Comments (10)
Thank you for the log.
We'll return to you as soon, as we have a free time.
Please, note that only members of VIRUSNET-Association are allowed to respond in PC cure topics.
Ignore any recommendations given by other users, including PM !!!
from hijackthis.
Hello,
Please go to Control Panel and uninstall an unwanted software:
SpyHunter 5
Please update the AVZ safe files database:
- Sart AVZ.
- Execute database update by going through menu Files -> Update database
- Close all of the applications and start the Internet Browser you use in your system (for example Internet Explorer, FireFox, Opera etc. – if several are installed on the system - start all of the browsers so that AVZ would analyze all of the plug-ins and extensions used).
- In AVZ menu select File – Standard scripts. Select script 8 in an opened window ("Collection not recognized and suspicious files") and click "Execute selected scripts". This should take 1-5 minutes. As a result there will be created folder LOG inside of the AVZ folder and an archive named virusinfo_files<PC_name>.zip_
- Upload this archive as described here.
- If size of the archive will be more thatn 100 Mb you will need to upload it to any file exchange server that does not require recapture submission (for example: RGhost, Uploadmb.Com, Zippyshare, My-Files.RU, Ge.tt or WebFile) and add a link to it in your next forum message.
Fix in HijackThis following lines:
O3 - HKLM..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O9-32 - Button: HKLM..{2670000A-7350-4f3c-8081-5663EE0C6C49}: (no name) - (no file)
O9-32 - Button: HKLM..{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}: (no name) - (no file)
O9-32 - Button: HKLM..{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}: (no name) - (no file)
O18 - HKLM\Software\Classes\Protocols\Handler\WSISVCUchrome: [CLSID] = {78A543EB-3A61-4ED3- - (no file)
O21 - HKLM..\ShellIconOverlayIdentifiers\00avast: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21-32 - HKLM..\ShellIconOverlayIdentifiers\� MEGA (Pending): � MEGA (Pending) - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} - C:\Users\Diego\AppData\Local\MEGAsync\ShellExtX32.dll (file missing)
O21-32 - HKLM..\ShellIconOverlayIdentifiers\� MEGA (Synced): � MEGA (Synced) - {05B38830-F4E9-4329-978B-1DD28605D202} - C:\Users\Diego\AppData\Local\MEGAsync\ShellExtX32.dll (file missing)
O21-32 - HKLM..\ShellIconOverlayIdentifiers\� MEGA (Syncing): � MEGA (Syncing) - {0596C850-7BDD-4C9D-AFDF-873BE6890637} - C:\Users\Diego\AppData\Local\MEGAsync\ShellExtX32.dll (file missing)
O22 - Task: (disabled) \Microsoft\Windows\Media Center\PeriodicScanRetry - C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (file missing)
O22 - Task: (disabled) \Microsoft\Windows\Media Center\RecordingRestart - C:\WINDOWS\ehome\ehrec /RestartRecording (file missing)
O22 - Task: Driver Booster SkipUAC (Diego) - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe /skipuac (file missing)
O22 - Task: Rerun Warsaw's CoreFixer - C:\WINDOWS\TEMP\is-T6FO4.tmp\corefixer.exe /norerun (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ActivateWindowsSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ConfigureInternetTimeService - C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (file missing)
O22 - Task: \Microsoft\Windows\Media Center\DispatchRecoveryTasks - C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\InstallPlayReady - C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\MediaCenterRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\OCURActivate - C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (file missing)
O22 - Task: \Microsoft\Windows\Media Center\OCURDiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscoveryW1 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscoveryW2 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PvrRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PvrScheduleTask - C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (file missing)
O22 - Task: \Microsoft\Windows\Media Center\RegisterSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ReindexSearchRoot - C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (file missing)
O22 - Task: \Microsoft\Windows\Media Center\SqlLiteRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\UpdateRecordPath - C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ehDRMInit - C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (file missing)
O22 - Task: \Microsoft\Windows\Media Center\mcupdate - C:\WINDOWS\ehome\mcupdate $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\mcupdate_scheduled - C:\WINDOWS\ehome\mcupdate -crl -hms -pscn 15 (file missing)
O22 - Task: \Microsoft\Windows\Setup\Notifier - C:\WINDOWS\system32\Notifier.exe (file missing)
Then download AdwCleaner (by Malwarebytes) and save it to Desktop.
Run (it should be run by right-clicking as Administrator), press "Scan" and wait.
At the end of the scan log will be found at:
C:\AdwCleaner\Logs\AdwCleaner[Sxx].txt (where x is any digit).
Attach it to your next post here.
from hijackthis.
Hi,
thanks for your help.
Spyhunted was deleted, but his name remains.
The AVZ File > Database Update button is disabled. What I should do?
The AdwCleaner log is attached.
AdwCleaner[C00].txt
AdwCleaner[S00].txt
from hijackthis.
AVZ File > Database Update button is disabled. What I should do?
Skip this and go on, do the 3-rd point.
Next step:
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
- Please attach the logs back here.
from hijackthis.
Hi,
Here are the logs:
https://www98.zippyshare.com/v/jhSdC0Gv/file.html
Addition.txt
FRST.txt
from hijackthis.
Please describe - what kind of problems you still have?
from hijackthis.
I think it was solved with the previous steps. Thanks a lot for the help.
from hijackthis.
OK,
Do the ending steps:
1.
- Please run adwcleaner.exe
- In Settings menu scroll down to - Delete AdwCleaner - choose Delete.
- Confirm deleting pressing Yes.
Rename FRST.exe (or FRST64.exe) to uninstall.exe and run.
Computer will reboot.
All other tools and its folders could be simply deleted. But before that:
2.
Run script in AVZ while Internet is connected:
var
LogPath : string;
ScriptPath : string;
begin
LogPath := GetAVZDirectory + 'log\avz_log.txt';
if FileExists(LogPath) Then DeleteFile(LogPath);
ScriptPath := GetAVZDirectory +'ScanVuln.txt';
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 1) then ExecuteScript(ScriptPath) else begin
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 0) then ExecuteScript(ScriptPath) else begin
ShowMessage('It is impossible to download AVZ script for finding vulnerability!');
exit;
end;
end;
if FileExists(LogPath) Then ExecuteFile('notepad.exe', LogPath, 1, 0, false)
end.
After script ends and if it find vulnerabilities file avz_log.txt will be open in the Notepad and there'll be download links in it. First of all it depends to browsers, Java, Adobe Acrobat/Reader and Adobe Flash Player. You should download and install needful programs if they exist in avz_log.txt.
Reboot your PC.
Run script again to ensure that all vulnerabilities gone.
from hijackthis.
Hi,
It founds a flash player vulnerability. I downloaded e installed the update.
Now:
Search for critical vulnerabilities
Frequently used critical vulnerabilities not found.
Thanks a lot!!
from hijackthis.
Good luck!
from hijackthis.
Related Issues (20)
- Поведение при большом количестве записей в hosts HOT 9
- Не видит часть служб, при этом они существуют HOT 1
- Отсутствующая иконка при свёрнутом HJT и артефакт в интерфейсе HOT 5
- При вызове настроек нет возможности вернуться к списку найденного HOT 2
- Недостаточно информации в списке, предлагаемые пути перехода неоднозначны HOT 3
- Вылетает при ПКМ на Known Folder HOT 1
- Открытие реестра внешними программами HOT 1
- hello HOT 2
- "Sign" characters in log file HOT 3
- Searching for spyware (recently threatened of token grabber) HOT 2
- Ignored items are still reported (since Alpha 3.4.x.x HOT 4
- Need help looking over Hijackthis.log HOT 1
- Need help looking over Hijackthis.log HOT 2
- I think my computer, tv, wifi is being hacked possibly by a neighbor HOT 15
- Problem still exists - Possibly being hacked through router HOT 2
- Hangthis log analysis requuest HOT 17
- hijack this told me to make create a topic HOT 14
- Windows 10 Sleep Mode Malfunction HOT 5
- Firefox and pc acting strange, long load times and loading wheel spinning HOT 11
- My computer seems to use almost 45% of my ram constantly and there is nothing in the task manager HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hijackthis.