New
#11
Appreciate all the help Layback Bear and Jacee. I was about to reinstall windows 7. haven't reinstall since i bought the pc over 3 years ago. haven't had a problem until now. i do have a may 2014 backup with shadow protect.
Appreciate all the help Layback Bear and Jacee. I was about to reinstall windows 7. haven't reinstall since i bought the pc over 3 years ago. haven't had a problem until now. i do have a may 2014 backup with shadow protect.
May I also suggest:
1.) Download herdprotect: (choose the portable version)
Download herdProtect - Free Anti-Malware Platform
2.) Run the scan.
3.) When the scan finishes, save the results per the screenshot below. Then upload the log here.
DO NOT REMOVE ANYTHING YET. I will advise if anything needs removed when I receive the log.
Attached Images
I ran the scan.
It's here https://copy.com/2iF7vjXfjnEdjTQ3.
It wouldn't let me paste it in the forum because there were too many characters.
Remove the following:
On each item click action-remove
After removing the below items, restart the pc. Then run a new herdprotect scan and post a new log. You should be able to upload it using the paperclip on the forum with no trouble as many others have. I also suggest deleting this folder: c:\users\jim\desktop\_ycaao5.shr
This program looks like a back door trojan.
If an item you want to keep is there, or if you think the detection is false tell me about it.
This is info for the detected object:
http://www.herdprotect.com/infixpro....dcc645050.aspx
Code:File path: c:\users\jim\appdata\roaming\thinstall\infixpro 3.36\40000055800002i\infixpro.exe Publisher: MD5: 24c217a10a96eaa3a0a9bee5215f6386 SHA-1: bbfcdb0805463b1ad23dce09cbc725edcc645050 Created: 6/29/2014 7:55:08 PM Detections: 10
Code:File path: c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\hypersnap.6.70.01\hypersnap_portable_6.70.01_en-de-fr-hu-pl-ru.paf.exe Publisher: PortableAppZ.blogspot.com MD5: add6f8939508c7771bb582ebd13c20a7 SHA-1: 48c8c868b703b2c81355b146177c5503aaf0c14a Created: 8/30/2014 6:33:06 PM Detections: 13
Code:File path: c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\ie8.portable\ie8.exe Publisher: Microsoft Corporation MD5: b5be2cf02d6aaa8f1321b66e0ba44cfa SHA-1: 9e42724110cf0397a52bc406a165f84bf1dbf2da Created: 8/30/2014 6:33:06 PM Detections: 26
Code:File path: c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\your uninstaller! 2006 v5.0.0.335 (thinstalled).exe Publisher: URSoft,Inc MD5: 6ef60de69848c8466740c1df33949170 SHA-1: ac15ae5676b8d25569ef7c934c5d6e60fee7576b Created: 8/30/2014 6:33:00 PM Detections: 5
Code:File path: c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\vista-shutdowntimer.exe Publisher: Flo MD5: 379949e6e2c03c4da74e7c40a9e187e2 SHA-1: ca1477a5deaface9f4d09aadc59df67d4a867384 Created: 8/30/2014 6:33:00 PM Detections: 4Code:File path: c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\perfect uninstaller 6.3.3.2 portable.exe Publisher: MD5: af15f0981167fcd39099e2564f6082f9 SHA-1: 69edcc830910d5a1655e1fdc9fb2e24fe5c231d8 Created: 8/30/2014 6:33:00 PM Detections: 3
Code:File path: c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\jv16 powertools 2009 v1.9.0.598 portable.exe Publisher: MD5: baf9c85274d2125070afe365a1d039e7 SHA-1: f67722057efa5ca4e4f7be9cd573468e96357515 Created: 8/30/2014 6:33:00 PM Detections: 5
Code:File path: c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\hjsplit.exe Publisher: MD5: 8ae02e041e81cc74b539278169cade16 SHA-1: 445669a2cdb90b08eec9149fc930c5ab681fac22 Created: 8/30/2014 6:33:00 PM Detections: 5Code:File path: c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\amazing photo editor 5.6 portable.exe Publisher: MD5: 81af0fb447bcc94fba32f5f7f11dfcca SHA-1: dd50dc1608831e4b62b7e2d25d85954e6097515a Created: 8/30/2014 6:33:00 PM Detections: 3
Code:File path: c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\advanced uninstaller pro v9.6 portable.exe Publisher: MD5: 838aa8e64deeb52a64d940539640299e SHA-1: 3665ebb2688eb66d50005a6a4c8448bb72a1fd2b Created: 8/30/2014 6:32:59 PM Detections: 6
Where did you get winrar from?
Code:File path: c:\program files\winrar\winrar.exe Publisher: Alexander Roshal MD5: 495891843cb0bd7cab70ae6b97ba0660 SHA-1: ff7511f39bef3d174f1678e5e90f13821733f99c Created: 11/8/2013 11:31:15 AM Detections: 4
Please download AdwCleaner by Xplode and save to your Desktop.
Step 1.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.- Click on the Scan button.
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
- The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
- Copy and paste the contents of that logfile in your next reply.
- A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Step 2.
Using AdwCleaner v3: Scan & Clean:
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder
******Post both .txt logs
It's bedtime. I'll follow the above 2 steps tomorrow.
i restarted the pc. here's the new herdprotect scan log.
It's deleted.I also suggest deleting this folder: c:\users\jim\desktop\_ycaao5.shr
________________
i can't run step 2 until i know if it's safe to delete the below files.Using AdwCleaner v3: Scan & Clean:
i ran adwcleaner.exe. these files are legit -
C:\Program Files (x86)\NCH Software
C:\ProgramData\NCH Software
these files i'm not sure about.
C:\END
C:\Windows\System32\roboot64.exe
C:\ProgramData\Device
here's the 2nd adwcleaner scan log.
I'd like you to scan your machine with ESET OnlineScan
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan- Click the button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Check
- Click the button.
- Accept any security warnings from your browser.
- Check
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
- Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- Push the button.
- Push