[Phel]

Step 1. MBAM scan.

Run Malwarebytes Anti-Malware.

• Go to the Update tab.
• Click on the Check for updates button. New small window should appear.
• If an update is found, it will download and install the latest definitions.
• Go back to the Scanner tab.
• Select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• Click the green ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
  then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Then click on: Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

So, please, don't forget to post in your next message:

• ESET Online Scanner's log
• MBAM log

[Advertisements]

I ran ESET; the instructions stated the following:
When completed select Uninstall application on close, make sure you copy the logfile first! Then click on: Finish
When I viewed the logfile, it contained only the following:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
vtmckoy :: VTMCKOY-PC [administrator]

9/12/2013 5:51:34 AM
mbam-log-2013-09-12 (05-51-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226230
Time elapsed: 5 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\vtmckoy\Downloads\7zip_installer_d162802.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\vtmckoy\Downloads\freefileviewer_2_1283.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\vtmckoy\Downloads\movie_player_1280.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\vtmckoy\Downloads\mplayer_tuguu_1271.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.

(end)

[vtmckoy]

I ran ESET; the instructions stated the following:
When completed select Uninstall application on close, make sure you copy the logfile first! Then click on: Finish
When I viewed the logfile, it contained only the following:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
vtmckoy :: VTMCKOY-PC [administrator]

9/12/2013 5:51:34 AM
mbam-log-2013-09-12 (05-51-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226230
Time elapsed: 5 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\vtmckoy\Downloads\7zip_installer_d162802.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\vtmckoy\Downloads\freefileviewer_2_1283.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\vtmckoy\Downloads\movie_player_1280.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\vtmckoy\Downloads\mplayer_tuguu_1271.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.

(end)

[Phel]

Okay, do you still have any problems?

[vtmckoy]

No, I am not. All of the initial symptoms and behavior that I saw are all gone. I just wanted to make sure that my laptop is completely clean. Thank you.

[Phel]

Congratulations, your PC is clean now.

However, you need to follow some important steps to remove tools and prevent infection again.

Warning! You have Windows Sidebar enabled.

Windows Sidebar is used for beautiful and informative widgets, whose take a place on your Desktop. This feature is really useful and nice for users. But it has one big minus - Windows Sidebar has a very dangerous vulnerability, which allows malware to exploit your PC and infect it. Because this vulnerability couldn't be fixed, there is only one way to protect your computer from attack - disable Windows Sidebar. So, I strongly recommend you to disable Sidebar.

To learn more about this problem and how to disable Windows Sidebar, please, visit this site.

Step 1. Uninstalling Programs.

• Open Start menu.
• Click on Control Panel.
• Click on Programs and Features. New window should appear.
• Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

• ESET Online Scanner
• Malwarebytes Anti-Malware

Step 2. Uninstall AdwCleaner.

• Run AdwCleaner on your Desktop.
• Click Uninstall button.
• AdwCleaner will be removed from your computer.

Step 3. CleanUp.

Run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  
  

  :Commands
  [EMPTYTEMP]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• After reboot run OTL again.
• Click on CleanUp button.
• OTL will be removed from your computer.

Here are some recommendations for you, how to stay safe in the internet.

• Keep your system up-to-date. It will increase your protection level, because sometimes malware can use system vulnerabilities.
  
  To learn more, how to turn Automatic Updates on, if you haven't turned it on before, click here.
  
• Keep another software up-to-date too. Malware can often use third party software vulnerabilities.
  
  You can monitor news about vulnerabilities or just simply install software, which will scan your computer for outdated and vulnerable software versions. If outdated version is found, this software will notify you about it and even install updates automatically.
  
  One of these programs is Secunia Personal Software Inspector. It requires installation, you can learn more about it here. This software also has online version - Secunia Online Software Inspector. It's Java applet, which requires Java Runtime Environment. You can learn more about it here.
  
  Another good program is FileHippo.com Update Checker. It requires installation and it scans your computer very rapidly. You can learn more about it here.
  
• Keep your antivirus software always up-to-date.
  
  Turn on automatic definition updates for your antivirus, if you haven't turned it on before, it's a basis of protection. Don't forget to keep your antivirus engine version up-to-date, new versions usually have advanced functionality. They can clean and prevent infections more effectively, than outdated versions.
  
• Use limited user account. It will considerably increase your level of protection.
  
  90% of Malware won't work under limited user account, because they need administrator priveleges. If you are using Windows XP, then you can use DropMyRights while you are surfing in the internet. If you are using Windows 7/Vista, then you'll need to create new User with limited rights.
  
• Invent strong and long passwords for your accounts, if you want to keep your personal and confidential data in safety.
  
  Sometimes malware have very dangerous functionality - they can crack your passwords. Please, set very strong password for your administrator account in Windows, then malware won't harm your PC. Here you can find a nice tutorial, how to create strong passwords. For each account in the internet create individual password.

Hope that these recommendations will help you and you will avoid malware infections in the future. Good luck and safe web to you!