occasional new tabs, windows and extra ads, along with system slow dow
Started by
Alysher
, May 11 2014 05:23 PM
-
This topic is locked
#17
Posted 12 May 2014 - 08:12 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
How is the computer doing?
#18
Posted 12 May 2014 - 08:17 PM
Alysher
- Topic Starter
-
- Member
-
- 122 posts
Member
quite well, but about the same since we ran combofix.....but no more ads as far as ive been able to tell...
#19
Posted 12 May 2014 - 08:42 PM
Alysher
- Topic Starter
-
- Member
-
- 122 posts
Member
i just cleared my cached web content, and that has helped as well.
also, after clearing my cached web content im able to post things properly on the forums now. no more word wrap issues!!!
Edit: im also able to play one of my facebook games that wouldnt play for me anymore. i remember clearing my cache a while back ago trying to get it to run, but i had no luck then. its working now as though.
im going to assume we can start to do the cleanup....dont forget my autorun.inf's. ill reinstall curse client later.
Edited by Alysher, 12 May 2014 - 09:43 PM.
#20
Posted 13 May 2014 - 10:24 AM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Post the contents of the following log: (If too large, zip the file and attach it to a reply)
C:\Qoobox\ComboFix-quarantined files.txt
#21
Posted 13 May 2014 - 02:31 PM
Alysher
- Topic Starter
-
- Member
-
- 122 posts
Member
here you go...
2014-05-12 05:07:01 . 2014-05-12 05:07:01 912 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-25_escape.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 928 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-24_flashusbdriver.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 924 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-22_WiBro_WiMAX.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 912 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-21_Searsburg.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-20_NXP_Driver.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-19_VIA_driver.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 948 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-18_Zinia_Serial_Driver.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 924 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-17_EMP_Chipset2.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-16_Shrewsbury.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 936 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-11_HSP_Plus_Default.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 884 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-09_Hsp.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-08_EMPChipset.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 896 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-07_Schorl.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 904 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-06_Spencer.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 892 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-05_Sloan.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-04_semseyite.reg.dat
2014-05-12 05:07:00 . 2014-05-12 05:07:00 920 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-03_Swallowtail.reg.dat
2014-05-12 05:06:59 . 2014-05-12 05:06:59 908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-02_Siberian.reg.dat
2014-05-12 05:06:59 . 2014-05-12 05:06:59 908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-01_Simmental.reg.dat
2014-05-12 05:06:24 . 2014-05-12 05:06:24 168 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Battle.net.reg.dat
2014-05-12 05:06:22 . 2014-05-12 05:06:22 159 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}.reg.dat
2014-05-12 05:02:33 . 2013-11-17 01:17:14 59 ----a-w- C:\Qoobox\Quarantine\D\autorun.inf.vir
2014-05-12 04:59:23 . 2014-05-12 04:59:24 234 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_System Update kb70007.reg.dat
2014-05-12 04:56:31 . 2014-05-12 04:56:31 23,322 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-05-12 04:50:22 . 2014-05-12 04:50:22 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2014-05-12 04:46:39 . 2014-05-12 04:50:24 62 ----a-w- C:\Qoobox\Quarantine\catchme.log
2014-05-12 03:41:55 . 2014-05-12 03:41:55 595,968 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\wxmsw294u_html_vc90.dll.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 91,648 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\wxmsw294u_webview_vc90.dll.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 154,112 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\wxbase294u_net_vc90.dll.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 1,234,944 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\wxmsw294u_adv_vc90.dll.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 4,598,272 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\wxmsw294u_core_vc90.dll.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 1,985,024 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\wxbase294u_vc90.dll.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 2,449,920 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\python27.dll.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 27,136 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\_multiprocessing.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 110,080 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\PyWinTypes27.dll.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 805,888 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\wx._gdi_.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 1,159,680 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\_ssl.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 713,216 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\_hashlib.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 811,008 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\wx._windows_.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 25,600 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\win32pdh.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 24,064 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\win32pipe.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 70,656 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\wx._html2.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 35,840 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\win32process.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 38,912 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\win32inet.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 1,062,400 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\wx._controls_.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 686,080 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\unicodedata.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 127,488 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\pyexpat.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 10,240 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\select.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 18,432 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\win32event.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 17,408 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\win32profile.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 119,808 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\win32file.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 108,544 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\win32security.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 167,936 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\win32gui.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 525,640 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\windows._lib_cacheinvalidation.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 87,552 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\_ctypes.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 128,512 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\_elementtree.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 98,816 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\win32api.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 45,568 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\_socket.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 557,056 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\pysqlite2._sqlite.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 320,512 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\win32com.shell.shell.pyd.vir
2014-05-12 03:41:55 . 2014-05-12 03:41:55 22,528 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\win32ts.pyd.vir
2014-05-12 03:41:54 . 2014-05-12 03:41:54 1,175,040 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\wx._core_.pyd.vir
2014-05-12 03:41:54 . 2014-05-12 03:41:54 364,544 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\pythoncom27.dll.vir
2014-05-12 03:41:54 . 2014-05-12 03:41:54 78,336 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\wx._animate.pyd.vir
2014-05-12 03:41:54 . 2014-05-12 03:41:54 735,232 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\wx._misc_.pyd.vir
2014-05-12 03:41:54 . 2014-05-12 03:41:54 11,264 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\win32crypt.pyd.vir
2014-05-12 03:41:54 . 2014-05-12 03:41:54 122,368 ----a-w- C:\Qoobox\Quarantine\C\Users\alysher\AppData\Local\Temp\_MEI27242\wx._wizard.pyd.vir
2014-05-03 05:56:11 . 2014-04-23 22:52:18 16,384 ----a-w- C:\Qoobox\Quarantine\C\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe.vir
2014-05-03 05:56:11 . 2014-04-23 22:52:18 33,792 ----a-w- C:\Qoobox\Quarantine\C\Windows\Microsoft\System Update kb70007\InstallerLibrary.dll.vir
2014-05-03 05:56:11 . 2014-04-23 22:52:20 15,360 ----a-w- C:\Qoobox\Quarantine\C\Windows\Microsoft\System Update kb70007\Installer.dll.vir
2014-05-03 05:56:11 . 2014-04-23 22:52:20 805,676 ----a-w- C:\Qoobox\Quarantine\C\Windows\Microsoft\System Update kb70007\win32.reg.vir
2010-01-28 08:29:20 . 2013-11-17 19:09:33 59 ----a-w- C:\Qoobox\Quarantine\C\autorun.inf.vir
#22
Posted 13 May 2014 - 03:27 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Download the enclosed file. [attachment=70526:CFScript.txt]
Save it in the same location Combofix is saved.
Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.
Restart and test your custom made settings.
Save it in the same location Combofix is saved.
Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.
Restart and test your custom made settings.
#23
Posted 13 May 2014 - 04:14 PM
Alysher
- Topic Starter
-
- Member
-
- 122 posts
Member
file is back, but im assuming the autoplay settings are still disabled cause it didnt change my drive icon or name like it was suppose to...
#24
Posted 13 May 2014 - 07:29 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Lets try this fix.
Download the enclosed folder. [attachment=70535:RegFix.zip]
Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and click on the Regfix.reg file and select Yes when prompted to merge it into the registry.
Restart and test.
Download the enclosed folder. [attachment=70535:RegFix.zip]
Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and click on the Regfix.reg file and select Yes when prompted to merge it into the registry.
Restart and test.
#25
Posted 13 May 2014 - 08:54 PM
Alysher
- Topic Starter
-
- Member
-
- 122 posts
Member
no change after restart
#26
Posted 14 May 2014 - 01:43 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Remove the Regfix you just downloaded and replace it with the enclosed file. [attachment=70556:RegFix.zip]
Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and click on the Regfix.reg file and select Yes when prompted to merge it into the registry.
Restart and test.
Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and click on the Regfix.reg file and select Yes when prompted to merge it into the registry.
Restart and test.
#27
Posted 14 May 2014 - 10:03 PM
Alysher
- Topic Starter
-
- Member
-
- 122 posts
Member
still didnt work, but i did some digging and found out which key it is that was keeping the autorun.inf from running....
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] @="@SYS:DoesNotExist"
removing this key and restarting fixed my issue.
#28
Posted 15 May 2014 - 02:35 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
There you go, congratulations.
Lets proceed with the cleanup.
Run Adwcleaner and click on uninstall.
- Download Delfix from here
- Ensure Remove disinfection tools is ticked
Also tick:- Create registry backup
- Purge system restore
- Click Run
Manually remove any file or folder left, related to the tools we used.
Here are some suggestions.
- Always keep your JAVA updated. Older versions will make your computer vulnerable.
- Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
- ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.
Best wishes! 
#29
Posted 15 May 2014 - 03:39 PM
Alysher
- Topic Starter
-
- Member
-
- 122 posts
Member
done. anything else? if not topic can be closed
#30
Posted 15 May 2014 - 05:03 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
