Jump to content


Photo

Zonealarm Identifying Trojan Downloader


  • Please log in to reply
10 replies to this topic

#1 Anzio

Anzio

    Active Member

  • Active Members
  • 13 posts

Posted 02 September 2016 - 11:06 AM

Hi,

 

Whilst scanning my pc a couple of days ago Zonealarm (kept up-to-date) reported 2 viruses, which it 'treated'. But each time I scanned, the items were found again. Today, the scanner is reporting 4 viruses (see image file) 

 

I have emptied temporary internet files, cookies etc, run all the programs you suggest but these files keep reappearing in the Zonealarm scans.

 

Please can you help me track down and remove this problem?

 

Here are the records of the scans - I cannot find the 'Extras.txt' file - one never appeared after the OTL scan. Please advise. 

 

Thanks for any help,

 

Anzio

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/09/2016
Scan Time: 09:55
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.02.04
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: alcedo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293137
Time Elapsed: 8 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

 

 

 

OTL logfile created on: 02/09/2016 10:23:15 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\alcedo\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17843)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
15.90 Gb Total Physical Memory | 12.05 Gb Available Physical Memory | 75.77% Memory free
31.80 Gb Paging File | 27.28 Gb Available in Paging File | 85.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488.18 Gb Total Space | 397.19 Gb Free Space | 81.36% Space Free | Partition Type: NTFS
Drive D: | 980.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive P: | 443.23 Gb Total Space | 439.07 Gb Free Space | 99.06% Space Free | Partition Type: NTFS
 
Computer Name: ALCEDO-PC | User Name: alcedo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2016/09/02 10:21:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\alcedo\Desktop\OTL.exe
PRC - [2016/06/25 09:45:12 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2016/05/30 11:51:18 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2016/05/26 14:09:30 | 001,632,256 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
PRC - [2016/05/26 14:09:30 | 000,951,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
PRC - [2016/05/26 14:09:30 | 000,920,736 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
PRC - [2016/05/26 14:09:30 | 000,149,120 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
PRC - [2016/03/24 05:30:46 | 003,746,584 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2016/03/24 05:29:18 | 000,134,480 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2015/10/19 10:22:54 | 000,096,272 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2016/07/18 21:38:24 | 000,269,824 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2016/05/13 13:52:31 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/03/28 22:30:42 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/08/08 21:36:10 | 000,390,672 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016/07/14 16:43:27 | 002,122,248 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2016/07/14 11:49:11 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/06/25 09:45:12 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016/05/30 11:51:18 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2016/05/26 14:09:30 | 001,632,256 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2016/05/26 14:09:30 | 000,951,936 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)
SRV - [2016/05/26 14:09:30 | 000,920,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe -- (asComSvc)
SRV - [2016/05/26 14:09:30 | 000,149,120 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2016/03/24 05:30:46 | 003,746,584 | ---- | M] (Check Point Software Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2015/10/19 10:22:54 | 000,096,272 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/03/01 02:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/18 16:39:00 | 000,262,816 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe -- (ASDiskUnlocker)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2016/08/12 18:48:24 | 000,292,176 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk)
DRV:64bit: - [2016/07/27 18:52:53 | 000,462,296 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2016/07/18 22:42:24 | 026,708,992 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2016/07/18 21:32:52 | 000,500,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2016/05/26 14:08:06 | 000,032,840 | ---- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd)
DRV:64bit: - [2016/03/30 06:00:36 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2015/11/26 06:51:20 | 000,926,584 | ---- | M] (AO Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2015/11/26 06:51:18 | 000,478,392 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2015/11/26 06:51:18 | 000,172,920 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2013/08/16 15:37:12 | 000,424,192 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2013/08/16 15:37:12 | 000,140,032 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2013/03/01 02:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/12/26 18:26:12 | 000,805,088 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/06/01 10:04:44 | 000,042,656 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VDiskBus64.sys -- (VDiskBus)
DRV:64bit: - [2012/04/11 02:40:58 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/04/11 02:40:58 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2011/12/26 21:37:42 | 000,090,608 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2011/10/04 16:29:54 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/09/19 08:51:45 | 000,032,456 | ---- | M] (CyberLink Corp.) [2016/06/03 10:25:56] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl -- ({C5F942FD-1110-4664-86CE-0C6BDA305235})
DRV - [2010/09/16 20:56:06 | 000,016,512 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASFLTDrv64.sys -- (ASFLTDrv.sys)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 3D 54 DD 0D AD D1 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O4:64bit: - HKLM..\Run: [StartCN] C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C00D2A0-2684-4614-91F2-15DA945213B5}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bf6867d6-18fa-11e6-b07f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bf6867d6-18fa-11e6-b07f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016/09/02 10:21:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\alcedo\Desktop\OTL.exe
[2016/09/02 10:12:48 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\alcedo\Desktop\TFC.exe
[2016/09/02 09:53:32 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/09/02 09:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/09/02 09:53:13 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016/09/02 09:53:13 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/09/02 09:53:13 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/09/02 09:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/09/02 09:50:18 | 022,851,472 | ---- | C] (Malwarebytes                                                ) -- C:\Users\alcedo\Desktop\mbam-setup-2.2.1.1043.exe
[2016/09/02 09:36:39 | 000,000,000 | ---D | C] -- C:\Users\alcedo\Desktop\temps
[2016/09/01 17:03:21 | 000,316,168 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2016/09/01 16:31:08 | 000,000,000 | ---D | C] -- C:\Users\alcedo\Desktop\avz4
[2016/09/01 13:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2016/09/01 13:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2016/08/28 11:09:11 | 000,000,000 | ---D | C] -- C:\Users\alcedo\Desktop\Divine Ratio
[2016/08/25 11:10:30 | 000,000,000 | ---D | C] -- C:\Users\alcedo\AppData\Roaming\PlaysTV
[2016/08/25 11:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
[2016/08/12 18:48:24 | 000,292,176 | ---- | C] (AO Kaspersky Lab) -- C:\Windows\SysNative\drivers\klhk.sys
 
========== Files - Modified Within 30 Days ==========
 
[2016/09/02 10:21:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\alcedo\Desktop\OTL.exe
[2016/09/02 10:12:48 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\alcedo\Desktop\TFC.exe
[2016/09/02 09:54:03 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/09/02 09:53:22 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/09/02 09:50:18 | 022,851,472 | ---- | M] (Malwarebytes                                                ) -- C:\Users\alcedo\Desktop\mbam-setup-2.2.1.1043.exe
[2016/09/02 09:50:16 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/09/02 09:50:16 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/09/02 09:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/09/02 09:44:50 | 000,000,258 | ---- | M] () -- C:\Users\alcedo\Desktop\gsf.url
[2016/09/02 09:43:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/09/02 09:42:57 | 4214,321,150 | -HS- | M] () -- C:\hiberfil.sys
[2016/09/02 09:42:26 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\spu_storage.bin
[2016/09/02 08:44:23 | 000,001,456 | ---- | M] () -- C:\Users\alcedo\AppData\Local\Adobe Save for Web 12.0 Prefs
[2016/09/01 17:13:45 | 000,000,010 | ---- | M] () -- C:\Users\alcedo\AppData\Local\sponge.last.runtime.cache
[2016/09/01 16:30:19 | 000,000,152 | ---- | M] () -- C:\Users\alcedo\Desktop\kasperksy help.url
[2016/09/01 16:28:33 | 010,112,832 | ---- | M] () -- C:\Users\alcedo\Desktop\avz4.zip
[2016/09/01 13:01:00 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2016/08/31 18:11:13 | 000,000,213 | ---- | M] () -- C:\Users\alcedo\Desktop\snackstoloseweight.url
[2016/08/31 16:49:48 | 000,000,353 | ---- | M] () -- C:\Users\alcedo\Desktop\Hotmail.url
[2016/08/30 14:26:40 | 000,000,318 | ---- | M] () -- C:\Users\alcedo\Desktop\tab cable.url
[2016/08/29 19:14:50 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2016/08/29 19:14:50 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2016/08/29 19:13:46 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2016/08/21 18:41:40 | 000,000,202 | ---- | M] () -- C:\Users\alcedo\Desktop\dropbox.url
[2016/08/21 10:35:57 | 000,000,208 | ---- | M] () -- C:\Users\alcedo\Desktop\samsung.url
[2016/08/19 22:57:35 | 000,000,197 | ---- | M] () -- C:\Users\alcedo\Desktop\incaradapter.url
[2016/08/19 10:03:01 | 000,781,538 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/08/19 10:03:01 | 000,666,192 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/08/19 10:03:01 | 000,125,868 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/08/12 18:48:24 | 000,292,176 | ---- | M] (AO Kaspersky Lab) -- C:\Windows\SysNative\drivers\klhk.sys
[2016/08/12 18:41:41 | 004,831,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2016/09/02 09:53:22 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/09/02 09:35:59 | 000,000,258 | ---- | C] () -- C:\Users\alcedo\Desktop\gsf.url
[2016/09/01 16:30:12 | 000,000,152 | ---- | C] () -- C:\Users\alcedo\Desktop\kasperksy help.url
[2016/09/01 16:28:30 | 010,112,832 | ---- | C] () -- C:\Users\alcedo\Desktop\avz4.zip
[2016/08/31 18:11:02 | 000,000,213 | ---- | C] () -- C:\Users\alcedo\Desktop\snackstoloseweight.url
[2016/08/25 11:08:13 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\spu_storage.bin
[2016/08/22 10:36:28 | 000,000,318 | ---- | C] () -- C:\Users\alcedo\Desktop\tab cable.url
[2016/08/19 22:54:57 | 000,000,197 | ---- | C] () -- C:\Users\alcedo\Desktop\incaradapter.url
[2016/08/19 22:38:39 | 000,000,208 | ---- | C] () -- C:\Users\alcedo\Desktop\samsung.url
[2016/07/18 21:39:04 | 000,223,744 | ---- | C] () -- C:\Windows\SysWow64\GameManager32.dll
[2016/07/18 21:38:58 | 000,192,000 | ---- | C] () -- C:\Windows\SysWow64\atieah32.exe
[2016/07/18 21:38:50 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2016/07/18 21:29:16 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\hsa-thunk.dll
[2016/07/09 15:22:40 | 000,588,693 | ---- | C] () -- C:\Users\alcedo\AppData\Local\census.cache
[2016/07/09 15:22:31 | 000,165,336 | ---- | C] () -- C:\Users\alcedo\AppData\Local\ars.cache
[2016/07/09 15:16:29 | 000,000,010 | ---- | C] () -- C:\Users\alcedo\AppData\Local\sponge.last.runtime.cache
[2016/07/09 15:08:53 | 000,000,036 | ---- | C] () -- C:\Users\alcedo\AppData\Local\housecall.guid.cache
[2016/06/23 19:22:00 | 000,264,992 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-17-0.dll
[2016/06/23 19:21:24 | 000,110,880 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-17-0.exe
[2016/05/26 15:15:01 | 000,264,992 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/05/26 15:15:01 | 000,110,880 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/05/26 14:23:39 | 005,314,368 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2016/05/26 14:11:16 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2016/05/26 14:09:30 | 000,015,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2016/05/26 14:09:30 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2016/05/26 14:09:30 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2016/05/18 19:43:59 | 000,001,456 | ---- | C] () -- C:\Users\alcedo\AppData\Local\Adobe Save for Web 12.0 Prefs
[2016/05/13 20:10:43 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2016/05/13 20:10:43 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2016/05/13 20:10:43 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2016/05/13 17:43:23 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2016/05/13 17:43:23 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2016/05/13 17:43:23 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2016/05/13 17:43:23 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2016/05/13 17:43:23 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2016/05/13 17:43:23 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2016/05/13 17:43:23 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2016/05/13 17:43:23 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2016/05/13 17:43:23 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2016/05/13 17:43:23 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2016/05/13 17:43:23 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2016/05/13 17:43:23 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2016/05/13 17:43:23 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2016/05/13 17:43:23 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2016/05/13 17:43:23 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2016/05/13 17:43:23 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2016/05/13 17:43:23 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2016/05/13 17:43:23 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2016/05/13 17:43:23 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2016/05/13 13:38:00 | 000,000,344 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2016/05/13 12:47:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2016/05/13 12:45:33 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2016/05/13 12:45:33 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2016/05/13 12:45:33 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2016/05/13 12:45:33 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2016/05/13 12:45:33 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2016/05/13 12:27:17 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2016/05/13 12:24:15 | 000,765,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016/05/13 12:17:15 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2016/05/13 12:17:09 | 000,034,599 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2016/02/16 00:27:00 | 000,125,720 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-3-1.dll
[2016/02/16 00:25:40 | 000,042,264 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-3-1.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 04:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 04:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2016/05/13 14:45:01 | 000,000,000 | ---D | M] -- C:\Users\alcedo\AppData\Roaming\Canon
[2016/07/12 14:57:24 | 000,000,000 | ---D | M] -- C:\Users\alcedo\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2016/07/07 08:52:42 | 000,000,000 | ---D | M] -- C:\Users\alcedo\AppData\Roaming\Epson
[2016/05/13 13:12:22 | 000,000,000 | ---D | M] -- C:\Users\alcedo\AppData\Roaming\library_dir
[2016/05/30 11:30:52 | 000,000,000 | ---D | M] -- C:\Users\alcedo\AppData\Roaming\Origin
[2016/08/25 11:10:30 | 000,000,000 | ---D | M] -- C:\Users\alcedo\AppData\Roaming\PlaysTV
[2016/06/03 16:17:32 | 000,000,000 | ---D | M] -- C:\Users\alcedo\AppData\Roaming\Watchtower
 
========== Purity Check ==========
 
 

< End of report >

 

 

 

 

 

 Results of screen317's Security Check version 1.014 --- 12/23/15 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
ZoneAlarm Free Firewall Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent```````` 
 CheckPoint ZoneAlarm vsmon.exe 
 CheckPoint ZoneAlarm ZaPrivacyService.exe 
 CheckPoint ZoneAlarm zatray.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Attached Files



#2 Anzio

Anzio

    Active Member

  • Active Members
  • 13 posts

Posted 05 September 2016 - 10:39 AM

Hello LoPhatPhuud,

 

I see a reply in the thread at the top of this forum; is that a reply to my thread? Just wondering? :)

 

Thanks



#3 Anzio

Anzio

    Active Member

  • Active Members
  • 13 posts

Posted 05 September 2016 - 12:04 PM

Hi,

 

I took a chance that the reply was meant for my query so I installed and ran Adwcleaner. Here is the log:

 

 

# AdwCleaner v6.010 - Logfile created 05/09/2016 at 11:43:08
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-05.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : alcedo - ALCEDO-PC
# Running from : C:\Users\alcedo\Desktop\adwcleaner_6.010.exe
# Mode: Scan
# Support : https://toolslib.net/forum

 

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1000 Bytes] - [05/09/2016 11:43:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1073 Bytes] ##########

 

 

 

The link posted to ES ET.eu did not work; but I found one with co.uk and so I installed that. After one hour of scanning the results showed 'no threats found' and there was no log.

 

During the eset scan, zonealarm popped up reporting the 4 files again.

 

Thanks for your time


Edited by Anzio, 05 September 2016 - 12:05 PM.


#4 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 16,048 posts

Posted 05 September 2016 - 06:43 PM

I'm stumped/. The main detect programs I use are returning clean. There is nothing more I can do here.

 

I suggest you post in forums on Bleeping Computer. If anyone has an answer, they ,most likely will.

http://www.bleepingc...e-removal-logs/

 

Be sure to give them a link to this thread so these logs will be available to them;

 

Cleanup instructions follow:

 

Cleaning Up:

To Delete TFC:
* Delete the TFC icon on your Desktop
Delete OTL:
* Double click the OTL icon on your Desktop
* Press the 'Cleanup' button&#9;
Delete Security Check:
* Delete the SecurityCheck icon on your Desktop
Delete Malware Bytes:
* We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.
Delete Sophos AntiRootkit
* If we asked you to install and run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.
Delete AdwCleaner
* If you installed AdwCleaner, double click on the AdwCleaner icon on your dektop.
* Press the 'Uninstall' button
Other Programs:
* If we asked you to install any other programs that are not removed by the OTL cleanup procesure, we will provide separate removal instructions.



#5 Anzio

Anzio

    Active Member

  • Active Members
  • 13 posts

Posted 05 September 2016 - 08:37 PM

Hi,

 

Thanks for your time and advice.

 

Is it possible that these reported files/viruses are false/positives?

 

Thanks again



#6 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 16,048 posts

Posted 05 September 2016 - 08:56 PM

It is indeed possible that the detects are false positives.

 

If one of the files is still on your system, submit it to Virus Total.

 

https://www.virustotal.com/ro/



#7 Anzio

Anzio

    Active Member

  • Active Members
  • 13 posts

Posted 06 September 2016 - 01:52 PM

Problem is, when I follow the path to find the files, they are never there; then sometime during the day, zonealarm flags them from its scan; I try to check again, but nothing shows. It is very odd.

 

I will persevere and try to follow your suggestion.

 

Thanks



#8 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 16,048 posts

Posted 06 September 2016 - 03:36 PM

I would not put a lot of effort into trying to lcoate one of the files. Posting a Bleeping Computer is the best option to follow.



#9 Anzio

Anzio

    Active Member

  • Active Members
  • 13 posts

Posted 06 September 2016 - 03:44 PM

Hi,

 

I know this may be out of the realms of what you can do now, but I thought this scan from avz4 from Kaspersky might shed some further light -in particular scan point 6 -

 

'6. Searching for opened TCP/UDP ports used by malicious software
 In the database 317 port descriptions
 Opened at this PC: 15 TCP ports and 19 UDP ports
 >>> Attention: Port 1234 TCP - Trojan.Subseven, hotline_or_troj (System)
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ and Help for more details)'

 

I understand if this thread has reached the end, but thought I'd post this anyway.

 

Is this something to be concerned about?

 

I will also look in to the other forum

 

Thanks again.

 

 

 

AVZ Antiviral Toolkit log; AVZ version is 4.46
Scanning started at 06.09.2016 16:35:57
Database loaded: signatures - 297569, NN profile(s) - 2, malware removal microprograms - 56, signature database released 06.09.2016 16:00
Heuristic microprograms loaded: 412
PVS microprograms loaded: 10
Digital signatures of system files loaded: 833019
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Professional", install date 13.05.2016 11:14:59 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 18
 Number of modules loaded: 337
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Users\alcedo\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp
Direct reading: C:\Users\alcedo\AppData\Local\Temp\~DFE5BC5FB458C1F55A.TMP
Direct reading: C:\Windows\Temp\obuE6BC.tmp
Direct reading: C:\Windows\Temp\obuE996.tmp
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
 In the database 317 port descriptions
 Opened at this PC: 15 TCP ports and 19 UDP ports
 >>> Attention: Port 1234 TCP - Trojan.Subseven, hotline_or_troj (System)
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ and Help for more details)
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 111023, extracted from archives: 61686, malicious software found 0, suspicions - 0
Scanning finished at 06.09.2016 16:38:48
Time of scanning: 00:02:52
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspers...hp?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
 


Edited by Anzio, 06 September 2016 - 03:45 PM.


#10 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 16,048 posts

Posted 07 September 2016 - 03:34 PM

None of the logs confirm what issue at hand., While they all add additional 'questions' we're no closer to a solution. Good luck at Bleeping Computer



#11 Anzio

Anzio

    Active Member

  • Active Members
  • 13 posts

Posted 07 September 2016 - 03:52 PM

Thanks again LoPhatPhuud