Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got infected???


  • Please log in to reply
22 replies to this topic

#1 GeorgeStam89

GeorgeStam89

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 15 December 2014 - 03:35 PM

Hello,
I scanned with Roguekiller in my desktop and found a numerous of IAT hooks with indexes: explorer.exe and chrome.exe....
IS my pc clean from viruses?



BC AdBot (Login to Remove)

 


m

#2 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 15 December 2014 - 03:47 PM

Hello there     :welcome:
 
Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this.
 
:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox.
  • Select the following and then press go.
  • Post the log in your next reply.

Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points
 
:step2: Please download Malwarebytes Anti-Malware to your desktop

  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.

How to get the log.

  • On the dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.

:step3: Please download Security Check to your desktop

  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open, called checkup.txt.
  • Please post the contents of it in your next reply.

Thanks and good luck!



#3 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  

Posted 15 December 2014 - 05:05 PM

MiniToolBox by Farbar  Version: 30-11-2014
Ran by User (administrator) on 15-12-2014 at 22:55:05
Running from "E:\UserFiles\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
�矣��� �����⫨� IP �� Windows
 
�⫬�� � �����ᨠ�� ��� ��㣞� cache ��墬��� DNS.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
 
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) - Greek (HKLM-x32\...\{AC76BA86-7AD7-1032-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CPUID ROG CPU-Z 1.70 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.70 - CPUID, Inc.)
CyberPower PowerPanel Personal Edition 1.4.3 (HKLM-x32\...\{DEC7E1CD-31A2-4F2F-BEE5-CF80E8E58C2A}) (Version: 1.4.3 - Cyber Power Systems, Inc.)
Darksiders II (HKLM-x32\...\Steam App 50650) (Version:  - Vigil Games)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Free YouTube to MP3 Converter version 3.12.43.806 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.43.806 - DVDVideoSoft Ltd.)
Glary Utilities 5.13 (HKLM-x32\...\Glary Utilities 5) (Version: 5.13.0.26 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel® Network Connections 18.1.59.0 (Version: 18.1.59.0 - Intel) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7220 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware έκδοση 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (ELL) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mouse Editor (HKLM-x32\...\InstallShield_{3A4218DE-B9DB-4AD5-9DB2-5853D3AA0335}) (Version: 12.08.0006 - Mouse Editor)
MOUSE Editor (x32 Version: 12.08.0006 - Mouse Editor) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Install Application (Version: 2.1002.154.1150 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
NVIDIA Πρόγραμμα οδήγησης 3D Vision 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης γραφικών 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης ήχου HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{2D55F2B5-8C83-4818-892D-9B3B125C119D}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6853 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Ενημερώσεις NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Πίνακας Ελέγχου NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
========================= Restore Points ==================================
 
01-12-2014 19:02:57 Installed DirectX
01-12-2014 19:18:29 Installed DirectX
03-12-2014 07:33:02 Windows Update
06-12-2014 14:17:57 Revo Uninstaller's restore point - Malwarebytes Anti-Malware έκδοση 2.0.3.1025
11-12-2014 07:13:08 Windows Update
12-12-2014 09:26:29 Revo Uninstaller's restore point - RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
 
**** End of log ****

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Ημερομηνία Σάρωσης: 15/12/2014
Ώρα Σάρωσης: 11:05:18 μμ
Αρχείο καταγραφής: mbam.txt
Διαχειριστής: Ναι
 
Έκδοση: 2.00.4.1028
Βάση Δεδομένων Κακόβουλου Λογισμικού: v2014.12.15.05
Βάση Δεδομένων Rootkit: v2014.12.14.01
Άδεια Χρήσης: Δωρεάν
Προστασία από Κακόβουλο Λογισμικό: Απενεργοποιημένο
Προστασία από Κακόβουλο Ιστότοπο: Απενεργοποιημένο
Αυτοπροστασία: Απενεργοποιημένο
 
ΛΣ: Windows 7 Service Pack 1
Επεξεργαστής: x64
Σύστημα Αρχείων: NTFS
Χρήστης: User
 
Τύπος Σάρωσης: Προσαρμοσμένη Σάρωση
Αποτέλεσμα: Ολοκληρώθηκε
Αντικείμενα που σαρώθηκαν: 446113
Χρόνος που πέρασε: 40 λεπ, 5 δευτ
 
Μνήμη: Ενεργοποιημένο
Εκκίνηση: Ενεργοποιημένο
Σύστημα αρχείων: Ενεργοποιημένο
Συμπιεσμένα αρχεία: Ενεργοποιημένο
Rootkits: Ενεργοποιημένο
Heuristics: Ενεργοποιημένο
ΠΑΠ: Ενεργοποιημένο
ΠΑΤ: Ενεργοποιημένο
 
Διεργασίες: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Μονάδες: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Κλειδιά Μητρώου: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Τιμές Μητρώου: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Δεδομένα Μητρώου: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Φάκελοι: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Αρχεία: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Φυσικοί Τομείς: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
 
(end)

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 16.0.0.235  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:30 AM

Posted 15 December 2014 - 05:10 PM

I scanned with Roguekiller in my desktop and found a numerous of IAT hooks with indexes: explorer.exe and chrome.exe....
IS my pc clean from viruses?

FYI: Hooking is one of the techniques used by a rootkit to alter the normal execution path of the operating system. Rootkit hooks are basically installed modules which intercept the principal system services that all programs and the OS rely on. By using a hook, a rootkit can alter the information that the original OS function would have returned. There are many tables in an OS that can be hooked by a rootkit and those hooks are undetectable unless you know exactly what you're looking for. Using a security scanner without knowing how to tell the difference between legitimate and malicious entries can be dangerous if a critical component is incorrectly removed.

IAT hooking is a method which can be used by both malicious or legitimate software. The IAT (Import Address Table) lists the DLLs and the corresponding functions in the DLL that the binary will use. By modifying the entries in a binary's IAT, a rootkit can alter the execution flow of the program and influence what the original function would have returned to the caller. Security scanners do not differentiate between what is good and what is bad...they only report what is found. Therefore, even on a clean system some hidden components may be detected when performing a scan to check for the presence of rootkits and you should not be alarmed if any hidden entries created by legitimate programs are detected. In most cases further investigation is required after the initial ARK scan by someone trained in rootkit detection or with advanced knowledge of the operating system.

Userland rootkits: Part 1, IAT hooks

If you land here from RogueKiller...

...This is because RogueKiller has detected an IAT/EAT hook. Dont panic. Most of the time, they are made by legit modules (even some system DLLs) to add filtering features, or by antiviruses.

However, most of these DLLs are whitelisted in RogueKiller, so either the DLL is not known (please verify by typing it on Google, or the module is a real malware (if you didnt find anything on it on Google, or worst, you found bad things), or because the module has not been identified (shellcoded outside of any module), the module is named Unknown. In this last case, If nothing else has been found by RogueKiller, just skip it.

Another thing to know is its USELESS in most of the cases to remove a module, because if youre able to do it, it will be back at reboot, or at process restart. You have to target the persistence item instead (registry key, patched file, ). In RogueKiller, IAT hooks are just listed for diagnostic and will not be restored.


I am a firm believer that if you're unsure how to use a particular security tool or interpret any logs it generates, then you probably should not be using it. Users often panic when they see log results they do not understand. Some security tools are intended for advanced users, those who are knowledgeable of the Windows registry or to be used under the guidance of an expert who can interpret the log results and investigate it for malicious entries before taking any removal action.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 15 December 2014 - 06:29 PM

Ok i understand but i was in punic because all these items after scan had the message ''Warning! The item is suspicious, possible malware.'' for each one...

Is there something else that can i do for my pc to delete-remove malware or i am clean?

Mod Edit by quietman7: log removed; not permitted in this forum.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:30 AM

Posted 15 December 2014 - 07:36 PM

Your log was removed as they are not permitted in this forum. I was just providing information to help you learn.

Just continue with the instructions provided by LighthouseParty to check for malware with permitted tools.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 16 December 2014 - 12:48 AM

I did all these that LighthouseParty told me to do ,but he didn't answer me and telling me what can i do at the next step...



#8 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2014 - 01:45 AM

Hello there,

 

:step1: Please uninstall some programs
 
There's currently some programs on your PC that we need to remove, for the time-being at least. Press the Windows + R key on your keyboard and type in appwiz.cpl and press enter. Navigate to each of the following below one-by-one and click uninstall:

  • µTorrent
  • Java 8 Update 25
  • Smart Defrag 3

If any programs listed above aren't in Programs and Features, you can just skip them. Please download JavaRa from here and once opened it, select 'remove JRE' (If that's not there, select remove Java Runtime). Make sure you skip the re-install Java option!

:step2: Please download rKill to your desktop

  • Double click it (Win 7, 8 and Vista users, right-click and select run as admin)
  • The tool will run and then a log file should open.
  • Please post the contents of it in your next reply.

Please don't restart your computer before running the next step.

:step3: Please download AdwCleaner to your desktop

  • Double click adwcleaner_x.xxx.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • If prompted, click I agree.
  • Click scan. When it's finished, select clean.
  • Allow AdwCleaner to restart your computer.
  • Once your computer's restarted, a log should appear.
  • Please post this in your next reply.

:step4: Please download Junkware Removal Tool to your desktop

  • Double click JRT.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • Press any key and the scan will begin.
  • At the end, a log will open. Please post this in your next reply.

Edited by LighthouseParty, 16 December 2014 - 01:45 AM.


#9 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 16 December 2014 - 03:57 AM

Rkill 2.6.9 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/16/2014 10:44:07 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 12/16/2014 10:44:22 AM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

# AdwCleaner v4.105 - Report created 16/12/2014 at 10:46:59
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : User - GEORGE
# Running from : E:\UserFiles\Downloads\adwcleaner_4.105.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R12].txt - [1380 octets] - [29/11/2014 05:38:26]
AdwCleaner[R13].txt - [1240 octets] - [29/11/2014 05:42:49]
AdwCleaner[R14].txt - [1301 octets] - [30/11/2014 04:23:34]
AdwCleaner[R16].txt - [1633 octets] - [11/12/2014 10:24:19]
AdwCleaner[R17].txt - [1623 octets] - [11/12/2014 12:14:14]
AdwCleaner[R18].txt - [1604 octets] - [11/12/2014 12:17:41]
AdwCleaner[R19].txt - [1665 octets] - [12/12/2014 13:23:03]
AdwCleaner[R20].txt - [1727 octets] - [12/12/2014 14:23:11]
AdwCleaner[R21].txt - [2058 octets] - [16/12/2014 10:45:59]
AdwCleaner[R3].txt - [984 octets] - [27/11/2014 09:43:09]
AdwCleaner[R4].txt - [1157 octets] - [27/11/2014 14:30:40]
AdwCleaner[R5].txt - [1218 octets] - [27/11/2014 14:33:39]
AdwCleaner[S0].txt - [1046 octets] - [27/11/2014 10:01:41]
AdwCleaner[S1].txt - [1283 octets] - [27/11/2014 14:35:50]
AdwCleaner[S2].txt - [1347 octets] - [28/11/2014 12:58:45]
AdwCleaner[S3].txt - [1443 octets] - [29/11/2014 05:39:37]
AdwCleaner[S4].txt - [1697 octets] - [11/12/2014 10:25:50]
AdwCleaner[S5].txt - [1685 octets] - [11/12/2014 12:15:25]
AdwCleaner[S6].txt - [1982 octets] - [16/12/2014 10:46:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [2042 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by User on ’¨  16/12/2014 at 10:51:34,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ’¨  16/12/2014 at 10:54:02,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Can i reinstall these 3 programs after all?


#10 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2014 - 11:05 AM

Are you still experiencing any problems?

 

The only product that I could say is safe to re-jnstall is Java, however you must keep it updated at ALL times as quite a few times now, it's been used to exploit systems/computers.



#11 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  

Posted 16 December 2014 - 11:37 AM

I am not experiencing any problems about these 3 programs.The only 1 is JRT which removed the programs in system tray..
Can i reinstall them now??
From where can i update Java? Official website or JavaRa?



#12 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2014 - 11:42 AM

 

I am not experiencing any problems about these 3 programs

 

I meant in general are you experiencing any problems (not about the programs).


Edited by LighthouseParty, 16 December 2014 - 11:42 AM.


#13 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 16 December 2014 - 11:49 AM

No i am not experiencing any.
Can i reinstall μTorrent and Smart Defrag 3 or 1 from these?
Java from which path can i install finally?



#14 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2014 - 11:55 AM

uTorrent is a piracy program and as such, if you re-install it, you're likely to get infected again.
From my personal experiences, I do not recommend Smart Defrag. If you would like an alternative to the Windows defrag, you could try Defraggler. You can re-install Java from here. Please also download an updated copy of Adobe Reader from here.

For one last final step, please download Delfix from here and save it to your desktop. Right-click it and select run as administrator. Select the following and press run:

  • Remove disinfection tools
  • Purge system restore

Happy surfing!



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA

Posted 16 December 2014 - 11:58 AM

Can i reinstall Torrent...?
Java from which path can i install finally?


Using any torrent, file sharing, peer-to-peer (P2P) program (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare, Azureus/Vuze, Skype, etc) or visiting such sites is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some cases the computer could be turned into a malware honeypot or zombie.

File sharing networks are thoroughly infested with malware according to security firm Norman ASA and many of them are unsafe to visit or use. The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge.

...It is almost never safe to download executable programs from peer-to-peer file sharing networks because they are a major source of malware infections.

Software Cracks: A Great Way to Infect Your PC

Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Further some file sharing programs are bundled with other free software you may download (sometimes without the knowledge or consent of the user) and can be the source of various issues and problems to include Adware, and browser hijackers as well as malware.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications and torrent web sites.Using P2P programs, file sharing or browsing torrent sites is almost a guaranteed way to get yourself infected!!
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users