[RKinner]

I think you need to uninstall Combofix if you can.  You ran it from a temp file which is a no-no but give it a shot:

 

To uninstall combofix, copy the next line:

 

"c:\users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQ6W8T9B\ComboFix.exe" /Uninstall

 

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.

then right click, Paste, then hit Enter.

 

 

 

Sometimes it is enough to do

 

ComboFix.exe  /Uninstall

 

 

You may need to redownload it and then tell me where it is.

 

We can try aswMBR:

 

 

Download aswMBR.exe  to your desktop.

Right click aswMBR.exe and Run as Administrator

uncheck trace disk IO calls

Click the "Scan" button to start scan (Accept the Avast Engine)

On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply

If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

 

 

and

 

TDSSKiller

 

download TDSSKiller:

http://support.kaspe.../tdsskiller.exe

Save it to your desktop then run it by right clicking and Run As Admin.

 

 

If TDSSKiller alerts you that the system needs to reboot, please consent.

 

Run TDSSKiller again but this time:

before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.

In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.

When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

 

[Advertisements]

Whew getting worn out tried both combo lines in CMD and not reconized as a valid command I recall deleting combo and all logs but not sure these bloody scans get me confused to many and to fast but will keep an eye out.

 

The other scans ok but tomorrow enough of scans for now ; thinking about double lines in add/delete figuring out what goes and what stays the crap never ends . 

[fixitnow]

Whew getting worn out tried both combo lines in CMD and not reconized as a valid command I recall deleting combo and all logs but not sure these bloody scans get me confused to many and to fast but will keep an eye out.

 

The other scans ok but tomorrow enough of scans for now ; thinking about double lines in add/delete figuring out what goes and what stays the crap never ends . 

[RKinner]

Combofix creates a copy of your file system so see if you have anything called Combofix.  Deleting the combofix.exe file is not enough.  Also the C:\Qoobox folder is created by combofix so you can delete it.

 

OTL is also seeing double.  Not sure why.  Thought it might be from combofix which is why I wanted to uninstall it.

[fixitnow]

Well CMD didn t work for round one so not sure what to do next hum; maybe search for ; .temp. or temp etc then delete what ever I find is in those folders ?

 

Never been happen with the MS search that start up has; a lot more times then not that never finds what I search for which then leads to advanced search which then finds it but that search takes for ever and every; so that begs the question is the a better search software I can use that doesn t

miss a bunch; would use that instead can delete OTL and logs that's a snap and will hunt for combo fix and Qoobox also and their were folders in  the 13/14 file / folder combo I deleted but the copy / paste is very flakey that's another issue ho hum;  let me get deleting and searching .  

[RKinner]

What CMD are you talking about?

 

As far as search programs go:  http://www.techsuppo...rch-utility.htm

 

Have we done a check disk recently?

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:

2. Click Properties, and then click Tools.

3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,

4. Check both boxes and then click Start.

You will receive the following message:

The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?

Click Yes to schedule the disk check, but don't restart yet.

 

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

 

 

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

 

sfc /scannow

 

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

 

Copy the next two lines:

 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 

notepad \windows\logs\cbs\junk.txt 

 

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application.

[RKinner]

Also did you ever run the Junkware Removal Tool?  I don't see a log for it.  

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

 

 

I'm going to Orlando today to get some new tires for the car at Costco so will be off-line until late.

[fixitnow]

Yikes this is getting overwhelming will print in all out; then will catch up amazing how nothing is giving me answers and nothing that I can see is getting fixed ho hum - need a nap - later

[fixitnow]

Ok here  goes the links you gave me for two scanners didn t work and gave me a huge amount of spam which I removed with my toolbar amazing I would stay far far away from the sites you used .

 

I found folders of - OTL and Qoobox and Rogue killer so those scanners are deleted after I got spammed with the links you post I used a deep scan with MWB will use superanti and see what MWB has missed the MWB log is below .     Still no sign of Combofix but haven t stopped looking;  how do pull up temp folders; I seem to re call theirs a bunch of them; will look in those for any combofix junk to delete .

 

Here's the MWB log ;  it found two PuP objects which I deleted -  will post the others soon . .

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/3/2015
Scan Time: 1:28:35 AM
Logfile: MWb  2-3-15 2am.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.03.02
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: pestyone

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398447
Time Elapsed: 32 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [331e4bac4247b680e02d6b913ec47888],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [331e4bac4247b680e02d6b913ec47888],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.CytiWeb.A, C:\Users\pestyone\AppData\Local\Temp\Cyti Web, , [c091e21513768caa07d47c0454af5da3],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

[RKinner]

Which sites gave you spam?

[fixitnow]

Dang let me scroll back and get the links you posted

[fixitnow]

Ok it was this - aswMBR.exe - then this - http://support.kaspe.../tdsskiller.exe - that spammed me not good :  (

 

Will try junk remover then will try to get the sys log posted here; that should be very very help ful .

[fixitnow]

Ok heres the junkware log and dang I see it cleared the event viewer log you wanted so can t post that .      How do I pull up the temp folders to see if their is combo fix their assuming their is and I delete combo will that also fix my double enteries  that add / delete have now or do I just delete the smallest file sizes and hope it doesn t return ?  ? 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by pestyone on Wed 02/04/2015 at  0:52:08.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/04/2015 at  0:58:20.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[fixitnow]

Ok this malwear log viewer link you posted does not work ; guess i'll try superanti next then the sys file checker next ? 

[RKinner]

Neither aswMBR or TDSSKiller tried to spam me when I went to them just now.  If you got spammed then you have a problem perhaps with your router.

 

Please download MiniToolbox

 

http://www.bleepingc...oad/minitoolbox save it to your desktop and run it.

 

Checkmark the following checkboxes:

Flush DNS

Report IE Proxy Settings

Reset IE Proxy Settings

Report FF Proxy Settings

Reset FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer Errors

List Installed Programs

List Devices

List Users, Partitions and Memory size.

List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

[fixitnow]

Its a modem I don t use wifi use Ethernet and got this error "  the page that you requested does not exist. "

 

Must run superanti then the SFC thingy you posted about and modem works fine other wise .

 

How do I pull up the temp folders in win 7 HP 64 bit ?  ?