Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help, was infected

Started by lemod , Jan 11 2015 08:55 PM

  • Please log in to reply

#1
lemod
Posted 11 January 2015 - 08:55 PM

lemod

    Member

  • Member
  • PipPip
  • 11 posts
I noticed some folder window popping up out of nowhere, so i decided to run full malwarebytes and light bitdefender scan while working on the computer, since i have been dealing with a temperature issue for a while, causing the computer to freeze or image to disappear often. Av scan came clean and mbam scan did not finished because computer overheated. Anyway, it did almost all the scanning steps and didn't caught anything. I rebooted in standard mode, retried mbam full scan and added superantispyware critical points scan - superantispyware just caught harmless tracking cookies and mbam did not finished due to overheat but caught nothing. Powered off the computer because had to leave and when i returned i booted in standard mode without internet connection (my keyboard has a key to turn internet connection off at any time) and to my surprise i wasn't able to start av and mbam scanning process. Rebooted with boot recovery and the same, booted in safe mode and same thing, booted in standard mode and at the second try i managed to start bitdefender scan (mbam has not worked yet), first a fast scan (caught nothing) and after that i have been trying to do a full scan but the overheating issue did not let me finish, thus far. Anyhow, just at my first try av caught something ( three (apparently ) harmless cookies, when usually caughts dozens). From then on did not caught anything, not even another cookie. Somewhere in the middle of the process (can't remember when) i did a adwcleaner scan, which only caught an internet explorer registry value. I have my computer internet connection off and i am writing from my mobile. I have turned it on along the process of trying to do a full av scan to do a netstat -ano and i caught some suspicious established connections (connections not appearing in task manager processes). I would appreciate any help. Thanks in advance.
  • 0

Advertisements

#2
lemod
Posted 11 January 2015 - 11:38 PM

lemod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Update: i downloaded and executed all 3 versions of OTL and they all stopped while scanning firefox settings. Since mbam is not working, i suppose the next step will be downloading rkill or the other equivalent program. Anyone can give any information/guidance at this moment?
  • 0

#3
zep516
Posted 12 January 2015 - 07:31 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,005 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


since i have been dealing with a temperature issue for a while

The temperature issue you speak of may have caused damage to the computer and or processor.

What is the make and model of your machine?

What is the installed operating system ?

Have you tried a system restore to stabilize the computer?

Joe
  • 0

#4
lemod
Posted 12 January 2015 - 08:10 AM

lemod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

.


Edited by lemod, 19 January 2015 - 01:13 AM.

  • 0

#5
zep516
Posted 12 January 2015 - 08:18 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,005 posts
Hello,
The temperature problem is going to have to be addressed if we can't get anywhere, some of these scans are processor intensive and may cause additional over heating thus resulting in possible more damage. Don't download anymore tools

Try doing this from regular mode, keep the Laptop elevated so air can flow under it, put books under each side.....

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#6
zep516
Posted 12 January 2015 - 08:24 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,005 posts
Hello,

I'm off to work now, I'll be back around 4pm

Joe
  • 0

#7
lemod
Posted 12 January 2015 - 04:39 PM

lemod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

.


Edited by lemod, 19 January 2015 - 01:11 AM.

  • 0

#8
zep516
Posted 13 January 2015 - 07:13 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,005 posts
Hello,

You need to address / fix the thermal issue. I don't know what the issue is.

I do have a fix for you and that's all we should do until the overheat issue is fixed, I'm afraid more damage may occur from running scans etc.

Hello,
 

Error: (01/12/2015 07:09:45 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system hibernated due to a critical thermal event.
Hibernation Hour = 2015-01-12T07:09:45.583434700Z

Thermal zone ACPI = ACPI\ThermalZone\TZ01

_HOT = 378K

Error: (01/12/2015 07:09:40 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system hibernated due to a critical thermal event.
Hibernation Hour = 2015-01-12T07:09:40.577148300Z

Thermal zone ACPI = ACPI\ThermalZone\TZ01

_HOT = 378K

Error: (01/12/2015 07:09:35 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system hibernated due to a critical thermal event.
Hibernation Hour = 2015-01-12T07:09:35.566861700Z

Thermal zone ACPI = ACPI\ThermalZone\TZ01

_HOT = 378K

Error: (01/12/2015 07:09:30 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: NT AUTHORITY)
Description: The system hibernated due to a critical thermal event.
Hibernation Hour = 2015-01-12T07:09:30.560575400Z

Thermal Zone ACPI = ACPI\ThermalZone\TZ01

_HOT = 378K

Error: (01/12/2015 07:09:25 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: NT AUTHORITY)
Description: The system hibernated due to a critical thermal event.
Hibernation Hour = 2015-01-12T07:09:25.552288900Z

Thermal zone ACPI = ACPI\ThermalZone\TZ01

_HOT = 378K

Error: (01/12/2015 07:09:20 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system hibernated due to a critical thermal event.
Hibernation Hour = 2015-01-12T07:09:20.545002500Z

Thermal Zone ACPI = ACPI\ThermalZone\TZ01

_HOT = 378K

Error: (01/12/2015 07:06:01 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system hibernated due to a critical thermal event.
Hibernation Hour = 2015-01-12T07:06:01.050952700Z

Thermal Zone ACPI = ACPI\ThermalZone\TZ01

_HOT = 378K

Error: (01/12/2015 07:05:56 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system hibernated due to a critical thermal event.
Hibernation Hour = 2015-01-12T07:05:56.043666300Z

Thermal Zone ACPI = ACPI\ThermalZone\TZ01

_HOT = 378K

Error: (01/12/2015 07:05:51 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: NT AUTHORITY)
Description: The system hibernated due to a critical thermal event.
Hibernation Hour = 2015-01-12T07:05:51.036379900Z

Thermal zone ACPI = ACPI\ThermalZone\TZ01

_HOT = 378K

Error: (01/12/2015 07:05:46 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: NT AUTHORITY)
Description: The system hibernated due to a critical thermal event.
Hibernation Hour = 2015-01-12T07:05:46.031093600Z

Thermal zone ACPI = ACPI\ThermalZone\TZ01

_HOT = 378K




A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-192838095-2953900800-1453392413-1000\...\Run: [] => [X]
HKU\S-1-5-21-192838095-2953900800-1453392413-1000\...\MountPoints2: {0946f188-111f-11e0-97c3-adc07044c6bc} - F:\Install.exe
HKU\S-1-5-21-192838095-2953900800-1453392413-1000\...\MountPoints2: {54998122-84ac-11e4-a4d9-60eb69493e6f} - V:\SETUP.EXE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-192838095-2953900800-1453392413-1000 -> {E5576AE2-7B3D-4FCE-B614-04C56C3B4BF0} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKU\S-1-5-21-192838095-2953900800-1453392413-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
C:\Users\Lemod\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnec4te.dll
C:\Users\Lemod\AppData\Local\Temp\HPQSi.exe
C:\Users\Lemod\AppData\Local\Temp\install_flash_player_ax.exe
C:\Users\Lemod\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Lemod\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Lemod\AppData\Local\Temp\ose00000.exe
C:\Users\Lemod\AppData\Local\Temp\Quarantine.exe
C:\Users\Lemod\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lemod\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-192838095-2953900800-1453392413-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lemod\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\Users\Lemod\Downloads\adwcleaner_4.106.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\cbsidlm-cbsi213-GIRDAC_PDF_to_Image_Converter-SEO-75217120.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\dopdf.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\DropboxInstaller.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\Firefox Setup Stub 30.0.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\gbooks.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\Google Books Downloader Lite.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\install_flash_player.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\my_downloader_installer.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\nitro_pro9.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\nitro_pro92.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\novapdf.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\OTL.com:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\OTL.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\OTL.scr:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\pdf-editor_setup_full1140.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\PDFill.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\pidgin-2.10.9.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\ProfessionalPlus.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\QuickTimeInstaller.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\ScanNowUPnP.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\Shockwave_Installer_Slim.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\vtexplorer.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\WinCDEmu-3.6.exe:BDU


CMD: ipconfig /flushdns
hosts:
Emptytemp:
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#9
lemod
Posted 13 January 2015 - 05:57 PM

lemod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

.


Edited by lemod, 19 January 2015 - 01:14 AM.

  • 0

#10
zep516
Posted 13 January 2015 - 07:56 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,005 posts
Hello,

Can you do this next,


A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-192838095-2953900800-1453392413-1000\...\Run: [] => [X]
HKU\S-1-5-21-192838095-2953900800-1453392413-1000\...\MountPoints2: {0946f188-111f-11e0-97c3-adc07044c6bc} - F:\Install.exe
HKU\S-1-5-21-192838095-2953900800-1453392413-1000\...\MountPoints2: {54998122-84ac-11e4-a4d9-60eb69493e6f} - V:\SETUP.EXE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-192838095-2953900800-1453392413-1000 -> {E5576AE2-7B3D-4FCE-B614-04C56C3B4BF0} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKU\S-1-5-21-192838095-2953900800-1453392413-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
C:\Users\Lemod\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnec4te.dll
C:\Users\Lemod\AppData\Local\Temp\HPQSi.exe
C:\Users\Lemod\AppData\Local\Temp\install_flash_player_ax.exe
C:\Users\Lemod\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Lemod\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Lemod\AppData\Local\Temp\ose00000.exe
C:\Users\Lemod\AppData\Local\Temp\Quarantine.exe
C:\Users\Lemod\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lemod\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-192838095-2953900800-1453392413-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lemod\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\Users\Lemod\Downloads\adwcleaner_4.106.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\cbsidlm-cbsi213-GIRDAC_PDF_to_Image_Converter-SEO-75217120.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\dopdf.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\DropboxInstaller.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\Firefox Setup Stub 30.0.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\gbooks.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\Google Books Downloader Lite.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\install_flash_player.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\my_downloader_installer.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\nitro_pro9.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\nitro_pro92.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\novapdf.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\OTL.com:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\OTL.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\OTL.scr:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\pdf-editor_setup_full1140.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\PDFill.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\pidgin-2.10.9.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\ProfessionalPlus.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\QuickTimeInstaller.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\ScanNowUPnP.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\Shockwave_Installer_Slim.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\vtexplorer.exe:BDU
AlternateDataStreams: C:\Users\Lemod\Downloads\WinCDEmu-3.6.exe:BDU
CMD: ipconfig /flushdns
hosts:
Emptytemp:
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Post the Fixlog.txt

Thanks
Joe :)
  • 0

Advertisements

#11
lemod
Posted 13 January 2015 - 10:31 PM

lemod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

.


Edited by lemod, 19 January 2015 - 01:14 AM.

  • 0

#12
lemod
Posted 14 January 2015 - 12:21 AM

lemod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

.


Edited by lemod, 19 January 2015 - 01:15 AM.

  • 0

#13
lemod
Posted 14 January 2015 - 11:43 AM

lemod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

.


Edited by lemod, 19 January 2015 - 01:12 AM.

  • 0

#14
zep516
Posted 15 January 2015 - 04:31 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,005 posts
Hello

Lemod I'll be with you as soon as possible, I was unable to be the internet yesterday so I am way behind.
  • 0

#15
lemod
Posted 15 January 2015 - 05:12 PM

lemod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

.


Edited by lemod, 19 January 2015 - 01:15 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP