Viruses/Spyware/Malware preliminary removal log files
- Thread starter biznezman
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Bodog Poker
QdrDrive
QdrModule
Close control panel.
Open notepad and copy/paste the text in the quote box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Regards Howard :wave: :wave:
This thread is for the use of biznezman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Bodog Poker
QdrDrive
QdrModule
Close control panel.
Open notepad and copy/paste the text in the quote box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)
Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Regards Howard :wave: :wave:
This thread is for the use of biznezman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
I`m interested to know just how you went about changing the date on your system and by how much forward or back?
Post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Regards Howard
This thread is for the use of biznezman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Regards Howard
This thread is for the use of biznezman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
New Log Files
I did have Bodog installed and I removed that.
I went to Date and Time properties and changed the date back to 11/15/07.
It was strange because it worked when I ran it a few days ago, but not yesterday.
I had to split my combofix logs into seperate files because it was too big because of all of the bodog files.
Having trouble posting the combofix3 file. I'll post another reply.
Thanks so much for all of your help. I'm not getting pop ups from Internet Speed Monitor anymore!
Tim
I did have Bodog installed and I removed that.
I went to Date and Time properties and changed the date back to 11/15/07.
It was strange because it worked when I ran it a few days ago, but not yesterday.
I had to split my combofix logs into seperate files because it was too big because of all of the bodog files.
Having trouble posting the combofix3 file. I'll post another reply.
Thanks so much for all of your help. I'm not getting pop ups from Internet Speed Monitor anymore!
Tim
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O8 - Extra context menu item: &Search - ?p=ZJxdm035YYUS
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dad\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\qoobox
C:\WINDOWS\system32\lanmanwrk.exe
C:\WINDOWS\system32\lanmandrv.sys
C:\Program Files\Freeze.com
Reboot into normal mode and rehide your protected OS files.
Post fresh HJT and Combofix logs.
Regards Howard
This thread is for the use of biznezman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O8 - Extra context menu item: &Search - ?p=ZJxdm035YYUS
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dad\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\qoobox
C:\WINDOWS\system32\lanmanwrk.exe
C:\WINDOWS\system32\lanmandrv.sys
C:\Program Files\Freeze.com
Reboot into normal mode and rehide your protected OS files.
Post fresh HJT and Combofix logs.
Regards Howard
This thread is for the use of biznezman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Thanks for your help!!!!
Don't you get sick of this?!?!?!??! lol!
My combofix logs still have all of the Bodog info??????
Also...still get my virus program blocking Kodak Easyshare????
I will upload my HJT log and the error message I got on the date when I run Combofix in the next post.
Thanks again!
Tim
Here is the HJT log and the screenshot of the date error I get when running Combofix.
Thanks.
Tim
Don't you get sick of this?!?!?!??! lol!
My combofix logs still have all of the Bodog info??????
Also...still get my virus program blocking Kodak Easyshare????
I will upload my HJT log and the error message I got on the date when I run Combofix in the next post.
Thanks again!
Tim
Here is the HJT log and the screenshot of the date error I get when running Combofix.
Thanks.
Tim
howard_hopkinso
Posts: 21,238 +17
Kodak Easyshare ias legit software, so it`s quite possible this is a false positive.
Your log files look clean.
Click start/run and type combofix /u and hit the enter key. This should remove Combofix and all it`s files etc.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of biznezman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Your log files look clean.
Click start/run and type combofix /u and hit the enter key. This should remove Combofix and all it`s files etc.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of biznezman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Help
Howard,
I cannot get to the original post
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
It tells me no thread specified?????
Tim
Howard,
I cannot get to the original post
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
It tells me no thread specified?????
Tim
- Status
Similar threads
