Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Compaq Desktop Computer Seems Infected. [Solved]

Compaq Desktop Malware Adware Pop-Ups Windows 7 64 Bit Os

  • This topic is locked This topic is locked

#16
CompaqHP

CompaqHP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Attached File  MBAMscan.txt   431bytes   55 downloadsHello again :)

I have started MBAM clicked on History, There were items in the Quarantine but the Application Logs were Empty so it would not allow me to select Export because of no entries. I am running a new scan which may take awhile, But i clicked the application logs again and it already gave me the option to Export with only 2 logs. I will wait until the scan is complete and export the file and post upon completion.

 

 

 


Edited by CompaqHP, 22 May 2016 - 01:01 PM.

  • 0

Advertisements


#17
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
:thumbsup:
  • 0

#18
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Be advised that the ESET scan can take hours to complete. :thumbsup:
  • 0

#19
CompaqHP

CompaqHP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=38d6dd202a5178488438a9b68042a011
# end=init
# utc_time=2016-05-22 07:29:29
# local_time=2016-05-22 02:29:29 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 29553
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=38d6dd202a5178488438a9b68042a011
# end=updated
# utc_time=2016-05-22 07:44:37
# local_time=2016-05-22 02:44:37 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=38d6dd202a5178488438a9b68042a011
# engine=29553
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-05-22 09:13:53
# local_time=2016-05-22 04:13:53 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1566273 86827627 0 0
# scanned=221381
# found=33
# cleaned=0
# scan_time=5354
sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="a variant of Win32/SweetIM.B potentially unwanted application" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\VideoConverter\VideoConverter.exe.vir"
sh=FAF228C0FC46C3B37C61DFD97A77F776D9D3B7D0 ft=1 fh=e55e2d8843a56f93 vn="a variant of Win32/Adware.Gertokr.R application" ac=I fn="C:\Users\owner\AppData\Local\ffvebqksyonlsdn\dw_util.exe"
sh=09A3DE16BD9BD715D8191F82601495A5EC2210E7 ft=1 fh=da994d8fa7334f94 vn="a variant of Win32/Adware.Gertokr.R application" ac=I fn="C:\Users\owner\AppData\Local\ffvebqksyonlsdn\taskutil.exe"
sh=0792218F21936EB49D591CD782246B0848017DE5 ft=1 fh=7dff0de5cfd29bcf vn="a variant of Win32/Adware.Gertokr.Q application" ac=I fn="C:\Users\owner\AppData\Local\ffvebqksyonlsdn\uninstaller.exe"
sh=EA534E972B8B5295932142A79BE2F59BF651908D ft=1 fh=b59416a145f0da3d vn="a variant of Win32/Adware.Gertokr.Q application" ac=I fn="C:\Users\owner\AppData\Local\ffvebqksyonlsdn\updater.exe"
sh=4F14F3384C92216654ECC693992AF8B3777AF551 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.QMM trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\6aaece10-7041bd71"
sh=F271BDCF7851AC0F3FC71AD64BFFE0847AF9A455 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PQI trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\1ac2f2d5-1841e53b"
sh=79577EC52C2C28552FF74B52252E2D299CEDB23C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.FN trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\6199615e-4fa3bb1e"
sh=A42CF4A0837D6226E4C48AD843DC13FE58E5ED24 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NEA trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5b82789f-11aae06a"
sh=5580BFC0B09834F6FC072B28C439D88178C5088F ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\31b84220-39ba9945"
sh=79577EC52C2C28552FF74B52252E2D299CEDB23C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.FN trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4336d8e0-24c29cdb"
sh=6C2167A68EABA2D3A5A62AD0D236ABFDF86FD24B ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.FO trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\5d70fde3-2a8a9356"
sh=79577EC52C2C28552FF74B52252E2D299CEDB23C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.FN trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\3746dd66-67125af3"
sh=79577EC52C2C28552FF74B52252E2D299CEDB23C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.FN trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\488f7ca8-5a146705"
sh=2285A028EDF96DCC1472606700453A6B8F1BA72C ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.IM trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\24b6a32b-17999649"
sh=BA0ECC66E0D20CC21523A0958904BDB2AC26A4A7 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\74a778eb-3fa4d91b"
sh=62B1B2BA3BC3DCE34846795E968D5A503AF2D6A1 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\22684aac-54a5b5b7"
sh=1D9623B65569F547F818EE6EDE26CDD2BF422422 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NEA trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6103586c-75b8d95a"
sh=79577EC52C2C28552FF74B52252E2D299CEDB23C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.FN trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1da9e82e-7a3028b4"
sh=79577EC52C2C28552FF74B52252E2D299CEDB23C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.FN trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\426271ee-7b300b8e"
sh=41349E818C72016CAE793D7FFD0019AF9BA580CA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\7a145fef-5fdbead6"
sh=79577EC52C2C28552FF74B52252E2D299CEDB23C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.FN trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\54aa3e30-29bd89cf"
sh=F432C9DE20BFBF7FF83CAD0AC6F31E537F9034DD ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\602ac545-1d8d77aa"
sh=79577EC52C2C28552FF74B52252E2D299CEDB23C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.FN trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\e7c3e85-5ff944b3"
sh=24C7BE5537D9C4E310C6FCA2D9ACDD18E2089003 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NEA trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\772808b4-40f9203f"
sh=79577EC52C2C28552FF74B52252E2D299CEDB23C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.FN trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\124fa4b5-1fdf4fe5"
sh=79577EC52C2C28552FF74B52252E2D299CEDB23C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.FN trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\124fa4b5-77e2633f"
sh=79577EC52C2C28552FF74B52252E2D299CEDB23C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.FN trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\24c4aab9-49bb7a7f"
sh=BD1E74D0C1EBD8F5549DD65AA55F1AF83C35F440 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\48f3a13b-189bab6a"
sh=79577EC52C2C28552FF74B52252E2D299CEDB23C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.FN trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\4ec5907e-4a1d525d"
sh=79577EC52C2C28552FF74B52252E2D299CEDB23C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.FN trojan" ac=I fn="C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\59c0b6ff-1a109e74"
sh=E473F5DB747773B80FCCA8A50B4CF7BAEEC1EA47 ft=1 fh=0b4bffcfb4a8cb37 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\owner\Downloads\ccsetup516.exe"
sh=0FEEFF234142107F6459F4BFE0C449F1C3B67516 ft=1 fh=be0f8cf1e8b1aa1c vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\owner\Downloads\KeyFinderInstaller.exe"

  • 0

#20
CompaqHP

CompaqHP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Result of Security Analysis by Rocket Grannie (x86) Updated: 13th May 2016
Running from:C:\Users\owner\Desktop (23:28:00 - 05/22/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
***-----------------Anti-Virus - Firewall-------------------***
Microsoft Security Essentials (Disabled - up to Date)
Windows Firewall is Enabled!
Searching for any other Firewall
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe flash Player Plugin (version 21.0.0.242)
Java (version 1.9.0) is *out of Date*
Adobe Flash Player ActiveX (version 21.0.0.242)
CCleaner -- An older version than (5.17) is installed.
Google Chrome (version 50)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Microsoft Security Essentials (version 0)
Microsoft Silverlight (version 5)
Mozilla Firefox (version 46)
Windows Live Essentials -- An older version than (16.4) is installed.
CCleaner (version 5.16) is *out of Date*
Windows Live Essentials (version 15.4.3502.0922) is *out of Date*
Windows Live Essentials (version 15.4.3502.0922) is *out of Date*
 
***----------------Analysis Complete-------------------------***

  • 0

#21
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

You've got a version of Java that is out of date and needs to be removed. We'll also run a fix to remove the infected files that ESET found. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable it after you have completed the steps.

Step 1: Uninstall Old Java Version

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java

Please read this article about Java.

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version.

javara_zpshnkbqglv.jpg


Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
C:\Users\owner\AppData\Local\ffvebqksyonlsdn
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\6aaece10-7041bd71
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\1ac2f2d5-1841e53b
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\6199615e-4fa3bb1
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5b82789f-11aae06a
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\31b84220-39ba9945
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4336d8e0-24c29cdb
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\5d70fde3-2a8a9356
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\3746dd66-67125af3
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\488f7ca8-5a146705
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\24b6a32b-17999649
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\74a778eb-3fa4d91b
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\22684aac-54a5b5b7
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6103586c-75b8d95a
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1da9e82e-7a3028b4
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\426271ee-7b300b8e
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\7a145fef-5fdbead6
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\54aa3e30-29bd89cf
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\602ac545-1d8d77aa
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\e7c3e85-5ff944b3
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\772808b4-40f9203f
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\124fa4b5-1fdf4fe5
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\124fa4b5-77e2633f
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\24c4aab9-49bb7a7f
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\48f3a13b-189bab6a
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\4ec5907e-4a1d525d
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\59c0b6ff-1a109e74
C:\Users\owner\Downloads\ccsetup516.ex
C:\Users\owner\Downloads\KeyFinderInstaller.exe
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt Log

  • 0

#22
CompaqHP

CompaqHP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:22-05-2016 01
Ran by owner (2016-05-23 12:12:52) Run:2
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
C:\Users\owner\AppData\Local\ffvebqksyonlsdn
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\6aaece10-7041bd71
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\1ac2f2d5-1841e53b
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\6199615e-4fa3bb1
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5b82789f-11aae06a
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\31b84220-39ba9945
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4336d8e0-24c29cdb
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\5d70fde3-2a8a9356
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\3746dd66-67125af3
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\488f7ca8-5a146705
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\24b6a32b-17999649
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\74a778eb-3fa4d91b
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\22684aac-54a5b5b7
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6103586c-75b8d95a
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1da9e82e-7a3028b4
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\426271ee-7b300b8e
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\7a145fef-5fdbead6
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\54aa3e30-29bd89cf
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\602ac545-1d8d77aa
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\e7c3e85-5ff944b3
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\772808b4-40f9203f
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\124fa4b5-1fdf4fe5
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\124fa4b5-77e2633f
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\24c4aab9-49bb7a7f
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\48f3a13b-189bab6a
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\4ec5907e-4a1d525d
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\59c0b6ff-1a109e74
C:\Users\owner\Downloads\ccsetup516.ex
C:\Users\owner\Downloads\KeyFinderInstaller.exe
Emptytemp:
End
*****************
 
Restore point was successfully created.
C:\Users\owner\AppData\Local\ffvebqksyonlsdn => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\6aaece10-7041bd71 => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\1ac2f2d5-1841e53b => moved successfully
"C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\6199615e-4fa3bb1" => not found.
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5b82789f-11aae06a => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\31b84220-39ba9945 => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4336d8e0-24c29cdb => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\5d70fde3-2a8a9356 => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\3746dd66-67125af3 => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\488f7ca8-5a146705 => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\24b6a32b-17999649 => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\74a778eb-3fa4d91b => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\22684aac-54a5b5b7 => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6103586c-75b8d95a => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1da9e82e-7a3028b4 => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\426271ee-7b300b8e => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\7a145fef-5fdbead6 => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\54aa3e30-29bd89cf => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\602ac545-1d8d77aa => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\e7c3e85-5ff944b3 => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\772808b4-40f9203f => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\124fa4b5-1fdf4fe5 => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\124fa4b5-77e2633f => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\24c4aab9-49bb7a7f => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\48f3a13b-189bab6a => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\4ec5907e-4a1d525d => moved successfully
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\59c0b6ff-1a109e74 => moved successfully
"C:\Users\owner\Downloads\ccsetup516.ex" => not found.
C:\Users\owner\Downloads\KeyFinderInstaller.exe => moved successfully
EmptyTemp: => 299.7 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 12:13:24 ====

  • 0

#23
CompaqHP

CompaqHP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Just letting you know my computer updated just now, It added a microsoft security essentials deffentions update. I just thought i should tell you since earlier you instructed me not to change anything on my computer unless you said so. Just making you aware of this change


  • 0

#24
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Just letting you know my computer updated just now, It added a microsoft security essentials deffentions update. I just thought i should tell you since earlier you instructed me not to change anything on my computer unless you said so. Just making you aware of this change


Hello :)

No worries there, as we're almost done. How's the machine running? Please let me know. If everything is running smoothly we'll run through some tool removal steps and such. :thumbsup:
  • 0

#25
CompaqHP

CompaqHP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
So far so good. Chrome loads the webpage faster now and the scrolling does not stop now. So i think it is running much smoother than before :)
  • 0

Advertisements


#26
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

So far so good. Chrome loads the webpage faster now and the scrolling does not stop now. So i think it is running much smoother than before :)


Hello :)

Excellent, subject to no further problems, let's remove my tools, and create a new, clean restore point on the machine. I also have some information on preventing infections in the future, as well as a neat little optional program called Unchecky that's quite handy. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable it after you have completed the steps.


Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
  • You can uninstall ESET Online Scanner at this time.
  • I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week.
Step 2: Tips, Information, and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

I also recommend reading Miekiemoes Protection Tips


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.
  • Click here to be taken to Unchecky.com
  • Click the very large Download button.
  • Click Save
  • Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)
  • Once open, click the Install button.
unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Step 3: Protection Against CryptoLocker


CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

To download and install:
  • Click CryptoPrevent
  • Under the Free Edition column, enter your name and email and click on Request Download Link button to request for a download link
  • Once received a link in your email (may need to check your Junk mail), download the tool to your Desktop.
  • Open the program by clicking Run when prompted from your browser or by going to the Desktop where the file was saved and right-click and select Run as Administrator
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.


CryptoPrevent_zps1a3866db.jpg


Things I need to see in your next post

Delfix Log

  • 0

#27
CompaqHP

CompaqHP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
# DelFix v1.010 - Logfile created 24/05/2016 at 07:47:10 # Updated 26/04/2015 by Xplode # Username : owner - OWNER-PC # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\owner\Desktop\esetsmartinstaller_enu.exe Deleted : C:\Users\owner\Desktop\FRST64.exe Deleted : C:\Users\owner\Desktop\JRT.exe Deleted : C:\Users\owner\Downloads\AdwCleaner.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #453 [Windows Update | 05/13/2016 08:00:35] Deleted : RP #454 [Windows Update | 05/16/2016 09:13:24] Deleted : RP #455 [Windows Update | 05/18/2016 23:21:56] Deleted : RP #456 [Windows Update | 05/19/2016 08:00:27] Deleted : RP #458 [Restore Point Created by FRST | 05/21/2016 16:44:46] Deleted : RP #459 [JRT Pre-Junkware Removal | 05/21/2016 16:56:09] Deleted : RP #460 [Windows Update | 05/22/2016 21:59:44] Deleted : RP #461 [Removed Java 7 Update 17 | 05/23/2016 17:06:27] Deleted : RP #462 [Removed Java™ 6 Update 22 | 05/23/2016 17:07:43] Deleted : RP #464 [Restore Point Created by FRST | 05/23/2016 17:12:53] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  • 0

#28
CompaqHP

CompaqHP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Oh what great info you have given me. I will read into all of that and i certainly have downloaded UnChecky that is about the coolest thing i have seen. Question: I noticed in reply #13 i had alot of out of date programs, Is there a way to update all at once or is manually updating each program the only option? Also is there some way for me to see all on my computer that has an update needed?
  • 0

#29
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Oh what great info you have given me. I will read into all of that and i certainly have downloaded UnChecky that is about the coolest thing i have seen. Question: I noticed in reply #13 i had alot of out of date programs, Is there a way to update all at once or is manually updating each program the only option? Also is there some way for me to see all on my computer that has an update needed?


Hello :)

That Unchecky program is a handy little program to have. :) One of the out of date programs was CCleaner, and Security Analysis basically told us twice it was an out of date version. JavaRa will have taken care of the out of date version of Java. Also, Windows Live Essentials should update whenever Windows performs it's update checks.

I do have a program that will help you with keeping your programs updated. It's called Heimdall. I'd run this about once a week. :thumbsup:


Step 1: Heimdall Installation

Keeping your programs updated to the latest version is a key factor in keeping your machine malware free. Virus writers are quick to exploit any known holes or out of date versions of programs. To help keep your programs up to date, please click the link below and then download Heimdal Free.

Heimdal will keep an eye on your system and update your programs as it finds them out of date. You can also select whether or not you want this done automatically.

Download Heimdal here.
  • 0

#30
CompaqHP

CompaqHP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I have installed JavaRa but the Heimdal Security Software link you have provided takes me to a Heimdal Security Software Website that has nothing on the screen except this.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Compaq, Desktop, Malware, Adware, Pop-Ups, Windows 7, 64 Bit Os

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP