[I Want Candy]

Nevin I am a bit confused...
I went to update Java and it says I have the latest version ...
so I uninstalled it can always put it back if I need it way I figure. But the java 8 update 31 is still on program list
I ASSume I remove this too but figured I should ask...better safe then sorry
TY for that info learned a few new things about Java
waiting to proceed just in case

 

I also just noticed that there is still an entry for "wecare" but it also says indicates it may be from CWA whom we are associated with...but I did remove some of these file types in a clean up. WE are not sure what that program is and I am not gonna open it as they are caught up in the health care mess...

 

Edited by I Want Candy, 20 February 2015 - 09:37 AM.

[Advertisements]

Hello, Val.

Alright, it seems that Java is up-to-date, but as you're saying that you can still see remnants of wecarereminder, we'll take care of this.

Systemlook

Download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  *wecare*
  *we-care*
  
  :folderfind
  *wecare*
  *we-care*
  
  :regfind
  wecare
  we-care

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[Nevan]

Hello, Val.

Alright, it seems that Java is up-to-date, but as you're saying that you can still see remnants of wecarereminder, we'll take care of this.

Systemlook

Download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  *wecare*
  *we-care*
  
  :folderfind
  *wecare*
  *we-care*
  
  :regfind
  wecare
  we-care

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[I Want Candy]

Here is the log you asked for....

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:44 on 20/02/2015 by Val
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*wecare*"
C:\Users\Val\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LF1WLG3H\347414-mipony-wecarereminder-signal-strength-n-more[1].htm --a---- 254192 bytes [00:53 19/02/2015] [00:53 19/02/2015] 2EC0A13F5D01B7A9652D57894B5F50D8
C:\Users\Val\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YD02DZ9W\347414-mipony-wecarereminder-signal-strength-n-more[1].htm --a---- 404874 bytes [15:28 20/02/2015] [15:28 20/02/2015] 598D775B752680C8AD3E9BF77698640D

Searching for "*we-care*"
No files found.

========== folderfind ==========

Searching for "*wecare*"
No folders found.

Searching for "*we-care*"
No folders found.

========== regfind ==========

Searching for "wecare"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1233200475-905355780-979007565-1000\Software\wecarereminder]
[HKEY_USERS\S-1-5-21-1233200475-905355780-979007565-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1233200475-905355780-979007565-1000\Software\wecarereminder]

Searching for "we-care"

[Nevan]

Alright, one last thing to do.

A small question - where did you see that wecare entry?

As your logs look good, could you tell me if you have any other problems with your system that you'd like to mention?

FRST Fix

• Download attached fixlist.txt file to your desktop.
   fixlist.txt   726bytes   145 downloads
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
• Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
• Press the Fix button just once and wait.
  NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

 
Things that should appear in your next post:

• Fixlog.txt log content
• Answers to my questions

[I Want Candy]

Nevin the we care entry I saw is in programs...CWA Reminder by We-Care.com v 4.1.26.3 is exactly what is in name field
 

And I am not sure if this would be any way related...but last night the IE 11 on my other PC crashed. I have attempted to fix it disabled it in windows features and re-enabled it and it still comes up IE has stopped working although at times I can see it working in background and actually navigate and others it is just a white screen
Must be my week....oh lucky me...lol

here is that log and again TY so much for all your help
I would have NO hair without you guys...
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by Val at 2015-02-21 11:29:44 Run:2
Running from C:\Users\Val\Desktop
Loaded Profiles: Val (Available profiles: Val)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
C:\Users\Val\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YD02DZ9W\347414-mipony-wecarereminder-signal-strength-n-more[1].htm
C:\Users\Val\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LF1WLG3H\347414-mipony-wecarereminder-signal-strength-n-more[1].htm
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1233200475-905355780-979007565-1000\Software\wecarereminder]
[-HKEY_USERS\S-1-5-21-1233200475-905355780-979007565-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1233200475-905355780-979007565-1000\Software\wecarereminder]
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
"C:\Users\Val\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YD02DZ9W\347414-mipony-wecarereminder-signal-strength-n-more[1].htm" => File/Directory not found.
C:\Users\Val\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LF1WLG3H\347414-mipony-wecarereminder-signal-strength-n-more[1].htm => Moved successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1233200475-905355780-979007565-1000\Software\wecarereminder => Key Deleted successfully.
HKEY_USERS\S-1-5-21-1233200475-905355780-979007565-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1233200475-905355780-979007565-1000\Software\wecarereminder => Key not found.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 73 MB temporary data.

The system needed a reboot.

==== End of Fixlog 11:30:13 ====

 

[Nevan]

Hello again, Val.
 

And I am not sure if this would be any way related...but last night the IE 11 on my other PC crashed. I have attempted to fix it disabled it in windows features and re-enabled it and it still comes up IE has stopped working although at times I can see it working in background and actually navigate and others it is just a white screen

Well, it's most likely a problem of this other PC. If it really bothers you, just create another topic where you descibe all problems from that other PC.

 
One last thing to do.

Good news. Your system looks clean and we can delete the tools that we've used. I've also prepared some tips for you to stay safe in the future.

 
DelFix
Now that your system looks clean, we can clear system restore points and malware removal tools that we've used. To do that, download and run Delfix.

• Note: Make sure that the following options are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
  • Reset System Settings

After the cleaning is done, DelFix.txt will be opened in Notepad. If it won't, you can find it in C:\ directory. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Also, delete any other .exe .txt, .bat .reg or .zip files that we used and are remaining and empty the Recycle bin.

 
Uninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove:

• ESET Online Scanner v3
• CWA Reminder by We-Care.com v4.1.26.3

 
Preventing Re-Infection

As prevention is better than cure, I have listed some tips for you to stay safe on the internet in the future. Make a good use of them.

 
Adobe products have to always be updated, because they also are being used to infect your computer.

• If you want to update Adobe Flash Player, visit this site.
• If you want to update Adobe Reader, visit this site.
• Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.

 
Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.

• Click Start > Control Panel > System and Security > Windows Update
• Under Windows Update click Turn automatic updating on or off
• Make sure that your settings are set so that you will receive updates automatically and click OK.

 
Heimdal Free is one of programs that can check for out-of-date programs on your computer. You can get it here.

 
Recommendations for security programs

• Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
• WinPatrol as a robust security monitor, will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

 
Cryptolocker prevention
Cryptolocker is a new ransomware that heavily encrypts your important files. At the moment there are no programs that can decrypt these files. You can read how to protect against it here.

 
For some good tips about how to prevent infection in the future, visit this site.

[I Want Candy]

Nevin I am feeling particularly blonde...lol I was thinking the same thing and went back to the other pc and amazingly it was working just fine...like I am the crazy one...not sure what was up or what happened but will keep an eye on it before using valuable resources someone else may need more...I will run the normal scans and see if anything seems out of place...I hate using up someone's time when others are more in need.

 

here is the log and TY TY TY just can't say it enough

 

# DelFix v10.8 - Logfile created 21/02/2015 at 12:41:17
# Updated 29/07/2014 by Xplode
# Username : Val - VAL-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Val\Desktop\FRST-OlderVersion
Deleted : C:\Users\Val\Desktop\Addition.txt
Deleted : C:\Users\Val\Desktop\AdwCleaner.exe
Deleted : C:\Users\Val\Desktop\Fixlog.txt
Deleted : C:\Users\Val\Desktop\FRST.txt
Deleted : C:\Users\Val\Desktop\FRST64.exe
Deleted : C:\Users\Val\Desktop\JRT.exe
Deleted : C:\Users\Val\Desktop\JRT.txt
Deleted : C:\Users\Val\Desktop\SecurityCheck.exe
Deleted : C:\Users\Val\Desktop\SystemLook.exe
Deleted : C:\Users\Val\Desktop\SystemLook.txt
Deleted : C:\Users\Val\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #193 [Removed JavaFX 2.1.1 | 02/20/2015 15:26:52]
Deleted : RP #195 [Restore Point Created by FRST | 02/21/2015 16:29:47]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 

I uninstalled the eset scanner the other says I an unable is on a network source that is unavailable...installation source is not available verify source exists....

 

I have a prior commitment I must take care of but I will continue with the rest and prevention when I get back although at a glance it looks like I already have most of these setting as described. Will defiantly read up and check out those other two programs I haven't used before also...I know an ounce of prevention goes a long way...

Thank you for being so patient kind and understanding...Absolutely  u guys

 

[Nevan]

I uninstalled the eset scanner the other says I an unable is on a network source that is unavailable...installation source is not available verify source exists....

Don't worry about it. We took care of everything visible that was connected to wecarereminder. This is just an entry in the uninstall list.
 

Thank you for being so patient kind and understanding...Absolutely u guys

You actually did very well, it was a pleasure to work with you.

Stay safe

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.