Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Having computer trouble ... again >_> help please, hi everyone


  • Please log in to reply

#16
Paulos

Paulos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

I ran it then it asked to restart ... I'm still at the same place though really. Dang.


  • 0

Advertisements


#17
Paulos

Paulos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

By the way I'm sorry if I sound like a troll- I'm not I just really am stuck with this- I am happy for the VLC Viewer really I just still do not know what exactly to do with this ... meh.


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

Look in the same folder for the  Fixlog.txt.  Open it , Copy and paste the text from the fixlog into a Reply.  

 

Also run a new FRSt scan with addition.txt checked and post both logs.


  • 0

#19
Paulos

Paulos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Slowly figuring out how to work the program now, finally...

 

Fix result of Farbar Recovery Scan Tool (x86) Version:21-02-2016 01
Ran by New (2016-02-23 16:28:01) Run:3
Running from C:\Documents and Settings\New\My Documents\Downloads
Loaded Profiles: New (Available Profiles: New)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-854245398-1336601894-1177238915-1003 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
S0 cerc6; no ImagePath
S4 IntelIde; no ImagePath
2016-02-22 16:26 - 2014-02-04 14:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
Task: C:\WINDOWS\Tasks\jx1plgvedP1bSwCZzFu9Zx4h.job => C:\Documents and Settings\New\Application Data\jx1plgvedP1bSwCZzFu9Zx4h.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\klcp_update.job => CMD /C sc create KLCPU binPath CMD /V /C SET \FILE \ ProgramFiles \ Lite Codec Pack Tools CodecTweakTool exe\\ IF EXIST FILE START \CTT\ FILE /verysilent /update /freq 30 type own type interact net start KLCPU sc delete KLCPU CMD New
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Run Tasks.job => C:\Program Files\user extensions\Tasks.exe <==== ATTENTION
2014-02-04 14:36 - 2013-03-06 10:35 - 07197648 _____ () C:\Program Files\K-Lite Codec Pack\Icaros\avcodec-ics-54.dll
2014-02-04 14:36 - 2013-03-06 10:35 - 00246909 _____ () C:\Program Files\K-Lite Codec Pack\Icaros\avutil-ics-52.dll
2014-02-04 14:36 - 2013-03-06 10:35 - 00963069 _____ () C:\Program Files\K-Lite Codec Pack\Icaros\avformat-ics-54.dll
2014-02-04 14:36 - 2013-03-06 10:35 - 00393273 _____ () C:\Program Files\K-Lite Codec Pack\Icaros\swscale-ics-2.dll
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\EroBisis\onuaci.exe] => Enabled:huyjuooe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\EroBisis\onuaci.exe] => Enabled:huyjuooe
StandardProfile\AuthorizedApplications: [C:\Program Files\BitComet\BitComet.exe] => Enabled:BitComet.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\TEMP\4fnoihfhd.exe] => Enabled:Policy
StandardProfile\AuthorizedApplications: [C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe] => Enabled:Crossbrowse
StandardProfile\GloballyOpenPorts: [19935:TCP] => Enabled:BitComet 19935 TCP
StandardProfile\GloballyOpenPorts: [19935:UDP] => Enabled:BitComet 19935 UDP
StandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:Policy
EmptyTemp:













*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-854245398-1336601894-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => key not found.
HKCR\CLSID\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => key not found.
cerc6 => service not found.
IntelIde => service not found.
"C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack" => not found.
C:\WINDOWS\Tasks\jx1plgvedP1bSwCZzFu9Zx4h.job => not found.
C:\WINDOWS\Tasks\klcp_update.job => not found.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => not found.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => not found.
C:\WINDOWS\Tasks\Run Tasks.job => not found.
"C:\Program Files\K-Lite Codec Pack\Icaros\avcodec-ics-54.dll" => not found.
"C:\Program Files\K-Lite Codec Pack\Icaros\avutil-ics-52.dll" => not found.
"C:\Program Files\K-Lite Codec Pack\Icaros\avformat-ics-54.dll" => not found.
"C:\Program Files\K-Lite Codec Pack\Icaros\swscale-ics-2.dll" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\EroBisis\onuaci.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\EroBisis\onuaci.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\4fnoihfhd.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\19935:TCP => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\19935:UDP => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6881:TCP => value not found.
EmptyTemp: => 62.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:28:20 ====


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

Looks like it worked this time.

 

Waiting on the FRST and addition logs.


  • 0

#21
Paulos

Paulos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

I uh ... posted em! O_O


  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

Now I want new ones taken after the fix.

 

Also let's run Process Explorer and see if anything odd is going on.

 

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
Considering all of the malware that MBAM found you should probably spend the time to do a free online ESET scan:
 
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP