Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems with Ads and sites that open automatically [Solved]


  • This topic is locked This topic is locked

#16
jonatanoliveira

jonatanoliveira

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Sleepy Dude,´

Sorry for my delay in answering but I was in Portugal without internet and time to come here....Sorry about that. But now I'm back :)

So as you asked here are the files:

MBAM-log-2014-01-14 (23-14-52):
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versão da base de dados: v2014.01.14.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Admin :: USER [administrador]

14/01/2014 23:01:29
MBAM-log-2014-01-14 (23-14-52).txt

Tipo de pesquisa: Rápida
Opções de pesquisa activadas: Memoria | Arranque | Registo | Sistema de Ficheiros | Heurísticos/Extra | Heurísticos/Shuriken | PPI | MPI
Opções de pesquisa desactivadas: P2P
Objectos verificados: 275774
Tempo decorrido: 10 minuto(s), 48 segundo(s)

Processos de memória Detectados: 0
(Nenhum item malicioso detectado)

Módulos de Memória Detectados: 0
(Nenhum item malicioso detectado)

Chaves do Registo Detectadas: 3
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Nenhuma acção tomada.
HKCU\Software\iVIDI Plugin (PUP.Optional.Ividi.A) -> Nenhuma acção tomada.
HKCU\Software\AmiExt\IE plugin (PUP.Optional.Amonetize.A) -> Nenhuma acção tomada.

Valores do Registo Detectados: 0
(Nenhum item malicioso detectado)

Itens de dados do Registo Detectados: 0
(Nenhum item malicioso detectado)

Pastas Detectadas: 0
(Nenhum item malicioso detectado)

Ficheiros Detectados: 0
(Nenhum item malicioso detectado)

(fim)

C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt:
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a8286fb459f1c5409ba9fa4e42309add
# engine=16655
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-15 12:49:48
# local_time=2014-01-15 12:49:48 (+0000, Hora padrão de GMT)
# country="Portugal"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 9291278 49253099 0 0
# scanned=153399
# found=9
# cleaned=0
# scan_time=5338
sh=0BCD7C82649F2BF0113AC7EF9B422DEA4D8E43D8 ft=1 fh=be15d68c6edf3624 vn="a variant of Win32/AdWare.BetterSurf.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Better-Surf\ie\BetterSrf.dll.vir"
sh=4770D1F0088980F05D62DCE6BE26305A7238DE50 ft=1 fh=e04ab126fa3aa292 vn="Win32/Adware.EoRezo.AS application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\tuto4pc_pt_24\predm.exe.vir"
sh=9C45C611573D521D4F9933ACC29DF053335C36D8 ft=1 fh=0b953844c2de0934 vn="Win32/Adware.EoRezo.AS application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\tuto4pc_pt_24\Download\cylupd_pt_24.exe.vir"
sh=F37FDAAD49B857DC99DCEDB9603915502237F567 ft=1 fh=ae37f09b0a9f5c78 vn="a variant of Win32/ELEX.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\eIntaller\A2194A4C69B445e68A376A002EF79399\eXQ.exe.vir"
sh=39D252240D0506ED77EB4AFDC77774DF654FE657 ft=1 fh=bc9873c7efe3c3b7 vn="a variant of Win32/Toolbar.Visicom.B application" ac=I fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll"
sh=90FCC15E3F905070B82B9B6AF8AFBA5C95E0833C ft=1 fh=6bfac13377072c90 vn="a variant of Win32/Toolbar.Visicom.A application" ac=I fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll"
sh=E76EA070AD321DAE71D3A0256FE88E484DCB9FFD ft=1 fh=68d72de984b0597b vn="a variant of Win32/Toolbar.Visicom.C application" ac=I fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe"
sh=666FCB0DC635AF7BA075E48C8F8C72A16DD30A67 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M application" ac=I fn="C:\ProgramData\InstallMate\{AFDE4C1D-B51D-4677-A49C-FD3F743D6EEB}\Custom.dll"
sh=666FCB0DC635AF7BA075E48C8F8C72A16DD30A67 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M application" ac=I fn="C:\ProgramData\InstallMate\{D8753340-BAC9-4646-A4AD-F2EB039611B6}\Custom.dll"
[email protected] as downloader log:
all ok
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a8286fb459f1c5409ba9fa4e42309add
# engine=16667
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-15 11:04:27
# local_time=2014-01-15 11:04:27 (+0000, Hora padrão de GMT)
# country="Portugal"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 9371357 49333178 0 0
# scanned=292046
# found=13
# cleaned=0
# scan_time=11421
sh=0BCD7C82649F2BF0113AC7EF9B422DEA4D8E43D8 ft=1 fh=be15d68c6edf3624 vn="a variant of Win32/AdWare.BetterSurf.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Better-Surf\ie\BetterSrf.dll.vir"
sh=4770D1F0088980F05D62DCE6BE26305A7238DE50 ft=1 fh=e04ab126fa3aa292 vn="Win32/Adware.EoRezo.AS application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\tuto4pc_pt_24\predm.exe.vir"
sh=9C45C611573D521D4F9933ACC29DF053335C36D8 ft=1 fh=0b953844c2de0934 vn="Win32/Adware.EoRezo.AS application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\tuto4pc_pt_24\Download\cylupd_pt_24.exe.vir"
sh=F37FDAAD49B857DC99DCEDB9603915502237F567 ft=1 fh=ae37f09b0a9f5c78 vn="a variant of Win32/ELEX.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\eIntaller\A2194A4C69B445e68A376A002EF79399\eXQ.exe.vir"
sh=39D252240D0506ED77EB4AFDC77774DF654FE657 ft=1 fh=bc9873c7efe3c3b7 vn="a variant of Win32/Toolbar.Visicom.B application" ac=I fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll"
sh=90FCC15E3F905070B82B9B6AF8AFBA5C95E0833C ft=1 fh=6bfac13377072c90 vn="a variant of Win32/Toolbar.Visicom.A application" ac=I fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll"
sh=E76EA070AD321DAE71D3A0256FE88E484DCB9FFD ft=1 fh=68d72de984b0597b vn="a variant of Win32/Toolbar.Visicom.C application" ac=I fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe"
sh=666FCB0DC635AF7BA075E48C8F8C72A16DD30A67 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M application" ac=I fn="C:\ProgramData\InstallMate\{AFDE4C1D-B51D-4677-A49C-FD3F743D6EEB}\Custom.dll"
sh=666FCB0DC635AF7BA075E48C8F8C72A16DD30A67 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M application" ac=I fn="C:\ProgramData\InstallMate\{D8753340-BAC9-4646-A4AD-F2EB039611B6}\Custom.dll"
sh=666FCB0DC635AF7BA075E48C8F8C72A16DD30A67 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M application" ac=I fn="C:\Users\All Users\InstallMate\{AFDE4C1D-B51D-4677-A49C-FD3F743D6EEB}\Custom.dll"
sh=666FCB0DC635AF7BA075E48C8F8C72A16DD30A67 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M application" ac=I fn="C:\Users\All Users\InstallMate\{D8753340-BAC9-4646-A4AD-F2EB039611B6}\Custom.dll"
sh=B6F9D211A575B167F1793994A4DA909B37706278 ft=1 fh=a80181f394c49539 vn="Win32/Toolbar.Babylon.T application" ac=I fn="C:\_OTL\MovedFiles\12302013_012919\C_Program Files\Reimage\Reimage Repair\ReimageRepair.exe"
sh=3B2C90B0A0AF44B405D746E437ACBE2DA1E5E741 ft=1 fh=d0e8a9f046f91a20 vn="a variant of Win32/TrojanDownloader.Agent.AFD trojan" ac=I fn="C:\_OTL\MovedFiles\12312013_125844\c_programdata\QuickSet\GS.Enabler\GS.Enabler.exe"

checkup.txt:
Results of screen317's Security Check version 0.99.79
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Ad-Aware Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Visual Studio Extensions for Windows Library for JavaScript
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader XI
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.1.5152.0\AdAwareService.exe
Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.1.5152.0\AdAwareTray.exe
Admin Desktop RemoçãoVirusAds SecurityCheck.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


P.S. 1) the file C:\Program Files\ESET\ESET Online Scanner\log.txt was not generated.
P.S 2) I reinstall the utorrent.

Edited by jonatanoliveira, 16 January 2014 - 07:20 AM.

  • 0

Advertisements


#17
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts
Hi Jonata,

P.S. 1) the file C:\Program Files\ESET\ESET Online Scanner\log.txt was not generated.

Sorry about that I forget to remove the line that doesn't apply to your Operating System.

P.S 2) I reinstall the utorrent.

Please don't use uTorrent until I state that your computer is clean because you could easily download new malware and reinfect the computer.


Your logs are looking better and we are almost done, but there are yet some steps for you...


Step 1 - Malwarebytes
  • close all the other running programs, specially the Web browser
  • execute Malwarebytes Posted Image again
  • let's make sure the program is updated, click on tab Update next click the Check for Updates button
  • return to the Scanner tab and select the option Perform quick scan then click the Scan button
  • when the scan finish click the Show Results button to view the results
  • make sure that everything listed is Checked (right click and choose Select All) then click on the Remove Selected button
  • after the removal process Notepad with open showing the log, please Copy & Paste the contents into your next reply
Notes:
- If MBAM encounters a file that is difficult to remove, you will be presented with some prompts, click OK to accept them and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately;
- after restart you can find the MBAM log executing the program again and accessing the Logs tab, make sure you select the more recent one and click Open then Copy & Paste the log contents into your next reply;


Step 2 - Run OTL Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

  • Right click on the icon Posted Image and choose Run as Administrator to execute the tool. Make sure all other windows are closed.
    Do not change any other settings unless otherwise told to do so.
  • Under the Posted Image box at the bottom, paste in the following:
    :Commands
    [CreateRestorePoint]
    
    :Files
    C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar
    C:\ProgramData\InstallMate
    C:\Users\All Users\InstallMate
    
    :Commands
    [EmptyTemp]
    
  • click the Posted Image button at the top. Let the program run uninterrupted.
  • click OK
Notes:
  • When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.


Step 3 - Update Programs

From the Security Check log there are some critical programs that you need to update:

» Remove Java 7 Update 25 (64-bit)
You have Java 7 Update 25 (64-bit) installed, this version of Java is outdated! and usually only the 32-bit version is needed, my advise is to remove it.
Please open Start > Control Panel > Uninstall a program or Programs and Features if in Classic View, locate Java 7 Update 25 (64-bit) on the list and uninstall it.

» Update Java 7 Update 45 (32-bit)
Your version of Java Runtime is outdated!
WARNING: In light of the recent events surrounding Java that is constantly target by malware, users must seriously consider their use of Java.
Do you really need it? If yes, go to the Java download page and click from the link Windows Offline this file will not include any unneeded extras like the ASK Toolbar. When java is installed its extremely important to update immediately when you get a notification pop-up from the Java Updater.

For safety you can have Java installed but disabled in your browsers and only enable it when you need it. You can Enable/Disable Java by executing the following steps:
Click the Start button Posted Image > Control Panel > Java/Java (32-bit) or Programs if in Classic View, click the Security tab and uncheck the box Enable Java content in the browser and click OK
Posted Image


Things I would like to see in your next reply:
  • The MBAM log
  • The OTL Fix log

  • 0

#18
jonatanoliveira

jonatanoliveira

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Sleepy Dude, How are you? fine I hope :)

As you ask I'm pasting the contentes of the log files.

mbam-log-2014-01-19 (00-07-05):
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versão da base de dados: v2014.01.18.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Admin :: USER [administrador]

19/01/2014 00:07:05
mbam-log-2014-01-19 (00-07-05).txt

Tipo de pesquisa: Rápida
Opções de pesquisa activadas: Memoria | Arranque | Registo | Sistema de Ficheiros | Heurísticos/Extra | Heurísticos/Shuriken | PPI | MPI
Opções de pesquisa desactivadas: P2P
Objectos verificados: 276907
Tempo decorrido: 10 minuto(s), 54 segundo(s)

Processos de memória Detectados: 0
(Nenhum item malicioso detectado)

Módulos de Memória Detectados: 0
(Nenhum item malicioso detectado)

Chaves do Registo Detectadas: 3
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Movido para a quarentena e eliminado com sucesso.
HKCU\Software\iVIDI Plugin (PUP.Optional.Ividi.A) -> Movido para a quarentena e eliminado com sucesso.
HKCU\Software\AmiExt\IE plugin (PUP.Optional.Amonetize.A) -> Movido para a quarentena e eliminado com sucesso.

Valores do Registo Detectados: 0
(Nenhum item malicioso detectado)

Itens de dados do Registo Detectados: 0
(Nenhum item malicioso detectado)

Pastas Detectadas: 0
(Nenhum item malicioso detectado)

Ficheiros Detectados: 0
(Nenhum item malicioso detectado)

(fim)

01192014_002053:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\components folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels\js folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\locale\toolbar folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\locale\lib folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\locale folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\data\search folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\data folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\widgets\net.vmn.www.ToolbarCleaner folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\widgets\net.vmn.www.SecuredSearch folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\widgets\net.vmn.www.BrowserDataCleaner folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\widgets\com.mystart.BrowserHistoryCleaner folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\newtab folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome\content folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar folder moved successfully.
C:\ProgramData\InstallMate\{D8753340-BAC9-4646-A4AD-F2EB039611B6} folder moved successfully.
C:\ProgramData\InstallMate\{AFDE4C1D-B51D-4677-A49C-FD3F743D6EEB} folder moved successfully.
C:\ProgramData\InstallMate\87639814 folder moved successfully.
C:\ProgramData\InstallMate\0A8EB78E folder moved successfully.
C:\ProgramData\InstallMate folder moved successfully.
File\Folder C:\Users\All Users\InstallMate not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 110820922 bytes
->Temporary Internet Files folder emptied: 228208767 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6965199 bytes
->Flash cache emptied: 595 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MSSQL$SQLEXPRESS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MSSQLFDLauncher$SQLEXPRESS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ReportServer$SQLEXPRESS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1813258 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 11260 bytes
RecycleBin emptied: 1497954951 bytes

Total Files Cleaned = 1 760,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01192014_002053

Files\Folders moved on Reboot...
File\Folder C:\Users\Admin\AppData\Local\Temp\OICE_60AA0EBA-C4B6-495E-9FE6-13E74CE5D313.0\58C690B. not found!
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I only disabled the Update Java 7 Update 45 (32-bit). is it better unistall it instead of disable it?

Thank you
Best regards
  • 0

#19
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Hi Sleepy Dude, How are you? fine I hope :)

I'm fine Thanks. So are you one of those Portugueses forced to look for work outside?

I only disabled the Update Java 7 Update 45 (32-bit). is it better unistall it instead of disable it?

Yes you can disable Java on the browser but it's also important to keep it updated by following the steps from my last post.

Did you uninstall the Java 64-Bit version?

If you are going to do the IRS in short-term you will need Java (32-bit) enabled... :ph34r:


Let me know if you did the update or if you have any other question before I post the final steps.
  • 0

#20
jonatanoliveira

jonatanoliveira

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi,

Yes I am one of those Portuguese that "followed" the Government advice to move abroad and work outsider :)

I uninstall the Java 64-Bit version but the Java 7 Update 45 (32-bit I only disabled. Should I unistall too? Or keep both updated?

Thank you.
Best regards.
  • 0

#21
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

I uninstall the Java 64-Bit version but the Java 7 Update 45 (32-bit I only disabled. Should I unistall too? Or keep both updated?


No need to uninstall but make sure you keep it update, the latest version is Java 7 Update 51
  • 0

#22
jonatanoliveira

jonatanoliveira

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Sleepy Dude,

I've updated the Java 7 Update 51. But it was not necessary to agree with the agreement lisence as normal happens.....
Anyway I think its updated already, so lets go forward in our mission? :)
  • 0

#23
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts
Hello Jonata,

Yes I am one of those Portuguese that "followed" the Government advice to move abroad and work outsider :)

That sucks...

I've updated the Java 7 Update 51. But it was not necessary to agree with the agreement lisence as normal happens.....

Good.

I have good news, your logs seems clean to me! Good job :thumbsup:

Now before you go I would like to remove the tools we use and give you some final recommendations.

Step 1 - Empty The System Restore

Remove old Restore Points and create a New Clean Restore Point.
  • Right click on the icon Posted Image and choose Run as Administrator to execute the tool. Make sure all other windows are closed and to let it run uninterrupted.
    Do not change any other settings unless otherwise told to do so.
  • Under the Posted Image box at the bottom, paste in the following:
    :Files
    %systemroot%\sysnative\vssadmin.exe delete shadows /for=c: /all /quiet /c
    
    :Commands
    [CreateRestorePoint]
    
  • click the Posted Image button at the top
    Notes:
  • when done OTL will show a windows with Fix Complete!, click OK to access the report.
  • Copy & Paste the result in your next reply and not as attachment.


Step 2 - Remove the Tools we use

» OTL
  • Double-click the OTL Icon Posted Image on the Desktop to start the program
    (Accept the UAC prompt to allow changes to the computer).
  • click the Posted Image button. Accept the prompt to Reboot.
» AdwCleaner
  • Double-click then AdwCleaner Icon on the Desktop to run the program.
    (Accept the UAC prompt to allow changes to the computer).
  • click the Uninstall button
» Uninstall ESET On-line Scanner
  • Please open Start > Control Panel > Uninstall a program or Programs and Features if in Classic View, locate ESET On-line Scanner on the list and uninstall because it's no longer needed.
» Security Check
  • Delete SecurityCheck.exe and checkup.txt from the Desktop.
» Others
  • Delete any other Program, .log, .txt, file created on the Desktop during the cleaning process.


Step 3 - How to prevent new infections

To protect your computer from being infected again its very important to keep Windows Updated and all the programs related with the internet, Web Browser, Flash Player, Adobe Reader and Java only to mention the most targeted by today security exploits. Follow the instructions below to keep these critical programs updated:
    • Windows and Internet Explorer
      To keep Windows and Internet Explorer updated make sure you have Windows Update enabled on the Control Panel applet, follow the instructions for Windows 7 on this MS article How to configure and use Automatic Updates in Windows or use the FixIt tool provided.
    • Antivirus and Antimalware programs
      Make sure you have a Antivirus program always updated and running.
      Sometimes Antivirus can miss some malware, when that happens its good to have Malwarebytes free installed, Update and run weekly to keep your system clean. Malwarebytes is also good to revert some system changes made by the malware.
    • Enable the Windows Firewall
      No system can be considered safe if not protected by a Firewall. If you are connected to the Internet by a Router you should check its configuration and make sure the firewall is active.
      If you connect by modem or to a open Local Network you should enable the Windows 7 built-in firewall.
    • Adobe Flash Player
      To update Adobe Flash Player accept any prompt to update or manually initiate the update by opening Start Menu > Settings > Control Panel open the applet called Flash Player, on the Advanced tab click the Check Now button. Accept any prompt to install an updated version.
    • Adobe Reader
      Adobe Reader, can be updated if you Open Adobe Reader from the Start Menu, when the program full load click on the Help menu next click the Check for updates now option. Follow the prompts to install any new update.
    • Java Runtime
      When java is installed its extremely important to update immediately when you get a notification pop-up from the Java Updater. Or update manually by opening the Start Menu > Settings > Control Panel, open the applet called Java on the Update tab click the Update Now button. The program will prompt you to install any new updated version available.
      Every time you update Java make sure you uncheck the box asking to Install the Ask Toolbar and make Ask my default search provider
  • Keep Installed Programs Up to Date
    It's important to keep all other programs on your computer updated because they can also have security vulnerability explored by the malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications to fix vulnerabilities, this can be done manually by using the Update feature included in most programs or you can use one of the following programs to help you with this task:
  • Surf the Net with extra Security
    Every web browser is a target for malware, the bad guys are always trying to explorer security holes to infect the computers, and this is especially true for Internet Explorer because is one of the most used. Using alternatives like Mozilla Firefox or Google Chrome can help protecting your computer from infections.
    You can add a extra layer of protection to your web browser by installing two add-ons AdBlockPlus and Web Of Trust (WOT).

:alarm: Security Alert :alarm:

Eventually you may not know but there is a new threat that's currently doing the rounds called Cryptolocker. This is a particularly nasty piece of work as it scans your files for certain file types (*.doc, *.pdf, *.xls, *.jpg, *.odt, and many more) and encrypts them, rendering the files worthless unless you have a decryption key that is generated by the malware specifically for your computer and sent to the Cryptolocker creators. This kind of malware is called RansomWare because they hold the key and ask for a ransom (about $300 USD) to unlock your files, also there is no warranty that you will actually recover your files!

There is no way to guarantee that you are 100% secure against the Cryptolocker threat because the malware is constantly evolving. Presently there is a tiny utility that you can install to minimize the risk called CryptoPrevent, it will set some windows policy restrictions to block the execution of the malware.

Posted Image

The tool can be downloaded here. More information about Cryptolocker can be found on the following topic @bleepingcomputer.com.


::: Some final recommendations :::
Best Regards and have a Safe surfing! :wave:
  • 0

#24
jonatanoliveira

jonatanoliveira

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi SleepyDude,

Are you ok? I hope so....

So as you have asked here the OTL log file:

========== FILES ==========
< %systemroot%\sysnative\vssadmin.exe delete shadows /for=c: /all /quiet /c >
No captured output from command...
C:\Users\Admin\Desktop\RemoçãoVirusAds\cmd.bat deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01242014_130511

I've updated the other softwares that you asked me to but I had already unistalled the Java 64. So I've just updated the Java 32 bits.
Now I have 2 questions:
1) would you recomend me a good and free anti vírus? I'm using the Ad-Aware Antivírus. Do you know it? is it good?

2) How can I start to learn fix this kind of problems by my self? like: How to know which script to build and run (like the one above that you run on OTL Custom scan/fixes). And how to interpret the log files generated by OTL or Malware bytes? Any tutorial??

Thank you.
Best regards
  • 0

#25
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts
Hi Jonatan,

Are you ok? I hope so....

I'm fine thanks.

I've updated the other softwares that you asked me to but I had already unistalled the Java 64. So I've just updated the Java 32 bits.
Now I have 2 questions:

Good.

1) would you recomend me a good and free anti vírus? I'm using the Ad-Aware Antivírus. Do you know it? is it good?

I don't know very well the new Ad-Aware Antivirus. I notice the program includes a not so good component AdAware SecureSearch Toolbar!
We usually recommend Avast Antivirus Free it provides a good protection level. Avast is free but you need to register by providing a valid e-mail address to activate the program, and repeat this process every year and carefully choose the free version.

2) How can I start to learn fix this kind of problems by my self? like: How to know which script to build and run (like the one above that you run on OTL Custom scan/fixes). And how to interpret the log files generated by OTL or Malware bytes? Any tutorial??


Here at GeeksToGo there is a Training Course that you can apply to learn all that and more :)
To find more about the Course check those links:
- Would you like to learn to fight malware?
- About Geek University – An Introduction

If you have more questions feel free to ask.
  • 0

Advertisements


#26
jonatanoliveira

jonatanoliveira

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi SleepyDude,

Thank you very much for your help and tips :)
See you Best regards
  • 0

#27
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Hi SleepyDude,

Thank you very much for your help and tips :)
See you Best regards

Hi,

You are more than welcome.

I hope you find out there everything you hoped. ;)

Regards.
  • 0

#28
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP