yes both have been completely removed.
Highjack or Intrusion attempt?
#16
Posted 25 June 2014 - 06:10 PM
#17
Posted 25 June 2014 - 06:20 PM
Lets do a on- line scan check of things for you. This will take some time..
ESET Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
- Please go >>HERE<< then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. - Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic.
- Now click on:
(Selecting Uninstall application on close if you so wish)
Thanks
Joe
#18
Posted 25 June 2014 - 06:42 PM
Virus signature database downloading very SLOW.
Will send in a while
#19
Posted 25 June 2014 - 07:41 PM
I got a "unexpected error 2002". Wasn't watching so not sure, restarted, downloading list again.
#20
Posted 25 June 2014 - 10:57 PM
50% there now. might just send report in the morning.
nite
#21
Posted 26 June 2014 - 08:38 AM
Got it.
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=ffa203191ea7f54e81a0c1fc40063df3
# engine=18885
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-26 04:47:24
# local_time=2014-06-25 11:47:24 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='ZoneAlarm Antivirus'
# compatibility_mode=9217 16777214 75 70 131619774 247133248 0 0
# scanned=162741
# found=3
# cleaned=0
# scan_time=7759
sh=A154FE73378B4816E18FD14036E7A78653985421 ft=1 fh=6ce52490e591b062 vn="Win32/Somoto.A potentially unwanted application" ac=I fn="C:\Documents and Settings\boss.LASRIUS\My Documents\Downloads\UnlockRoot Prov3.41\UnlockRoot_downloader_by_UnlockRoot.exe"
sh=E8A61273AE98944C8909B2E48A70E5453F589A37 ft=1 fh=dedf23abbac3cb73 vn="Win32/UnlockRoot potentially unsafe application" ac=I fn="C:\Program Files\Unlockroot\unlockrootpro-internal.exe"
sh=8E3C5227EE9707038C2F94C35CB7DE7DDC32F905 ft=1 fh=3e4f488add131322 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\mis_D\software\any-video-converter-5-0-3-avc-free.exe"
#22
Posted 26 June 2014 - 04:42 PM
Lets get rid of that stuff in ESET using OTL, or you van navigate to them in delete them.
Next
We need to do a fix to delete some files using OTL
- Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:COMMANDS [CREATERESTOREPOINT] :OTL :Files D:\mis_D\software\any-video-converter-5-0-3-avc-free.exe C:\Program Files\Unlockroot\unlockrootpro-internal.exe C:\Documents and Settings\boss.LASRIUS\My Documents\Downloads\UnlockRoot Prov3.41\UnlockRoot_downloader_by_UnlockRoot.exe :Commands [emptytemp]
- Make sure all other windows are closed.
- Click the Run Fix button at the top
- Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
- Post the log that is found in C:\_OTL\Moved Files in your next reply.
- Open OTL again and click the Quick Scan button.
Post the OTL Fix log, it pops up after reboot.
Thanks
Joe
#23
Posted 26 June 2014 - 05:54 PM
Good evening joe,
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== FILES ==========
D:\mis_D\software\any-video-converter-5-0-3-avc-free.exe moved successfully.
C:\Program Files\Unlockroot\unlockrootpro-internal.exe moved successfully.
C:\Documents and Settings\boss.LASRIUS\My Documents\Downloads\UnlockRoot Prov3.41\UnlockRoot_downloader_by_UnlockRoot.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: boss
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: boss.LASRIUS
->Temp folder emptied: 98304 bytes
->Temporary Internet Files folder emptied: 213253 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1642181 bytes
->Flash cache emptied: 470 bytes
User: Default User
->Temp folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1024 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 35345424 bytes
Total Files Cleaned = 36.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06262014_183509
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\ZLT06848.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT06851.TMP not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 6/26/2014 6:39:06 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.04 Mb Total Physical Memory | 723.56 Mb Available Physical Memory | 70.80% Memory free
2.40 Gb Paging File | 2.24 Gb Available in Paging File | 93.10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.00 Gb Total Space | 38.63 Gb Free Space | 39.83% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 64.17 Gb Free Space | 57.40% Space Free | Partition Type: NTFS
Drive E: | 13.75 Gb Total Space | 0.77 Gb Free Space | 5.60% Space Free | Partition Type: FAT32
Computer Name: LASRIUS | User Name: boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/24 19:30:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14\OTL.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/23 23:38:28 | 000,968,696 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2006/08/23 23:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2003/07/25 02:40:06 | 000,335,872 | ---- | M] (Globe Software) -- C:\Program Files\Globe Software\StatBar\StatBar.exe
========== Modules (No Company Name) ==========
MOD - [2006/08/23 23:40:50 | 000,145,408 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2006/08/23 23:40:50 | 000,047,104 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\_socket.pyd
MOD - [2006/08/23 23:40:50 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\signedDll.pyd
MOD - [2006/08/23 23:40:50 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyvsinit.pyd
MOD - [2006/08/23 23:37:52 | 000,796,584 | ---- | M] () -- C:\WINDOWS\system32\libeay32_0.9.6l.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/06/09 14:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2006/08/23 23:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/15 00:39:23 | 000,003,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\socketlock.sys -- (SocketLock)
DRV - [2010/04/14 00:04:56 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)
DRV - [2008/04/14 01:25:10 | 000,202,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 01:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/08/23 23:38:36 | 000,392,824 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2006/08/03 01:53:32 | 000,029,680 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2006/04/18 06:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/14 13:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/03/02 06:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/09/20 05:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/09/19 15:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 15:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 15:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 10:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 10:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 10:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {D21C353A-29E5-4F69-AF31-8432DDF80CBF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B6A5E4C4-2536-4B0D-A258-F4FBBEDB455B}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{C4236BF9-A0E9-4F8D-BD96-F06419E16F30}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{C739D6C0-6E08-42FF-A68D-5540E553A401}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D21C353A-29E5-4F69-AF31-8432DDF80CBF}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/08 10:58:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/01/08 10:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\boss.LASRIUS\Application Data\Mozilla\Extensions
[2013/01/08 10:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2014/06/24 20:46:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe (Globe Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = @ [binary data]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Inso Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | --S- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | --S- | M] () - E:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/06/25 19:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/06/24 21:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/06/24 21:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boss.LASRIUS\Start Menu\Programs\Revo Uninstaller
[2014/06/24 20:46:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/24 19:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14
[2010/04/14 00:04:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2014/06/26 18:36:46 | 000,048,882 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/06/26 18:36:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/24 21:57:19 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\boss.LASRIUS\Desktop\Revo Uninstaller.lnk
[2014/06/24 20:46:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/06/19 21:41:47 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint Shop Pro 7.lnk
[2014/06/10 21:39:24 | 000,000,209 | -HS- | M] () -- C:\boot.ini
========== Files Created - No Company Name ==========
[2014/06/24 21:57:19 | 000,000,919 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Desktop\Revo Uninstaller.lnk
[2013/12/06 19:49:52 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2013/05/12 22:13:09 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\recently-used.xbel
[2012/07/11 18:42:29 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/22 15:47:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\wklnhst.dat
[2010/05/05 00:53:04 | 000,000,382 | R-S- | C] () -- C:\Documents and Settings\boss.LASRIUS\ntuser.pol
[2010/04/17 01:58:58 | 000,002,222 | R-S- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/15 11:35:24 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.old
[2010/04/14 00:04:18 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\inst.exe
[2010/04/14 00:04:18 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.cat
[2010/04/14 00:04:18 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.inf
[2010/04/13 11:13:46 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ==========
[2006/03/28 07:39:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 06:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2009/12/20 02:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2013/06/26 21:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC
[2006/06/05 07:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/03/25 23:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2006/08/05 01:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/10/17 01:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/11/04 20:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/08/09 11:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/12/06 19:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2014/03/22 23:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/12/20 01:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/17 12:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint old
[2008/04/12 11:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2014/03/22 23:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2013/12/06 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\AnvSoft
[2012/03/25 23:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Epson
[2010/04/19 22:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Leadertech
[2014/06/26 18:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\NetSpeedMonitor
[2014/01/23 19:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\OpenOffice
[2013/10/25 18:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\OverDrive
[2011/10/16 15:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\pdf995old
[2014/03/22 23:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\TaxCut
[2010/06/22 15:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Template
[2010/04/14 00:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Vso
========== Purity Check ==========
< End of report >
#24
Posted 26 June 2014 - 07:21 PM
Your logs are clean, if there are no further issues lets clean up our tools
- Double-click OTL to start the program.
- Copy and paste the following text below into the Custom Scans/Fixes box at the bottom of OTL.
:Commands
[ClearAllRestorePoints] - Then click the Run Fix button.
- Let the program run unhindered. When finished click on OK and close the log that appears.
- Note: I do not need to review the log produced.
- Now close all other programs apart from OTL as this step will require a reboot.
- On the OTL main screen, press the button.
- Say Yes to the prompt and then allow the program to reboot your computer.
Next
Double-click on AdwCleaner.exe to run the tool again.
- Click on the Uninstall button.
- Click Yes when asked are you sure you want to uninstall.
- Both AdwCleaner.exe, its folder and all logs will be removed.
If there are any left over tools or logs on your computer please delete them now.
I don't recommend re installing Adobe reader it's a pretty well targeted product by malware. I would sugguest sumatra for reading PDF files
http://blog.kowalczy...pdf-viewer.html
http://securitygarde.../label/tutorial
You usually get infected because your security settings are too low.
Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:
Safe Computing Practices please read Here
Thanks
Joe
#25
Posted 26 June 2014 - 08:16 PM
Sorry my friend but it,s still the same.
To refresh the problem. with my zonealarm when I start the computer I click two yes,s to connect. Then when I open firefox I get one click for the loopback. Then it waits for me to tell it where to go. Then one more click to connect there. I can then go to other sites on that page or in a new tab. If I close firefox and restart it the whole click thing starts all over again.
Now when I open firefox a few seconds after what should be the one loopback click a new unknown, unasked for click appears. ZA shows it as www47.zippyshare.com. if I click no the browser will not go to any site. If I close it and try again the some thing happens but might point to hosted_by_i3d.net.
What I,ve been doing the last few days is right after the 1st loopback click I paste an address really fast before the 2nd zippy click can ask to log on.
While online there seems to be a slow nonstop trickle of data fow both ways ( 1 to 4 k.) till I close the browser.
IE not working since MS last patch in may.
No data flow with browser closed.
#26
Posted 26 June 2014 - 08:55 PM
My only suggestion at this point is to reinstall Firefox and see. If that does not resolve it reset you router and re-do it. Finally there is zone Alarm uninstall reinstall.
I'd start with Firefox.
#27
Posted 26 June 2014 - 09:02 PM
I'll try fooling with firefox. I though about 1st trying to reset it but I havn't found the switch in the settings anywhere. Any hints as to where to find it?
#29
Posted 26 June 2014 - 09:27 PM
#30
Posted 26 June 2014 - 09:40 PM
What version of IE? What is wrong with it ? We can reset IE.
The real choice for XP/IE users is get off IE or get off XP !
Joe
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users