Jump to content

Kenny94

Experts
  • Posts

    2,662
  • Joined

  • Last visited

Reputation

0 Neutral

Contact Methods

  • Website URL
    https://twitter.com/kdiamondkenny
  • ICQ
    0

Profile Information

  • Location
    S.C USA

Recent Profile Visitors

27,524 profile views
  1. Thanks guys! David, thank you for putting together the registry script at Here Nice!
  2. Hi, Appears this happen after a download? Please visit this webpage and read the ComboFix User's Guide: Once you've read the article and are ready to use the program you can download it directly from the link below.Important! - Please make sure you save combofix to your desktop and do not run it from your browserDirect download link for: ComboFix.exePlease make sure you disable your security applications before running ComboFix.Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.Please attach that log file to your next reply.If needed the file can be located here: C:\combofix.txtNOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  3. Hi neeeneee and welcome to Malwarebytes! Let's take look before we remove software or run any scans. Scan with Farbar Recovery Scan Tool Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  4. Download ComboFix.exe to your desktop. But do Not run it. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. "%userprofile%\Desktop\combofix" /uninstall This will remove folder C:\Qoobox and the ComboFix.exe icon.
  5. Follow these steps to uninstall Combofix and all of its files and components. Go to Start ---> Run ---> Type ComboFix /uninstall and press Enter. Make sure there's a space between Combofix and / Then hit enter.
  6. You should change all passwords with the infection your PC had. Avast is another excellent AV. Yes you should remove Avira before you install Avast. As for your the Boot folder it has some system files and it's best to leave it. You can remove Qoobox this belongs ComboFix and is not need it anymore.
  7. Your Computer is Clean Some final items: Follow these steps to uninstall Combofix and tools used in the removal of malware To remove all of the tools we used and the files and folders they created, please do the following: Please download OTC.exe by OldTimer: Save it to your Desktop. Double click OTC.exe. Click the CleanUp! button. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Additional Security Measures Scan your system for outdated versions of commonly used software applications that may also cause your PC be vulnerable, using the Secunia Online Software Inspector (OSI). This is very important because recent statistics confirm that an overwhelming majority of infections are aquired through application not Operating System flaws. Commonly used programs like Quicktime, Java, and Adobe Acrobat Reader, itunes, and many others are commonly targeted today. You can make your computer much more secure if you update to the most current versions of these programs and any others that Secunia alerts you to. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash. Tips for Speeding Up Your PC Visit My Blog for Malware and Spyware Tips
  8. Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following :OTL IE - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [bcwext] rundll32.exe "C:\Users\shinyaku\AppData\Local\Temp\bcwext.dll",SteamAPI_RestartApp File not found O4:64bit: - HKLM..\Run: [mandh] rundll32.exe ",ConvertMeshSubsetToSingleStrip File not found O4 - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000..\Run: [ctfmon.exe] C:\windows\system32\rundll32.exe C:\PROGRA~3\jmdoexeali.dat,StartAs File not found O4 - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000..\Run: [] File not found [2012/01/10 20:00:19 | 000,002,048 | -HS- | C] () -- C:\Users\shinyaku\AppData\Local\{2b2f1e3f-3eba-e768-7501-387a192c6460}\@ [2011/12/13 22:57:20 | 076,004,920 | -H-- | C] () -- C:\ProgramData\ilaexeodmj.dat :files C:\Users\shinyaku\AppData\Local\{2b2f1e3f-3eba-e768-7501-387a192c6460} C:\Users\shinyaku\AppData\Local\Temp\bcwext.dll C:\ProgramData\jmdoexeali.dat ipconfig /flushdns /c :Commands [emptytemp] [clearallrestorepoints] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Please post the OTL fix log in your next reply. Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles Step 2 Launch Malwarebytes' Anti-Malware Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. In your next reply, post the following log files: OTL Fix log Malwarebytes' Anti-Malware log
  9. Hi, I'm reviewing your log and will have some more instructions for you in a short while. Thanks for your patience!
  10. Lets get a deeper look into the system and see if something shows up.The dialouge box that pops up means there's still malware present. Download OTL to your Desktop Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
  11. We need to Re-run Eset scan one more time.To see if those entries (that ComboFix removed) will be recreated.. But Re-run Eset as in the below: Please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan. Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the ActiveX control to install Click Start Make sure that the options Remove found threats and the option Scan unwanted applications is checked Click Scan Wait for the scan to finish Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic
  12. Okay, lets make sure all is cleaned one more time. Drag ComboFix to the recycle bin and grab the latest version before trying to scan again (use the same link and as before. Note: No need to rename ComboFix this time around. Post log updated log please.
  13. Let me ask someone on bcwext.dll. I can't find anything on this..... I'll get back to you in the next few days.
  14. Hi, The dialouge box that pops up "The specified module could not be found" is it still present? Also, any other problems with this PC?
  15. Okay, Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :Processes :Services :Reg :Files C:\dnload\Games\PC\Battlefield 2 full game MP - SP Fixed v_1.5 -=AviaRa=-\Battlefield 2\key-generator.exe C:\dnload\Program\Fruity.Loops.Studio.9.Producer.Edition.XXL.rar C:\dnload\Program\gamebooster2.1EN.exeC:\dnload\Program\Nero-7.10.1.0_eng_full.exeC:\Users\Public\Hadoken should blast Mcafee.zap C:\Users\shinyaku\Desktop\stuff\Fruity.Loops.Studio.9.Producer.Edition.XXL\Fruity.Loops.Studio.9.Producer.Edition c:\dnload\games\pc\need.for.speed.underground.2\no cd crack\speed2.exe c:\dosbox\war\crack.exe c:\program files (x86)\image-line\hardcore\presets\i cracked my tube!.hdprg c:\program files (x86)\image-line\sawer\presets\ambient\mc cracked.sawer c:\program files (x86)\mount&blade with fire and sword\sounds\fire_small_crackle_slick_op.ogg c:\users\shinyaku\desktop\stuff\fruity.loops.studio.9.producer.edition.xxl\fate.the.traitor.soul-rituel\fate.the.traitor.soul-rituel\cracktro.exe c:\users\shinyaku\desktop\stuff\fruity.loops.studio.9.producer.edition.xxl\fruity.loops.studio.9.producer.edition.xxl-salad\official key\readme crack installation.txt c:\users\shinyaku\documents\xilisoft corporation\video converter ultimate\crack.js c:\users\shinyaku\games\unreal tournament 2004\ut2004 keygen (xp only).exe :Commands [emptytemp] [CREATERESTOREPOINT] [Reboot] Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit! button. A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTM If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. Next Please download the latest version of Hitman Pro from one of the following locations: For 32-Bit Operating Systems For 64-Bit Operating Systems After the download completes please double click the program to run it. Accept the terms of the license agreement and click Next Let the scan run. It will not take long When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location Upload log.xml here for review please In your next reply, please include these log(s): 1.OTM\MovedFiles (Most recent one. The day you ran it) 2.HitmanPro3 Report
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.