yes both have been completely removed.
Highjack or Intrusion attempt?
Started by
Indexx
, Jun 24 2014 05:29 PM
-
This topic is locked
#17
Posted 25 June 2014 - 06:20 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
I miss win xp 
Lets do a on- line scan check of things for you. This will take some time..
ESET Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Thanks
Joe
Lets do a on- line scan check of things for you. This will take some time..
ESET Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
- Please go >>HERE<< then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the
icon to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. - Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic.
- Now click on:
(Selecting Uninstall application on close if you so wish)
Thanks
Joe
#18
Posted 25 June 2014 - 06:42 PM
Indexx
- Topic Starter
-
- Member
-
- 47 posts
Member
Virus signature database downloading very SLOW.
Will send in a while
#19
Posted 25 June 2014 - 07:41 PM
Indexx
- Topic Starter
-
- Member
-
- 47 posts
Member
I got a "unexpected error 2002". Wasn't watching so not sure, restarted, downloading list again.
#20
Posted 25 June 2014 - 10:57 PM
Indexx
- Topic Starter
-
- Member
-
- 47 posts
Member
50% there now. might just send report in the morning.
nite
#21
Posted 26 June 2014 - 08:38 AM
Indexx
- Topic Starter
-
- Member
-
- 47 posts
Member
Got it.
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=ffa203191ea7f54e81a0c1fc40063df3
# engine=18885
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-26 04:47:24
# local_time=2014-06-25 11:47:24 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='ZoneAlarm Antivirus'
# compatibility_mode=9217 16777214 75 70 131619774 247133248 0 0
# scanned=162741
# found=3
# cleaned=0
# scan_time=7759
sh=A154FE73378B4816E18FD14036E7A78653985421 ft=1 fh=6ce52490e591b062 vn="Win32/Somoto.A potentially unwanted application" ac=I fn="C:\Documents and Settings\boss.LASRIUS\My Documents\Downloads\UnlockRoot Prov3.41\UnlockRoot_downloader_by_UnlockRoot.exe"
sh=E8A61273AE98944C8909B2E48A70E5453F589A37 ft=1 fh=dedf23abbac3cb73 vn="Win32/UnlockRoot potentially unsafe application" ac=I fn="C:\Program Files\Unlockroot\unlockrootpro-internal.exe"
sh=8E3C5227EE9707038C2F94C35CB7DE7DDC32F905 ft=1 fh=3e4f488add131322 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\mis_D\software\any-video-converter-5-0-3-avc-free.exe"
#22
Posted 26 June 2014 - 04:42 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello,
Lets get rid of that stuff in ESET using OTL, or you van navigate to them in delete them.
Next
We need to do a fix to delete some files using OTL
Post the OTL Fix log, it pops up after reboot.
Thanks
Joe
Lets get rid of that stuff in ESET using OTL, or you van navigate to them in delete them.
Next
We need to do a fix to delete some files using OTL
- Double click on the
to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it. - Under the Custom Scans/Fixes box at the bottom, paste in the following
:COMMANDS [CREATERESTOREPOINT] :OTL :Files D:\mis_D\software\any-video-converter-5-0-3-avc-free.exe C:\Program Files\Unlockroot\unlockrootpro-internal.exe C:\Documents and Settings\boss.LASRIUS\My Documents\Downloads\UnlockRoot Prov3.41\UnlockRoot_downloader_by_UnlockRoot.exe :Commands [emptytemp]
- Make sure all other windows are closed.
- Click the Run Fix button at the top
- Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
- Post the log that is found in C:\_OTL\Moved Files in your next reply.
- Open OTL again and click the Quick Scan button.
Post the OTL Fix log, it pops up after reboot.
Thanks
Joe
#23
Posted 26 June 2014 - 05:54 PM
Indexx
- Topic Starter
-
- Member
-
- 47 posts
Member
Good evening joe,
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== FILES ==========
D:\mis_D\software\any-video-converter-5-0-3-avc-free.exe moved successfully.
C:\Program Files\Unlockroot\unlockrootpro-internal.exe moved successfully.
C:\Documents and Settings\boss.LASRIUS\My Documents\Downloads\UnlockRoot Prov3.41\UnlockRoot_downloader_by_UnlockRoot.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: boss
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: boss.LASRIUS
->Temp folder emptied: 98304 bytes
->Temporary Internet Files folder emptied: 213253 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1642181 bytes
->Flash cache emptied: 470 bytes
User: Default User
->Temp folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1024 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 35345424 bytes
Total Files Cleaned = 36.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06262014_183509
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\ZLT06848.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT06851.TMP not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 6/26/2014 6:39:06 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.04 Mb Total Physical Memory | 723.56 Mb Available Physical Memory | 70.80% Memory free
2.40 Gb Paging File | 2.24 Gb Available in Paging File | 93.10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.00 Gb Total Space | 38.63 Gb Free Space | 39.83% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 64.17 Gb Free Space | 57.40% Space Free | Partition Type: NTFS
Drive E: | 13.75 Gb Total Space | 0.77 Gb Free Space | 5.60% Space Free | Partition Type: FAT32
Computer Name: LASRIUS | User Name: boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/24 19:30:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14\OTL.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/23 23:38:28 | 000,968,696 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2006/08/23 23:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2003/07/25 02:40:06 | 000,335,872 | ---- | M] (Globe Software) -- C:\Program Files\Globe Software\StatBar\StatBar.exe
========== Modules (No Company Name) ==========
MOD - [2006/08/23 23:40:50 | 000,145,408 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2006/08/23 23:40:50 | 000,047,104 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\_socket.pyd
MOD - [2006/08/23 23:40:50 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\signedDll.pyd
MOD - [2006/08/23 23:40:50 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyvsinit.pyd
MOD - [2006/08/23 23:37:52 | 000,796,584 | ---- | M] () -- C:\WINDOWS\system32\libeay32_0.9.6l.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/06/09 14:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2006/08/23 23:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/15 00:39:23 | 000,003,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\socketlock.sys -- (SocketLock)
DRV - [2010/04/14 00:04:56 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)
DRV - [2008/04/14 01:25:10 | 000,202,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 01:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/08/23 23:38:36 | 000,392,824 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2006/08/03 01:53:32 | 000,029,680 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2006/04/18 06:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/14 13:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/03/02 06:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/09/20 05:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/09/19 15:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 15:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 15:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 10:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 10:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 10:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {D21C353A-29E5-4F69-AF31-8432DDF80CBF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B6A5E4C4-2536-4B0D-A258-F4FBBEDB455B}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{C4236BF9-A0E9-4F8D-BD96-F06419E16F30}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{C739D6C0-6E08-42FF-A68D-5540E553A401}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D21C353A-29E5-4F69-AF31-8432DDF80CBF}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/08 10:58:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/01/08 10:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\boss.LASRIUS\Application Data\Mozilla\Extensions
[2013/01/08 10:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2014/06/24 20:46:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe (Globe Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = @ [binary data]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Inso Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | --S- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | --S- | M] () - E:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/06/25 19:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/06/24 21:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/06/24 21:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boss.LASRIUS\Start Menu\Programs\Revo Uninstaller
[2014/06/24 20:46:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/24 19:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14
[2010/04/14 00:04:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2014/06/26 18:36:46 | 000,048,882 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/06/26 18:36:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/24 21:57:19 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\boss.LASRIUS\Desktop\Revo Uninstaller.lnk
[2014/06/24 20:46:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/06/19 21:41:47 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint Shop Pro 7.lnk
[2014/06/10 21:39:24 | 000,000,209 | -HS- | M] () -- C:\boot.ini
========== Files Created - No Company Name ==========
[2014/06/24 21:57:19 | 000,000,919 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Desktop\Revo Uninstaller.lnk
[2013/12/06 19:49:52 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2013/05/12 22:13:09 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\recently-used.xbel
[2012/07/11 18:42:29 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/22 15:47:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\wklnhst.dat
[2010/05/05 00:53:04 | 000,000,382 | R-S- | C] () -- C:\Documents and Settings\boss.LASRIUS\ntuser.pol
[2010/04/17 01:58:58 | 000,002,222 | R-S- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/15 11:35:24 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.old
[2010/04/14 00:04:18 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\inst.exe
[2010/04/14 00:04:18 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.cat
[2010/04/14 00:04:18 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.inf
[2010/04/13 11:13:46 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ==========
[2006/03/28 07:39:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 06:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2009/12/20 02:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2013/06/26 21:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC
[2006/06/05 07:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/03/25 23:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2006/08/05 01:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/10/17 01:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/11/04 20:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/08/09 11:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/12/06 19:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2014/03/22 23:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/12/20 01:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/17 12:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint old
[2008/04/12 11:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2014/03/22 23:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2013/12/06 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\AnvSoft
[2012/03/25 23:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Epson
[2010/04/19 22:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Leadertech
[2014/06/26 18:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\NetSpeedMonitor
[2014/01/23 19:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\OpenOffice
[2013/10/25 18:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\OverDrive
[2011/10/16 15:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\pdf995old
[2014/03/22 23:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\TaxCut
[2010/06/22 15:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Template
[2010/04/14 00:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Vso
========== Purity Check ==========
< End of report >
#24
Posted 26 June 2014 - 07:21 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello indexx,
Your logs are clean, if there are no further issues lets clean up our tools
Next
Double-click on AdwCleaner.exe to run the tool again.
If there are any left over tools or logs on your computer please delete them now.
I don't recommend re installing Adobe reader it's a pretty well targeted product by malware. I would sugguest sumatra for reading PDF files
http://blog.kowalczy...pdf-viewer.html
http://securitygarde.../label/tutorial
You usually get infected because your security settings are too low.
Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:
Safe Computing Practices please read Here
Thanks
Joe
Your logs are clean, if there are no further issues lets clean up our tools
- Double-click OTL to start the program.
- Copy and paste the following text below into the Custom Scans/Fixes box at the bottom of OTL.
:Commands
[ClearAllRestorePoints] - Then click the Run Fix button.
- Let the program run unhindered. When finished click on OK and close the log that appears.
- Note: I do not need to review the log produced.
- Now close all other programs apart from OTL as this step will require a reboot.
- On the OTL main screen, press the
button. - Say Yes to the prompt and then allow the program to reboot your computer.
Next
Double-click on AdwCleaner.exe to run the tool again.
- Click on the Uninstall button.
- Click Yes when asked are you sure you want to uninstall.
- Both AdwCleaner.exe, its folder and all logs will be removed.
If there are any left over tools or logs on your computer please delete them now.
I don't recommend re installing Adobe reader it's a pretty well targeted product by malware. I would sugguest sumatra for reading PDF files
http://blog.kowalczy...pdf-viewer.html
http://securitygarde.../label/tutorial
You usually get infected because your security settings are too low.
Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:
Safe Computing Practices please read Here
Thanks
Joe
#25
Posted 26 June 2014 - 08:16 PM
Indexx
- Topic Starter
-
- Member
-
- 47 posts
Member
Sorry my friend but it,s still the same.
To refresh the problem. with my zonealarm when I start the computer I click two yes,s to connect. Then when I open firefox I get one click for the loopback. Then it waits for me to tell it where to go. Then one more click to connect there. I can then go to other sites on that page or in a new tab. If I close firefox and restart it the whole click thing starts all over again.
Now when I open firefox a few seconds after what should be the one loopback click a new unknown, unasked for click appears. ZA shows it as www47.zippyshare.com. if I click no the browser will not go to any site. If I close it and try again the some thing happens but might point to hosted_by_i3d.net.
What I,ve been doing the last few days is right after the 1st loopback click I paste an address really fast before the 2nd zippy click can ask to log on.
While online there seems to be a slow nonstop trickle of data fow both ways ( 1 to 4 k.) till I close the browser.
IE not working since MS last patch in may.
No data flow with browser closed.
#26
Posted 26 June 2014 - 08:55 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello indexx,
My only suggestion at this point is to reinstall Firefox and see. If that does not resolve it reset you router and re-do it. Finally there is zone Alarm uninstall reinstall.
I'd start with Firefox.
My only suggestion at this point is to reinstall Firefox and see. If that does not resolve it reset you router and re-do it. Finally there is zone Alarm uninstall reinstall.
I'd start with Firefox.
#27
Posted 26 June 2014 - 09:02 PM
Indexx
- Topic Starter
-
- Member
-
- 47 posts
Member
I'll try fooling with firefox. I though about 1st trying to reset it but I havn't found the switch in the settings anywhere. Any hints as to where to find it?
#29
Posted 26 June 2014 - 09:27 PM
Indexx
- Topic Starter
-
- Member
-
- 47 posts
Member
I figured it out. Seems to of helped. different anyway.
So far no unknown requests.
Did you think my data was compromised?
Any chance of getting my IE up and running?
#30
Posted 26 June 2014 - 09:40 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
No I don't think your data was compromised. Just your patience.
What version of IE? What is wrong with it ? We can reset IE.
The real choice for XP/IE users is get off IE or get off XP !
Joe
What version of IE? What is wrong with it ? We can reset IE.
The real choice for XP/IE users is get off IE or get off XP !
Joe
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
