Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Having computer trouble ... again >_> help please, hi everyone

Started by Paulos , Feb 22 2016 04:05 PM

  • Please log in to reply

#16
Paulos
Posted 23 February 2016 - 03:32 PM

Paulos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

I ran it then it asked to restart ... I'm still at the same place though really. Dang.


  • 0

Advertisements

#17
Paulos
Posted 23 February 2016 - 03:34 PM

Paulos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

By the way I'm sorry if I sound like a troll- I'm not I just really am stuck with this- I am happy for the VLC Viewer really I just still do not know what exactly to do with this ... meh.


  • 0

#18
RKinner
Posted 23 February 2016 - 03:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Look in the same folder for the  Fixlog.txt.  Open it , Copy and paste the text from the fixlog into a Reply.  

 

Also run a new FRSt scan with addition.txt checked and post both logs.


  • 0

#19
Paulos
Posted 23 February 2016 - 03:41 PM

Paulos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Slowly figuring out how to work the program now, finally...

 

Fix result of Farbar Recovery Scan Tool (x86) Version:21-02-2016 01
Ran by New (2016-02-23 16:28:01) Run:3
Running from C:\Documents and Settings\New\My Documents\Downloads
Loaded Profiles: New (Available Profiles: New)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-854245398-1336601894-1177238915-1003 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
S0 cerc6; no ImagePath
S4 IntelIde; no ImagePath
2016-02-22 16:26 - 2014-02-04 14:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
Task: C:\WINDOWS\Tasks\jx1plgvedP1bSwCZzFu9Zx4h.job => C:\Documents and Settings\New\Application Data\jx1plgvedP1bSwCZzFu9Zx4h.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\klcp_update.job => CMD /C sc create KLCPU binPath CMD /V /C SET \FILE \ ProgramFiles \ Lite Codec Pack Tools CodecTweakTool exe\\ IF EXIST FILE START \CTT\ FILE /verysilent /update /freq 30 type own type interact net start KLCPU sc delete KLCPU CMD New
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Run Tasks.job => C:\Program Files\user extensions\Tasks.exe <==== ATTENTION
2014-02-04 14:36 - 2013-03-06 10:35 - 07197648 _____ () C:\Program Files\K-Lite Codec Pack\Icaros\avcodec-ics-54.dll
2014-02-04 14:36 - 2013-03-06 10:35 - 00246909 _____ () C:\Program Files\K-Lite Codec Pack\Icaros\avutil-ics-52.dll
2014-02-04 14:36 - 2013-03-06 10:35 - 00963069 _____ () C:\Program Files\K-Lite Codec Pack\Icaros\avformat-ics-54.dll
2014-02-04 14:36 - 2013-03-06 10:35 - 00393273 _____ () C:\Program Files\K-Lite Codec Pack\Icaros\swscale-ics-2.dll
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\EroBisis\onuaci.exe] => Enabled:huyjuooe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\EroBisis\onuaci.exe] => Enabled:huyjuooe
StandardProfile\AuthorizedApplications: [C:\Program Files\BitComet\BitComet.exe] => Enabled:BitComet.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\TEMP\4fnoihfhd.exe] => Enabled:Policy
StandardProfile\AuthorizedApplications: [C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe] => Enabled:Crossbrowse
StandardProfile\GloballyOpenPorts: [19935:TCP] => Enabled:BitComet 19935 TCP
StandardProfile\GloballyOpenPorts: [19935:UDP] => Enabled:BitComet 19935 UDP
StandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:Policy
EmptyTemp:













*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-854245398-1336601894-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => key not found.
HKCR\CLSID\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => key not found.
cerc6 => service not found.
IntelIde => service not found.
"C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack" => not found.
C:\WINDOWS\Tasks\jx1plgvedP1bSwCZzFu9Zx4h.job => not found.
C:\WINDOWS\Tasks\klcp_update.job => not found.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => not found.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => not found.
C:\WINDOWS\Tasks\Run Tasks.job => not found.
"C:\Program Files\K-Lite Codec Pack\Icaros\avcodec-ics-54.dll" => not found.
"C:\Program Files\K-Lite Codec Pack\Icaros\avutil-ics-52.dll" => not found.
"C:\Program Files\K-Lite Codec Pack\Icaros\avformat-ics-54.dll" => not found.
"C:\Program Files\K-Lite Codec Pack\Icaros\swscale-ics-2.dll" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\EroBisis\onuaci.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\EroBisis\onuaci.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\4fnoihfhd.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\19935:TCP => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\19935:UDP => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6881:TCP => value not found.
EmptyTemp: => 62.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:28:20 ====


  • 0

#20
RKinner
Posted 23 February 2016 - 03:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Looks like it worked this time.

 

Waiting on the FRST and addition logs.


  • 0

#21
Paulos
Posted 24 February 2016 - 11:42 AM

Paulos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

I uh ... posted em! O_O


  • 0

#22
RKinner
Posted 24 February 2016 - 12:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Now I want new ones taken after the fix.

 

Also let's run Process Explorer and see if anything odd is going on.

 

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
Considering all of the malware that MBAM found you should probably spend the time to do a free online ESET scan:
 
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
 

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP