Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

What needs to Go


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

I think you need to uninstall Combofix if you can.  You ran it from a temp file which is a no-no but give it a shot:

 

To uninstall combofix, copy the next line:
 

"c:\users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQ6W8T9B\ComboFix.exe" /Uninstall
 
Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.
 
 
 

Sometimes it is enough to do

 

ComboFix.exe  /Uninstall

 

 

You may need to redownload it and then tell me where it is.

 

We can try aswMBR:

 

 
Download aswMBR.exe  to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
 
 
and
 
TDSSKiller
 

download TDSSKiller:
Save it to your desktop then run it by right clicking and Run As Admin.
 
 
If TDSSKiller alerts you that the system needs to reboot, please consent.
 
Run TDSSKiller again but this time:
before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
 

  • 0

Advertisements


#17
fixitnow

fixitnow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Whew getting worn out tried both combo lines in CMD and not reconized as a valid command I recall deleting combo and all logs but not sure these bloody scans get me confused to many and to fast but will keep an eye out.

 

The other scans ok but tomorrow enough of scans for now ; thinking about double lines in add/delete figuring out what goes and what stays the crap never ends . 


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Combofix creates a copy of your file system so see if you have anything called Combofix.  Deleting the combofix.exe file is not enough.  Also the C:\Qoobox folder is created by combofix so you can delete it.

 

OTL is also seeing double.  Not sure why.  Thought it might be from combofix which is why I wanted to uninstall it.


  • 0

#19
fixitnow

fixitnow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Well CMD didn t work for round one so not sure what to do next hum; maybe search for ; .temp. or temp etc then delete what ever I find is in those folders ?

 

Never been happen with the MS search that start up has; a lot more times then not that never finds what I search for which then leads to advanced search which then finds it but that search takes for ever and every; so that begs the question is the a better search software I can use that doesn t

miss a bunch; would use that instead can delete OTL and logs that's a snap and will hunt for combo fix and Qoobox also and their were folders in  the 13/14 file / folder combo I deleted but the copy / paste is very flakey that's another issue ho hum;  let me get deleting and searching .  


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

What CMD are you talking about?

 

As far as search programs go:  http://www.techsuppo...rch-utility.htm

 

Have we done a check disk recently?

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 
sfc /scannow
 
(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.

  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Also did you ever run the Junkware Removal Tool?  I don't see a log for it.  

 

Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     

     

    I'm going to Orlando today to get some new tires for the car at Costco so will be off-line until late.


    • 0

    #22
    fixitnow

    fixitnow

      Member

    • Topic Starter
    • Member
    • PipPip
    • 45 posts

    Yikes this is getting overwhelming will print in all out; then will catch up amazing how nothing is giving me answers and nothing that I can see is getting fixed ho hum - need a nap - later


    • 0

    #23
    fixitnow

    fixitnow

      Member

    • Topic Starter
    • Member
    • PipPip
    • 45 posts

    Ok here  goes the links you gave me for two scanners didn t work and gave me a huge amount of spam which I removed with my toolbar amazing I would stay far far away from the sites you used .

     

    I found folders of - OTL and Qoobox and Rogue killer so those scanners are deleted after I got spammed with the links you post I used a deep scan with MWB will use superanti and see what MWB has missed the MWB log is below .     Still no sign of Combofix but haven t stopped looking;  how do pull up temp folders; I seem to re call theirs a bunch of them; will look in those for any combofix junk to delete .

     

    Here's the MWB log ;  it found two PuP objects which I deleted -  will post the others soon . .

     

     

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/3/2015
    Scan Time: 1:28:35 AM
    Logfile: MWb  2-3-15 2am.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.03.02
    Rootkit Database: v2015.01.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: pestyone

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 398447
    Time Elapsed: 32 min, 26 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Deep Rootkit Scan: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUP.Optional.SearchProtect.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [331e4bac4247b680e02d6b913ec47888],
    PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [331e4bac4247b680e02d6b913ec47888],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.CytiWeb.A, C:\Users\pestyone\AppData\Local\Temp\Cyti Web, , [c091e21513768caa07d47c0454af5da3],

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)

    (end)


    • 0

    #24
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP

    Which sites gave you spam?


    • 0

    #25
    fixitnow

    fixitnow

      Member

    • Topic Starter
    • Member
    • PipPip
    • 45 posts

    Dang let me scroll back and get the links you posted


    • 0

    Advertisements


    #26
    fixitnow

    fixitnow

      Member

    • Topic Starter
    • Member
    • PipPip
    • 45 posts

    Ok it was this - aswMBR.exe - then this - http://support.kaspe.../tdsskiller.exe - that spammed me not good :  (

     

    Will try junk remover then will try to get the sys log posted here; that should be very very help ful .


    • 0

    #27
    fixitnow

    fixitnow

      Member

    • Topic Starter
    • Member
    • PipPip
    • 45 posts

    Ok heres the junkware log and dang I see it cleared the event viewer log you wanted so can t post that .      How do I pull up the temp folders to see if their is combo fix their assuming their is and I delete combo will that also fix my double enteries  that add / delete have now or do I just delete the smallest file sizes and hope it doesn t return ?  ? 

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by pestyone on Wed 02/04/2015 at  0:52:08.03
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~~~ Services

     

    ~~~ Registry Values

     

    ~~~ Registry Keys

     

    ~~~ Files

     

    ~~~ Folders

     

    ~~~ Event Viewer Logs were cleared

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 02/04/2015 at  0:58:20.59
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    • 0

    #28
    fixitnow

    fixitnow

      Member

    • Topic Starter
    • Member
    • PipPip
    • 45 posts

    Ok this malwear log viewer link you posted does not work ; guess i'll try superanti next then the sys file checker next ? 


    • 0

    #29
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP

    Neither aswMBR or TDSSKiller tried to spam me when I went to them just now.  If you got spammed then you have a problem perhaps with your router.

     

    Please download MiniToolbox
     
    http://www.bleepingc...oad/minitoolbox save it to your desktop and run it.
     
    Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
     
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

    • 0

    #30
    fixitnow

    fixitnow

      Member

    • Topic Starter
    • Member
    • PipPip
    • 45 posts

    Its a modem I don t use wifi use Ethernet and got this error "  the page that you requested does not exist. "

     

    Must run superanti then the SFC thingy you posted about and modem works fine other wise .

     

    How do I pull up the temp folders in win 7 HP 64 bit ?  ?


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP