Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Undetectable virus


  • Please log in to reply
14 replies to this topic

#1 sanspeur

sanspeur

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ottawa, Ontario, Canada
  • Local time:10:14 AM

Posted 23 July 2016 - 09:36 PM

Followed procedures published here to help others with no luck.  All the tools report no problem in Safe Mode (AFAIK) but back in normal mode ctl-alt-esc doesn't work and windows explorer and browsers won't start.

 

Can anyone help?

 

Thanks.


Edited by Queen-Evie, 23 July 2016 - 09:49 PM.
moved from Anti-Virus, Anti-Malware, and Privacy Software to Am I Infected


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:14 AM

Posted 24 July 2016 - 05:42 AM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply

 

NoBot Scan.

 

  • Please download NoBot.
  • Save it to your desktop.
  • Right Click Run As Administrator.
  • Then click the scan button.
  • Allow completion.
  • Then hit file button.
  • Scan Logs.
  • Double click the log and post it here.


#3 sanspeur

sanspeur
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ottawa, Ontario, Canada
  • Local time:10:14 AM

Posted 24 July 2016 - 02:10 PM

Rebooted to normal mode and ran AdwCleaner.  Nothing found.  Here is the log:

# AdwCleaner v5.201 - Logfile created 24/07/2016 at 07:33:17
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-21.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Sandy - SANDY-PC
# Running from : C:\Users\Sandy\Downloads\adwcleaner_5.201.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1794 bytes] - [22/07/2016 08:02:38]
C:\AdwCleaner\AdwCleaner[S1].txt - [2070 bytes] - [22/07/2016 07:48:40]
C:\AdwCleaner\AdwCleaner[S2].txt - [945 bytes] - [22/07/2016 13:21:35]
C:\AdwCleaner\AdwCleaner[S3].txt - [1017 bytes] - [23/07/2016 14:43:35]
C:\AdwCleaner\AdwCleaner[S4].txt - [1094 bytes] - [24/07/2016 07:28:29]
C:\AdwCleaner\AdwCleaner[S5].txt - [1013 bytes] - [24/07/2016 07:33:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1086 bytes] ##########

 

This is as far as I could get without rebooting.  Will continue after reboot.



#4 sanspeur

sanspeur
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ottawa, Ontario, Canada
  • Local time:10:14 AM

Posted 24 July 2016 - 02:18 PM

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Professional x64
Ran by Sandy (Administrator) on Sun 07/24/2016 at 15:14:13.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Users\Sandy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39J8FP0M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sandy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IPL26QVX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sandy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T00SY9L9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sandy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHPCQMXE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39J8FP0M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IPL26QVX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T00SY9L9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHPCQMXE (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/24/2016 at 15:16:35.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#5 sanspeur

sanspeur
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ottawa, Ontario, Canada
  • Local time:10:14 AM

Posted 24 July 2016 - 02:41 PM

Adware Removal Tool 5.1
Time: 2016_07_24_15_26_58
OS: Windows 7 Professional - x64 Bit
Account Name: Sandy
Adware Definition: 07232016
Elapsed time: 05:19
Scan Status:- Automatic Done

\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\

Registry Data Found : PUP.hotspot shield : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2215f9f6_0\ <RegValue:>  <RegData:> {0.0.0.00000000}.{4c52f3ac-aac3-4990-bebb-99dd2259fac1}|\Device\HarddiskVolume2\Program Files (x86)\Hotspot Shield\bin\FBW.exe%b{00000000-0000-0000-0000-000000000000}
Registry Data Found : PUP.hotspot shield : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2215f9f6_0\ <RegValue:>  <RegData:> {0.0.0.00000000}.{4c52f3ac-aac3-4990-bebb-99dd2259fac1}|\Device\HarddiskVolume2\Program Files (x86)\Hotspot Shield\bin\FBW.exe%b{00000000-0000-0000-0000-000000000000}
Registry Key Found : PUP.anchorfree : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ <RegKey:> taphss6
Registry Key Found : PUP.anchorfree : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ <RegKey:> taphss6
Registry Key Found : PUP.anchorfree : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ <RegKey:> taphss6



#6 sanspeur

sanspeur
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ottawa, Ontario, Canada
  • Local time:10:14 AM

Posted 24 July 2016 - 02:49 PM

Adware Removal Tool 5.1
Time: 2016_07_24_15_26_58
OS: Windows 7 Professional - x64 Bit
Account Name: Sandy
Adware Definition: 07232016
Elapsed time: 05:19
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2215f9f6_0\ <RegValue:>  <RegData:> {0.0.0.00000000}.{4c52f3ac-aac3-4990-bebb-99dd2259fac1}|\Device\HarddiskVolume2\Program Files (x86)\Hotspot Shield\bin\FBW.exe%b{00000000-0000-0000-0000-000000000000} : {0.0.0.00000000}.{4c52f3ac-aac3-4990-bebb-99dd2259fac1}|\Device\HarddiskVolume2\Program Files (x86)\Hotspot Shield\bin\FBW.exe%b{00000000-0000-0000-0000-000000000000}

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2215f9f6_0\ <RegValue:>  <RegData:> {0.0.0.00000000}.{4c52f3ac-aac3-4990-bebb-99dd2259fac1}|\Device\HarddiskVolume2\Program Files (x86)\Hotspot Shield\bin\FBW.exe%b{00000000-0000-0000-0000-000000000000} : {0.0.0.00000000}.{4c52f3ac-aac3-4990-bebb-99dd2259fac1}|\Device\HarddiskVolume2\Program Files (x86)\Hotspot Shield\bin\FBW.exe%b{00000000-0000-0000-0000-000000000000}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\taphss6

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\taphss6

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\taphss6Adware Removal Tool 5.1
Time: 2016_07_24_15_26_58
OS: Windows 7 Professional - x64 Bit
Account Name: Sandy
Adware Definition: 07232016
Elapsed time: 05:19
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2215f9f6_0\ <RegValue:>  <RegData:> {0.0.0.00000000}.{4c52f3ac-aac3-4990-bebb-99dd2259fac1}|\Device\HarddiskVolume2\Program Files (x86)\Hotspot Shield\bin\FBW.exe%b{00000000-0000-0000-0000-000000000000} : {0.0.0.00000000}.{4c52f3ac-aac3-4990-bebb-99dd2259fac1}|\Device\HarddiskVolume2\Program Files (x86)\Hotspot Shield\bin\FBW.exe%b{00000000-0000-0000-0000-000000000000}

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2215f9f6_0\ <RegValue:>  <RegData:> {0.0.0.00000000}.{4c52f3ac-aac3-4990-bebb-99dd2259fac1}|\Device\HarddiskVolume2\Program Files (x86)\Hotspot Shield\bin\FBW.exe%b{00000000-0000-0000-0000-000000000000} : {0.0.0.00000000}.{4c52f3ac-aac3-4990-bebb-99dd2259fac1}|\Device\HarddiskVolume2\Program Files (x86)\Hotspot Shield\bin\FBW.exe%b{00000000-0000-0000-0000-000000000000}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\taphss6

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\taphss6

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\taphss6



#7 sanspeur

sanspeur
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ottawa, Ontario, Canada
  • Local time:10:14 AM

Posted 24 July 2016 - 03:15 PM

I cannot get ZHP to run.  It tells me an update will happen when the window is closed, but then nothing happens.  Should I continue with the next step?



#8 sanspeur

sanspeur
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ottawa, Ontario, Canada
  • Local time:10:14 AM

Posted 24 July 2016 - 05:23 PM

Got ZHP to run in Safe mode by clicking on [X] to close the window.  Do not click on Upgrade or Close.

 

~ ZHPCleaner v2016.8.13.324 by Nicolas Coolman (2015/08/13)
~ Run by Sandy (Administrator)  (24/07/2016 18:20:12)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Repair
~ Report : C:\Users\Sandy\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Sandy\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (15642)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (18)
MOVED folder: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashRpt  =>.Legitimate.CrashReports
MOVED folder: C:\Windows\Installer\MSI1003.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2A15.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI4607.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6B64.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI773.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA6C7.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIAA0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIAA1D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC57.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID9E6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE469.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE4C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE73C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE8A5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEAA9.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEF1F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF48F.tmp-  =>Empty


---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 32877
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 18


~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-24072016-18_20_36.txt
ZHPCleaner-[S]-24072016-18_19_43.txt



#9 sanspeur

sanspeur
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ottawa, Ontario, Canada
  • Local time:10:14 AM

Posted 24 July 2016 - 07:54 PM

Zemana Scan and NoBot Scan: System clean.  Zero objects found.



#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:14 AM

Posted 24 July 2016 - 08:40 PM

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

Pre_Scan

 

Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.

 

 

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.


#11 sanspeur

sanspeur
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ottawa, Ontario, Canada
  • Local time:10:14 AM

Posted 25 July 2016 - 02:50 PM

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 128.39590

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17843
Sandy :: SANDY-PC

7/25/2016 12:30:32
9lab-log-2016-07-25 (12-30-32).txt

Scan type: Full
Objects scanned: 60308
Time Elapsed: 35 m 30 s

Registry Keys detected: 4
Adware.RPL.Gen.bot [HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com]
Adware.RPL.Gen.bot [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com]
Adware.RPL.Gen.bot [HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com]
Adware.RPL.Gen.bot [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com]


Registry Values detected: 1
Risk.Path [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command (Default)]


Files detected: 24
[14C95386660B1E2357B9F05C57E15FBF] Trojan.FPL.Rotbrow.vb [c:\users\sandy\appdata\roaming\ZHP\Quarantine\hosts]
[5C0EF7E89B4F60517D7EF1E8C0AD80BA] Trojan.FPL.Rotbrow.vb [c:\users\sandy\appdata\roaming\ZHP\Tempo.txt]
[AE5DF43D627713613BAC2E3665B43A75] Trojan.FPL.Rotbrow.vb [c:\users\sandy\appdata\roaming\ZHP\Trace.txt]
[3A9B6BC8C259419642F9BC1701D79DCA] Trojan.FPL.Rotbrow.vb [c:\users\sandy\appdata\roaming\ZHP\ZHPCleaner-[R]-24072016-18_20_36.txt]
[5C69F82DC2E6A9B1643C847B712BB07C] Trojan.FPL.Rotbrow.vb [c:\users\sandy\appdata\roaming\ZHP\ZHPCleaner-[S]-24072016-18_19_43.txt]
[2084016B571ABEF09C2F13EA5EEC6A8D] Trojan.FPL.Rotbrow.vb [c:\users\sandy\appdata\roaming\ZHP\ZHPCleaner-[S]-24072016-19_47_52.txt]
[568313C13166AECDA05273F8BBC0DA09] Trojan.FPL.Rotbrow.vb [c:\users\sandy\appdata\roaming\ZHP\ZHPCleaner.exe]
[C2B19A133F152864E0779B7D801F28DC] Trojan.FPL.Rotbrow.vb [c:\users\sandy\appdata\roaming\ZHP\ZHPCleaner.txt]
[7B5E1D30E89E0EF1C86FECB977131673] Trojan.FPL.Rotbrow.vb [c:\users\sandy\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[2DD782D767AFC6F6B971DCA6D9846969] Trojan.FPL.Rotbrow.vb [c:\users\sandy\appdata\roaming\ZHP\ZHPQ_Files.txt]
[568313C13166AECDA05273F8BBC0DA09] Malware.MPL.Heur.vb [c:\users\sandy\ZHPCleaner.exe]
[1DF9C73F892A7113B8DC2CAD7A44DB51] Adware.PL.ELEX.vb [c:\windows\system32\drivers\etc\hp.bak]
[9CEF63FDE7A3A91A747CEB26D00FCED3] Malware.Win32.Gen.sm [C:\AdsFix\smss.exe]
[9CEF63FDE7A3A91A747CEB26D00FCED3] Malware.Win32.Gen.sm [C:\Pre_Scan\smss.exe]
[57ED07CE9A47712017048D8DBD11A4D5] Malware.Win64.Gen.cld [C:\Live! Cam\VideoIM_VideoChat_0540_1_01_03\V0540Afx64.sys]
[18295BBBE1304AC9E9570108E231491E] Malware.Win32.Gen.2E9D.sm!ff [C:\Program Files (x86)\MusicBee\Uninstall.exe]
[6EE8F0CF950EBA5767F1DD88BEE3505B] Malware.Win32.Gen.2E9D.sm!ff [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee\Uninstall MusicBee.lnk]
[D53D7BBCE6D8009A384299B4CC8965C5] Cert2-Malware.Win32.Gen.EA25.sm!ff [C:\Users\Sandy\AppData\Local\Kingsoft\WPS Office\10.1.0.5614\office6\cfgs\oeminfo\oem.exe]
[0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.486E.sm!ff [C:\Users\Sandy\Desktop\rsthosts_2.0.exe]
[58F7AE008538E3867A327956390D0470] Malware.Win32.Gen.cc!s1 [C:\Users\Sandy\Desktop\ZHPCleaner-2015.8.13.324.exe]
[D8EF54B3E4FD2F4F6B9AD37A4A7D7030] PDF.Exploit.JS [C:\Users\Sandy\Documents\Tartan\PDFNotificationAction.do.pdf]
[0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.486E.sm!ff [C:\Users\Sandy\Downloads\rsthosts_2.0(1).exe]
[0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.486E.sm!ff [C:\Users\Sandy\Downloads\rsthosts_2.0.exe]
[58F7AE008538E3867A327956390D0470] Malware.Win32.Gen.cc!s1 [C:\Users\Sandy\Downloads\ZHPCleaner-2015.8.13.324.exe]



#12 sanspeur

sanspeur
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ottawa, Ontario, Canada
  • Local time:10:14 AM

Posted 25 July 2016 - 06:14 PM

In normal mode, things seem to work for  5-20 minutes, then various services die (ctl-alt-del, ctl-shift-esc, Start\run window).  Windows update cannot run.



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:14 AM

Posted 25 July 2016 - 06:19 PM

Run the other tools please.



#14 sanspeur

sanspeur
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ottawa, Ontario, Canada
  • Local time:10:14 AM

Posted 25 July 2016 - 08:05 PM

-|x| RstHosts v2.0 - Rapport créé le 25/07/2016 à 21:05:25
-|x| Système d'exploitation : Windows 7 Professional Service Pack 1 (64 bits)
-|x| Nom d'utilisateur : Sandy - SANDY-PC (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\Windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 13/07/2009 - 22:34:48
Date de modification : 25/07/2016 - 21:05:16
Date de dernier accès : 25/07/2016 - 21:05:16

-|x|- Contenu du fichier -|x|-

# Fichier Hosts créé par RstHosts

127.0.0.1       localhost
::1             localhost

-|x|- E.O.F - C:\RstHosts.txt - 624 bytes -|x|-
 



#15 sanspeur

sanspeur
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ottawa, Ontario, Canada
  • Local time:10:14 AM

Posted 27 July 2016 - 09:34 AM

Ran Ultra Virus Killer.  Noted 5 driver entries in Registry with names like wsdrtjl and no publisher.  Deleted these from Registry after making a backup.  Problem solved.


Edited by sanspeur, 27 July 2016 - 09:35 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users