[BrianDrab]

Thank you. One final malware scan and then we'll get you patched up and locked down.

 

Step#1 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

• Please go here and click on
• Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
• Please accept the ESET Online Scanner EULA and click Start.
• If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
• Make sure Enable detection of potentially unwanted applications is selected.
• Click the Advanced Settings link.
• Make sure Remove found threats is NOT checked.
• Make sure Scan archives IS checked.
• Make sure Scan for potentially unsafe applications IS checked.
• Make sure Enable Anti-Stealth technology IS checked
• 
   
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed, if anything was detected please click the List of found threats link.
• 
   
• Then click the Copy to Clipboard link and paste this information into your next reply.
• 

   

   

• Then you may click the Back button.
• Check Uninstall Application on Close before clicking finish.

 
Items for your next post
1. Contents of the ESET log file

 

[Advertisements]

Hello,

 

since this next step might possibly take awhile, i will continue tomorrow.

 

have a good night and thanks!

[kepayne228]

Hello,

 

since this next step might possibly take awhile, i will continue tomorrow.

 

have a good night and thanks!

[kepayne228]

Hello here is the EST log

 

 

C:\FRST\Quarantine\C\Users\Tonis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nongkkjjhbjloiienhkhphhjjlnlnbfe\1.0.1_0\background.js    Win32/BrowseFox.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Tonis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nongkkjjhbjloiienhkhphhjjlnlnbfe\1.0.1_0\content.js    Win32/BrowseFox.Q potentially unwanted application
C:\FRST\Quarantine\C\Windows\system32\drivers\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64.sys.xBAD    a variant of Win64/NetFilter.A potentially unsafe application
C:\FRST\Quarantine\C\Windows\system32\drivers\{6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64.sys.xBAD    a variant of Win64/NetFilter.A potentially unsafe application
C:\Program Files (x86)\iSharpsoft\IRegCleaner.exe    a variant of Win32/AdWare.SmartPCFix.B application
C:\Users\Tonis\Downloads\WiseConvert.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll    a variant of Win32/Toolbar.Linkury.G potentially unwanted application
C:\Windows\Installer\5e21c45.msi    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\faq_8A71AEBB623B46A0B934103F1A762800.exe    a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\FTsc_94F4507362A24B9B9BA6A29A1AFF037E.exe    a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\LicenseShortcut_303A72A482D54D67B5D168C047EE3E11.exe    a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\LogFilesCollectorS_95204E1E4B3B4767821B1FAD987C2D2D.exe    a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\MainExe64Shortcut1_A47BC27445824FCF8A8FDFE7347B3885.exe    a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\MainExe64Shortcut_B53671B5D9A445549437680533116875.exe    a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\NewShortcut10_87735DA8B8974C24BDFBDDE8F2D2DF1A.exe    a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\UninstallIcon.exe    a variant of Win32/SlowPCfighter.A potentially unwanted application
 

[BrianDrab]

Thank you.

 

OK, your machine looks good.

 

Let's get you buttoned up security-wise and then we'll clean up our tools and provide you some security advice. Let me know when you have done the following.

 

JAVA

WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you are using the latest version.
 

Unless you know that you use the following programs, please uninstall them.

Java™ SE Development Kit 6 Update 15 (64-bit)

JavaFX 2.1.1

 

 

Keep Adobe Reader Updated
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.
NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.
NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

[kepayne228]

I have completely unistalled Java and updated Adobe Reader.

[BrianDrab]

Excellent. If you have no further questions/issues, I'll leave you with the following.

 

OK! Well done, your computer is clean again! Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.

4. Click on Change Settings.

5. Select "Install updates automatically (recommended)" from the Important updates drop-down.

6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
4. Antimalware- Preventative
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
5. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
 

• Download CryptoPrevent free for home use here following the instructions below.
• Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
• Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
• You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
• You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
• You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
• Click the Apply button to set Default protection.
• You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
• That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 

 

 

 
For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log

[kepayne228]

Thanks! So the things that were found during the EST scan are gone too?

 

How do I get rid of the Malwarebytes installer on the desktop? Also there is something hanging around on the desktop called iSharpsoft Reg Cleaner. I don't see it on the list of installed programs. How can I get rid of that?

 

 

 

Here is the Delfix log

 

# DelFix v1.010 - Logfile created 19/05/2015 at 12:09:20
# Updated 26/04/2015 by Xplode
# Username : Tonis - TONIS-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Tonis\Desktop\AdwCleaner(1).exe
Deleted : C:\Users\Tonis\Desktop\AdwCleaner.exe
Deleted : C:\Users\Tonis\Desktop\adwcleaner.htm
Deleted : C:\Users\Tonis\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Tonis\Desktop\Fixlog.txt
Deleted : C:\Users\Tonis\Desktop\FRST64.exe
Deleted : C:\Users\Tonis\Desktop\JRT.exe
Deleted : C:\Users\Tonis\Desktop\JRT.txt
Deleted : C:\Users\Tonis\Desktop\JRT_NEW.exe
Deleted : C:\Users\Tonis\Desktop\SecurityCheck.exe
Deleted : C:\Users\Tonis\Downloads\Addition.txt
Deleted : C:\Users\Tonis\Downloads\OTL (1).exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #474 [Windows Update | 05/07/2015 05:58:00]
Deleted : RP #475 [Windows Backup | 05/07/2015 06:03:19]
Deleted : RP #476 [Removed ChocolateBar by We-Care.com v1.0.1.0 | 05/07/2015 21:12:53]
Deleted : RP #477 [Removed Java 8 Update 31 | 05/07/2015 21:13:53]
Deleted : RP #478 [Removed Java 8 Update 31 (64-bit) | 05/07/2015 21:20:11]
Deleted : RP #479 [Windows Update | 05/08/2015 16:51:45]
Deleted : RP #480 [Windows Backup | 05/18/2015 06:19:56]
Deleted : RP #481 [Windows Update | 05/18/2015 18:11:29]
Deleted : RP #483 [Restore Point Created by FRST | 05/18/2015 18:29:56]
Deleted : RP #484 [Removed Java™ SE Development Kit 6 Update 15 (64-bit) | 05/19/2015 18:51:14]
Deleted : RP #485 [Removed JavaFX 2.1.1 | 05/19/2015 18:53:11]
Deleted : RP #486 [Removed Adobe Reader 9.5.5 MUI. | 05/19/2015 18:53:50]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

[BrianDrab]

Go ahead and right-click on the malware bytes installer as well as the iSharpsoft reg cleaner and just select delete. That will get rid of those.

 

Also many of the items that ESET found were already caught previously. But since you mentioned iSharpSoft I want to run one more fix to get rid of the remnants.

 

Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download attached file and save it to the Desktop.  fixlist.txt   188bytes   190 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.

[kepayne228]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-05-2015
Ran by Tonis at 2015-05-19 12:49:30 Run:1
Running from C:\Users\Tonis\Desktop
Loaded Profiles: Tonis (Available profiles: Tonis)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\iSharpsoft
C:\Users\Tonis\Downloads\WiseConvert.exe
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}
c:\users\tonis\desktop\mbam-setup-2.1.6.1022.exe

*****************

C:\Program Files (x86)\iSharpsoft => Moved successfully.
C:\Users\Tonis\Downloads\WiseConvert.exe => Moved successfully.
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37} => Moved successfully.
"c:\users\tonis\desktop\mbam-setup-2.1.6.1022.exe" => File/Directory not found.

==== End of Fixlog 12:49:30 ====

 

 

 

# DelFix v1.010 - Logfile created 19/05/2015 at 12:51:17
# Updated 26/04/2015 by Xplode
# Username : Tonis - TONIS-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Tonis\Desktop\Fixlog.txt
Deleted : C:\Users\Tonis\Desktop\FRST64.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #487 [End of disinfection | 05/19/2015 19:09:55]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

[BrianDrab]

There we go. All should be good now. Thank you.

[kepayne228]

Thank you Brian!

[BrianDrab]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.