Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outerinfo


  • This topic is locked This topic is locked
23 replies to this topic

#16 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:57 AM

Posted 14 February 2008 - 06:09 AM

Hi Sharpie!

It didn't work... Let's try this:

Please make sure you have CFScript.txt and Combofix.exe on your desktop.

Then click START then RUN.
Then type this following text in the runbox:
"%Userprofile%\Desktop\Combofix /CFScript.txt"
And click OK

Now Combofix appears...

When Combofix has finished please post a fresh HijackThis log and Combofix log back here :thumbsup:

Edited by Baabiouz, 14 February 2008 - 06:09 AM.

Posted Image

BC AdBot (Login to Remove)

 


#17 sharpie

sharpie
  • Topic Starter

  • Members
  • 702 posts
  • OFFLINE
  •  
  • Location:Nor-Cal
  • Local time:04:57 AM

Posted 14 February 2008 - 06:12 PM

when i copy and paste "%Userprofile%\Desktop\Combofix /CFScript.txt" in the run box i get a message that says windows cannot find it and then it says something like maybe i didnt type it in correctly....

#18 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:57 AM

Posted 14 February 2008 - 11:24 PM

Do you have Combofix.exe and CFScript.txt on your desktop? Copy (Ctrl + C) and Paste (Ctrl + V) all the text in the runbox :blink:

"%Userprofile%\Desktop\Combofix /CFScript.txt"

Did you get it work? :thumbsup:

Edited by Baabiouz, 14 February 2008 - 11:26 PM.

Posted Image

#19 sharpie

sharpie
  • Topic Starter

  • Members
  • 702 posts
  • OFFLINE
  •  
  • Location:Nor-Cal
  • Local time:04:57 AM

Posted 15 February 2008 - 12:00 AM

yes, i have them both on my desktop and it is still not working. please, is there something else i can try? it seems like my computer has been runnng the same for a while now.

thank you

#20 sharpie

sharpie
  • Topic Starter

  • Members
  • 702 posts
  • OFFLINE
  •  
  • Location:Nor-Cal
  • Local time:04:57 AM

Posted 15 February 2008 - 09:51 PM

not being rude, but would it be possible for someone else to help me because this is taking a very long time. i have done what you asked me to do three times and its not working. you ask me if it works so i say no then i have to wait a couple of more days for you to tell me to try it again.

thank you and please know that i am not being rude thats just how it might seem because im typing it and not speaking.

Edited by sharpie, 15 February 2008 - 09:57 PM.


#21 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:57 AM

Posted 16 February 2008 - 09:12 AM

Hi Sharpie!

It's not my fault that the things doesn't work on your computer... And the teachers are checking my post, so i'm not going to help you wrongly... ;)

Step #1
Please download RenV.exe to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe


Then open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

C:\WINDOWS\lsass .exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM .EXE
C:\Program Files\QuickTime\qttask .exe


Save this as Log.txt
Drag Log.txt into RenV.exe

When finished, it shall produce a new log for you. Post that log in your next reply.

Step #2
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\cqcslgmf.dll
    C:\WINDOWS\system32\ntxabrdv.exe
    C:\WINDOWS\system32\ygynulqe.dll
    C:\WINDOWS\system32\dvnoyblg.exe
    C:\WINDOWS\system32\rvkhnsrn.dll
    C:\WINDOWS\system32\zovnfxtj.dll
    C:\WINDOWS\system32\slcnhnno.dll
    C:\WINDOWS\system32\jkkll.exe
    C:\WINDOWS\system32\jkkll.dll
    C:\WINDOWS\system32\llkkj.ini2
    C:\WINDOWS\system32\dfhkj.ini2
    C:\WINDOWS\system32\xxyxwut.dll
    C:\WINDOWS\system32\khfgecb.dll
    C:\WINDOWS\system32\drvvowr.dll
    C:\WINDOWS\system32\drvvow.dll
    C:\WINDOWS\system32\jkkll.Vdll
    C:\Documents and Settings\T.Fox\Shared\by the time i get to arizona.wm
    C:\Documents and Settings\T.Fox\Shared\concerto for 2 violins.wm
    C:\Documents and Settings\T.Fox\Desktop\Logons\80720.exe
    C:\Documents and Settings\T.Fox\Desktop\Logons\anarchey.exe
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch53.zip
    C:\Program Files\Outerinfo
  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step #3
Please post a fresh HijackThis log back here, OtMoveIt log and RenV log :thumbsup:

Edited by Baabiouz, 16 February 2008 - 09:15 AM.

Posted Image

#22 sharpie

sharpie
  • Topic Starter

  • Members
  • 702 posts
  • OFFLINE
  •  
  • Location:Nor-Cal
  • Local time:04:57 AM

Posted 16 February 2008 - 06:13 PM

this is all the first one gave me-

Ran on Sat 02/16/2008 - 15:10:56.07


in the black box there were a lot of can not finds.

#23 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:57 AM

Posted 17 February 2008 - 02:41 AM

Ok. Do you have OtMoveIt log? :thumbsup:
Posted Image

#24 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:03:57 AM

Posted 23 February 2008 - 08:31 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users