency kit in the written order. In the middle of this i needed to restart the computer after running combofix. this turned out to be difficult because all of a sudden the restart button stopped working. it said epowerbutton.exe not working. so i had to use win+i to get to another restart button to restart the pc. At the end of using all the above tools nothing was found. Hitman pro found the most by finding cookies in my web browser. This made me very suspicious knowing that the pc has been infected for over a year.
when i looked at the combofix log, it contained locked registery keys that are hard for me to recognize if they are legit or not. i even became more suspicious when i run GMER rootkit , it says ''C:\WINDOWS\system32\config\system:The process cannot access the file because it is being used by another process''. then after i press ok it continues to scan but when i press stop it says the same thing again and also ''C:\user\selam\ntuser.dat.The process cannot access the file because it is being used by another process''.
when i use GMER on my other clean computer none of this happens! it works perfectly. To make matters worse even the BIOS(firmware) seems to have been manipuilated or corrupted because i can't boot from the cd rom. and i made sure to make cd rom the first one in the boot order. i used windows installation cd, hirens boot cd 15.2 and still it wont boot from the cd rom.
i am not a computer guy and i dont have the skill to root out the problem. i suspect a malware that is able to hide itself somehow. i will post the combofix log below. some of the headers is in swedish but everything else is in english. thank you for your support!