Tweet
It is odd with ZHP, I had to close it with task manager.
attached is the Auto logger collection file
attached is the Auto logger collection file
-
-
Step 1: ClearLNK
Download ClearLNK save it to your desktop.
Drag the file Check_Browsers_LNK from your Collection log made earlier.
As per picture.
A report on the work as a file ClearLNK- .log
Will be produced, post that log.
https://pchelpforum.net/proxy.php?image=https%3A%2F%2Fup2sha.re%2Fuploads% 2F2015%2F3%2FBPD7B3BAgEQl.gif&hash=f65630ba2178027 f4643224f28999e44
Step 2: AVZ Fix
Disable your antivirus prior to this fix.
Copy the content of the code box below.
Open the folder you unzipped Autologger in. Double click the AVZ4 folder Right click AVZ run as admin. (Xp users Double Click)Code:begin SetServiceStart('TermService', 4); RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\ControlSet001\Control\Remote Assistance','fAllowToGetHelp', 0); RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\LSA','RestrictAnonymous', 2); DeleteService('MozillaMaintenance'); StopService('MozillaMaintenance'); DeleteFile('C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe','32'); DeleteFile('C:\windows\system32\diagtrack.dll','32'); DeleteFile('C:\windows\system32\MRT'); DeleteFile('C:\windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program'); DeleteFile('C:\windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver'); DeleteFile('C:\windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector'); DeleteFile('C:\windows\system32\tasks\Microsoft\Windows\RemoteAssistance'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\DiagTrack\Parameters','ServiceDll'); DeleteFile('C:\Program Files\Bonjour\mDNSResponder.exe','32'); DeleteFile('C:\windows\system32\Tasks\Microsoft\Windows\Application Experience\AitAgent','64'); DeleteFile('C:\windows\system32\Tasks\Microsoft\Windows\Media Center\mcupdate','64'); DeleteFile('C:\windows\system32\Tasks\Microsoft\Windows\Media Center\RecordingRestart','64'); RebootWindows(true); end.
Go to file – Custom Scripts.
Paste the content of your clipboard into the Custom Script Area.
Click the Run Button. https://pchelpforum.net/attachments/...7-23-png.1484/
The program will reboot your machine.
Step 3: Hijack This Fix.
Locate the HijackThis file within the Autologger folder, Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - MSConfig\startupfolder: C:^Users^Tonya^AppData^Roaming^Microsoft^Windows^S tart Menu^Programs^Startup^Intel(R) Turbo Boost Technology Monitor 2.0.lnk - C:\windows\pss\Intel(R) Turbo Boost Technology Monitor 2.0.lnk.Startup (2017/02/23)
O4 - MSConfig\startupreg:[CLMLServer] “C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe” (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[EPLTarget] (2017/02/23) (no file)
O4 - MSConfig\startupreg:[ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[Everything] “C:\Program Files\Everything\Everything.exe” -startup (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[IntelTBRunOnce] wscript.exe //b //nologo “C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs” (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[Persistence] C:\windows\system32\igfxpers.exe (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[RemoteControl10] “C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe” (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[ZAM] “C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe” /minimized (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[puush] C:\Program Files (x86)\puush\puush.exe (2017/02/23) (HKCU)
O18 - Pro-maintenancetocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file)
O22 - ScheduledTask: (Queued) ProgramDataUpdater - \Microsoft\Windows\Application Experience - C:\windows\system32\compattelrunner.exe
O22 - ScheduledTask: (Ready) ValidationTask - \Microsoft\Windows\Windows Activation Technologies - C:\windows\system32\Wat\WatAdminSvc.exe /run
O22 - ScheduledTask: (Ready) ValidationTaskDeadline - \Microsoft\Windows\Windows Activation Technologies - C:\windows\system32\schtasks.exe /run /I /TN “\Microsoft\Windows\Windows Activation Technologies\ValidationTask”
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Amazon Unbox Video Service - (ADVService) - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
Now click on fix checked.
After the fix is complete, then reboot your machine.
Comment
-
here is the ZOEK scan:
Zoek.exe v5.0.0.1 Updated 27-09-2015
===== Runcheck 9:19:06.05 =====Tool run by Tonya on Fri 02/24/2017 at 9:18:28.76.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Tonya\Desktop\zoek.exe [Scan all users] [Script inserted]
— Create Environment Variables 9:19:06.93
— Create System Restore Point 9:19:11.41
— Checking Input 9:19:23.20
— Reset Hosts File 9:19:43.74
— AU AppData Check 9:19:44.25
— Remove From Windows Installer 9:19:46.79
— Empty Folders Check 9:21:41.84
— Registry HKLM Software Check 9:21:41.85
— Quick Launch Shortcut Check 9:21:56.49
— IE Startpage Check 9:22:00.45
— Program Files DB Check 9:22:14.55
— C:\Users\Default\AppData\Roaming DB Check 9:22:49.34
— C:\Users\Default User\AppData\Roaming DB Check 9:22:49.34
— C:\Users\Tonya\AppData\Roaming DB Check 9:22:49.34
— C:\windows\SysNative\config\systemprofile\AppData\ Roaming DB Check 9:22:49.34
— C:\windows\sysWoW64\config\systemprofile\AppData\R oaming DB Check 9:22:49.34
— C:\windows\serviceprofiles\networkservice\AppData\ Roaming DB Check 9:22:49.34
— C:\windows\serviceprofiles\Localservice\AppData\Ro aming DB Check 9:22:49.34
— C:\Users\Tonya DB Check 9:24:31.01
— C:\PROGRA~3 DB Check 9:24:43.74
— C:\Users\Default\AppData\Local DB Check 9:24:47.11
— C:\Users\Default User\AppData\Local DB Check 9:24:47.11
— C:\Users\Tonya\AppData\Local DB Check 9:24:47.11
— C:\windows\SysNative\config\systemprofile\AppData\ Local DB Check 9:24:47.11
— C:\windows\sysWoW64\config\systemprofile\AppData\L ocal DB Check 9:24:47.11
— C:\windows\serviceprofiles\networkservice\AppData\ Local DB Check 9:24:47.11
— C:\windows\serviceprofiles\Localservice\AppData\Lo cal DB Check 9:24:47.11
— C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 9:26:01.89
— C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs DB Check 9:26:09.47
— Tasks DB Check 9:26:14.29
— Downloads DB Check 9:26:17.27
— C:\Users\Tonya\AppData\LocalLow DB Check 9:26:20.47
— C:\windows\SysNative\config\systemprofile\AppData\ LocalLow DB Check 9:26:20.47
— C:\windows\sysWoW64\config\systemprofile\AppData\L ocalLow DB Check 9:26:20.47
— C:\windows\serviceprofiles\networkservice\AppData\ LocalLow DB Check 9:26:20.47
— C:\windows\serviceprofiles\Localservice\AppData\Lo calLow DB Check 9:26:20.47
— Tasks2 DB Check 9:26:58.19
— Documents DB Check 9:27:20.87
— C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Pro files\pcw27saw.default DB Check 9:27:26.51
— C:\Users\Public\Desktop DB Check 9:27:28.27
— C:\Users\Tonya\Desktop DB Check 9:27:32.22
— Services DB Check 9:27:39.66
— FF prefs.js DB Check 9:28:13.37
— Emptyclsid 9:28:43.46
— Del by CLSID 9:28:45.35
— Delete Services 9:28:58.30
— Batch Commands 9:29:00.26
— Delete files\folders 9:29:00.47
— Create Backups 9:29:00.54
— Firefox Extensions 9:29:06.47Comment
-
Zoek was not complete, you will know when it is done when the machine reboots.Comment
-
Here is the ClearLNK log
OS: x64 Windows 7 Home Premium, 6.1.7601, Service Pack: 1ClearLNK by Alex Dragokas ver. 2.9.0.11
Time: 24.02.2017 - 14:41
Language: OS: EN (0x409). Display: EN (0x409). Non-Unicode: EN (0x409)
Elevated: Yes
User: Tonya (group: Administrator)
_____________________________ Begin of Log ______________________________
.
[DEL ] 7 “C:\Users\Tonya\AppData\Roaming\Microsoft\Word\Fin al%20Paper-2303246832432936426\Final%20Paper-2.docx.lnk” (target was not recovered)
.
[SKIP] 1 “C:\ProgramData{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.lnk” (shortcut was not found)
[SKIP] 2 “C:\Users\Tonya\Desktop\Desktop Icons\Best Buy Connect.lnk” (shortcut was not found)
[SKIP] 3 “C:\Users\Tonya\Desktop\Desktop Icons\Office Professional 2010 _1338550397971.lnk” (shortcut was not found)
[SKIP] 4 “C:\Users\Tonya\Desktop\Desktop Icons\Adobe Reader 9.lnk” (shortcut was not found)
[SKIP] 5 “C:\Users\Tonya\Desktop\Desktop Icons\Microsoft Office Download Manager_1338558656438.lnk” (shortcut was not found)
[SKIP] 6 “C:\Users\Tonya\Desktop\Desktop Icons\McAfee Security Scan Plus.lnk” (shortcut was not found)
.
______________________________ Statistics _______________________________
Cure ran per today: 1 times.
Total processed: 7
______________________________ End of Log _______________________________CRC32: E1EB385CCode:Deleted: 1 Omitted: 6Comment
-
How is the machine running?Comment
-
I let the zoek run for 16 hours and it is still running, is that normal?Comment
-
There were some files I could not find in the Hijack this list to fix. other than that I am done running all the scans. It seems to be running well.Comment
-
Happens sometimes…Originally posted by Cory
Glad to have helped!! Please tell a friend … or two about us. https://forum.windowsinstructed.com/...cons/smile.png
Optimize your internet connection.
Click here for instructions.
suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.
Also, keep your browsing private with these tools:
Self Destructing Cookies.
Self Destructing Cookies Chrome.
Some items to keep you safe on the internet.
VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.
Now Lets Clean up the tools we used and remove old restore points.
Download DelFix by “Xplode” to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:
Remove disinfection tools
Create registry backup
Purge System Restore
Now click on “Run” button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txtComment
-
is the windows security essentials adequate as a virus detector?Comment
-
IMO it is absolute trash!Originally posted by Cory
Here are couple of free antivirus that are really good. In order of my personal preference…
SecureAplus – Free for a year.
Panda Cloud Free.
Sophos Home – Good but a little heavy on resources.
360 Total Security
Add these to the above for solid protection…
VooDooShield. – Slightly annoying while it learns your machine, but after that a solid piece of software to have on your machine.
Ublock origin.
Anti Ad block Killer.
Ad Blocking DNS – Set this on your router to block most ads on all your devices.Comment
-
I agree just wanted to validate and find out what to use in it’s place. I appreciate your help. I always recommend this site!Comment
Comment