[kzion]

Hello,it took a while but here is the log

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=ad17cfda1df7b04db9deefde343dbe1b

# engine=21407

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-12-05 06:32:10

# local_time=2014-12-05 12:32:10 (-0600, Central Standard Time (Mexico))

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 446424 169304580 0 0

# scanned=441529

# found=3

# cleaned=3

# scan_time=12909

# nod_component=V3 Build:0x30000000

sh=860EFD5893E4DD4E820227B7DEAD144F974456AC ft=1 fh=c0b9ed8dfe12ffb8 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat"

sh=EB64AF51118C596D984052D31EB5B8581035CCF3 ft=1 fh=7bdd91a320f8d7e0 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Child of Light\steam_api.dll"

sh=8CB06BCA312ED2BFA02C7F9344F2717D02ECD931 ft=1 fh=ae24f2cd7ccbd608 vn="a variant of Win32/OpenCandy.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Kzion\Desktop\New folder (2)\temp\CheatEngine64.exe"

 

Thankyou for your time.

[Advertisements]

This is very good news.

 

Let's just make sure everything is up to date. This tool will do some checking and let us know if anything needs to be updated. Once we get that done, I'll remove all of my tools, give you some suggestions for keeping your machine clean and send you on your way

 

Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow onscreen instructions inside the black box. This scan won't take long.
• Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.

[Biscuithd]

This is very good news.

 

Let's just make sure everything is up to date. This tool will do some checking and let us know if anything needs to be updated. Once we get that done, I'll remove all of my tools, give you some suggestions for keeping your machine clean and send you on your way

 

Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow onscreen instructions inside the black box. This scan won't take long.
• Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.

[kzion]

Good to hear its almost over, and here is the checkup.txt

 

 

Results of screen317's Security Check version 0.99.91  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

ESET Smart Security 6.0   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 TuneUp Utilities 2014   

 TuneUp Utilities 2014 (en-US)  

 TuneUp Utilities 2014   

 Java 7 Update 71  

 Java™ 6 Update 22  

 Adobe Flash Player 15.0.0.239  

 Adobe Reader 10.1.12 Adobe Reader out of Date!  

 Google Chrome (39.0.2171.65) 

 Google Chrome (39.0.2171.71) 

````````Process Check: objlist.exe by Laurent````````  

 ESET NOD32 Antivirus egui.exe  

 ESET NOD32 Antivirus ekrn.exe  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 2% 

````````````````````End of Log`````````````````````` 

 

 

Thank you for all the help provided.

[Biscuithd]

Real nice! Only two things to tend to.

 

UAC is off. You might want that on. When invoked, it forces you (the user) to click a button before Admin level things occur. Often this is the only thing that stops malware from launching! In other words, you are clicking along on the Internet or whatever and suddenly a dialog box pops up asking permission to run something, (especially something you didn't ask to be run) you can answer "NO" and the Program/Potential Malware/nonsense is blocked. When this is turned off (as it is now) the changes just sail right through and then you and I are spending some quality time together undoing the changes

 

This link will tell you a little more and tell you how to turn on UAC

 

Updating Adobe Reader

• Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
• Please click here to download FoxIt Reader.
• If you wish to continue to use Adobe Reader, then please update it by clicking here.
• Please remember to uncheck the option to install Chrome for use as your default browser.

Let me know how that goes

[Biscuithd]

How are doing with this? Any issues?

[kzion]

Sorry for the long wait, been busy with work, the adobe update issue was because i was afraid of it being a virus masking as adobe update notification, but already updated.
UAC generally i have it off to play online games which sometimes get locked when the popup of UAC appears, but as of now i have it up and running.

 

As of the lap, it feels really well now, haven't found any new issue yet, hope it keeps that way.

Thank you for your posts.

Edited by kzion, 09 December 2014 - 06:02 PM.

[Biscuithd]

Glad things are going well.   Here are you next steps as we head into the final stretch.

 

Clean with DelFix

 

Please download DelFix by Xplode and save it to your desktop.

 

• Right-click on icon and select Run as Administrator to start the tool.

• Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.

• Push Run.

• When finished, it will display a notepad report.

 

Include it for my review

 

Since we're getting close the end here, I wanted to post some Preventive Measures for you to consider as well.

 

Make sure to come back and let me know how all this works and if you have any questions.

Cryptolocker prevention
Cryptolocker is a new ransomware that heavily encrypts your important files. At the moment there are no programs that can decrypt these files. You can read how to protect against it here.

 

Preventing Re-Infection

An ounce of prevention is better than a pound of cure, so, I have listed some tips for you to stay safe on the internet in the future.

WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java. Have a look at this article.

I would recommend that you completely uninstall Java unless you need it to run an important software. In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you still want to keep Java

• Click the Start button
• Click Control Panel
• Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
• Click the Update tab
• Click Update Now
• Allow any updates to be downloaded and installed

• Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.

Adobe products have to always be updated, because they also are being used to infect your computer.

• If you want to update Adobe Flash Player, visit this site.
• If you want to update Adobe Reader, visit this site.
• Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.

Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.

• Click Start > Control Panel > System and Security > Windows Update
• Under Windows Update click Turn automatic updating on or off
• Make sure that your settings are set so that you will receive updates automatically and click OK.

FileHippo is one of programs that can check for out-of-date programs on your computer. You can get it here

Recommendations for security programs

• Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
• WinPatrol as a robust security monitor, will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

For some good tips about how to prevent infection in the future, visit this site.

[kzion]

Hello,
Thanks for the tips, i think i'll give winpatrol a chance

Also here is the log from delfix.txt

# DelFix v10.8 - Logfile created 10/12/2014 at 17:32:55

# Updated 29/07/2014 by Xplode

# Username : Kzion - DEZINA

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\Users\Kzion\Desktop\FRST-OlderVersion

Deleted : C:\Users\Kzion\Desktop\Addition old2.txt

Deleted : C:\Users\Kzion\Desktop\Addition.txt

Deleted : C:\Users\Kzion\Desktop\Additionold.txt

Deleted : C:\Users\Kzion\Desktop\adwcleaner_4.101.exe

Deleted : C:\Users\Kzion\Desktop\adwcleaner_4.103.exe

Deleted : C:\Users\Kzion\Desktop\Extras.Txt

Deleted : C:\Users\Kzion\Desktop\Fixlog old.txt

Deleted : C:\Users\Kzion\Desktop\Fixlog.txt

Deleted : C:\Users\Kzion\Desktop\FRST old2.txt

Deleted : C:\Users\Kzion\Desktop\FRST.txt

Deleted : C:\Users\Kzion\Desktop\FRST64.exe

Deleted : C:\Users\Kzion\Desktop\FRSTold.txt

Deleted : C:\Users\Kzion\Desktop\JRT.exe

Deleted : C:\Users\Kzion\Desktop\JRT.txt

Deleted : C:\Users\Kzion\Desktop\logfile old.txt

Deleted : C:\Users\Kzion\Desktop\logfile.txt

Deleted : C:\Users\Kzion\Desktop\OTL.Txt

Deleted : C:\Users\Kzion\Desktop\OTL.exe

Deleted : C:\Users\Kzion\Desktop\SecurityCheck.exe

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

 

~ Cleaning system restore ...

 

Deleted : RP #214 [Scheduled Checkpoint | 11/29/2014 22:58:54]

Deleted : RP #215 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 | 12/05/2014 00:01:21]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

 

Thank you for your support.

[Biscuithd]

DId the machine run clean over the weekend? Any issues before we close?

[kzion]

Hello,

So far so good, i think we can close this case
Thank you very much for all the help and info provided.

[Biscuithd]

So far so good, i think we can close this case
Thank you very much for all the help and info provided.

 

Excellent news! You are quite welcome

 

It's been a pleasure       If you need anything else, don't hesitate to stop back

[Biscuithd]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.