Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Url:mal infection [Solved]

Started by UrlMalSusanna , Sep 26 2014 04:04 AM

url:mal malware avast

This topic is locked

#31
dbreeze

Posted 12 October 2014 - 04:10 PM

Trusted Helper

Malware Removal
2,216 posts

Wow, this is great news. The FSS scan is clean; your AntiVirus is running fine, Firewall is running and the AntiSpyware part is covered by Avast so the Windows Defender is turned off so there is not any interference between the two.

I need one more scan to show my adviser that the system should be clean:

Right click the FRST64 file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
If an update is available, the program will inform you and download the update. Allow it do this please.
Press the Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.

#32
UrlMalSusanna

Posted 17 October 2014 - 06:29 AM

Member

Topic Starter
Member
18 posts

Ok!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014

Ran by Susanna (administrator) on SUSANNA on 17-10-2014 15:27:51

Running from C:\Users\Susanna\Desktop

Loaded Profiles: Susanna & (Available profiles: Susanna)

Platform: Windows 8.1 (X64) OS Language: suomi (Suomi)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE

(Spotify Ltd) C:\Users\Susanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE

(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABCSWK.EXE

(Facebook Inc.) C:\Users\Susanna\AppData\Local\Facebook\Update\FacebookUpdate.exe

(Facebook) C:\Users\Susanna\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213328 2012-10-18] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)

HKLM\...\Run: [CNAP2 Launcher] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)

HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cisF678.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)

HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))

HKU\S-1-5-21-3708962043-2504352025-3687310069-1001\...\Run: [Spotify Web Helper] => C:\Users\Susanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-22] (Spotify Ltd)

HKU\S-1-5-21-3708962043-2504352025-3687310069-1001\...\Run: [Facebook Update] => C:\Users\Susanna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-27] (Facebook Inc.)

HKU\S-1-5-21-3708962043-2504352025-3687310069-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Susanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-22] (Spotify Ltd)

HKU\S-1-5-21-3708962043-2504352025-3687310069-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Susanna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-27] (Facebook Inc.)

Startup: C:\Users\Susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk

ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Susanna\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

Startup: C:\Users\Susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lähetä OneNoteen.lnk

ShortcutTarget: Lähetä OneNoteen.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susanna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susanna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susanna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susanna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susanna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susanna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susanna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {2A57B0BE-D0CC-4143-A1B4-8B5CE640F3F5} URL =

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {2A57B0BE-D0CC-4143-A1B4-8B5CE640F3F5} URL =

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 82.197.20.5 82.197.20.6

FireFox:

========

FF ProfilePath: C:\Users\Susanna\AppData\Roaming\Mozilla\Firefox\Profiles\uycexyoa.default

FF SelectedSearchEngine: Yahoo

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: facebook.com/fbDesktopPlugin -> C:\Users\Susanna\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bookplus-fi.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-fi.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-fi.xml

FF Extension: Firefox Old Version Update Hotfix - C:\Users\Susanna\AppData\Roaming\Mozilla\Firefox\Profiles\uycexyoa.default\Extensions\[email protected] [2014-08-16]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-01]

Chrome:

=======

CHR Profile: C:\Users\Susanna\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Wallet) - C:\Users\Susanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-01] (AVAST Software)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)

R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-10-19] (Samsung Electronics CO., LTD.)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)

S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)

S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)

S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)

S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-01] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-01] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-01] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-01] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-14] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-14] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-14] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-01] ()

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)

R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 15:27 - 2014-10-17 15:27 - 00000000 ____D () C:\Users\Susanna\Desktop\FRST-OlderVersion

2014-10-12 22:48 - 2014-10-12 22:48 - 00415232 _____ (Farbar) C:\Users\Susanna\Downloads\FSS (1).exe

2014-10-08 16:09 - 2014-10-08 16:09 - 00002821 _____ () C:\Users\Susanna\Desktop\FSS.txt

2014-10-08 16:08 - 2014-10-12 22:49 - 00002923 _____ () C:\Users\Susanna\Downloads\FSS.txt

2014-10-08 16:07 - 2014-10-08 16:08 - 00415232 _____ (Farbar) C:\Users\Susanna\Downloads\FSS.exe

2014-10-08 16:07 - 2014-10-08 16:07 - 00001250 _____ () C:\Users\Susanna\Desktop\JRT.txt

2014-10-08 16:00 - 2014-10-08 16:00 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-10-08 15:59 - 2014-10-06 13:00 - 01705141 _____ (Thisisu) C:\Users\Susanna\Desktop\JRT_NEW.exe

2014-10-08 15:27 - 2014-10-08 15:27 - 00001847 _____ () C:\Users\Susanna\Downloads\Fixlist.txt

2014-10-06 09:43 - 2014-10-17 15:27 - 00017884 _____ () C:\Users\Susanna\Desktop\FRST.txt

2014-10-06 09:35 - 2014-10-06 21:20 - 00044381 _____ () C:\Users\Susanna\Desktop\Addition.txt

2014-10-06 09:31 - 2014-10-17 15:27 - 02112000 _____ (Farbar) C:\Users\Susanna\Desktop\FRST64.exe

2014-10-06 09:24 - 2014-10-06 09:24 - 00001211 _____ () C:\Users\Susanna\Downloads\Kuopio – Pikakuvake.lnk

2014-10-03 21:41 - 2014-10-03 21:41 - 00001578 _____ () C:\Users\Susanna\Desktop\mbam.txt

2014-10-03 21:20 - 2014-10-17 15:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-10-03 21:20 - 2014-10-03 21:20 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-03 21:20 - 2014-10-03 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-03 21:20 - 2014-10-03 21:20 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-03 21:20 - 2014-10-03 21:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-03 21:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-10-03 21:20 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-10-03 21:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-10-03 21:10 - 2014-10-03 21:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susanna\Downloads\mbam-setup-2.0.2.1012 (2).exe

2014-10-03 21:04 - 2014-10-03 21:04 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Susanna\Downloads\mbam-clean-2.1.1.1001.exe

2014-10-01 16:39 - 2014-10-01 16:39 - 00018349 _____ () C:\Users\Susanna\AppData\Local\recently-used.xbel

2014-09-29 23:11 - 2014-09-29 23:11 - 00006708 _____ () C:\Users\Susanna\Desktop\adw.txt

2014-09-29 23:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll

2014-09-29 22:57 - 2014-10-01 16:28 - 00000000 ____D () C:\AdwCleaner

2014-09-29 22:57 - 2014-09-29 22:57 - 01373475 _____ () C:\Users\Susanna\Desktop\AdwCleaner.exe

2014-09-28 16:00 - 2014-09-28 16:00 - 00043116 _____ () C:\Users\Susanna\Downloads\Addition (1).txt

2014-09-26 12:10 - 2014-09-26 12:10 - 00116496 _____ () C:\Users\Susanna\Desktop\OTLtxt.Txt

2014-09-26 11:54 - 2014-09-26 11:54 - 00149192 _____ () C:\Users\Susanna\Desktop\OTL.Txt

2014-09-26 11:53 - 2014-09-26 12:09 - 00078594 _____ () C:\Users\Susanna\Downloads\Extras.Txt

2014-09-26 11:51 - 2014-09-26 12:07 - 00116496 _____ () C:\Users\Susanna\Downloads\OTL.Txt

2014-09-26 11:34 - 2014-09-26 11:34 - 00602112 _____ (OldTimer Tools) C:\Users\Susanna\Downloads\OTL.exe

2014-09-26 10:09 - 2014-09-26 10:09 - 00002010 _____ () C:\Users\Susanna\Desktop\aswMBR.txt

2014-09-26 10:09 - 2014-09-26 10:09 - 00000512 _____ () C:\Users\Susanna\Documents\MBR.dat

2014-09-26 01:19 - 2014-09-26 01:19 - 05185536 _____ (AVAST Software) C:\Users\Susanna\Downloads\aswMBR (3).exe

2014-09-26 01:14 - 2014-09-26 01:14 - 05185536 _____ (AVAST Software) C:\Users\Susanna\Downloads\aswmbr (2).exe

2014-09-26 01:13 - 2014-09-26 01:13 - 05185536 _____ (AVAST Software) C:\Users\Susanna\Downloads\aswmbr (1).exe

2014-09-26 01:12 - 2014-09-26 01:12 - 05185536 _____ (AVAST Software) C:\Users\Susanna\Downloads\aswmbr.exe

2014-09-26 01:10 - 2014-09-26 01:11 - 00043116 _____ () C:\Users\Susanna\Downloads\Addition.txt

2014-09-26 01:08 - 2014-10-17 15:27 - 00000000 ____D () C:\FRST

2014-09-25 23:53 - 2014-09-26 00:08 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473

2014-09-25 23:53 - 2014-09-25 23:53 - 00003476 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon

2014-09-25 23:53 - 2014-09-25 23:53 - 00000000 ____D () C:\ProgramData\Intel® Update Manager

2014-09-25 23:31 - 2014-09-25 23:31 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll

2014-09-25 23:30 - 2014-10-06 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo

2014-09-25 23:30 - 2014-09-25 23:31 - 00000000 ____D () C:\Program Files\COMODO

2014-09-25 23:29 - 2014-09-25 23:29 - 00000000 ____D () C:\ProgramData\Comodo Downloader

2014-09-25 23:28 - 2014-09-25 23:34 - 00000000 ____D () C:\ProgramData\Comodo

2014-09-25 23:23 - 2014-09-25 23:27 - 218252480 _____ (COMODO) C:\Users\Susanna\Downloads\cfw_installer.exe

2014-09-25 22:38 - 2014-10-08 15:45 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-09-25 22:38 - 2014-09-25 23:34 - 00000000 ____D () C:\Users\Vieras

2014-09-25 22:38 - 2014-09-25 23:34 - 00000000 ____D () C:\Users\Järjestelmänvalvoja

2014-09-25 22:38 - 2014-09-25 23:34 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-09-25 22:38 - 2014-09-25 22:39 - 00000000 ____D () C:\ProgramData\30e9c7c4596c8100

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 15:25 - 2013-10-26 16:29 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FA10CD9D-BCD5-4219-BD57-CB8DE2A54507}

2014-10-17 15:25 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-10-17 15:24 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-10-14 01:01 - 2013-05-05 12:16 - 00001026 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-14 00:18 - 2013-04-18 19:58 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-10-14 00:16 - 2013-10-23 16:04 - 02037618 _____ () C:\WINDOWS\WindowsUpdate.log

2014-10-13 11:01 - 2013-05-05 12:16 - 00001022 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-11 11:06 - 2013-04-18 18:40 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3708962043-2504352025-3687310069-1001

2014-10-10 23:59 - 2012-12-01 06:59 - 00000000 ____D () C:\ProgramData\WinClon

2014-10-10 23:54 - 2013-05-09 16:05 - 00000000 ____D () C:\Users\Susanna\AppData\Local\CrashDumps

2014-10-10 23:47 - 2013-10-23 16:13 - 00000000 ___DO () C:\Users\Susanna\SkyDrive

2014-10-08 16:12 - 2013-08-22 17:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-10-08 16:11 - 2013-08-22 16:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2014-10-08 15:52 - 2013-04-28 12:55 - 09720320 ___SH () C:\Users\Susanna\Desktop\Thumbs.db

2014-10-08 15:50 - 2013-09-29 21:07 - 00206752 _____ () C:\WINDOWS\PFRO.log

2014-10-08 15:29 - 2013-08-22 18:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy

2014-10-08 15:29 - 2013-06-21 12:34 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security

2014-10-08 15:29 - 2012-12-01 07:07 - 00000000 ____D () C:\Users\EasySurvey

2014-10-06 10:10 - 2013-04-18 18:34 - 00000000 ____D () C:\Users\Susanna\Documents\Bluetooth Folder

2014-10-05 23:43 - 2013-10-23 15:43 - 00000000 ____D () C:\Users\Susanna

2014-10-01 20:04 - 2013-08-13 16:54 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update

2014-10-01 20:03 - 2013-10-26 16:52 - 00000000 ____D () C:\Users\Susanna\AppData\Roaming\Atheros

2014-10-01 17:32 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-10-01 16:40 - 2013-04-28 13:07 - 00000000 ____D () C:\Users\Susanna\.gimp-2.8

2014-09-30 10:18 - 2014-05-01 16:27 - 00000000 ____D () C:\Users\Susanna\Desktop\asunto

2014-09-30 08:37 - 2013-06-03 12:56 - 00189440 ___SH () C:\Users\Susanna\Downloads\Thumbs.db

2014-09-28 15:50 - 2013-09-30 07:17 - 01367966 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-09-28 15:50 - 2013-09-30 06:59 - 00435530 _____ () C:\WINDOWS\system32\perfh00B.dat

2014-09-28 15:50 - 2013-09-30 06:59 - 00081592 _____ () C:\WINDOWS\system32\perfc00B.dat

2014-09-28 15:45 - 2013-08-22 17:46 - 00324161 _____ () C:\WINDOWS\setupact.log

2014-09-26 08:50 - 2013-04-29 19:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-09-26 01:01 - 2013-04-18 18:58 - 00000000 ____D () C:\Users\Susanna\AppData\Local\Spotify

2014-09-26 01:01 - 2013-04-18 18:57 - 00000000 ____D () C:\Users\Susanna\AppData\Roaming\Spotify

2014-09-26 00:55 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\schemas

2014-09-26 00:08 - 2012-12-01 06:47 - 00000000 ____D () C:\ProgramData\Intel

2014-09-25 23:54 - 2013-10-23 15:38 - 00000000 ____D () C:\Program Files (x86)\Intel

2014-09-25 23:53 - 2012-12-01 06:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

2014-09-25 23:37 - 2013-08-22 17:44 - 00550592 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-09-25 23:36 - 2013-06-30 20:12 - 00001291 _____ () C:\Users\Susanna\Desktop\Dropbox.lnk

2014-09-25 23:36 - 2013-04-18 18:58 - 00002061 _____ () C:\Users\Susanna\Desktop\Spotify.lnk

2014-09-25 23:34 - 2012-07-26 08:37 - 00000000 ____D () C:\Users\Default.migrated

2014-09-25 22:38 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy

2014-09-25 22:38 - 2013-05-05 12:16 - 00000000 ____D () C:\Users\Susanna\AppData\Local\Google

2014-09-25 22:38 - 2013-05-05 12:16 - 00000000 ____D () C:\Program Files (x86)\Google

2014-09-24 19:01 - 2013-10-16 15:21 - 00000000 ____D () C:\Users\Susanna\Desktop\kuvii

2014-09-24 16:42 - 2012-07-26 10:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-09-22 23:30 - 2013-05-21 15:28 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk

2014-09-22 23:30 - 2012-12-01 07:03 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-09-22 23:19 - 2013-09-30 07:02 - 00000000 ____D () C:\Program Files\Windows Journal

2014-09-22 23:19 - 2013-08-22 18:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-09-22 23:19 - 2013-08-22 18:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2014-09-22 23:19 - 2013-08-22 18:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-09-22 23:19 - 2013-08-22 18:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-09-22 23:19 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-09-22 23:19 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup

2014-09-22 23:19 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod

2014-09-22 23:19 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\setup

2014-09-22 23:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\oobe

2014-09-22 16:40 - 2013-06-03 22:02 - 00000000 ____D () C:\Users\Susanna\Desktop\school

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-08 16:23

==================== End Of Log ============================

#33
dbreeze

Posted 18 October 2014 - 12:56 PM

Trusted Helper

Malware Removal
2,216 posts

As a check for the last of any nasty's left hidden but not active at all please run this scan by ESET Online Scanner.

ESET Online Scanner:

Note: You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here. Also, please note that this scan can take a while to run.

Please go here to run the scan and click on Run ESET Online Scanner
The next screen will be the ESET Online Scanner installer
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer and select Save File
Save the file to your desktop; you should see a file like this when the download is finished
Double click on this to start the installation of the ESET Online Scanner
In the new window that appears select the option YES, I accept the Terms of Use then click on Start
Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:
- Remove found threats is Not checked
- Scan archives is checked
- Scan for potentially unsafe applications is checked
- Enable Anti-Stealth Technology is checked
Now click on: Start
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed, if any malware was detected, the summary screen will show a warning.
On the Scan results detail window, select to Export to text file, name the file ESET scan results.txt and save it to your desktop.
Click <<Back once the file is saved, select 'Uninstall application on close' and click on Finish.
Use Notepad to open the logfile you save on your desktop.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

#34
UrlMalSusanna

Posted 20 October 2014 - 07:03 AM

Member

Topic Starter
Member
18 posts

Hello, ok it found 8 unwanted applications.

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application

C:\Users\Susanna\Downloads\WinZip175.exe a variant of Win32/OpenInstall potentially unwanted application

C:\Windows\Installer\44580405.msi a variant of Win32/Systweak.L potentially unwanted application

What should I do next?

#35
dbreeze

Posted 23 October 2014 - 01:38 AM

Trusted Helper

Malware Removal
2,216 posts

I sincerely apologize for not getting back to you earlier; been under the weather so to speak and really did think I had asked my adviser about the next posts. My fault and I hope I did not cause you any alarm or problems.

#36
dbreeze

Posted 23 October 2014 - 08:24 AM

Trusted Helper

Malware Removal
2,216 posts

We need to remove the tools we've used during cleaning your machine

Download Delfix from here
Ensure Remove disinfection tools is ticked
Also tick:
- Activate UAC
- Create registry backup
- Purge system restore
Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
Once you have the log file saved, please reboot your system to complete the clean up process.

#37
UrlMalSusanna

Posted 25 October 2014 - 12:01 PM

Member

Topic Starter
Member
18 posts

That's ok, thank you for your answer. This is the log I got.

# DelFix v10.8 - Logfile created 25/10/2014 at 20:53:28

# Updated 29/07/2014 by Xplode

# Username : Susanna - SUSANNA

# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\Users\Susanna\Desktop\FRST-OlderVersion

Deleted : C:\Users\Susanna\Desktop\Addition.txt

Deleted : C:\Users\Susanna\Desktop\AdwCleaner.exe

Deleted : C:\Users\Susanna\Desktop\aswMBR.txt

Deleted : C:\Users\Susanna\Desktop\Fixlog.txt

Deleted : C:\Users\Susanna\Desktop\FRST.txt

Deleted : C:\Users\Susanna\Desktop\FRST64.exe

Deleted : C:\Users\Susanna\Desktop\FSS.txt

Deleted : C:\Users\Susanna\Desktop\JRT.txt

Deleted : C:\Users\Susanna\Desktop\JRT_NEW.exe

Deleted : C:\Users\Susanna\Desktop\log.txt

Deleted : C:\Users\Susanna\Desktop\OTL.Txt

Deleted : C:\Users\Susanna\Desktop\OTLtxt.Txt

Deleted : C:\Users\Susanna\Downloads\Addition (1).txt

Deleted : C:\Users\Susanna\Downloads\Addition.txt

Deleted : C:\Users\Susanna\Downloads\aswmbr (1).exe

Deleted : C:\Users\Susanna\Downloads\aswmbr (2).exe

Deleted : C:\Users\Susanna\Downloads\aswMBR (3).exe

Deleted : C:\Users\Susanna\Downloads\aswmbr.exe

Deleted : C:\Users\Susanna\Downloads\esetsmartinstaller_enu.exe

Deleted : C:\Users\Susanna\Downloads\Extras.Txt

Deleted : C:\Users\Susanna\Downloads\FSS (1).exe

Deleted : C:\Users\Susanna\Downloads\FSS.exe

Deleted : C:\Users\Susanna\Downloads\FSS.txt

Deleted : C:\Users\Susanna\Downloads\OTL.Txt

Deleted : C:\Users\Susanna\Downloads\OTL.exe

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #59 [Removed Norton Online Backup | 10/01/2014 12:44:17]

Deleted : RP #60 [Removed GeekBuddy. | 10/06/2014 18:07:59]

Deleted : RP #61 [Windows Update | 10/17/2014 13:20:58]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

#38
dbreeze

Posted 26 October 2014 - 03:54 PM

Trusted Helper

Malware Removal
2,216 posts

All right!! Your logs are clean and you're good to go now!! We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. Just run through the points below to help keep you safe (down to the Program Update Checker). That's it. Thanks. :cool:

Registry Cleaners
Most security experts will shun so called Registry Cleaners / Optimizers. Because Windows is not an open system (meaning the actual software code is known entirely only to the manufacturer) there is not any way that other software developers can know how the OS works. This is especially true of the Registry part of the Windows OS. I'm going to offer some links to additional reading about this topic.

Miekiemoes, who is an expert here and many other places, has an excellent blog here.

This is an excellent summary at WhatTheTech. The entire thread is worth reading (it was started in 2005, but is still relevant), but the post linked to (this) is especially worthwhile.

Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

Click Start and then click Control Panel.
Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
Scroll down and click on Windows Update.
Click on Change settings.
Under Important Updates, click on Install updates automatically (recommended).
Select (click on) the other options on this page.
Select a day and time to have windows install the updates.
Click on Ok to change the settings.
If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

Click Start and then click Control Panel.
If you need to, click View by: and select either Large Icons or Small Icons.
Click on Programs and Features.
Scroll down until you find Java and click on it to select that program.
(Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
Click Uninstall.
If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

Go to java.com and click on Do I have Java?.
On the next page, click on Verify Java Version.
If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
Follow the recommendations (if any) on the results screen.
If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
The site will start a download of jxpiinstall.exe. Save the file to your desktop.
When the download is finished, close your browser.
Right click on the jxpiinstall.exe and select Run as Administrator.
On the opening window, check Change destination folder and then click Install>.
The program will now download the rest of the files needed to install Java.
On the Destination Folder window, click Next>.
On the next window, the install will present you the option of adding additional software (this is known as Foistware).
Uncheck the Set and keep Ask as my default search provider.
Uncheck the Install the Ask Toolbar.
Click Next> to finish the install.
When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is Sumatra PDF.

To update Adobe Reader:

Launch your Adobe Reader.
Click Help and then click on About Adobe Reader from the menu list.
If the version is 11.0.04 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
Click on Download in the menu bar on top of the Adobe web page.
Click on Adobe Reader in the list on the right hand side of the page.
On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
Click the Install Now button and follow the directions on next page.
If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Update Checker from FileHippo.com (you can get the software from here and read more about it on the same page).

You are now done! :yeah:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 (or above) is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Emsisoft Online Armor - installs as trialware which converts to freeware in 30 days
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider keeping MalwareBytes Antimalware in your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!

#39
Dakeyras

Posted 30 October 2014 - 12:13 PM

Anti-Malware Mammoth

Expert
9,772 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: url:mal, malware, avast

Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,684 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,752 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,859 views	JcTcom 18 Aug 2022
Security → Virus, Spyware, Malware Removal → Getting a warning over & over but not getting it clean [Solved] Started by Phlegmbot , 28 Mar 2022 malware, spyware, redirect 1 2	Hot 21 replies 6,745 views	DR M 10 Apr 2022
Security → Virus, Spyware, Malware Removal → PC keeps hanging and restarting on its own [Closed] Started by lolx21341 , 29 Jan 2022 Hanging, Restarting, Virus and 2 more...	3 replies 3,595 views	DR M 03 Feb 2022