I will deal with it a little bit later...OrangeRanger wrote:Forewarning, Elobuddy is a hack for League of Legends, the company was taken down and sued by Riot, so therefore the program no longer works, I just never deleted it.
By the reason that ESET may scan many hours, we use other tools to delete entries found by ESET scanner.OrangeRanger wrote:Also I thought I completely removed KMS, but apparently not, good news is ESET wants to get rid of it completely for me, which is good.
This scan took 10hrs due to how large my E drive is, will I have to rescan in order to clean what it found?
Because the external drive (E:) is your backup drive used by system File History backup utility, I will not touch it at all.OrangeRanger wrote:And obviously anything in E:\FileHistory\... is just automatically backed up even after I delete anything on my live version of Windows.
Personally, I don't like internal programs like File History Backup under Windows 10, which can make meaningless uncontrollable actions. Actually, I prefer to use some third party backups which are Windows's independent such as Western Digital Smart Incremental Backup or similar, but it is separate story.
Let's return back to our treatment. Please do the following:
Step 1.
FRST Fix
- Close all your programs.
- You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
- Please press the Windows Key + R.
- Type notepad.exe into the text box and click OK.
- A blank Notepad page should open.
- Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
- (Click the Select all button next to Code: to select the entire script).
- Code: Select all
CreateRestorePoint: C:\Program Files (x86)\EloBuddy C:\Users\Lucas\AppData\Roaming\EloBuddy EmptyTemp: CMD: ipconfig /flushdns
- Save it next to FRST64.exe as fixlist.txt.
Important! fixlist.txt must be saved in the same directory as FRST64.exe to work. - Right click on FRST64.exe and select Run as administrator.
- Press the Fix button one time only and wait.
- When FRST finishes you will be prompted to reboot your computer. Click OK.
- Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.
Step 2.
FRST Registry Search
- Close all your programs.
- You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
- Right click on FRST64.exe and select Run as administrator.
- When the tool opens click Yes to the disclaimer.
- Copy/Paste or Type the following line into the Search: box.EloBuddy;AutoKMS
- Press the Search Registry button.
- When finished searching a Search.txt log file will open on your Desktop
- Please post it in your next reply.
Step 3.
Show Hidden Files and Folders
- Please type File Explorer on Search Windows and run it.
- Click on the File tab and select Change folders and search options.
- In the Folder Options window click on the View tab.
- Check Show hidden files, folders and drives
- Uncheck Hide extensions for known file types and Hide protected operating system files.
- Click OK.
Step 4.
Upload Files to VirusTotal
- Please go to VirusTotlal.
- Click the Upload and scan file button and navigate to first of the following files:C:\Windows\SECOH-QAD.dll
C:\Windows\SECOH-QAD.exe
C:\Users\Lucas\Desktop\7 Script\7 Script.exe
C:\Windows\System32\drivers\netfilter2.sys
D:\Users\Lucas\Downloads\Unlocker1.9.2.exe - You might see a message saying File already analysed, if you do click Reanalyse.
- Wait for all the scans to finish until message "Analysis in progress..." disappeared, then copy and paste the web address from your broswer's address bar.
- Navigate to the next file in the list and repeat procedure for every file until the list ends.
- Include all web links in your next reply.
Note: if you cannot find one or both of the files let do not worry. Finish the rest of the steps and let me know in your reply which file(s) you could not find.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
Please include in your next reply:
- Do you have any problems executing the instructions?
- Contents of the Fixlog.txt log file
- Contents of the Search.txt log file
- The resulting web links after online file scans by Virus Total
- Do you see any changes in computer behavior?
Thanks,
pgmigg
Failure to post replies within 72 hours will result in this thread being closed