Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Ad ware, weather alerts, redirections, survey pop ups

Started by kolchak , Jan 15 2014 09:01 AM

Please log in to reply

#16
kolchak

Posted 02 February 2014 - 09:33 AM

Member

Topic Starter
Member
38 posts

here is the report -I will start on other processes today.
thanks again

ll processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named CltMngSvc was found to stop!
Service\Driver key CltMngSvc not found.
File C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe not found.
HKU\S-1-5-21-1220945662-562591055-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Unable to set value : HKEY_USERS\S-1-5-21-1220945662-562591055-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
Registry key HKEY_USERS\S-1-5-21-1220945662-562591055-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ not found.
File C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Folder C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\ not found.
File C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja\1.150_0 folder moved successfully.
File C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
File C:\Program Files\Java\jre6\bin\ssv.dll not found.
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FastMediaConverter.lnk scheduled to be moved on reboot.
File C:\Program Files\FastMediaConverter\FastMediaConverterApp.exe not found.
File move failed. C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk scheduled to be moved on reboot.
File C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe not found.
File move failed. C:\Documents and Settings\User\Start Menu\Programs\Startup\Weather Alerts.lnk scheduled to be moved on reboot.
File C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
File C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll not found.
C:\Program Files\Re-Markable folder moved successfully.
Folder C:\Documents and Settings\All Users\Start Menu\Programs\Fast Media Converter\ not found.
Folder C:\Documents and Settings\User\Application Data\FastMediaConverter\ not found.
Folder C:\Program Files\FastMediaConverter\ not found.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect\SearchProtect\Logs folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect\SearchProtect folder moved successfully.
Folder C:\Documents and Settings\User\Local Settings\Application Data\Local_Weather_LLC\ not found.
Folder C:\Documents and Settings\User\Start Menu\Programs\Weather Alerts\ not found.
Folder C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\ not found.
Folder C:\Program Files\SearchProtect\ not found.
Folder C:\Documents and Settings\User\Local Settings\Application Data\SearchProtect\ not found.
File C:\WINDOWS\tasks\MP Scheduled Scan.job not found.
C:\WINDOWS\tasks\Re-Markable Update.job moved successfully.
File C:\Documents and Settings\All Users\Desktop\Fast Media Converter.lnk not found.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FastMediaConverter.lnk not found.
File C:\Documents and Settings\User\Start Menu\Programs\Startup\Weather Alerts.lnk not found.
File C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk not found.
C:\Documents and Settings\User\Desktop\Shortcut to OTL.exe.lnk moved successfully.
========== FILES ==========
C:\Program Files\Java\jre6\lib\ext folder moved successfully.
C:\Program Files\Java\jre6\lib folder moved successfully.
C:\Program Files\Java\jre6 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34370 bytes

User: NetworkService
->Temp folder emptied: 246070 bytes
->Temporary Internet Files folder emptied: 677919 bytes

User: User
->Temp folder emptied: 190852520 bytes
->Temporary Internet Files folder emptied: 236441938 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21909008 bytes
->Google Chrome cache emptied: 380242877 bytes
->Flash cache emptied: 1290 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9505145 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 128370213 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 926.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02022014_102210

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FastMediaConverter.lnk not found!
File\Folder C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk not found!
File\Folder C:\Documents and Settings\User\Start Menu\Programs\Startup\Weather Alerts.lnk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#17
kolchak

Posted 02 February 2014 - 09:54 AM

Member

Topic Starter
Member
38 posts

malware report -

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.02.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-A558C5C1C2 [administrator]

2/2/2014 10:44:50 AM
MBAM-log-2014-02-02 (10-52-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198883
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> No action taken.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.PremiumApps.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\User\My Documents\Downloads\Player-Chrome.exe (PUP.Optional.OptimumInstaller.A) -> No action taken.
C:\Documents and Settings\User\My Documents\Downloads\setup (1).exe (PUP.Optional.PremiumApps.A) -> No action taken.
C:\Documents and Settings\User\My Documents\Downloads\setup.exe (PUP.Optional.PremiumApps.A) -> No action taken.
C:\Documents and Settings\User\My Documents\Downloads\iTunes.exe (PUP.Optional.OutBrowse) -> No action taken.

(end)

#18
kolchak

Posted 02 February 2014 - 10:00 AM

Member

Topic Starter
Member
38 posts

the link for the adware cleaner didn't work - got the following message -

Oops! Google Chrome could not connect to general-changelog-team.fr

is there another link I can try?

thank you!

#19
SleepyDude

Posted 02 February 2014 - 02:02 PM

Trusted Helper

Malware Removal
4,978 posts

the link for the adware cleaner didn't work - got the following message -

Oops! Google Chrome could not connect to general-changelog-team.fr

is there another link I can try?

thank you!

Hi,

Strange the link works fine for me!

Try this one http://www.bleepingc...oad/adwcleaner/ click the image Download Now @BleepinComputer

#20
kolchak

Posted 03 February 2014 - 09:54 AM

Member

Topic Starter
Member
38 posts

that works - thanks. I will post back with results either tonight or tomorrow .

#21
kolchak

Posted 03 February 2014 - 10:53 PM

Member

Topic Starter
Member
38 posts

let me know if this is the log -

# AdwCleaner v3.018 - Report created 03/02/2014 at 11:00:06
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - USER-A558C5C1C2
# Running from : C:\Documents and Settings\User\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jflb8pby.default\user.js
Folder Found C:\Documents and Settings\NetworkService\Local Settings\Application Data\Searchprotect

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v9.0.1 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jflb8pby.default\prefs.js ]

-\\ Google Chrome v32.0.1700.102

[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1511 octets] - [03/02/2014 11:00:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1571 octets] ##########

#22
SleepyDude

Posted 05 February 2014 - 10:51 AM

Trusted Helper

Malware Removal
4,978 posts

Hello Kolchak,

Thanks for all the logs, they show that we have more work to do...

Step 1 - Malwarebytes

close all the other running programs, specially the Web browser
execute Malwarebytes again
let's make sure the program is updated, click on tab Update next click the Check for Updates button
return to the Scanner tab and select the option Perform quick scan then click the Scan button
when the scan finish click the Show Results button to view the results
make sure that everything listed is Checked (right click and choose Select All) then click on the Remove Selected button
after the removal process Notepad with open showing the log, please Copy & Paste the contents into your next reply

Notes:
- If MBAM encounters a file that is difficult to remove, you will be presented with some prompts, click OK to accept them and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately;
- after restart you can find the MBAM log executing the program again and accessing the Logs tab, make sure you select the more recent one and click Open then Copy & Paste the log contents into your next reply;

Step 2 - AdwCleaner Remove

Close all open windows and browsers
Execute AdwCleaner by double clicking the icon you have on the Desktop
Click the Scan button and wait for the scan to finish, only then the Clean button becomes active
Click the Clean button and wait, once done it may ask to reboot, allow it.
On reboot a log will be presented please copy/paste that in your next reply. The report is saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step 3 - Scan with ESET On-line Scanner

Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
Posted Image

UNCHECK the box's Remove found threats and Scan Archives.
Click on Advanced Settings, an check the options:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Disable your AntiVirus and AntiSpyware applications to speedup the scan
(If you have difficulty properly disabling your security programs, refer to this link)
Click Start and then wait for the scan to finish (it will take some time).
The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
Once the scan is completed, close the program
Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
Copy and paste the log contents to your reply
Enable your AntiVirus and AntiSpyware applications

Step 4 - Security Check

Download Security Check by screen317 from here or here.

Save it to the Desktop.
Double click the icon to execute the program.
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the full contents of that document.

Things I would like to see in your next reply:

The MBAM log
AdwCleaner log AdwCleaner[S0].txt
The ESET log
The checkup.txt log
How is the computer now?

#23
kolchak

Posted 06 February 2014 - 08:39 AM

Member

Topic Starter
Member
38 posts

thanks - It will take a couple days to complete

#24
kolchak

Posted 07 February 2014 - 12:42 AM

Member

Topic Starter
Member
38 posts

ok, here is first log -
thanks

alwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.06.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-A558C5C1C2 [administrator]

2/6/2014 9:42:24 AM
mbam-log-2014-02-06 (09-42-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199834
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.PremiumApps.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\User\My Documents\Downloads\Player-Chrome.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\My Documents\Downloads\setup (1).exe (PUP.Optional.PremiumApps.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\My Documents\Downloads\setup.exe (PUP.Optional.PremiumApps.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\My Documents\Downloads\iTunes.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.

(end)

#25
kolchak

Posted 07 February 2014 - 08:45 AM

Member

Topic Starter
Member
38 posts

Eset log is below.
Quick Question Sleepy Dude - Are either of the spyware / adware programs we downloaded supposed to be actively running?
It appears I just have micro-soft security ATM, which is probably a reason I got so infected. Can you recommend what else I should use?
thanks again!

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=86e35933ddef9c459cb9a27f997740c2
# engine=16982
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-07 02:25:37
# local_time=2014-02-07 09:25:37 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 88 94 988340 10567951 0 0
# scanned=146100
# found=1
# cleaned=0
# scan_time=856
sh=0963679BACEBB3D4C61D14EAED27BE79DDC30BF9 ft=1 fh=339ba8835c59a91d vn="a variant of Win32/AdWare.AddLyrics.AB application" ac=I fn="C:\_OTL\MovedFiles\02022014_102210\C_Program Files\Re-Markable\Uninstall.exe"

#26
SleepyDude

Posted 07 February 2014 - 05:11 PM

Trusted Helper

Malware Removal
4,978 posts

Hi,

Eset log is below.

Thanks for the log.

Quick Question Sleepy Dude - Are either of the spyware / adware programs we downloaded supposed to be actively running?

No, if you follow my instructions the programs aren't actively running. Only MBAM have that feature on the paid version.

It appears I just have micro-soft security ATM, which is probably a reason I got so infected. Can you recommend what else I should use?

Exactly and you should have only one Antivirus program running at all time. Based on the type of malware removed from your computer you got infected by installing free software bundled with Bad extras. Later I will post some recommendations in terms of security.

Please post also the Security Check log.

#27
kolchak

Posted 08 February 2014 - 09:53 AM

Member

Topic Starter
Member
38 posts

great - here is the security log.
should I also update the adobe flash player? I was seriously infected on another machine a fake adobe update ad always nervous when these pop up.
thank you!

Results of screen317's Security Check version 0.99.79
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Adobe Flash Player 11.1.102.55
Adobe Reader 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (9.0.1)
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#28
SleepyDude

Posted 09 February 2014 - 08:33 AM

Trusted Helper

Malware Removal
4,978 posts

Hello Kolchak,

Your logs are looking good but you have several programs outdated that need to be updated, let's do some system maintenance...

Step 1 - Check Antivirus Configuration

The Security Check log shows that there may be some problem with Microsoft Security Essentials lets check:
- open the program by double clicking its icon Posted Image

next to the clock
- I want you to check if Microsoft Security Essentials is actively protecting you System. Click on the Settings tab and then on the left panel click Real-time Protection make sure you have all the check boxes checked like in the following image:
Posted Image

Note: after doing changes on the page you need to click Save Changes and accept all the Security warnings presented by the system.

Let me know the result of this...

Step 2 - Update Programs

From the Security Check log there are some critical programs that you need to update:

» Update Adobe Flash Player
The version you have is outdated! and need to be updated. Open the Adobe page install Flash Player and make sure you uncheck the box to install any extra programs (Google Chrome and Google Toolbar or McAfee Security Scan Plus) before downloading. The installation need to be done for both Internet Explorer and Firefox, repeat the above steps for each browser.

» Update Adobe Reader
The Adobe Reader you have is outdated! and vulnerable to security exploits. The version presently installed it's old, you need to Uninstall Adobe Reader 10.1.2, click Start > Control Panel > then Add or Remove Programs, locate the program on the list and uninstall like you did before. Next download and install the most recent version by visiting the Adobe Reader page, make sure you uncheck the box offering any extra programs like the McAfee Security Scan Plus.

» Update Firefox
Mozilla Firefox is also very outdated! the browser is the most exposed software when you access the Internet it's very important to keep it updated all the times for security reasons and also because some web sites will only work correctly with the most recent versions. You can update by starting Firefox then click Help > About > click the button Check for Updates if there is a newer version the download will start, wait and then click Apply Update and restart Firefox.
Alternatively you could visit the Mozilla Firefox web page here and click on the green button that says Firefox Free Download to download and upgrade to the most recent version.

Step 3 - Remove Temporary Files and Reset System Restore

Execute OTL by double clicking the icon . Make sure all other windows are closed.
Do not change any other settings unless otherwise told to do so.

Under the

box at the bottom, paste in the following:

:OTL

:Commands
[ClearAllRestorePoints]
[EmptyTemp]
[Reboot]

click the button at the top. Let the program run uninterrupted.
click OK

Notes:

When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
OTL may ask to reboot the machine. Please accept right away.
The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.

Step 4 - Defrag the Hard Disk

The Security Check also shows that you need to Defrag your C: drive if you don't have an SSD disk!.

download MyDefrag
Install the program MyDefrag-v4.3.1.exe, accept the license agreement and click Next until the screen below
on step Select Additional Tasks untick all the check box's except Associate .MyD file with the MyDefrag script interpreter
after install close all the other programs and execute MyDefrag. Select the options according to the following screen:
click Run
let the program run until it show Finished.

Things I would like to see in your next reply:

Any problem executing the tasks above?
How is the computer running any problems?

#29
kolchak

Posted 12 February 2014 - 05:48 AM

Member

Topic Starter
Member
38 posts

Hi Sleepy Dude
My microsoft security appears to be on & up to date but the options on my settings tab were different than pictured. There is only one box (turn on real time protection) and it was checked. The options on the left side are slightly different, as last option isn't Micro-soft SpyNet but MAPS. Everything appears up to date however as virus & spyware definitions are updated automatically.

I'll post back about everything else asap.

thanks again

#30
kolchak

Posted 12 February 2014 - 06:12 AM

Member

Topic Starter
Member
38 posts

Sleepy Dude -

when clicking on the adobe link I get the following -

"Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available.

To download the Adobe® Flash® Player system plug-in, click here. For instructions on how to enable it, click here.

Do you have a different operating system or browser?

To learn more about the enhanced support for Flash Player in Chrome, including information for developers, see this TechNote."

Is this update still necessary?
If I only use chrome, do I still need to update IE & firefox or can these browsers be removed?

I've had an adobe reader update request in my tool bar (by the clock) requesting update version 10.1.2. I haven't done update however because I wasn't sure if it was legit. can I use this prompt to update reader?

I will wait on your instructions before doing any of the abode updates.

K