aspirit

Members
  • Content Count

    18
  • Joined

  • Last visited

Community Reputation

0 Neutral

About aspirit

  • Rank
    Member
  1. I think I had deleted it in safe mode before the scan the first time I rebooted normally it came back.
  2. Results below. ========== OTL ========== Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} C:\ProgramData\webex\ieatgpc.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Bill\Desktop\cmd.bat deleted successfully. C:\Users\Bill\Desktop\cmd.txt deleted successfully. c:\windows\system32\MemWarp.ocx moved successfully. File\Folder C:\ProgramData\boost_interprocess not found. ========== COMMANDS ========== Unable to start System Restore Service. Error code 1084 OTL by OldTimer - Version 3.2.69.0 log created on 06032013_193952
  3. Here are the results https://www.virustotal.com/en/file/af5daf5accbb6338a76ae214bf7ffdec8c64ab4ead74fdce9de5905b4b9dfcff/analysis/1370217041/ SystemLook 30.07.11 by jpshortstuff Log created at 18:56 on 02/06/2013 by Bill Administrator - Elevation successful ========== file ========== c:\windows\system32\memwarp.ocx - File found and opened. MD5: DD3A74962D0D61200E078F4E1C6574D6 Created at 21:49 on 07/04/2009 Modified at 16:56 on 29/03/2002 Size: 73728 bytes Attributes: --a---- FileVersion: 2.00 ProductVersion: 2.00 OriginalFilename: drspeed.ocx InternalName: drspeed ProductName: DrSpeedsys CompanyName: Aluria Software Comments: DrSpeedsys -= EOF =-
  4. Here are the results of the Panda Active Scan. I will wait for your reply before acting on the Farbar Recovery Scan Tool Attaching file. Looked bad just pasting it. ActiveScan.txt
  5. Thank you for your patience with this. I am getting very frustrated but I will keep plugging along. AdwCleaner did not give an error message it just froze and I had to hard reboot
  6. Eset is saying it can not get update. It ask if proxy setting is configured properly.
  7. Had problems. In regular mode it would scan and then freeze when I hit the delete. It will detect folder C:\ProgramData\boost_interprocess but will not delete it in regular mode. It does not detect it in safe mode. Then I had other things I had to do but I am now going to run the online scan now Here is the scan results but I don't get a delete result file because it freezes. # AdwCleaner v2.301 - Logfile created 05/29/2013 at 22:13:09 # Updated 16/05/2013 by Xplode # Operating system : Windows Vista Home Premium (32 bits) # User : Bill - BILL-PC # Boot Mode : Normal # Running from : C:\Users\Bill\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\boost_interprocess ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18882 [OK] Registry is clean. -\\ Google Chrome v27.0.1453.94 File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v [unable to get version] File : C:\Users\Bill\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R2].txt - [1045 octets] - [29/05/2013 19:12:33] AdwCleaner[R3].txt - [1149 octets] - [29/05/2013 19:18:18] AdwCleaner[R4].txt - [1162 octets] - [29/05/2013 19:24:56] AdwCleaner[R5].txt - [1254 octets] - [29/05/2013 19:28:32] AdwCleaner[R6].txt - [1342 octets] - [29/05/2013 20:52:36] AdwCleaner[R7].txt - [1126 octets] - [29/05/2013 22:13:09] AdwCleaner[s2].txt - [1108 octets] - [29/05/2013 19:12:43] AdwCleaner[s3].txt - [420 octets] - [29/05/2013 19:18:35] AdwCleaner[s4].txt - [345 octets] - [29/05/2013 19:28:45] AdwCleaner[s5].txt - [1402 octets] - [29/05/2013 20:52:49] ########## EOF - C:\AdwCleaner[R7].txt - [1424 octets] ##########
  8. https://www.virustotal.com/en/file/aea6a6cd65a45a15f882342a190a774f3b35f781519ae6689d1e480106018a12/analysis/1369872525/
  9. RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6000 ) 32 bits version Started in : Safe mode with network support User : Bill [Admin rights] Mode : Scan -- Date : 05/29/2013 18:04:48 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\windows\system32\config\SOFTWARE -> D:\windows\system32\config\SYSTEM -> D:\Users\Default\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 127.0.0.1 serial.alcohol-soft.com 127.0.0.1 www.alcohol-soft.com 127.0.0.1 images.alcohol-soft.com 127.0.0.1 trial.alcohol-soft.com 127.0.0.1 alcohol-soft.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST315005 41AS SCSI Disk Device +++++ --- User --- [MBR] c61f1dd9a5703cc6bff781887ad81007 [bSP] 79f217b87078e5bdd4abccd053ad2a98 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 33792 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 69208020 | Size: 1397003 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_05292013_02d1804.txt >> RKreport[1]_S_05292013_02d1804.txt
  10. After several attempts to run Combofix it was unsuccessful. It would freeze every time. I sometimes received an error that said Error saving file C:\windows\erdnt\Hiv-backup\COMPON~3! The registry could not read in or write out or flush one of the files that contain the system’s image of the registry. But most of the time it would start the file scan and then freeze. I let it set for 35 minutes to hours. The clock would even freeze. I tried running it in regular mode and safe mode. I have to do all of the checking in safe mode as it will not access the internet in the full mode but work fine in safe mode.
  11. SystemLook 30.07.11 by jpshortstuff Log created at 11:16 on 24/05/2013 by Bill Administrator - Elevation successful ========== dir ========== C:\ProgramData\boost_interprocess\20130524091604.125597 - Parameters: "(none)" ---Files--- 9334581e-7251-4ef7-a8ec-5bfe8e89ff68 --a---- 12 bytes [14:19 24/05/2013] [14:25 24/05/2013] plex_frame_mutex --a---- 12 bytes [14:20 24/05/2013] [14:25 24/05/2013] ---Folders--- None found. -= EOF =- malicious file FlashPlayer_V.86284124c deleted
  12. 1. Done 2.Systemlook results SystemLook 30.07.11 by jpshortstuff Log created at 09:29 on 24/05/2013 by Bill Administrator - Elevation successful ========== dir ========== C:\ProgramData\boost_interprocess - Parameters: "(none)" ---Files--- None found. ---Folders--- 20130524091604.125597 d------ [14:19 24/05/2013] -= EOF =- 3. devise D: is a hard drive recovery partition 4.link to scn report https://www.virustotal.com/en/file/dec5c52343bbcd8d9a4f195e21173e45e22ee716019793762c7b3bf9964d7fea/analysis/1369406163/ 5.I understand about file sharing being risky. Honestly I do not download music & movies. I use it to find out of print book on Magic Tricks and other impossiable to find items. 6.AdwCleaner results # AdwCleaner v2.301 - Logfile created 05/24/2013 at 09:49:22 # Updated 16/05/2013 by Xplode # Operating system : Windows Vista Home Premium (32 bits) # User : Bill - BILL-PC # Boot Mode : Safe mode with networking # Running from : C:\Users\Bill\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\boost_interprocess ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18882 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.23] : icon_url = "hxxp://www.delta-search.com/favicon.ico", Found [l.26] : keyword = "delta-search.com", Found [l.30] : search_url = "hxxp://www2.delta-search.com/?q={searchTerms}&affID=121232&babsrc=SP_ss&mntrId=A070001E90661385", -\\ Opera v [unable to get version] File : C:\Users\Bill\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [1197 octets] - [24/05/2013 09:46:12] AdwCleaner[R2].txt - [1128 octets] - [24/05/2013 09:49:22] ########## EOF - C:\AdwCleaner[R2].txt - [1188 octets] ########## Thank you very much for the help.
  13. I am having problems and something keeps creating C:\ProgramData\boost_interprocess folder. I can only access web pages in safe mode. Normal mode they just freeze. I have Ad Aware total security and Lavasoft registry tuner. I ran a virus scan that came back clean. Then I tried to run DDS but it would not run, it just freezes. I even tried in safe mode with the same result. So I cannot post DDS log fife but I was able to run OTL and here are those files Hope someone can help with these logs. OTL.Txt Extras.Txt
  14. Yontoo is gone and things seem to be working much smother. Thank you very much for the help.