Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Highjack or Intrusion attempt?


  • This topic is locked This topic is locked

#16
Indexx

Indexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

yes both have been completely removed.


  • 0

Advertisements


#17
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
I miss win xp :)


Lets do a on- line scan check of things for you. This will take some time..

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Post the ESET Log.

Thanks
Joe :)
  • 0

#18
Indexx

Indexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Virus signature database downloading very SLOW.

Will send in a while


  • 0

#19
Indexx

Indexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

I got a "unexpected error 2002". Wasn't watching so not sure, restarted, downloading list again.


  • 0

#20
Indexx

Indexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

50% there now. might just send report in the morning.

nite


  • 0

#21
Indexx

Indexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Got it.

 

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=ffa203191ea7f54e81a0c1fc40063df3
# engine=18885
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-26 04:47:24
# local_time=2014-06-25 11:47:24 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='ZoneAlarm Antivirus'
# compatibility_mode=9217 16777214 75 70 131619774 247133248 0 0
# scanned=162741
# found=3
# cleaned=0
# scan_time=7759
sh=A154FE73378B4816E18FD14036E7A78653985421 ft=1 fh=6ce52490e591b062 vn="Win32/Somoto.A potentially unwanted application" ac=I fn="C:\Documents and Settings\boss.LASRIUS\My Documents\Downloads\UnlockRoot Prov3.41\UnlockRoot_downloader_by_UnlockRoot.exe"
sh=E8A61273AE98944C8909B2E48A70E5453F589A37 ft=1 fh=dedf23abbac3cb73 vn="Win32/UnlockRoot potentially unsafe application" ac=I fn="C:\Program Files\Unlockroot\unlockrootpro-internal.exe"
sh=8E3C5227EE9707038C2F94C35CB7DE7DDC32F905 ft=1 fh=3e4f488add131322 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\mis_D\software\any-video-converter-5-0-3-avc-free.exe"
 


  • 0

#22
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

Lets get rid of that stuff in ESET using OTL, or you van navigate to them in delete them.

Next

We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    
    :Files
    D:\mis_D\software\any-video-converter-5-0-3-avc-free.exe
    C:\Program Files\Unlockroot\unlockrootpro-internal.exe
    C:\Documents and Settings\boss.LASRIUS\My Documents\Downloads\UnlockRoot Prov3.41\UnlockRoot_downloader_by_UnlockRoot.exe
    
    :Commands
    
    [emptytemp]
    
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply:
Post the OTL Fix log, it pops up after reboot.

Thanks
Joe :)
  • 0

#23
Indexx

Indexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Good evening joe,

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== FILES ==========
D:\mis_D\software\any-video-converter-5-0-3-avc-free.exe moved successfully.
C:\Program Files\Unlockroot\unlockrootpro-internal.exe moved successfully.
C:\Documents and Settings\boss.LASRIUS\My Documents\Downloads\UnlockRoot Prov3.41\UnlockRoot_downloader_by_UnlockRoot.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: boss
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: boss.LASRIUS
->Temp folder emptied: 98304 bytes
->Temporary Internet Files folder emptied: 213253 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1642181 bytes
->Flash cache emptied: 470 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1024 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 35345424 bytes
 
Total Files Cleaned = 36.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06262014_183509

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\ZLT06848.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT06851.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

OTL logfile created on: 6/26/2014 6:39:06 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.04 Mb Total Physical Memory | 723.56 Mb Available Physical Memory | 70.80% Memory free
2.40 Gb Paging File | 2.24 Gb Available in Paging File | 93.10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2304 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.00 Gb Total Space | 38.63 Gb Free Space | 39.83% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 64.17 Gb Free Space | 57.40% Space Free | Partition Type: NTFS
Drive E: | 13.75 Gb Total Space | 0.77 Gb Free Space | 5.60% Space Free | Partition Type: FAT32
 
Computer Name: LASRIUS | User Name: boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/24 19:30:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14\OTL.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/23 23:38:28 | 000,968,696 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2006/08/23 23:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2003/07/25 02:40:06 | 000,335,872 | ---- | M] (Globe Software) -- C:\Program Files\Globe Software\StatBar\StatBar.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2006/08/23 23:40:50 | 000,145,408 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2006/08/23 23:40:50 | 000,047,104 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\_socket.pyd
MOD - [2006/08/23 23:40:50 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\signedDll.pyd
MOD - [2006/08/23 23:40:50 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyvsinit.pyd
MOD - [2006/08/23 23:37:52 | 000,796,584 | ---- | M] () -- C:\WINDOWS\system32\libeay32_0.9.6l.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/06/09 14:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2006/08/23 23:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/15 00:39:23 | 000,003,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\socketlock.sys -- (SocketLock)
DRV - [2010/04/14 00:04:56 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)
DRV - [2008/04/14 01:25:10 | 000,202,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 01:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/08/23 23:38:36 | 000,392,824 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2006/08/03 01:53:32 | 000,029,680 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2006/04/18 06:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/14 13:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/03/02 06:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/09/20 05:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/09/19 15:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 15:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 15:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 10:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 10:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 10:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {D21C353A-29E5-4F69-AF31-8432DDF80CBF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B6A5E4C4-2536-4B0D-A258-F4FBBEDB455B}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{C4236BF9-A0E9-4F8D-BD96-F06419E16F30}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{C739D6C0-6E08-42FF-A68D-5540E553A401}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D21C353A-29E5-4F69-AF31-8432DDF80CBF}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/08 10:58:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/01/08 10:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\boss.LASRIUS\Application Data\Mozilla\Extensions
[2013/01/08 10:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2014/06/24 20:46:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe (Globe Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = @ [binary data]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Inso Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | --S- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | --S- | M] () - E:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/25 19:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/06/24 21:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/06/24 21:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boss.LASRIUS\Start Menu\Programs\Revo Uninstaller
[2014/06/24 20:46:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/24 19:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14
[2010/04/14 00:04:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/26 18:36:46 | 000,048,882 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/06/26 18:36:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/24 21:57:19 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\boss.LASRIUS\Desktop\Revo Uninstaller.lnk
[2014/06/24 20:46:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/06/19 21:41:47 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint Shop Pro 7.lnk
[2014/06/10 21:39:24 | 000,000,209 | -HS- | M] () -- C:\boot.ini
 
========== Files Created - No Company Name ==========
 
[2014/06/24 21:57:19 | 000,000,919 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Desktop\Revo Uninstaller.lnk
[2013/12/06 19:49:52 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2013/05/12 22:13:09 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\recently-used.xbel
[2012/07/11 18:42:29 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/22 15:47:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\wklnhst.dat
[2010/05/05 00:53:04 | 000,000,382 | R-S- | C] () -- C:\Documents and Settings\boss.LASRIUS\ntuser.pol
[2010/04/17 01:58:58 | 000,002,222 | R-S- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/15 11:35:24 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.old
[2010/04/14 00:04:18 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\inst.exe
[2010/04/14 00:04:18 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.cat
[2010/04/14 00:04:18 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.inf
[2010/04/13 11:13:46 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006/03/28 07:39:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 06:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009/12/20 02:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2013/06/26 21:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC
[2006/06/05 07:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/03/25 23:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2006/08/05 01:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/10/17 01:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/11/04 20:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/08/09 11:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/12/06 19:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2014/03/22 23:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/12/20 01:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/17 12:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint old
[2008/04/12 11:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2014/03/22 23:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2013/12/06 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\AnvSoft
[2012/03/25 23:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Epson
[2010/04/19 22:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Leadertech
[2014/06/26 18:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\NetSpeedMonitor
[2014/01/23 19:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\OpenOffice
[2013/10/25 18:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\OverDrive
[2011/10/16 15:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\pdf995old
[2014/03/22 23:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\TaxCut
[2010/06/22 15:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Template
[2010/04/14 00:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Vso
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

#24
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello indexx,


Your logs are clean, if there are no further issues lets clean up our tools
  • Double-click OTL OTLicon.jpg to start the program.
  • Copy and paste the following text below into the Custom Scans/Fixes box at the bottom of OTL.

    :Commands
    [ClearAllRestorePoints]

  • Then click the Run Fix button.
  • Let the program run unhindered. When finished click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the CleanUpButtonOTL.jpg button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process will flush old System Restore Points and create a new, clean one as well as uninstalling the tools used in this process including OTL itself.


Next

Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
Right click on the JRT Icon and select delete.
If there are any left over tools or logs on your computer please delete them now.

I don't recommend re installing Adobe reader it's a pretty well targeted product by malware. I would sugguest sumatra for reading PDF files

http://blog.kowalczy...pdf-viewer.html

http://securitygarde.../label/tutorial



You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here

Thanks
Joe :)
  • 0

#25
Indexx

Indexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Sorry my friend but it,s still the same.

To refresh the problem. with my zonealarm when I start the computer I click two yes,s to connect. Then when I open firefox I get one click for the loopback. Then it waits for me to tell it where to go. Then one more click to connect there. I can then go to other sites on that page or in a new tab. If I close firefox and restart it the whole click thing starts all over again.

Now when I open firefox a few seconds after what should be the one loopback click a new unknown, unasked for click appears. ZA shows it as www47.zippyshare.com. if I click no the browser will not go to any site. If I close it and try again the some thing happens but might point to hosted_by_i3d.net.

What I,ve been doing the last few days is right after the 1st loopback click I paste an address really fast before the 2nd zippy click can ask to log on.

While online there seems to be a slow nonstop trickle of data fow both ways ( 1 to 4 k.) till I close the browser.

IE not working since MS last patch in may.

No data flow with browser closed.


  • 0

Advertisements


#26
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello indexx,

My only suggestion at this point is to reinstall Firefox and see. If that does not resolve it reset you router and re-do it. Finally there is zone Alarm uninstall reinstall.

I'd start with Firefox.
  • 0

#27
Indexx

Indexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

I'll try fooling with firefox. I though about 1st trying to reset it but I havn't found the switch in the settings anywhere. Any hints as to where to find it?


  • 0

#28
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

Reset Firefox Here


Reinstall Firefox Here
  • 0

#29
Indexx

Indexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I figured it out. Seems to of helped. different anyway. So far no unknown requests. Did you think my data was compromised? Any chance of getting my IE up and running?
  • 0

#30
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
No I don't think your data was compromised. Just your patience.

What version of IE? What is wrong with it ? We can reset IE.

The real choice for XP/IE users is get off IE or get off XP !

Joe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP