Have log, not sure what to do next..Please help

[Billiam]

 Results of screen317's Security Check version 0.99.77 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
AVG AntiVirus Free Edition 2014  
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java version out of Date!
 Adobe Reader XI 
 Mozilla Firefox (26.0)
 Google Chrome 30.0.1599.101 
 Google Chrome 31.0.1650.57 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 AVG avgwdsvc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

[Billiam]

I am not sure why it is telling us that my Java is out of date.. let me check something..

[kevinf80]

OTM log is not correct, can you post full log please..

[Billiam]

File/Folder C:\Users\User\Downloads\cpu-z_1.62-setup-en.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: User
->Temp folder emptied: 99840 bytes
 

[Billiam]

All processes killed
========== FILES ==========
File/Folder C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Default\aadadagbgfdigdgbdhgcgedfgbdagfdd\background.js not found.
File/Folder C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Default\aadadagbgfdigdgbdhgcgedfgbdagfdd\ContentScript.js not found.
File/Folder C:\Users\User\Desktop\PDFCreator-1_7_1_setup.exe not found.
File/Folder C:\Users\User\Downloads\cpu-z_1.62-setup-en.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: User
->Temp folder emptied: 99840 bytes
->Temporary Internet Files folder emptied: 12083962 bytes
->Java cache emptied: 8196 bytes
->FireFox cache emptied: 2619237 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 438639 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20496 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
RecycleBin emptied: 1158 bytes
 
Total Files Cleaned = 15.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 12292013_210501

Files moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\User\AppData\Local\Temp\~DF1FE87806CD2F35A4.TMP not found!
File C:\Users\User\AppData\Local\Temp\~DF2B6DE3DE48F0DEC2.TMP not found!
File C:\Users\User\AppData\Local\Temp\~DF547A7E12A9288D07.TMP not found!
File C:\Users\User\AppData\Local\Temp\~DF84464AB33D6E0761.TMP not found!
File C:\Users\User\AppData\Local\Temp\~DFABCF2B4135EFC693.TMP not found!
File C:\Users\User\AppData\Local\Temp\~DFC256177713013894.TMP not found!
File C:\Users\User\AppData\Local\Temp\~DFE6B00788F5CAE47B.TMP not found!
File C:\Users\User\AppData\Local\Temp\~DFFDF1F6372AEBE389.TMP not found!
File C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q06Z0WDT\index[2].htm not found!
File C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IKRI7Q83\xd_arbiter[1].htm not found!
File C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0B68FPOE\fastbutton[1].htm not found!
File C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0B68FPOE\like[1].htm not found!
File C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0B68FPOE\postmessageRelay[1].htm not found!
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot...
 

[kevinf80]

What is the status of your system now, any remaining issues or concerns?

 

Do the following:

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Whilst you have C:\ expanded also delete any files/folders related to Zoek

 

Next,

 

Uninstall adwcleaner.exe (unless you want to keep it)

•   Please close all open programs and internet browsers.
  
•   Double click on adwcleaner.exe to run the tool.
  
•   Click on Uninstall
  
• Click Yes at Would you like to Uninstall Adwcleaner
  

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

• 
     
• Activate UAC
     
• Remove disinfection tools
     
• Create registry backup
     
• Purge System Restore
     
• Reset system settings
  

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Let me know if those steps complete ok.

 

Kevin

fixlist.txt

[Billiam]

Okay, I am a little confused.. am I removing FRST?

 

Are we basically starting over? so deleting all the text files we saved before?

 

Sorry...

 

btw, system seems better. My initial problem was that I was not able to access Facebook and that's what made me figure something was wrong.. I am able to access it and have been for a few days so I am much better than when we started.. By reading some of the new post it appears that this Scorpion saver malware is out and about big time...

 

LMK what I need if I am removing FRST and starting from scratch and I will do so...

[kevinf80]

Apologies my reply was confusing, I believe your system is clean, I ask if you have any remaining issues or concerns. If there are no issues or concerns we clean up and remove all tools....

 

Are you ok to remove all tools, or do you have remaining issues/concerns....

 

Kevin

[AdvancedSetup]

Are  you still with us?

[Billiam]

yes, it just has been a busy couple of days.. I am thinking I am good. What frustrates me is that I have virus protection and other things that should prevent these from getting on my system but I still end up with them.. Do you have any specific program that is better than the other in Preventing malware? I know that it changes day to day and the virus/malware writers are constantly making new ones before we even figure out were infected but it sure would help if there was something we can arm ourselves with.. other than going to an Apple..

 

Thoughts?

[kevinf80]

Did you complete the clean up procedure.

 

Regarding security, the majority of infections are picked up either surfing exploited websites, not keeping utilities updated and secure (Java, adobe etc) visiting P2P sites or opening email extensions from fake messages.

It really is down to being careful at what you do and very thorough with system security regarding basic maintenance.... Read the following link:

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

My own security set up follows, you may find this useful....

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection. Cost is about £20 for a lifetime license.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

 

Kevin....

[Billiam]

Kevin,

 

thanks for the help, I really do appreciate it. I have not removed all the help files if you can tell me what I need to delete I will do so. I have printed your set up and will read up on the security stuff.. I try to stay away from most junk sites but I am an instructor for gun training so I am always checking different sites out, some good and obviously some not so good. I am having issues with a laptop also, but quite honestly I am not sure its speed is not due to the fact it is an older system.. So I am contemplating on my next move.

 

So if you could instruct me what to remove I will do so.

 

Thanks,

 

Bill

[kevinf80]

I gave the clean up procedure in reply #31, that should remove the tools we used. Is there anything I missed?

 

 

I am an instructor for gun training so I am always checking different sites out, some good and obviously some not so good

 

Regarding bad sites, I mention sandboxie in my previous reply, also having your browser run "Sandboxed" Read the instructions at the link I gave, having your browser "sandboxed" is very beneficial.....

 

Kevin....

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!