Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Two "" when typing one. [Solved]


  • This topic is locked This topic is locked

#16
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Rebooted, problem sadly still occurring.
"" '' ^^ ~~

Edited by Zumochi, 04 January 2012 - 07:05 AM.

  • 0

Advertisements


#17
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

The punkbuster uninstaller gave an error at the registry line.

OK, the application can be problematic to uninstall as I mentioned in a prior post. We will leave it be for the time being...

Rebooted, problem sadly still occurring.

OK and thanks for the update.

Re-scan with RogueKiller:

  • Quit all running programs
  • Double-click on RogueKiller.exe to start the application.
  • When prompted, type 2 then depress the Enter/Return key.
  • Follow the prompts.
Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the quote-box(do not copy the word Quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
[2011-12-10 21:10:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Files
ipconfig /flushdns /c
%systemroot%\prefetch\*.*

:Commands
[Purity]
[ResetHosts]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:

  • Launch Malwarebytes' Anti-Malware
  • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • RogueKiller Log.
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#18
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
The behavior of my computer is still the same, although seeing more ads now (I was using MVPS HOSTS File) :S

The roguekiller log:
Spoiler


The OTL gave an error with the first run, so I put the original hosts file (I always make backups) back and re-ran OTL. It did give a partial log though:
Spoiler


Log 2:
Spoiler



MalwareBytes Antimalware gave two problems, here''s the log (it''s in dutch):
Spoiler


Thanks.

Edited by Zumochi, 04 January 2012 - 08:58 AM.

  • 0

#19
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

The behavior of my computer is still the same, although seeing more ads now (I was using MVPS HOSTS File)

OK and aye I was aware you were using that custom host file but it appeared to me it had been compromised.

so I put the original hosts file

Fair play but recall best not to make any changes unless I advice so, thank you:-

Refrain from running self fixes as this will hinder the malware removal process.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activitity and asks to reboot the system, please allow this to be done.

If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.

  • 0

#20
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
So far everything looks good.
I can do again ^.^

Here's the log:
Spoiler

  • 0

#21
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

So far everything looks good.
I can do again ^.^

Good...

I see you ran ComboFix from within this folder:-

C:\fixers\ComboFix.exe

The executable will need to be on the desktop when we uninstall it as will all the executables for applications we have used so they can also be removed correctly. No need to move the aforementioned now though but as mentioned they will need to be on the desktop when we do remove etc.

System File Check:

Close all open applications/windows etc.

  • Click on Start >> Run...
  • Type in SFC /Scannow <--- Make sure to leave a space between SFC and the forward slash.
  • Click on OK
  • System File Checker will now scan all protected files to verify their versions.
Note: This will take some time. Also you may be prompted to place your XP installation CD-ROM in the CD-Drive if required.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  • Please go here to run the scan...Click on Scan Now

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#22
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
What if I don't have a Windows XP SP3 installation CD?

I do have one but that's for before SP1, and I obviously updated everything, so it's SP3 now.
And no that one is not working, it's explicitly asking for a SP3 CD.

Edited by Zumochi, 05 January 2012 - 09:07 AM.

  • 0

#23
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

OK I think it best I ask one of the GTG IT Tech's to step in and lend a hand as the SFC issue is not really my sphere of expertise if you will as primarily I provide Anti-Malware support only...

So please run the Eset Online Scan and post the log so we can complete the Malware Removal process. Providing no further action is required on my behalf we can remove all tools used and you can then install the Comodo Anti-Virus software.

Then as mentioned I will ask on your behalf for a Tech to assist you with the SFC issue in this topic.
  • 0

#24
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the log:

C:\Documents and Settings\Alwyn\Application Data\Uniblue\RegistryBooster 2010\_temp\ub.exe	Win32/RegistryBooster application
C:\Program Files\Net Tools\IPscanner\ipscanner.exe	probably a variant of Win32/NetTool.Portscan.AA application
C:\Qoobox\Quarantine\C\_9A0D2F918B5_.exe.zip	a variant of Win32/Kryptik.YKY trojan
C:\Qoobox\Quarantine\C\install\svchost.exe.vir	probably a variant of Win32/Agent.JMRGUQG trojan
C:\System Volume Information\_restore{C75BD262-E817-4832-B923-D6219E7EAB27}\RP231\A0127162.exe	Win32/NetTool.Portscan.C application

  • 0

#25
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Two of the detection results from the online scan are false positive detections so no further action is required. The other three will be dealt with when we uninstall ComboFix.

Note: Remember all tools as in the executables do actually need to be on the desktop for the below to work successfully.

Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image
Clean up with OTL:

  • Double-click OTL to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Next:

Now install the Comodo Anti-Virus software. Then once the SFC issues has been rectified I will provide some advice about online safety and advised updates etc.
  • 0

Advertisements


#26
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Done as requested.
Comodo hasn't reported anything suspicious yet, and I hope it will stay that way.
  • 0

#27
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Done as requested.
Comodo hasn't reported anything suspicious yet, and I hope it will stay that way.

Good...I have asked on your behalf for a IT Tech to assist you with the SFC issue so please be patient until a appropriate member of staff is available, thank you.
  • 0

#28
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

After receiving some advice from a colleague it appears you can create what is known as a slipstreamed disk...

How to do so can be read at this tutorial:-

Slipstreaming Windows XP Service Pack 3 and Create Bootable CD

When created the above run SFC again as outlined in post #21.

Let myself know the outcome when completed the above, thank you.
  • 0

#29
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi, I did everything according to the guide but I still have the same error.
  • 0

#30
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
OK, please bare with me whilst I seek a second opinion about this. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP