Viruses/Spyware/Malware preliminary removal log files

By biznezman
Nov 19, 2007
Topic Status:
Not open for further replies.
  1. Thanks so much for the very specific instructions. My computer is doing better than it has in months!!
    I still seem to get a popup every once in a while from Internet Speed????

    still getting popups from Internet Speed Monitor.

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Hello and welcome to Techspot.

    Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Bodog Poker
    QdrDrive
    QdrModule

    Close control panel.

    Open notepad and copy/paste the text in the quote box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:


    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Please open notepad and and copy and paste next bold in it:
    (don't forget to copy and paste REGEDIT4)

    Save this as "fix.reg" Choose to save as *all files and place it on your desktop.

    Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

    Regards Howard :wave: :wave:

    This thread is for the use of biznezman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. biznezman

    biznezman Newcomer, in training Topic Starter

    When dragging the script onto ComboFix it tries to run, then I get an error message saying "This version of Combofix is expired."

    I changed the date on my computer and it seems to be working now.
  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    I`m interested to know just how you went about changing the date on your system and by how much forward or back?

    Post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Regards Howard :)

    This thread is for the use of biznezman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. biznezman

    biznezman Newcomer, in training Topic Starter

    New Log Files

    I did have Bodog installed and I removed that.

    I went to Date and Time properties and changed the date back to 11/15/07.
    It was strange because it worked when I ran it a few days ago, but not yesterday.

    I had to split my combofix logs into seperate files because it was too big because of all of the bodog files.
    Having trouble posting the combofix3 file. I'll post another reply.

    Thanks so much for all of your help. I'm not getting pop ups from Internet Speed Monitor anymore!
    Tim
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)

    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

    O8 - Extra context menu item: &Search - ?p=ZJxdm035YYUS

    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dad\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)

    O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab

    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

    O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab

    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or folders(if there).

    C:\qoobox
    C:\WINDOWS\system32\lanmanwrk.exe
    C:\WINDOWS\system32\lanmandrv.sys
    C:\Program Files\Freeze.com

    Reboot into normal mode and rehide your protected OS files.

    Post fresh HJT and Combofix logs.

    Regards Howard :)

    This thread is for the use of biznezman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. biznezman

    biznezman Newcomer, in training Topic Starter

    Thanks for your help!!!!
    Don't you get sick of this?!?!?!??! lol!

    My combofix logs still have all of the Bodog info??????

    Also...still get my virus program blocking Kodak Easyshare????

    I will upload my HJT log and the error message I got on the date when I run Combofix in the next post.

    Thanks again!
    Tim

    Here is the HJT log and the screenshot of the date error I get when running Combofix.
    Thanks.
    Tim
  8. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Kodak Easyshare ias legit software, so it`s quite possible this is a false positive.

    Your log files look clean.

    Click start/run and type combofix /u and hit the enter key. This should remove Combofix and all it`s files etc.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of biznezman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. biznezman

    biznezman Newcomer, in training Topic Starter

    Thanks

    Thanks for your help!
    I had set up a wireless network here at the house a couple of weeks ago...now my laptop has the same problem so I'm starting from scratch with it!
    Tim
  10. biznezman

    biznezman Newcomer, in training Topic Starter

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.