Hello!
Since this morning, I’ve been getting this message popping up on my screen. I’ve run a full system scan just now. No threats found. But whenever I’m logged on to internet, this message is coming up continuously. I’m attaching the screen shots.
Any help to sort out this issue is much apreciated.
Thanks
BK
Hello,
follow this guide and attach the logs from Malwarebytes, OTL and aswMBR(Not Win 8/8.1 compatible)
http://forum.avast.com/index.php?topic=53253.0
And welcome to the forum 
Thanks Steve for your guidance. I’ve done as per the link. However, I didn’t get any Extras.txt whent running the OTL. Have I done something wrong? Please let me know.
I’ve attahed herewith MBAM log, OTL log and aswmbr log.
Looking forward for your help!
Thanks!
Hi,
I’ll will be working on your malware issue. Do not use-attach any USB memory device while cleaning is in progress. Your USB’s devices are infected and we will clean them later …
- Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.
- Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.
Instructions how to disable avast:
[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.
- Run ComboFix. Click on I Agree!
[i][size=7pt]- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.[/size]
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console. - ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
[/i]
- When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
ComboFix shall also create addition log. Please attach it to your reply.
C:\Qoobox[b]ComboFix-quarantined-files.txt[/b]
Hi magna86,
I’m hereby attaching the combofix.txt and combofix-quarantined-files.txt.
Thanks for help!
Hi bobkayram,
ComboFix has been done a great job. Nothing that is bad is no longer active in system, it’s dead. Now we just need to target the remains. We shall do that with fresh OTL.
Therefore, run OTL again, press QuickScan and post me the fresh OTL.txt logreprot.
Hello magna86,
I’m attaching the OTL log by Quickscan report herewith. Thanks again for your immense help and time!
This OTL log looks much better then the one posted before actions performed by ComboFix.
However, OTL logfile still shows some leftovers that should be clean up. This is a good job-deal for Zoek.
Please download zoek.exe or zoek.zip/rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
CreateSRPoint; Install-List; Uninstall-List; EmptyFolderCheck;Delete {02478D38-C3F9-4efb-9B51-7695ECA05670};c EmptyCLSID; C:\Users\luv64\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks;FS C:\Users\luv64\AppData\Roaming\Mozilla\Profiles\258p0wsv.Default User\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b};FS FFDefaults; blpcfgokakmgnkcojhhkbfbldkacnbeo;CHR coobgpohoikkiipiblmjeljniedjpjpf;CHR doeiiacdhfmpdeckdaifnjaemmkkdlkf;CHR icmlaeflemplmjndnaapfdbbnpncnbda;CHR lifbcibllhkdhoafpjfnlhfpfgnpldfl;CHR nneajnkjbffgblleaoojgaacokifdkhm;CHR pjkljhegncpnkpknbcohdijeoejaedia;CHR CHRDefaults; C:\Windows\SysNative\*.tmp;F C:\Windows\*.tmp;F C:\Users\luv64\AppData\Roaming\Babylon;FS AutoClean;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Hello magna86,
I’m hereby attaching the zoek log for your perusal. Thanks again for your efforts!
Looks good. Just one small thing …
Re-run zoek again as you did before but this time via this script:
MyFreeCodec;u
Click on RunScript button and zoek shall preform fast fix. When he throws the notepad (logfile) copy-paste the resultst here and tell me how is the computer running now?
Thanks magna86.
The copy, pasted zoek log
``` [sub] Zoek.exe v5.0.0.0 Updated 15-February-2014 Tool run by luv64 on Fri 02/21/2014 at 6:51:28.08. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\luv64\Downloads\zoek.exe [Scan all users] [Script inserted]==== Older Logs ======================
C:\zoek-results2014-02-20-143805.log 53151 bytes
==== Deleting Registry Keys ======================
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec deleted successfully==== C:\zoek_backup content ======================
C:\zoek_backup (files=1843 folders=420 113921002 bytes)
==== EOF on Fri 02/21/2014 at 6:56:10.97 ======================
[/sub]</blockquote> I can see a marked improvement in the boot up process; it much swifter now. I can't be much more objective as I'm not a tech savvy guy. Hope you understand. Thanks for all the help! By the way, in one of the earlier messages, you've mentioned that my USB drives need tobe taken care of. May I ask you what are the procedures for it. For your information, I've two pen drives, one HDD, a printer, an additional monitor and occasionally my android phone used by laptop (the current system).
To check USB, use MCShield. Here is how …
Please download MCShield from one of the following links:
MCShield -Official download link
[*]Double click on MCShield-Setup to install the application.
Next => I Agree => Next => Install … per installation click on Run! button.
[]Wait a few seconds to MCShield finish initial HDD scan…
[]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
• The following will implement some post-cleanup procedures:
It is necessary to uninstall ComboFix :
[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
[*] In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
[*] then click OK (or press Enter ).
Wait for the uninstall process is complete.
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Hi magna86,
I thank you and the forum for all the support you’ve provided me with. I’ve run the McShield and the USB drives have been made healthy.
I have another query
My internal DVD drive isn’t reading any discs. But it’s alive, in the sense that the led light is on when a cd is inserted. But it isn’t reading the discs.
This has been there for a while. Is there any remedy for this?
Looking forward to hear from you!
Regards,
BKR
There are three possible problems:
- ROM (cd/dvd reader) device does not work properly (e.g. pin does not read the disc or ROM is full of dust …)
- CD/DVD disk you are using isn’t valid (e.g. scratched/damaged disk …)
- PSU’s cable which grants power supply to ROM device might be incorrectly (e.g. does not assign the correct or balanced [I’m not sure what’s the right word in English] power)
It should investigate by yourself what the problem might be.
Hi magna86,
Thanks for your response regarding the DVD drive. I’ll look into them.
By the way, I’ve noticed that zoek.zip is trying to get downloaded automatically when I rebooted the system this morning. I’ve attached the screenshot of download history wherein the blue circled one has been downloaded on Thursday. The red circled one on top with a question mark is at 8:09am this morning. Is this something to worry about?
Thanks in advance!
Regards,
BKR
Zoek is command line tool, it does not have that kind of feature. Just delete the download history adn use DelFix to remove zoek and all his related files.
Hello magna86,
Thanks again for all your help. Now it’s perfect. Thanks!