holdenyosarian
Posts: 6 +0
Accidentally connected while ZL suite was off, picked something up:
turned ZL back on- warnings from Zl and win.
Zl- "Services and Controller is trying to open/unload/alter driver"- "driver" was "klm1"-never appeared before.
When refused, win alert-"the ordinal 110 could not be located in the dynamic link library SSLEAY32.dll"
when I initially ran a full scan (post exposure)-scan discontinued before completion.
However, accidentally clicked "ALLOW" on ZL "Allow or deny driver to unload!!!!
HJT found three ADS- two are "invisible" (don't appear in supposed folder)-AND the files ARE PARSING MY POSTS!!!...
In other words, I tried to report above to another help site,but
instead of the name of the folder appearing as I typed it...IT DROPPED THE
FIRST LETTER, REPLACING IT WITH A GREEN SMILEY FACE! (posted twice, to make sure it wasn't typo).
was told not to delete ADS until I determined funtion..but why on earth would anything necessary prevent reporting it by name?!?!?
here are the ADS:
C:\Documents and Settings\All Users\Application Data\TEMP...then the file
"D"...is the first letter..followed by "FC5A2B2"...(118 bytes)
This appears twice on the HJT ADS scan, as well as...
C:\Documents and Settings\HP_Adminstrator\Favorites\Ancestry.com-SSmithe.url:favicon (9062 bytes)
What is the TEMP file? Is there any reason I shouldn't assume it's malicious?
Should I expect HJT to remove the threat completely (by using the "Remove Selected" function?
What should be done about the unloaded "klm1" driver?
Is it related to the ADS?
THANKS!!
turned ZL back on- warnings from Zl and win.
Zl- "Services and Controller is trying to open/unload/alter driver"- "driver" was "klm1"-never appeared before.
When refused, win alert-"the ordinal 110 could not be located in the dynamic link library SSLEAY32.dll"
when I initially ran a full scan (post exposure)-scan discontinued before completion.
However, accidentally clicked "ALLOW" on ZL "Allow or deny driver to unload!!!!
HJT found three ADS- two are "invisible" (don't appear in supposed folder)-AND the files ARE PARSING MY POSTS!!!...
In other words, I tried to report above to another help site,but
instead of the name of the folder appearing as I typed it...IT DROPPED THE
FIRST LETTER, REPLACING IT WITH A GREEN SMILEY FACE! (posted twice, to make sure it wasn't typo).
was told not to delete ADS until I determined funtion..but why on earth would anything necessary prevent reporting it by name?!?!?
here are the ADS:
C:\Documents and Settings\All Users\Application Data\TEMP...then the file
"D"...is the first letter..followed by "FC5A2B2"...(118 bytes)
This appears twice on the HJT ADS scan, as well as...
C:\Documents and Settings\HP_Adminstrator\Favorites\Ancestry.com-SSmithe.url:favicon (9062 bytes)
What is the TEMP file? Is there any reason I shouldn't assume it's malicious?
Should I expect HJT to remove the threat completely (by using the "Remove Selected" function?
What should be done about the unloaded "klm1" driver?
Is it related to the ADS?
THANKS!!
