unstopz.biz

Hello,

Can you share a screenshot of this warning message from your antivirus ?

Thanks,

I downloaded the Lightshot and screenshot it. Now I don't know how to post it here! Sorry I'm a newbie...

Hello,

You can host the picture here : https://up2sha.re/ and copy/paste the generated link.

Thanks a lot. I never found the upload button, only the link one. By the way, this is the link of the screenshot:

https://up2sha.re/file?f=VeVNdA5WuLVW

Hello,

Great, thanks.

Can you do a scan with AdwCleaner please ? (at the end, copy/paste the generated logfile)

The documentation is here : https://toolslib.net/forum/viewthread/182-en-adwcleaner-documentation/

Best regards,

I just scanned and it found nothing.

This is the Log:

# AdwCleaner v5.201 - Logfile created 22/07/2016 at 21:31:39 # Updated 30/06/2016 by ToolsLib # Database : 2016-07-21.2 [Server] # Operating system : Windows 7 Ultimate Service Pack 1 (X64) # Username : win7 - WIN7-PC # Running from : C:\Users\Public\Videos\Sample Videos\New folder\Ostalo\ADW Cleaner.exe # Option : Scan # Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2927 bytes] - [08/06/2016 13:59:55] C:\AdwCleaner\AdwCleaner[C2].txt - [1404 bytes] - [08/07/2016 11:06:53] C:\AdwCleaner\AdwCleaner[S1].txt - [3319 bytes] - [08/06/2016 13:57:18] C:\AdwCleaner\AdwCleaner[S2].txt - [960 bytes] - [08/06/2016 17:39:16] C:\AdwCleaner\AdwCleaner[S3].txt - [1298 bytes] - [08/07/2016 11:03:59] C:\AdwCleaner\AdwCleaner[S4].txt - [1184 bytes] - [20/07/2016 19:25:46] C:\AdwCleaner\AdwCleaner[S5].txt - [1105 bytes] - [22/07/2016 21:31:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1178 bytes] ##########

Ok.

Can you generate a ZHPDiag logreport to get more informations on your system ?

• Download ZHPDiag from Nicolas on his website
• Then run it with administrator's rights (with right click)
• Then upload the log file on up2share (you will find it on your desktop, just drop the file on the upload zone)
• Then post the link in your reply

Best regards,

The link of requested file: https://up2sha.re/file?f=lDPjoX1buETA

It says that Lightshot causes malware. Not even a word about unstopz. Help!

By the way, what is "TData.exe.vir"?

My antivirus listed that as a variant of Win32/ELEX.IN potentially unwanted application.

It is in Adwcleaner/FileQuarantine folder

Hello,

Thanks.

I'm taking care of the logfile in the coming day and I'll keep you informed.

Regards,

So? Have you found something yet?

Hello,

I'm so sorry, I'm working on it right now, you'll get an answer in the coming minutes.

So,

Once again, sorry for the delay.

• Please download ZHPFix - Go on the download page of ZhpFix, click on the blue button "Download Now".
• Launch it with right click : "launch as administrator",
• Follow the instructions during the installation.
• Then click on the shortcut for ZhpFix on your desktop, and as usual, launch it as administrator.
• Select "Import"
• Copy & paste the following lines including "Script ZHPFix" to "EmptyPrefetch":

Script ZHPFix:

O23 - Service: Thevsh Host (Thevshhostsrv) . (...) - C:\Program Files (x86)\Thevsh\Thevshhostsrv.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [TaskName] (...) -- Task To Run (.not file.)   [0] (.Activate.)
[MD5.909B16C6A51B5036DD70297ACA4C1CDA] [APT] [update-S-1-5-21-3904431602-2798071659-3457786416-1000] (.Copyright 2009.) -- C:\Program Files (x86)\Skillbrains\Updater\Updater.exe   [105112] (.Activate.)
[MD5.909B16C6A51B5036DD70297ACA4C1CDA] [APT] [update-sys] (.Copyright 2009.) -- C:\Program Files (x86)\Skillbrains\Updater\Updater.exe   [105112] (.Activate.)
O39 - APT: update-S-1-5-21-3904431602-2798071659-3457786416-1000 - (.Copyright 2009.) -- C:\Windows\Tasks\update-S-1-5-21-3904431602-2798071659-3457786416-1000.job  [386]
O39 - APT: update-sys - (.Copyright 2009.) -- C:\Windows\Tasks\update-sys.job  [386]
O39 - APT: update-S-1-5-21-3904431602-2798071659-3457786416-1000 - (.Copyright 2009.) -- C:\Windows\System32\Tasks\update-S-1-5-21-3904431602-2798071659-3457786416-1000  [3258]
O39 - APT: update-sys - (.Copyright 2009.) -- C:\Windows\System32\Tasks\update-sys  [3282]
O4 - HKLM\..\Wow6432Node\Run: [Lightshot] . (.Copyright 2009 - Starter Module.) -- C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O42 - Logiciel: Lightshot-5.4.0.1 - (.Skillbrains.) [HKLM][64Bits] -- {30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
HKLM\SOFTWARE\Wow6432Node\Skillbrains
HKCU\SOFTWARE\SkillBrains
O43 - CFD: 22/07/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
HKLM\SOFTWARE\Wow6432Node\Skillbrains
HKCU\SOFTWARE\SkillBrains
EmptyTemp
EmptyFlash
EmptyPrefetch

• Then click on Go (3) to launch the tool.
• It will ask you to confirm, just do it !
• At the end, a report named ZHPFixReport.txt will be created and saved on your desktop. Please copy/paste it in your answer here.

Then, please tell me if you still face any issues.

By the way, what is "TData.exe.vir"?

My antivirus listed that as a variant of Win32/ELEX.IN potentially unwanted application.

It is in Adwcleaner/FileQuarantine folder

---

Vladimir2000, 2016-07-23 18:57:22 (UTC)

You AV detected some malicious element AdwCleaner quarantined in a previous clean process. It's inactive, so nothing to worry about.

Best regards,

Hello, so you haven't forgotten about this.

The script is same in the program, so copying didn't change a thing.

It removed Lightshot and Recycle Bin files but unstopz is still here somehow.

I uploaded file to https://up2sha.re/file?f=W6sj3JX6YePl , for convinience.

Hello,

Thanks.

Hm, we'll try to get more informations:

• Download FRST
• Right-click on the file -> "Execute as Administrator"
• Click on the "Scan" button
• The logfile is saved as FRST.txt , and additional informations are in Addition.txt.
• Please host them on Up2Share and share the generated links.

Regards,

Here are the links:

https://up2sha.re/file?f=CfHrLZXmiz84

https://up2sha.re/file?f=hmnO7RnGl58Z

Ok, it's better.

1. Can you relaunch AdwCleaner and do a scan ? Then, share the generated logfile
2. Download the file fixlist.txt and save it as "fixlist.txt" to the Desktop or where FRST is located.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

• Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Regards,

First, the generated logfile is:

# AdwCleaner v5.201 - Logfile created 05/08/2016 at 08:53:30 # Updated 30/06/2016 by ToolsLib # Database : 2016-08-04.3 [Server] # Operating system : Windows 7 Ultimate Service Pack 1 (X64) # Username : win7 - WIN7-PC # Running from : C:\Users\Public\Videos\Sample Videos\New folder\Ostalo\ADW Cleaner.exe # Option : Scan # Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2927 bytes] - [08/06/2016 13:59:55] C:\AdwCleaner\AdwCleaner[C2].txt - [1404 bytes] - [08/07/2016 11:06:53] C:\AdwCleaner\AdwCleaner[S1].txt - [3319 bytes] - [08/06/2016 13:57:18] C:\AdwCleaner\AdwCleaner[S2].txt - [960 bytes] - [08/06/2016 17:39:16] C:\AdwCleaner\AdwCleaner[S3].txt - [1298 bytes] - [08/07/2016 11:03:59] C:\AdwCleaner\AdwCleaner[S4].txt - [1184 bytes] - [20/07/2016 19:25:46] C:\AdwCleaner\AdwCleaner[S5].txt - [1257 bytes] - [22/07/2016 21:31:39] C:\AdwCleaner\AdwCleaner[S6].txt - [1178 bytes] - [05/08/2016 08:53:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1251 bytes] ##########

For number two this is the link: https://up2sha.re/file?f=AmUJmOagpQBY

And the antivirus doesn't seem to show notifications. I guess it's done! Thanks a lot!

If the notification appears I will notice you.

Hello,

Great ! Thanks for your patience.

So, to conclude, if the computer seems stable, please proceed below. Otherwise, don't do the following instructions but telle me what's wrong.

We'll remove all the used tools :

• Download DelFix from Xplode on your desktop.
• Launch it with administrator rights.
• Select all the option except the one proposing to save the registry.
• Then click on the "Execute" button.
• When everything is finish, the software will close itself.
• Then a report appear on the notepad, please copy paste it's content in your answer.

Then, we'll reordonate the files stored on the hard drive. It will be faster to access them :

1. Download Defraggler here
2. Follow the instructions to install and launch the software.
3. In the program's window, click on [Defragment]. The process can take a few hours to complete. It's advised not to use the computer during the operation (to make it more efficient)
4. At the end, just reboot the computer

Best regards,