[Phel]

Step 1. MBAM scan.

Run Malwarebytes Anti-Malware.

• Go to the Update tab.
• Click on the Check for updates button. New small window should appear.
• If an update is found, it will download and install the latest definitions.
• Go back to the Scanner tab.
• Select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• Click the green ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
  then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Then click on: Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

So, please, don't forget to post in your next message:

• ESET Online Scanner's log
• MBAM log

[Advertisements]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7adf47605d59b641aaf265e783c54546
# engine=15799
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-11-07 09:59:38
# local_time=2013-11-07 04:59:38 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 0 220469106 0 0
# scanned=255293
# found=2
# cleaned=2
# scan_time=10891
sh=AE3AAC674C49C6742E2C577AB06726F1CE172CB1 ft=1 fh=8b575a5f318647dd vn="a variant of Java/JShrink.A application (deleted - quarantined)" ac=C fn="C:\Program Files\PDF Split Or Merge\PDF Split Or Merge.exe"
sh=898B9C1A0C1C57053FF00AE02D4B8F01F1C8E93B ft=0 fh=0000000000000000 vn="Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\user\AppData\Roaming\8CEFB4323FDEFC030B001678C90BE9E4\enemies-names.txt"

[Serine]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7adf47605d59b641aaf265e783c54546
# engine=15799
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-11-07 09:59:38
# local_time=2013-11-07 04:59:38 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 0 220469106 0 0
# scanned=255293
# found=2
# cleaned=2
# scan_time=10891
sh=AE3AAC674C49C6742E2C577AB06726F1CE172CB1 ft=1 fh=8b575a5f318647dd vn="a variant of Java/JShrink.A application (deleted - quarantined)" ac=C fn="C:\Program Files\PDF Split Or Merge\PDF Split Or Merge.exe"
sh=898B9C1A0C1C57053FF00AE02D4B8F01F1C8E93B ft=0 fh=0000000000000000 vn="Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\user\AppData\Roaming\8CEFB4323FDEFC030B001678C90BE9E4\enemies-names.txt"

[Serine]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.07.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
user :: OWNER [administrator]

11/7/2013 5:54:44 PM
mbam-log-2013-11-07 (17-54-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 276313
Time elapsed: 14 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Phel]

Do you still have any problems?

[Serine]

No I do not, thanks to you.
Thank you so much for your help.

[Phel]

Okay, then one more step now:

Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[Serine]

Results of screen317's Security Check version 0.99.76
Windows Vista Service Pack 1 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 45
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (25.0)
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

[Phel]

Oh, terribly sorry for my delay. I didn't have an access to the internet for some time.

Congratulations, your PC is clean now.

However, you need to follow some important steps to remove tools and prevent infection again.

Warning! I have noticed, that you are using P2P (Peer-to-peer)-programs.

I see that you have installed program, called uTorrent. This program is classified as P2P-program - program, which is downloading content (movies, music, programs and etc.) via P2P-networks (torrents). P2P-networks are a huge source of malware, so you can easily pick up it.

So, I strongly recommend you to remove this program from your computer. If you don't want to remove this program from your computer, please, at least be very careful, what are you downloading from torrents.

Warning! You have Windows Sidebar enabled.

Windows Sidebar is used for beautiful and informative widgets, whose take a place on your Desktop. This feature is really useful and nice for users. But it has one big minus - Windows Sidebar has a very dangerous vulnerability, which allows malware to exploit your PC and infect it. Because this vulnerability couldn't be fixed, there is only one way to protect your computer from attack - disable Windows Sidebar. So, I strongly recommend you to disable Sidebar.

To learn more about this problem and how to disable Windows Sidebar, please, visit this site.

Step 1. Updating vulnerable programs.

Some important software on your computer is outdated, which could contain vulnearbilities. That could lead to re-infection. So, please, update the following programs:

• Windows Vista Service Pack 2
• Internet Explorer 9
• Adobe Reader

Step 2. Uninstalling Programs.

• Open Start menu.
• Click on Control Panel.
• Click on Programs and Features. New window should appear.
• Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

• ESET Online Scanner
• Malwarebytes Anti-Malware
• uTorrent - optional.

Step 3. Uninstall AdwCleaner.

• Run AdwCleaner on your Desktop.
• Click Uninstall button.
• AdwCleaner will be removed from your computer.

Step 4. CleanUp.

Run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  
  

  :Commands
  [EMPTYTEMP]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• After reboot run OTL again.
• Click on CleanUp button.
• OTL will be removed from your computer.

Here are some recommendations for you, how to stay safe in the internet.

• Keep your system up-to-date. It will increase your protection level, because sometimes malware can use system vulnerabilities.
  
  To learn more, how to turn Automatic Updates on, if you haven't turned it on before, click here.
  
• Keep another software up-to-date too. Malware can often use third party software vulnerabilities.
  
  You can monitor news about vulnerabilities or just simply install software, which will scan your computer for outdated and vulnerable software versions. If outdated version is found, this software will notify you about it and even install updates automatically.
  
  One of these programs is Secunia Personal Software Inspector. It requires installation, you can learn more about it here. This software also has online version - Secunia Online Software Inspector. It's Java applet, which requires Java Runtime Environment. You can learn more about it here.
  
  Another good program is FileHippo.com Update Checker. It requires installation and it scans your computer very rapidly. You can learn more about it here.
  
• Keep your antivirus software always up-to-date.
  
  Turn on automatic definition updates for your antivirus, if you haven't turned it on before, it's a basis of protection. Don't forget to keep your antivirus engine version up-to-date, new versions usually have advanced functionality. They can clean and prevent infections more effectively, than outdated versions.
  
• Use limited user account. It will considerably increase your level of protection.
  
  90% of Malware won't work under limited user account, because they need administrator priveleges. If you are using Windows XP, then you can use DropMyRights while you are surfing in the internet. If you are using Windows 7/Vista, then you'll need to create new User with limited rights.
  
• Invent strong and long passwords for your accounts, if you want to keep your personal and confidential data in safety.
  
  Sometimes malware have very dangerous functionality - they can crack your passwords. Please, set very strong password for your administrator account in Windows, then malware won't harm your PC. Here you can find a nice tutorial, how to create strong passwords. For each account in the internet create individual password.

Hope that these recommendations will help you and you will avoid malware infections in the future. Good luck and safe web to you!

[Serine]

No worries and thank you so much for your help

[Phel]

You are welcome.

Do you have any questions for me, before I'll close this topic?

[Phel]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.