Weird .dll files messing up explorer.exe

Hey Ray92

Now, please download Combofix.
With Combofix, at the download window, please rename it to Combo-fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

• Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the Comobofix window, as it may cause it to stall.

Best Regards

 

Here is the comboFIX log:

ComboFix 08-09-05.02 -

EDITED

274

It didn't require a reboot

 

Hey Ray92

Firstly, open Notepad. Copy/paste the contents below, and then save it as fix.bat.

Code:

@echo off 
sc stop UJQBOBBM 
sc delete UJQBOBBM 
exit 

Run fix.bat.






Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

Open Notepad and copy/paste the text in the code box below into it:

Code:

File::
C:\Windows\System32\cheeto.exe
C:\Windows\System32\mpt.exe
C:\Windows\System32\mpxa.exe
C:\Users\RaYYaN\AppData\Local\Temp\UJQBOBBM.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

Save this as CFScript.txt in the same folder as Combofix.

Then drag the CFScript.txt into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).

Do not click on the ComoboFix window, as it may cause it to stall.

If you didn't reboot before, do it now, and then post the Combofix log and a new HijackThis log here.

Best Regards

PS: BioShock is an awesomely cool but weird game.

 

I know, I've finished it

This is the COMBOFIX log:

EDITED

 

I know, I've finished it

This is the COMBOFIX log:

EDITED


Thanks

 

EDIT - Double Post

 

One more thing left to do, and then you're done. If you wish for extra cleanup (temporary files, every single trace of malware...), just say the word.

Copy/Paste the text below into Notepad.

Code:

Windows Registry Editor Version 5.00

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] 
"{46A8322C-FB1F-4E01-B6D0-DFC39AD5D08D}"=-
"{1A1852BF-15C4-4BD2-8B85-BBDBF7C64218}"=-
"TCP Query User{F1659AF5-EFD1-4796-A9B6-4505CF5F4BD8}C:\\windows\\system32\\cheeto.exe"=-
"UDP Query User{4C7CC446-98AC-4F8C-BE83-5FAA6CF90D24}C:\\windows\\system32\\cheeto.exe"=-

Save this as fix.reg.

Then copy/paste the following text into Notepad.

Code:

@echo off
regedit.exe fix.reg
cd C:\Windows\system32
del kek.exe
exit

Save this as fix.bat in the same folder as fix.reg, and answer yes to any prompts it may produce.

Best Regards

PS: Chrysis is cool as well. I never quite get used to switching between modes though.

 

I've done that fix thing, I regularly clean my laptop using programs like C cleaner, and defragment the HD

I just want to make sure there are no traces of viruses/malware of any sort left, as it's new

Thanks for your help

PS - HOW DO YOU KNOW WHAT GAMES I HAVE???????????????????????

 

I can read minds. Or maybe your Combofix log shows folders with names like Chrysis and BioShock and others...

Does this mean you want extra cleanup? This might take one more scanner...

Download A-squared Free. Update it, and then do a scan with it, but do not remove anything yet. Simply post the log here.

Best Regards

 

LMAO

I'll post the log in a while