Can't go to a website: is "replaced" by another. (virus?)
Solved/Closed
DeidaraSmash
Posts
5
Registration date
Saturday February 9, 2013
Status
Member
Last seen
February 13, 2013
-
Feb 9, 2013 at 11:50 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - May 2, 2013 at 06:39 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - May 2, 2013 at 06:39 AM
22 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,165
Feb 9, 2013 at 04:54 PM
Feb 9, 2013 at 04:54 PM
Hi
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a system log.
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Click on ftp://zebulon.fr/no1
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message. Once installed, click on the "hardhat" icon, it allows to change the language.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
the tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).
4. Double click on the short cut ZHPDiag on your Destktop.
5. Click on the screwdriver icon and ensure all of the items are checked.
6. Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
7. Close ZHPDiag.
8. To transmit the report, click on this link :
https://authentification.site
9. Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
10. Select the file ZHPDiag.txt.
11. Click on "upload »
12. Copy the url and post it here.
Best regards
Ambucias
Moderator /Security Contributor
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a system log.
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Click on ftp://zebulon.fr/no1
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message. Once installed, click on the "hardhat" icon, it allows to change the language.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
the tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).
4. Double click on the short cut ZHPDiag on your Destktop.
5. Click on the screwdriver icon and ensure all of the items are checked.
6. Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
7. Close ZHPDiag.
8. To transmit the report, click on this link :
https://authentification.site
9. Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
10. Select the file ZHPDiag.txt.
11. Click on "upload »
12. Copy the url and post it here.
Best regards
Ambucias
Moderator /Security Contributor
DeidaraSmash
Posts
5
Registration date
Saturday February 9, 2013
Status
Member
Last seen
February 13, 2013
Feb 11, 2013 at 06:08 PM
Feb 11, 2013 at 06:08 PM
Hi,
here's the ZHPDiag.txt file: https://authentification.site/96REh/ZHPDiag.txt
I hope you'll find something in. Thank you already.
here's the ZHPDiag.txt file: https://authentification.site/96REh/ZHPDiag.txt
I hope you'll find something in. Thank you already.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,165
Feb 12, 2013 at 05:04 AM
Feb 12, 2013 at 05:04 AM
Hi,
Your system is indeed badly infected by adware, spyware and your host file has been redirected. This will require a major clean-up.
Please stand-by while I concoct a medicinal compound.
Your system is indeed badly infected by adware, spyware and your host file has been redirected. This will require a major clean-up.
Please stand-by while I concoct a medicinal compound.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,165
Feb 12, 2013 at 05:28 AM
Feb 12, 2013 at 05:28 AM
Hi again,
I was just taking another look at your log and notices a cracked application with a key generator.
As a Kioskea moderator, I must uphold the Charter's principal on legal software licences. In order for me to continue helping you, you must remove the application, which any way is a malware source. To give you a clue, it has to do with Sims.
Best regards
I was just taking another look at your log and notices a cracked application with a key generator.
As a Kioskea moderator, I must uphold the Charter's principal on legal software licences. In order for me to continue helping you, you must remove the application, which any way is a malware source. To give you a clue, it has to do with Sims.
Best regards
Didn't find the answer you are looking for?
Ask a question
DeidaraSmash
Posts
5
Registration date
Saturday February 9, 2013
Status
Member
Last seen
February 13, 2013
Feb 12, 2013 at 08:27 AM
Feb 12, 2013 at 08:27 AM
Hi,
I forgot I had those, a friend shared me these. I have uninstalled them, with some other software that could be against the chart ("The sims" was my fault, but I'm not the only user on this computer)
Here is a new ZHPDiag.txt file if needed: https://authentification.site/PrHAn/ZHPDiag.txt
I forgot I had those, a friend shared me these. I have uninstalled them, with some other software that could be against the chart ("The sims" was my fault, but I'm not the only user on this computer)
Here is a new ZHPDiag.txt file if needed: https://authentification.site/PrHAn/ZHPDiag.txt
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,165
Feb 12, 2013 at 04:33 PM
Feb 12, 2013 at 04:33 PM
Stand-by for the medicinal compound
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,165
Feb 12, 2013 at 04:56 PM
Feb 12, 2013 at 04:56 PM
The malware prevented from reaching the desired site by banning it.
1. Open Explorer (not to be confused with Internet Explorer)
2. Navigate to the following file:
windows/system64/drivers/etc/host
3. Open the host file using notepad.
4. Delete the following entries:
Hosts: 213.239.204.183 tera-europe.com
Hosts: 213.239.204.183 www.tera-europe.com
Hosts: 213.239.204.183 account.tera-europe.com
Hosts: 213.239.204.183 www.account.tera-europe.com
5. Click on file and click on save
6. Close all windows
7. Follow these instructions to remove Babylon:
http://ccm.net/faq/14594-how-to-get-rid-of-babylon-search-toolbar
8. Download Adwcleaner from Xplode. For Win 7 Click right to run as administrator.
9. Run the tool and click on delete.
10. Post the log in this thread. (You will find it : C:\Adwcleaner[Sx].txt )
Catch you later alligator
1. Open Explorer (not to be confused with Internet Explorer)
2. Navigate to the following file:
windows/system64/drivers/etc/host
3. Open the host file using notepad.
4. Delete the following entries:
Hosts: 213.239.204.183 tera-europe.com
Hosts: 213.239.204.183 www.tera-europe.com
Hosts: 213.239.204.183 account.tera-europe.com
Hosts: 213.239.204.183 www.account.tera-europe.com
5. Click on file and click on save
6. Close all windows
7. Follow these instructions to remove Babylon:
http://ccm.net/faq/14594-how-to-get-rid-of-babylon-search-toolbar
8. Download Adwcleaner from Xplode. For Win 7 Click right to run as administrator.
9. Run the tool and click on delete.
10. Post the log in this thread. (You will find it : C:\Adwcleaner[Sx].txt )
Catch you later alligator
DeidaraSmash
Posts
5
Registration date
Saturday February 9, 2013
Status
Member
Last seen
February 13, 2013
Feb 12, 2013 at 09:01 PM
Feb 12, 2013 at 09:01 PM
Hi again,
Here is the log of Adwcleaner: https://authentification.site/hNaY6/AdwCleaner-S1.txt
I almost can't believe it's Babylon again causing trouble on my computer. I thought i got rid of it, but it wasn't gone...
Thank you for all the help, and the quick response.
Here is the log of Adwcleaner: https://authentification.site/hNaY6/AdwCleaner-S1.txt
I almost can't believe it's Babylon again causing trouble on my computer. I thought i got rid of it, but it wasn't gone...
Thank you for all the help, and the quick response.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,165
Feb 13, 2013 at 05:17 AM
Feb 13, 2013 at 05:17 AM
I was not only Babylon, there was Price Gong, Crossrider, DVDVideosoft, opencandy, smartbar, Tuto4pc, escort, conduit and I am only naming a few. There were 136.
Babylon is most often tagged on other software you download. You have Babylon Translator.
The tool made a major clean-up.
If you edited the host file as I suggested, you should not be able to reach the site you wanted without being redirected to the pirate's site.
Bittorent and Peer2Peer Express Files are a major source of contamination and expose your system to intrusions.
Your antivirus is Avast which is far from the best. I suggest that you uninstall Malwarebyte, just install it again if needed. To avoid conflicts and false positive alerts, you should only one antivirus.
You may now remove Adwcleaner.
Please report on how your system is running now. If okay, we will close this case.
Bonne journée
Babylon is most often tagged on other software you download. You have Babylon Translator.
The tool made a major clean-up.
If you edited the host file as I suggested, you should not be able to reach the site you wanted without being redirected to the pirate's site.
Bittorent and Peer2Peer Express Files are a major source of contamination and expose your system to intrusions.
Your antivirus is Avast which is far from the best. I suggest that you uninstall Malwarebyte, just install it again if needed. To avoid conflicts and false positive alerts, you should only one antivirus.
You may now remove Adwcleaner.
Please report on how your system is running now. If okay, we will close this case.
Bonne journée
DeidaraSmash
Posts
5
Registration date
Saturday February 9, 2013
Status
Member
Last seen
February 13, 2013
Feb 13, 2013 at 07:48 AM
Feb 13, 2013 at 07:48 AM
Hi,
My computer is running perfectly now, I can access to the Tera website!
Really, thank you for all the help provided, I wouldn't have been able to think to delete the entries in the host file.
Bonne journée à vous!
My computer is running perfectly now, I can access to the Tera website!
Really, thank you for all the help provided, I wouldn't have been able to think to delete the entries in the host file.
Bonne journée à vous!
Porkchop
Posts
11
Registration date
Saturday April 27, 2013
Status
Member
Last seen
May 2, 2013
Apr 28, 2013 at 11:01 AM
Apr 28, 2013 at 11:01 AM
Hi there,
I could use the same help DeidaraSmash recieved. I followed your instructions and i hope you could help me out aswell.
Heres the ZHPdiag.txt file https://authentification.site/ktcX3/ZHPDiag.txt
I could use the same help DeidaraSmash recieved. I followed your instructions and i hope you could help me out aswell.
Heres the ZHPdiag.txt file https://authentification.site/ktcX3/ZHPDiag.txt
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,165
Apr 28, 2013 at 04:21 PM
Apr 28, 2013 at 04:21 PM
Standby
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,165
Apr 28, 2013 at 05:03 PM
Apr 28, 2013 at 05:03 PM
Hello Porkchop,
Your machine is badly infected with adware and also browser hyjacker. You have a total of 130 malware.
Who or what is Cooler Master ?
The source of all the malware is the peer-to-peer applications called Pando and Utorrent, I strongly suggest you delete Pando and UTorrent as after clean-up, you will again compromise your system's security and stability.
Your system is also vulnerable because you have Avast and McAfee. Both have scanning engines which may come in conflict, hence malware will go through or produce false positve. You must remove one of them.
For today, we will do two things:
1. Download and run adware cleaner.
2. Download and run malwarebyte.
Once you have done both steps above, I would like you to produce and upload a new ZHP Diag log which will help me to prescribe a final clean-up of residual malware such as the one in your Host file which redirects your browser.
ADWCleanerDownload the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.
Malwarebyte
Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Oink oink oink (Means catch you later)
Your machine is badly infected with adware and also browser hyjacker. You have a total of 130 malware.
Who or what is Cooler Master ?
The source of all the malware is the peer-to-peer applications called Pando and Utorrent, I strongly suggest you delete Pando and UTorrent as after clean-up, you will again compromise your system's security and stability.
Your system is also vulnerable because you have Avast and McAfee. Both have scanning engines which may come in conflict, hence malware will go through or produce false positve. You must remove one of them.
For today, we will do two things:
1. Download and run adware cleaner.
2. Download and run malwarebyte.
Once you have done both steps above, I would like you to produce and upload a new ZHP Diag log which will help me to prescribe a final clean-up of residual malware such as the one in your Host file which redirects your browser.
ADWCleanerDownload the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.
Malwarebyte
Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Oink oink oink (Means catch you later)
Porkchop
Posts
11
Registration date
Saturday April 27, 2013
Status
Member
Last seen
May 2, 2013
Apr 29, 2013 at 09:50 AM
Apr 29, 2013 at 09:50 AM
Hi again!
As answer to your first question: Cooler master is my computers name.
Pando and Utorrent has been deleted as you suggested.
I also uninstalled Mcafee and let avast stay as it was. Won't Malewarebyte crash with avast as mcafee did? as they both are scanning programs.
Malewarebyte Did not detect any harmfull software of any kind (i did a full scan) so there was nothing to delete.
Here is the new ZHP.diag txt file https://authentification.site/yBcx5/ZHPDiag.txt
Unfortunatly i have no idea how to post the ADWcleaner file as it hasn't a URL but is in Notepad.
I realy appriciate all the time and help you spend on me!
Cheers,
PS. Tenderloin is included!
As answer to your first question: Cooler master is my computers name.
Pando and Utorrent has been deleted as you suggested.
I also uninstalled Mcafee and let avast stay as it was. Won't Malewarebyte crash with avast as mcafee did? as they both are scanning programs.
Malewarebyte Did not detect any harmfull software of any kind (i did a full scan) so there was nothing to delete.
Here is the new ZHP.diag txt file https://authentification.site/yBcx5/ZHPDiag.txt
Unfortunatly i have no idea how to post the ADWcleaner file as it hasn't a URL but is in Notepad.
I realy appriciate all the time and help you spend on me!
Cheers,
PS. Tenderloin is included!
Porkchop
Posts
11
Registration date
Saturday April 27, 2013
Status
Member
Last seen
May 2, 2013
Apr 29, 2013 at 09:52 AM
Apr 29, 2013 at 09:52 AM
Just found out how haha.
Heres the ADWcleaner file https://authentification.site/EMfE9/AdwCleaner-S1.txt
Heres the ADWcleaner file https://authentification.site/EMfE9/AdwCleaner-S1.txt
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,165
Apr 29, 2013 at 04:40 PM
Apr 29, 2013 at 04:40 PM
Hello,
You may now delete Malwarebyte.
There is still some clean-up to do.
ZHP Diag created an Icon on your desktop called ZHP Fix.
1. Launch ZHP Fix
2. Copy the lines below and then click on the clipboard which will paste the lines you have copied.
3. Click on the "Go" button at the bottom left
Here are the lines:
O1 - Hosts: 213.239.204.183 tera-europe.com => Infection Hosts (Hosts.Redirection)?
O1 - Hosts: 159.253.18.161 download.frogster-online.com => Infection Hosts (Hosts.Redirection)?
O1 - Hosts: 213.239.204.183 www.tera-europe.com => Infection Hosts (Hosts.Redirection)?
O1 - Hosts: 159.253.18.161 account.tera-europe.com => Infection Hosts (Hosts.Redirection)?
O1 - Hosts: 213.239.204.183 www.account.tera-europe.com => Infection Hosts (Hosts.Redirection)?
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\OptimizerProUpdaterTask{9C7866A7-94DB-4399-B578-D602D7B1E185}.job [422] => Infection PUP (PUP.OptimizerPro)*
[MD5.00000000000000000000000000000000] [APT] [OptimizerProUpdaterTask{9C7866A7-94DB-4399-B578-D602D7B1E185}] (...) -- C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe (.not file.) [0] => Infection PUP (PUP.OptimizerPro)*
O42 - Logiciel: Search Assistant MocaFlix 1.66 - (...) [HKLM] -- SP_56ec1d15 => Infection PUP (Adware.Browse2Save)?
[HKCU\Software\SweetIM] => Infection PUP (PUP.SweetIM)*
[HKCU\Software\WNLT] => Infection PUP (Adware.IncrediBar)
[HKLM\Software\SweetIM] => Infection PUP (PUP.SweetIM)*
O43 - CFD: 2012-06-16 - 05:37:19 - [0] ----D C:\Users\COOLER MASTER\AppData\Local\Media Get LLC => Infection PUP (PUP.MediaGet)
O43 - CFD: 2012-06-16 - 05:37:36 - [28,730] ----D C:\Users\COOLER MASTER\AppData\Local\MediaGet2 => Infection PUP (PUP.MediaGet)
O43 - CFD: 2012-06-16 - 05:37:19 - [0] ----D C:\Users\COOLER MASTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2 => Infection PUP (PUP.MediaGet)
[MD5.97D252CAE2307E4538524B86326E9100] [SPRF][2012-07-23] (.iMesh Inc. - iMesh.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\iMesh_setup.exe [2436080] => Infection PUP (PUP.iMesh)*
[MD5.3AE0F11F3D91179443113CAB0F94F944] [SPRF][2013-02-05] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uninst1.exe [372736] => Infection PUP (Toolbar.Babylon)*
[MD5.7810AB1CF04E012469C141ABC693D3A7] [SPRF][2013-02-07] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\UpdateCheckerSetup.exe [295440] => Infection BT (Adware.MegaSearch)*
[HKCU\Software\SweetIM] => Infection PUP (PUP.SweetIM)*
[HKLM\Software\SweetIM] => Infection PUP (PUP.SweetIM)*
[HKCU\Software\WNLT] => Infection PUP (Adware.IncrediBar)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_56ec1d15] => Infection PUP (PUP.Mocaflix)
C:\Users\COOLER MASTER\AppData\Local\Media Get LLC => Infection PUP (PUP.MediaGet)
C:\Users\COOLER MASTER\AppData\Local\MediaGet2 => Infection PUP (PUP.MediaGet)
C:\Users\COOLER MASTER\AppData\Local\Temp\uninst1.exe => Infection BT (Toolbar.Babylon)
C:\Users\COOLER MASTER\AppData\Local\Temp\iMesh.ico => Infection PUP (PUP.iMesh)*
C:\Users\COOLER MASTER\AppData\Local\Temp\iMesh_setup.exe => Infection PUP (PUP.iMesh)*
C:\Users\COOLER MASTER\AppData\Local\Temp\NAG_iMesh.ini => Infection PUP (PUP.iMesh)*
C:\Users\COOLER MASTER\AppData\Local\Temp\GoogleToolbarInstaller1.log => Infection PUP (Toolbar.Babylon)
C:\Users\COOLER MASTER\AppData\Local\Temp\GoogleToolbarInstaller2.log => Infection PUP (Toolbar.Babylon)
C:\Users\COOLER MASTER\AppData\Local\Temp\UpdateCheckerSetup.exe
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} Orphean Key => Orphean Key not necessary
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab => System Requirements Lab
[MD5.00000000000000000000000000000000] [APT] [{1303D5C1-18F1-4C0E-95C1-F145B8B4F874}] (...) -- C:\Users\COOLER MASTER\Downloads\Gamez Aion Installer.exe (.not file.) [0] => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{1624914A-E1C5-45B8-B88D-1E6EA8544855}] (...) -- C:\Users\COOLER MASTER\Downloads\NCR1_install.exe (.not file.) [0] => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{D51C996B-4B99-4B88-845A-D1C589886873}] (...) -- C:\Program Files\Perfect World International\ROTFA-PW\uninstall.exe (.not file.) [0] => Fichier absent
[HKCU\Software\IncrediMail] => Messaging.Incredimail
[HKLM\Software\IncrediMail] => Messaging.Incredimail
O43 - CFD: 2012-09-09 - 22:13:01 - [0] ----D C:\Users\COOLER MASTER\AppData\Local\._Revolution_ => Empty Folder not necessary
O44 - LFC:[MD5.8EAE83A881EC5A9DE023506A90EC7221] - 2013-04-28 - 16:23:43 ---A- . (...) -- C:\Windows\IE10_main.log [8661] => Fichiers de rapport (Log)
O44 - LFC:[MD5.C1F113C97032DE2C024FD32054CA2ED6] - 2013-04-28 - 16:50:16 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_21-b11.log [3903] => Fichiers de rapport (Log)
O44 - LFC:[MD5.CEDAA1296F909C019792F9C9AAA45D28] - 2013-04-29 - 12:07:17 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [130] => Xplode - AdwCleaner DeleteOnReboot
O45 - LFCP:[MD5.B06D29B9F2D1F730A12DC2C64C8D5468] - 2013-04-28 - 15:25:48 ---A- - C:\Windows\Prefetch\TERA_DOWNLOADERROR_FIX.EXE-04FC6BF6.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.1A0ED754A6DEF55AB45B2FEFC2541AB7] - 2013-04-28 - 15:25:48 ---A- - C:\Windows\Prefetch\TERA_DOWNLOADERROR_FIX.TMP-2E32627A.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.011D5D85A7307597F2E9D1E6F3259598] - 2013-04-28 - 15:25:48 ---A- - C:\Windows\Prefetch\TERA_DOWNLOADERROR_FIX.TMP-8B3A7487.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.F025CBD7177F129342631EAB9FB3C13D] - 2013-04-28 - 15:40:55 ---A- - C:\Windows\Prefetch\TERA_PATCH_19_04_04-19_04_04_-5CD66EEB.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.AEFDF6B2104F5EAEC42390DF2FB9CA50] - 2013-04-28 - 15:40:58 ---A- - C:\Windows\Prefetch\TERA_PATCH_19_04_04-19_04_04_-6EB3AAE8.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.B1F2740EED5157080BD0228EF0ECA5E2] - 2013-04-28 - 15:40:58 ---A- - C:\Windows\Prefetch\TERA_PATCH_19_04_04-19_04_04_-7837665F.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.4894BBA5A60346F2DD8F3D7A5C85E7C9] - 2013-04-28 - 15:45:46 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-BB7FB91C.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.E17A1891487C7C91FC6CEBF4E9803EB9] - 2013-04-28 - 16:14:21 ---A- - C:\Windows\Prefetch\GUSE084.TMP-17239746.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.376D4C7968676DA5A617894D46406473] - 2013-04-28 - 16:23:51 ---A- - C:\Windows\Prefetch\NVUNRM.EXE-3037A2C4.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.C284A57FDFE46D38756C4EDC3851A975] - 2013-04-29 - 12:10:46 ---A- - C:\Windows\Prefetch\PERSONAL.EXE-AF18CDF2.pf => Fichier du dossier Prefetcher
[MD5.089966F62006BA94E540A9BBB3E6056A] [SPRF][2012-12-18] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\25829-662329-openoffice.exe [151801119] => Temporary file not necessary
[MD5.11D751D299B9ABDC77BFF4156C75C4CF] [SPRF][2013-02-07] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\bitool.dll [38480] => Temporary file not necessary
[MD5.067BECAFD5F884CEB2E86F766F965B5D] [SPRF][2013-04-05] (.Web Deals Interactive LLC - Installer.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\DropDownDeals_Setup-C4_2013_03_14.exe [1418136] => Temporary file not necessary
[MD5.FD6057B33E15A553DDC5D9873723CE8F] [SPRF][2011-06-27] (.Microsoft Corporation - DirectX 9.0 Web setup.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\dxwebsetup.exe [288088] => Temporary file not necessary
[MD5.04D68C71E2FD53556BFDBBA7B1BA9310] [SPRF][2012-05-15] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\nv3DVStreaming.dll [368448] => Temporary file not necessary
[MD5.EC49E08005AFBA2E425B2A5FAC9C6D3A] [SPRF][2012-01-07] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\Uninstaller-1164.exe [314784] => Temporary file not necessary
[MD5.8185457F9A211FA91CC9962B438DD5B4] [SPRF][2012-06-14] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\utt1D7A.tmp.bat [74] => Temporary file not necessary
[MD5.5341B9AC65621272BA66425FABDE085E] [SPRF][2012-12-04] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\utt9A9C.tmp.bat [98] => Temporary file not necessary
[MD5.5341B9AC65621272BA66425FABDE085E] [SPRF][2012-12-04] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\utt9DA8.tmp.bat [98] => Temporary file not necessary
[MD5.5007949F1DFD9C8186E21AD8AE4D5F82] [SPRF][2013-04-17] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttAA43.tmp.bat [98] => Temporary file not necessary
[MD5.5007949F1DFD9C8186E21AD8AE4D5F82] [SPRF][2013-04-17] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttADEB.tmp.bat [98] => Temporary file not necessary
[MD5.6C9AB0B99399AE3815844DFF6E2B66B2] [SPRF][2013-04-29] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttB54B.tmp.bat [77] => Temporary file not necessary
[MD5.2BE71120A0497563B8A2AF15C601415B] [SPRF][2012-12-12] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttEC91.tmp.bat [98] => Temporary file not necessary
[MD5.2BE71120A0497563B8A2AF15C601415B] [SPRF][2012-12-12] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttEE07.tmp.bat [98] => Temporary file not necessary
C:\Users\COOLER MASTER\AppData\Local\Temp\nsbD719.tmp => Temporary file not necessary
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.) => P2P.Pando
O43 - CFD: 2013-04-29 - 12:56:29 - [14,327] ----D C:\Users\COOLER MASTER\AppData\Roaming\uTorrent => P2P.µTorrent*
O43 - CFD: 2012-01-28 - 04:07:33 - [0] ----D C:\Users\COOLER MASTER\AppData\Local\uTorrent => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 14:53:36 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\dht.dat.old [4196] => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 14:53:36 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\rss.dat.old [99] => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 21:54:35 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\Java.Heat.2013.SWESUB.BDrip.xvid-SC666.torrent [28184] => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:11:18 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\resume.dat.old [20826] => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:12:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\dht.dat [4274] => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:12:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\dht_feed.dat.old [2] => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:12:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\rss.dat [99] => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:12:44 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\resume.dat [2447] => P2P.µTorrent*
O61 - LFC: 2013-04-29 - 11:51:03 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\dht_feed.dat [2] => P2P.µTorrent*
O61 - LFC: 2013-04-29 - 11:56:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\settings.dat [96118] => P2P.µTorrent*
O61 - LFC: 2013-04-29 - 11:56:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\settings.dat.old [96144] => P2P.µTorrent*
[MD5.5FC1063C1532F31A21012BA59C06A2EE] [SPRF][2013-04-17] (.BitTorrent Inc. - µTorrent.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttA822.tmp.exe [802136] => P2P.BitTorrent*
O87 - FAEL: "TCP Query User{0E1539C9-E98D-4CD6-AE76-586669150568}C:\users\cooler master\downloads\utorrent.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\cooler master\downloads\utorrent.exe (.not file.) => P2P.µTorrent*
O87 - FAEL: "UDP Query User{D1B0BBAE-59B1-4735-9C48-4F0AA2B28418}C:\users\cooler master\downloads\utorrent.exe" |In - Public - P17 - TRUE | .(...)
After the step above, your computer should be squeeky clean from malware and in top running shape.
Best regards
You may now delete Malwarebyte.
There is still some clean-up to do.
ZHP Diag created an Icon on your desktop called ZHP Fix.
1. Launch ZHP Fix
2. Copy the lines below and then click on the clipboard which will paste the lines you have copied.
3. Click on the "Go" button at the bottom left
Here are the lines:
O1 - Hosts: 213.239.204.183 tera-europe.com => Infection Hosts (Hosts.Redirection)?
O1 - Hosts: 159.253.18.161 download.frogster-online.com => Infection Hosts (Hosts.Redirection)?
O1 - Hosts: 213.239.204.183 www.tera-europe.com => Infection Hosts (Hosts.Redirection)?
O1 - Hosts: 159.253.18.161 account.tera-europe.com => Infection Hosts (Hosts.Redirection)?
O1 - Hosts: 213.239.204.183 www.account.tera-europe.com => Infection Hosts (Hosts.Redirection)?
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\OptimizerProUpdaterTask{9C7866A7-94DB-4399-B578-D602D7B1E185}.job [422] => Infection PUP (PUP.OptimizerPro)*
[MD5.00000000000000000000000000000000] [APT] [OptimizerProUpdaterTask{9C7866A7-94DB-4399-B578-D602D7B1E185}] (...) -- C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe (.not file.) [0] => Infection PUP (PUP.OptimizerPro)*
O42 - Logiciel: Search Assistant MocaFlix 1.66 - (...) [HKLM] -- SP_56ec1d15 => Infection PUP (Adware.Browse2Save)?
[HKCU\Software\SweetIM] => Infection PUP (PUP.SweetIM)*
[HKCU\Software\WNLT] => Infection PUP (Adware.IncrediBar)
[HKLM\Software\SweetIM] => Infection PUP (PUP.SweetIM)*
O43 - CFD: 2012-06-16 - 05:37:19 - [0] ----D C:\Users\COOLER MASTER\AppData\Local\Media Get LLC => Infection PUP (PUP.MediaGet)
O43 - CFD: 2012-06-16 - 05:37:36 - [28,730] ----D C:\Users\COOLER MASTER\AppData\Local\MediaGet2 => Infection PUP (PUP.MediaGet)
O43 - CFD: 2012-06-16 - 05:37:19 - [0] ----D C:\Users\COOLER MASTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2 => Infection PUP (PUP.MediaGet)
[MD5.97D252CAE2307E4538524B86326E9100] [SPRF][2012-07-23] (.iMesh Inc. - iMesh.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\iMesh_setup.exe [2436080] => Infection PUP (PUP.iMesh)*
[MD5.3AE0F11F3D91179443113CAB0F94F944] [SPRF][2013-02-05] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uninst1.exe [372736] => Infection PUP (Toolbar.Babylon)*
[MD5.7810AB1CF04E012469C141ABC693D3A7] [SPRF][2013-02-07] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\UpdateCheckerSetup.exe [295440] => Infection BT (Adware.MegaSearch)*
[HKCU\Software\SweetIM] => Infection PUP (PUP.SweetIM)*
[HKLM\Software\SweetIM] => Infection PUP (PUP.SweetIM)*
[HKCU\Software\WNLT] => Infection PUP (Adware.IncrediBar)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_56ec1d15] => Infection PUP (PUP.Mocaflix)
C:\Users\COOLER MASTER\AppData\Local\Media Get LLC => Infection PUP (PUP.MediaGet)
C:\Users\COOLER MASTER\AppData\Local\MediaGet2 => Infection PUP (PUP.MediaGet)
C:\Users\COOLER MASTER\AppData\Local\Temp\uninst1.exe => Infection BT (Toolbar.Babylon)
C:\Users\COOLER MASTER\AppData\Local\Temp\iMesh.ico => Infection PUP (PUP.iMesh)*
C:\Users\COOLER MASTER\AppData\Local\Temp\iMesh_setup.exe => Infection PUP (PUP.iMesh)*
C:\Users\COOLER MASTER\AppData\Local\Temp\NAG_iMesh.ini => Infection PUP (PUP.iMesh)*
C:\Users\COOLER MASTER\AppData\Local\Temp\GoogleToolbarInstaller1.log => Infection PUP (Toolbar.Babylon)
C:\Users\COOLER MASTER\AppData\Local\Temp\GoogleToolbarInstaller2.log => Infection PUP (Toolbar.Babylon)
C:\Users\COOLER MASTER\AppData\Local\Temp\UpdateCheckerSetup.exe
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} Orphean Key => Orphean Key not necessary
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab => System Requirements Lab
[MD5.00000000000000000000000000000000] [APT] [{1303D5C1-18F1-4C0E-95C1-F145B8B4F874}] (...) -- C:\Users\COOLER MASTER\Downloads\Gamez Aion Installer.exe (.not file.) [0] => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{1624914A-E1C5-45B8-B88D-1E6EA8544855}] (...) -- C:\Users\COOLER MASTER\Downloads\NCR1_install.exe (.not file.) [0] => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{D51C996B-4B99-4B88-845A-D1C589886873}] (...) -- C:\Program Files\Perfect World International\ROTFA-PW\uninstall.exe (.not file.) [0] => Fichier absent
[HKCU\Software\IncrediMail] => Messaging.Incredimail
[HKLM\Software\IncrediMail] => Messaging.Incredimail
O43 - CFD: 2012-09-09 - 22:13:01 - [0] ----D C:\Users\COOLER MASTER\AppData\Local\._Revolution_ => Empty Folder not necessary
O44 - LFC:[MD5.8EAE83A881EC5A9DE023506A90EC7221] - 2013-04-28 - 16:23:43 ---A- . (...) -- C:\Windows\IE10_main.log [8661] => Fichiers de rapport (Log)
O44 - LFC:[MD5.C1F113C97032DE2C024FD32054CA2ED6] - 2013-04-28 - 16:50:16 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_21-b11.log [3903] => Fichiers de rapport (Log)
O44 - LFC:[MD5.CEDAA1296F909C019792F9C9AAA45D28] - 2013-04-29 - 12:07:17 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [130] => Xplode - AdwCleaner DeleteOnReboot
O45 - LFCP:[MD5.B06D29B9F2D1F730A12DC2C64C8D5468] - 2013-04-28 - 15:25:48 ---A- - C:\Windows\Prefetch\TERA_DOWNLOADERROR_FIX.EXE-04FC6BF6.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.1A0ED754A6DEF55AB45B2FEFC2541AB7] - 2013-04-28 - 15:25:48 ---A- - C:\Windows\Prefetch\TERA_DOWNLOADERROR_FIX.TMP-2E32627A.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.011D5D85A7307597F2E9D1E6F3259598] - 2013-04-28 - 15:25:48 ---A- - C:\Windows\Prefetch\TERA_DOWNLOADERROR_FIX.TMP-8B3A7487.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.F025CBD7177F129342631EAB9FB3C13D] - 2013-04-28 - 15:40:55 ---A- - C:\Windows\Prefetch\TERA_PATCH_19_04_04-19_04_04_-5CD66EEB.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.AEFDF6B2104F5EAEC42390DF2FB9CA50] - 2013-04-28 - 15:40:58 ---A- - C:\Windows\Prefetch\TERA_PATCH_19_04_04-19_04_04_-6EB3AAE8.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.B1F2740EED5157080BD0228EF0ECA5E2] - 2013-04-28 - 15:40:58 ---A- - C:\Windows\Prefetch\TERA_PATCH_19_04_04-19_04_04_-7837665F.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.4894BBA5A60346F2DD8F3D7A5C85E7C9] - 2013-04-28 - 15:45:46 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-BB7FB91C.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.E17A1891487C7C91FC6CEBF4E9803EB9] - 2013-04-28 - 16:14:21 ---A- - C:\Windows\Prefetch\GUSE084.TMP-17239746.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.376D4C7968676DA5A617894D46406473] - 2013-04-28 - 16:23:51 ---A- - C:\Windows\Prefetch\NVUNRM.EXE-3037A2C4.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.C284A57FDFE46D38756C4EDC3851A975] - 2013-04-29 - 12:10:46 ---A- - C:\Windows\Prefetch\PERSONAL.EXE-AF18CDF2.pf => Fichier du dossier Prefetcher
[MD5.089966F62006BA94E540A9BBB3E6056A] [SPRF][2012-12-18] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\25829-662329-openoffice.exe [151801119] => Temporary file not necessary
[MD5.11D751D299B9ABDC77BFF4156C75C4CF] [SPRF][2013-02-07] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\bitool.dll [38480] => Temporary file not necessary
[MD5.067BECAFD5F884CEB2E86F766F965B5D] [SPRF][2013-04-05] (.Web Deals Interactive LLC - Installer.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\DropDownDeals_Setup-C4_2013_03_14.exe [1418136] => Temporary file not necessary
[MD5.FD6057B33E15A553DDC5D9873723CE8F] [SPRF][2011-06-27] (.Microsoft Corporation - DirectX 9.0 Web setup.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\dxwebsetup.exe [288088] => Temporary file not necessary
[MD5.04D68C71E2FD53556BFDBBA7B1BA9310] [SPRF][2012-05-15] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\nv3DVStreaming.dll [368448] => Temporary file not necessary
[MD5.EC49E08005AFBA2E425B2A5FAC9C6D3A] [SPRF][2012-01-07] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\Uninstaller-1164.exe [314784] => Temporary file not necessary
[MD5.8185457F9A211FA91CC9962B438DD5B4] [SPRF][2012-06-14] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\utt1D7A.tmp.bat [74] => Temporary file not necessary
[MD5.5341B9AC65621272BA66425FABDE085E] [SPRF][2012-12-04] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\utt9A9C.tmp.bat [98] => Temporary file not necessary
[MD5.5341B9AC65621272BA66425FABDE085E] [SPRF][2012-12-04] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\utt9DA8.tmp.bat [98] => Temporary file not necessary
[MD5.5007949F1DFD9C8186E21AD8AE4D5F82] [SPRF][2013-04-17] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttAA43.tmp.bat [98] => Temporary file not necessary
[MD5.5007949F1DFD9C8186E21AD8AE4D5F82] [SPRF][2013-04-17] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttADEB.tmp.bat [98] => Temporary file not necessary
[MD5.6C9AB0B99399AE3815844DFF6E2B66B2] [SPRF][2013-04-29] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttB54B.tmp.bat [77] => Temporary file not necessary
[MD5.2BE71120A0497563B8A2AF15C601415B] [SPRF][2012-12-12] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttEC91.tmp.bat [98] => Temporary file not necessary
[MD5.2BE71120A0497563B8A2AF15C601415B] [SPRF][2012-12-12] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttEE07.tmp.bat [98] => Temporary file not necessary
C:\Users\COOLER MASTER\AppData\Local\Temp\nsbD719.tmp => Temporary file not necessary
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.) => P2P.Pando
O43 - CFD: 2013-04-29 - 12:56:29 - [14,327] ----D C:\Users\COOLER MASTER\AppData\Roaming\uTorrent => P2P.µTorrent*
O43 - CFD: 2012-01-28 - 04:07:33 - [0] ----D C:\Users\COOLER MASTER\AppData\Local\uTorrent => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 14:53:36 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\dht.dat.old [4196] => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 14:53:36 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\rss.dat.old [99] => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 21:54:35 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\Java.Heat.2013.SWESUB.BDrip.xvid-SC666.torrent [28184] => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:11:18 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\resume.dat.old [20826] => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:12:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\dht.dat [4274] => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:12:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\dht_feed.dat.old [2] => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:12:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\rss.dat [99] => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:12:44 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\resume.dat [2447] => P2P.µTorrent*
O61 - LFC: 2013-04-29 - 11:51:03 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\dht_feed.dat [2] => P2P.µTorrent*
O61 - LFC: 2013-04-29 - 11:56:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\settings.dat [96118] => P2P.µTorrent*
O61 - LFC: 2013-04-29 - 11:56:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\settings.dat.old [96144] => P2P.µTorrent*
[MD5.5FC1063C1532F31A21012BA59C06A2EE] [SPRF][2013-04-17] (.BitTorrent Inc. - µTorrent.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttA822.tmp.exe [802136] => P2P.BitTorrent*
O87 - FAEL: "TCP Query User{0E1539C9-E98D-4CD6-AE76-586669150568}C:\users\cooler master\downloads\utorrent.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\cooler master\downloads\utorrent.exe (.not file.) => P2P.µTorrent*
O87 - FAEL: "UDP Query User{D1B0BBAE-59B1-4735-9C48-4F0AA2B28418}C:\users\cooler master\downloads\utorrent.exe" |In - Public - P17 - TRUE | .(...)
After the step above, your computer should be squeeky clean from malware and in top running shape.
Best regards
Porkchop
Posts
11
Registration date
Saturday April 27, 2013
Status
Member
Last seen
May 2, 2013
Apr 29, 2013 at 05:12 PM
Apr 29, 2013 at 05:12 PM
Hi again,
You will not belive it but i still can't access tera europe. The same rumanian site pops up like before. I saw that you wrote to deidara to change his hosts file and take away the following:
213.239.204.183 tera-europe.com
159.253.18.161 download.frogster-online.com
213.239.204.183 www.tera-europe.com
159.253.18.161 account.tera-europe.com
213.239.204.183 www.account.tera-europe.com
somehow i can't delete it, it saids i need the administrators approval and im the only administrator there is so im completely lost mate.
Hope you find a solution.
Cheers!
You will not belive it but i still can't access tera europe. The same rumanian site pops up like before. I saw that you wrote to deidara to change his hosts file and take away the following:
213.239.204.183 tera-europe.com
159.253.18.161 download.frogster-online.com
213.239.204.183 www.tera-europe.com
159.253.18.161 account.tera-europe.com
213.239.204.183 www.account.tera-europe.com
somehow i can't delete it, it saids i need the administrators approval and im the only administrator there is so im completely lost mate.
Hope you find a solution.
Cheers!
Porkchop
Posts
11
Registration date
Saturday April 27, 2013
Status
Member
Last seen
May 2, 2013
Apr 29, 2013 at 05:19 PM
Apr 29, 2013 at 05:19 PM
Hi again
Thought you might need it:
ZHPfix results https://authentification.site/2eRAY/ZHPFixReport.txt
Best regards
Thought you might need it:
ZHPfix results https://authentification.site/2eRAY/ZHPFixReport.txt
Best regards
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,165
Apr 29, 2013 at 05:55 PM
Apr 29, 2013 at 05:55 PM
Oink, oink
I did'nt think that I needed it but I did !
You should no longer get redirected when linking to tera Europe as it seems that your Host file has been cleaned. If not let me know.
We will now clean your registry and that should be it.
I suggest you download, install and run this totally free yet very efficient registry cleaner :
https://ccm.net/download/download-13339-eusing-free-registry-cleaner
You can use the above tool once a month to keep the system in top shape.
Regards
I did'nt think that I needed it but I did !
You should no longer get redirected when linking to tera Europe as it seems that your Host file has been cleaned. If not let me know.
We will now clean your registry and that should be it.
I suggest you download, install and run this totally free yet very efficient registry cleaner :
https://ccm.net/download/download-13339-eusing-free-registry-cleaner
You can use the above tool once a month to keep the system in top shape.
Regards
Porkchop
Posts
11
Registration date
Saturday April 27, 2013
Status
Member
Last seen
May 2, 2013
May 1, 2013 at 08:43 AM
May 1, 2013 at 08:43 AM
Hi!
It wont work! tried scanning and repairing with the program you linked above and still no results.. Im running out of hope to be honest, seems like tera dosn't want me to visit them.
Thanks though mate, if you get any new ideas please do tell.
Peace
It wont work! tried scanning and repairing with the program you linked above and still no results.. Im running out of hope to be honest, seems like tera dosn't want me to visit them.
Thanks though mate, if you get any new ideas please do tell.
Peace