[Nevan]

Hello again, pdl2.
 

If I was supposed to delete/quarantine the detected file on the ESET scan, I did not. Also, after dl ESET from Firefox, I closed Firefox. Hope that was ok

Don't worry, you've done everything correctly

We're almost done.

Step #1
FRST Fix

• Download attached fixlist.txt file to your desktop.
   fixlist.txt   238bytes   259 downloads
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
• Right click FRST64.exe on your desktop and click Run as administrator.
• Press the Fix button just once and wait.
  NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

 
Step #2
Security Check

Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
Things that should appear in your next post:

• Fixlog.txt log content
• Checkup.txt log content

[Advertisements]

Nevan,

 

Do I need to get rid of the old fixlog from the other day?   When I download the new fixlist , it is named    fixlist(1) and then when I run   FRST64, it says fixlist can't be found.

 

pdl2

[pdl2]

Nevan,

 

Do I need to get rid of the old fixlog from the other day?   When I download the new fixlist , it is named    fixlist(1) and then when I run   FRST64, it says fixlist can't be found.

 

pdl2

[Nevan]

Get rid of the old one, it's not needed anymore

Make sure that the new one is named fixlist.txt and is in the same directory as FRST64.exe.

[pdl2]

It keeps wanting to name it fixlist(1),   can I just rename it?

[pdl2]

Fix result of Farbar Recovery Scan Tool (x64) Version:27-08-2015
Ran by Beth (2015-08-30 10:38:13) Run:2
Running from C:\Users\Beth\Desktop
Loaded Profiles: Beth (Available Profiles: Beth)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\temp\InstallFilter64.msi
Unlock: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3 /f
*****************

C:\temp\InstallFilter64.msi => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3" => key could not be unlocked

========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3 /f =========

ERROR: Invalid syntax.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


==== End of Fixlog 10:38:13 ====

[pdl2]

 Results of screen317's Security Check version 1.008  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 51  
 Java version 32-bit out of Date!
 Adobe Flash Player 18.0.0.232  
 Adobe Reader XI  
 Mozilla Firefox (40.0.3)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 

[Nevan]

Hello again, pdl2.

One last thing to do and then I will post the final instructions, unless you something else is still bothering you.

Your Java version is too old. Keeping Java updated is very important as well.

• WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
  Read this article.
  I would recommend that you completely uninstall Java unless you need it to run an important software.
  In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)

If you still want to keep Java

• Click the Start button
• Click Control Panel
• Double Click Java - Looks like a coffee cup. You may have to switch to Large icons view on the upper right of the Control Panel to see it.
• Click the Update tab
• Click Update Now
• Allow any updates to be downloaded and installed

• Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.

 
As your logs look good, could you tell me if you have any other problems with your system that you'd like to mention?

 
Things that should appear in your next post:

• Please tell me if you have successfully updated (or removed) Java
• Do you have any other problems with your system that you'd like to mention?

[pdl2]

I had to update Java, as my wife needs it for her work.  I don't think I'm having any other problems.  Which of the programs I downloaded do I need to keep?

 

Thanks,

pdl2

[Nevan]

Hello again, pdl2.
 

Which of the programs I downloaded do I need to keep?

We'll get rid of everything but Malwarebytes'. Whether you want to keep it or not is your choice. You'll find everything below

Good news. Your system looks clean and we can delete the tools that we've used. I've also prepared some tips for you to stay safe in the future.

 
DelFix
Now that your system looks clean, we can clear system restore points and malware removal tools that we've used. To do that, download and run Delfix.

Make sure that all options are checked and click Run.

After the cleaning is done, DelFix.txt will be opened in Notepad. If it won't, you can find it in C:\ directory. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Also, delete any other .exe .txt, .bat .reg or .zip files that we used and are remaining and empty the Recycle bin.

 
Uninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove ESET Online Scanner v3

 
Preventing Re-Infection

As prevention is better than cure, I have listed some tips for you to stay safe on the internet in the future. Make a good use of them.

 
Adobe products have to always be updated, because they also are being used to infect your computer.

• If you want to update Adobe Flash Player, visit this site.
• If you want to update Adobe Reader, visit this site.
• Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.

 
Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.

• Click Start > Control Panel > System and Security > Windows Update
• Under Windows Update click Turn automatic updating on or off
• Make sure that your settings are set so that you will receive updates automatically and click OK.

 
Heimdal Free is one of programs that can check for out-of-date programs on your computer. You can get it here.

 
Recommendations for security programs

• Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
• WinPatrol as a robust security monitor will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
• NoScript is a Firefox add-on that increases safety during surfing online by blocking malicious scripts.
• Unchecky will help you to avoid adware and PUPs by automatically removing checkmarks for these when installing programs.
• Web of Trust is an add-on for multiple browsers that warns you before entering websites with bad reputation.

 
Cryptolocker prevention
Cryptolocker is a new ransomware that heavily encrypts your important files. At the moment there are no programs that can decrypt these files. You can read how to protect against it here.

 
For some good tips about how to prevent infection in the future, visit this site.

 

Remember to post the Delfix log

[pdl2]

Delfix log.    I had to restart the computer to run as admin and rerun delfix

 

# DelFix v1.010 - Logfile created 30/08/2015 at 12:07:54
# Updated 26/04/2015 by Xplode
# Username : Beth - BETH-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...


~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #181 [Windows Backup | 08/28/2015 21:37:31]
Deleted : RP #182 [JRT Pre-Junkware Removal | 08/29/2015 18:59:55]
Deleted : RP #183 [JRT Pre-Junkware Removal | 08/29/2015 19:01:23]
Deleted : RP #184 [HPSF Applying updates | 08/29/2015 23:51:20]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

[pdl2]

do i delete adware cleaner, rogue and everything i downloaded?  will none of those programs be useful later on?

 

pdl2

[Nevan]

They should've been removed by Delfix...

Could you try running Delfix again but only with Remove disinfection tools checked?

[pdl2]

I had created a folder on desktop and had the programs inside the folder.  I took them out and they were deleted.

 

# DelFix v1.010 - Logfile created 30/08/2015 at 20:43:36
# Updated 26/04/2015 by Xplode
# Username : Beth - BETH-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Users\Beth\Desktop\AdwCleaner.exe
Deleted : C:\Users\Beth\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Beth\Desktop\FRST64.exe
Deleted : C:\Users\Beth\Desktop\JRT.exe
Deleted : C:\Users\Beth\Desktop\JRT.txt
Deleted : C:\Users\Beth\Desktop\RogueKiller.lnk
Deleted : C:\Users\Beth\Desktop\SecurityCheck.exe

########## - EOF - ##########
 

[Nevan]

Alright, it looks like we're done.

Stay safe

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.