Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 34

Thread: Delta.Toolbar and Win32.BitGuard

  1. #21
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    Thank you for helping me out with this, I really appreciate it.
    You're welcome!

    there is no Google Chrome on this laptop now
    OK and thank you for the clarification, there is a registry restriction in place I think would be prudent to recify in the event Chrome is ever installed again.

    We get the IE cannot load error, and again it tries to reload the browser but that doesnt fix it.
    A strange one that as was thinking it may be a IE 11 compatibility issue but can access the sites myself no problem using the same browser. So feasible the loop-back issue I identified is still a problem for example

    Anyway lets proceed as follows shall we and after completing the below try those two sites again please....

    Custom FRST Script:

    Open notepad. Please copy the contents of the Code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to the desktop as fixlist.txt

    Code:
    Start
    CHR HKLM\SOFTWARE\Policies\rectify: Policy restriction <======= ATTENTION
    End
    • Now right-click on FRST.exe and select Run as Administrator to start FRST.
    • Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
    • A log will now open named Fixlog and it will also be on the desktop >> close FRST.
    • Post the contents of the aforementioned in your next reply.

    Note: If FRST advises there is a new update to be downloaded, do so/allow this.

    Download/Run ComboFix:

    Please visit this web-page for download links, and instructions for running the tool:

    How to use ComboFix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Please include the C:\ComboFix.txt in your next reply for further review.

    Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

    If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a trained Anti-Malware helper.


    Next:

    When completed the above, please post back the following in the order asked for:

    • How is your Daughter's computer performing now, any other symptoms and or problems encountered?
    • FRST Fix Log.
    • ComboFix Log.
    Last edited by Dakeyras; 2013-12-03 at 13:22. Reason: Grammer.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  2. #22
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Hi,

    I'm sorry and embarrassed to say that on trying to access a webpage I got the 'IE has stopped working' and it couldnt find a solution.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-12-2013
    Ran by Aimee at 2013-12-03 12:25:06 Run:1
    Running from C:\Users\Aimee\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    Start
    CHR HKLM\SOFTWARE\Policies\rectify: Policy restriction <======= ATTENTION
    End
    *****************


    ==== End of Fixlog ====

    ComboFix 13-12-01.01 - Aimee 03/12/2013 12:43:40.1.4 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.1011.208 [GMT 0:00]
    Running from: c:\users\Aimee\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-11-03 to 2013-12-03 )))))))))))))))))))))))))))))))
    .
    .
    2013-12-03 12:56 . 2013-12-03 12:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-12-03 09:31 . 2013-12-03 09:31 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1ABDA105-D4B3-407F-A6BD-64C10F3C410C}\MpKsldd85de09.sys
    2013-12-03 09:31 . 2013-12-03 09:31 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1ABDA105-D4B3-407F-A6BD-64C10F3C410C}\offreg.dll
    2013-12-03 09:28 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1ABDA105-D4B3-407F-A6BD-64C10F3C410C}\mpengine.dll
    2013-12-02 20:09 . 2013-12-02 20:09 -------- d-----w- C:\FRST
    2013-12-02 15:46 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-12-01 21:53 . 2013-12-01 21:53 -------- d-----w- c:\users\Aimee\AppData\Roaming\Malwarebytes
    2013-12-01 21:52 . 2013-12-01 21:52 -------- d-----w- c:\programdata\Malwarebytes
    2013-12-01 21:52 . 2013-12-01 21:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-12-01 21:52 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-11-30 22:27 . 2013-11-30 22:27 -------- d-----w- C:\_OTL
    2013-11-30 11:08 . 2013-11-30 11:08 -------- d-----w- c:\windows\ERUNT
    2013-11-29 16:58 . 2013-11-29 17:04 -------- d-----w- C:\AdwCleaner
    2013-11-29 16:49 . 2013-11-29 16:49 -------- d-----w- C:\RegBackup
    2013-11-29 16:48 . 2013-11-29 16:48 -------- d-----w- c:\program files\Tweaking.com
    2013-11-24 21:22 . 2013-11-24 21:22 -------- d-----w- c:\users\Aimee\AppData\Roaming\SUPERAntiSpyware.com
    2013-11-15 20:55 . 2012-05-11 15:47 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
    2013-11-15 20:55 . 2012-05-11 15:47 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
    2013-11-15 20:55 . 2012-05-11 15:47 119568 ----a-w- c:\windows\system32\VB6FR.DLL
    2013-11-15 20:55 . 2012-05-11 15:47 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
    2013-11-15 20:55 . 2013-11-15 20:55 -------- d-----w- c:\users\Aimee\AppData\Roaming\TFP
    2013-11-15 20:55 . 2012-05-11 15:47 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
    2013-11-14 08:47 . 2013-09-25 01:57 247808 ----a-w- c:\windows\system32\schannel.dll
    2013-11-14 08:47 . 2013-09-25 02:01 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-11-14 08:47 . 2013-07-04 12:16 369848 ----a-w- c:\windows\system32\drivers\cng.sys
    2013-11-14 08:47 . 2013-09-25 02:01 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2013-11-14 08:47 . 2013-09-25 01:56 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2013-11-14 08:47 . 2013-09-25 01:57 99840 ----a-w- c:\windows\system32\sspicli.dll
    2013-11-14 08:47 . 2013-09-25 01:56 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2013-11-14 08:47 . 2013-09-25 00:49 22016 ----a-w- c:\windows\system32\lsass.exe
    2013-11-14 08:47 . 2013-09-25 01:57 22016 ----a-w- c:\windows\system32\secur32.dll
    2013-11-14 08:47 . 2013-09-25 00:49 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2013-11-14 08:46 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\system32\authui.dll
    2013-11-14 08:46 . 2013-10-04 01:58 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
    2013-11-14 08:46 . 2013-10-04 01:56 168960 ----a-w- c:\windows\system32\credui.dll
    2013-11-14 08:46 . 2013-10-03 01:58 305152 ----a-w- c:\windows\system32\gdi32.dll
    2013-11-14 08:45 . 2013-10-12 02:01 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-11-14 08:45 . 2013-10-12 02:03 656896 ----a-w- c:\windows\system32\nshwfp.dll
    2013-11-14 08:45 . 2013-10-12 02:01 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-11-14 08:44 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\system32\crypt32.dll
    2013-11-07 09:29 . 2013-10-18 08:29 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03E81AD5-A2FC-49EC-9687-06372FF93A93}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-11-19 10:21 . 2012-06-18 18:21 230048 ------w- c:\windows\system32\MpSigStub.exe
    2013-10-18 08:29 . 2012-07-04 12:55 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-09-27 09:53 . 2013-09-27 09:53 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2013-09-27 09:53 . 2012-03-20 19:44 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2013-09-14 00:48 . 2013-10-09 19:49 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-09-08 02:07 . 2013-10-09 19:49 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-09-08 02:03 . 2013-10-09 19:49 231424 ----a-w- c:\windows\system32\mswsock.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
    2011-03-13 09:57 302240 ----a-w- c:\program files\Bluetooth Suite\AthBtTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
    2011-03-13 09:57 490656 ----a-w- c:\program files\Bluetooth Suite\BtvStack.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLxHCIm]
    2011-10-03 09:15 43008 ----a-w- c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GfxServiceInstall]
    2011-12-13 06:57 131 ----a-w- c:\windows\System32\GfxCUIServiceInstall.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2011-12-13 07:13 168960 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2011-12-13 07:14 135168 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
    2013-10-23 14:55 948440 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2011-12-13 07:13 161280 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
    2011-05-17 06:17 10082920 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2012-06-18 19:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2011-11-10 12:39 2307368 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    R3 Asushwio;Asushwio;c:\windows\system32\drivers\Asushwio.sys [2006-10-13 10288]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-28 108032]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-03-13 68768]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 34976]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 259232]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 24736]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 175776]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 49312]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 141088]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 242336]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-10-03 169472]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-10-03 49664]
    S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2011-12-13 1336320]
    S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [2011-12-13 417280]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-08 278528]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSLDD85DE09
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-18 19:29]
    .
    2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-18 19:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    MSConfigStartUp-Facebook Update - c:\users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
    MSConfigStartUp-Retrogamer Search Scope Monitor - c:\progra~1\RETROG~2\bar\1.bin\4wsrchmn.exe
    MSConfigStartUp-Retrogamer_4w Browser Plugin Loader - c:\progra~1\RETROG~2\bar\1.bin\4wbrmon.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-12-03 13:02:22
    ComboFix-quarantined-files.txt 2013-12-03 13:02
    .
    Pre-Run: 215,984,275,456 bytes free
    Post-Run: 216,211,697,664 bytes free
    .
    - - End Of File - - 61F040E45EF7925CC93C95A129CC7172
    A36C5E4F47E84449FF07ED3517B43A31

  3. #23
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    I'm sorry and embarrassed to say that on trying to access a webpage I got the 'IE has stopped working' and it couldnt find a solution.
    Not a problem and no need to feel embarrassed I assure you.

    Fix IE Utility:

    Please download Fix IE Utility from here, scroll down the page and click on the Download File tab then unzip the file to the desktop.

    • Close all open windows, especially Internet Explorer.
    • Right-click on Fix IE Utility and select Run as Administrator to start the application.
    • Now click on the Run Utility button as shown in the image:-

    • Wait until the following message appears:-
    • Then click on OK.
    • Restart the machine to see if Internet Explorer is now working correctly again.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  4. #24
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Wow, this is a difficult one isnt it...

    It didnt clear it sorry.

  5. #25
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    Wow, this is a difficult one isnt it...
    Aye indeed it is...might be feasible the core files of IE 11 itself are compromised/damaged beyond repair, this can occur at times as a consequence of malware.

    OK lets try a roll-back to IE 10 for now, once done so try the sites you have encountered problems accessing and let myself know the outcome in your next reply.

    Roll-back IE:

    The below process will remove IE 11 and IE 10 will be restored...

    • Click on Start(Windows 7 Orb) >> Control Panel >> Uninstall a program or Programs and Features.
    • Then on the left hand side click on View Installed Updates >> scroll down until you locate Windows Internet Explorer 11 listed as an update.
    • Click once on Windows Internet Explorer 11 to highlight >> Uninstall >> follow the prompts.

    Note: The above may take some time, so ensure you do not interrupt the roll-back/uninstallation process until it is complete. Reboot the machine afterwards if not advised to.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  6. #26
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Ah there you go, I visited the sites that previously caused the problems, and the error did not appear.

    The laptop seems to be working very well, thank you.

    When we are done, could you advise me if I am allowed to delete the programs I downloaded, and if so do I uninstal them from within control panel, or simply delete them off the desktop.

    I will however keep the one you said to keep, and will run it once a week as you said.

    Thank you Dakeyras

  7. #27
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    I also forgot to ask if its OK for me to download the Jave version 7 update 45, as that is the java update that is needed for my daughter to access some videos on youtube.

    Thanks again

  8. #28
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    Ah there you go, I visited the sites that previously caused the problems, and the error did not appear.

    The laptop seems to be working very well, thank you.
    Good and you're welcome. When I give the all clear feel free to download/reinstall IE 11 again from here, then check for updates afterwards etc.

    When we are done, could you advise me if I am allowed to delete the programs I downloaded, and if so do I uninstal them from within control panel, or simply delete them off the desktop.
    By all means I will do so, actually I do have a specific methodology fro removing the tools used during the malware removal process.

    I also forgot to ask if its OK for me to download the Jave version 7 update 45, as that is the java update that is needed for my daughter to access some videos on youtube.
    Sure we can address this next time round and as mentioned prior I will also provide instructions on how to secure the software.

    Next:

    Just one other step now as a final sweep to ensure your daughters' machine is indeed malware free as follows...

    ESET Online Scanner:

    Note: You will need to disable the currently installed Anti-Virus for the duration of the scan, how to do so can be read here.

    Windows 7 users: You will need to to right-click on the either the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go here to run the scan...
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:


    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the log-file first!
    • Now click on:
    • Use notepad to open the log-file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.

    Note: Do not forget to re-enable the Anti-Virus application after running the above scan!

    My friendly advice is you consider keeping the online scanner installed then run it say once per month as a extra check. A quick easy way to do so would be via:-

    Click on Start(Windows 7 Orb) >> Computer >> C: >> Program Files >> ESET >> ESET Online Scanner >> then right click on OnlineScannerApp and select Run as Administrator.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  9. #29
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Hi,

    Sorry for the delay in getting back to you.

    I got the ESET software and ran it, and it didnt seem to go to plan.

    I think I got a copy of the ESET log, but that was before I closed it and I'm not sure if the malware it found was deleted.

    So I checked the folder on the C drive, and the app wasnt there and neither was the log.txt file.

    So Im wondering if I should download it again and run it again.

    Here is what I got before it closed.

    C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll.vir Win32/Toolbar.SearchSuite.F application
    C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\Datamngr.dll.vir a variant of Win32/Toolbar.SearchSuite.C application
    C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe.vir a variant of Win32/Toolbar.SearchSuite.D application
    C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.C application
    C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\IEBHO.dll.vir a variant of Win32/Toolbar.SearchSuite.C application
    C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\mgrldr.dll.vir a variant of Win32/Toolbar.SearchSuite.C application
    C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.G application
    C:\AdwCleaner\Quarantine\C\Program Files\WebConnect\updateWebConnect.exe.vir a variant of MSIL/BrowseFox.A application
    C:\AdwCleaner\Quarantine\C\Users\Aimee\AppData\Roaming\Advanced System Protector\aspsetup.exe.vir a variant of MSIL/AdvancedSystemProtector.B application
    C:\Program Files\PDFCreator\message.exe a variant of Win32/InstallCore.A application
    C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
    C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup6.zip Win32/Bagle.gen.zip worm
    C:\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup6.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm

  10. #30
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    Sorry for the delay in getting back to you.
    Not a problem.

    I got the ESET software and ran it, and it didnt seem to go to plan.

    I think I got a copy of the ESET log, but that was before I closed it and I'm not sure if the malware it found was deleted.

    So I checked the folder on the C drive, and the app wasnt there and neither was the log.txt file.

    So Im wondering if I should download it again and run it again.
    Also not a problem, the scan was not meant to delete anything but rather merely be deployed as a final check and if anything malicious flagged I would in turn have advised the appropriate course of action as necessary etc.

    Anyway the results are a positive outcome and all that has been detected are items quarantined by AdwCleaner, which will be fully purged when we remove the aforementioned application. Plus some malware removed by Spybot - Search & Destroy, which is fine to leave in the various associated Recovery folders and or purge at your discretion.

    If you opt to do so:-

    Launch Spybot - Search & Destroy >> Recovery >> select the items the items to be purged >> Purge selected items

    Next:

    Now lets update some software and check for third party updates as follows...

    Re-Install Java:

    Go to this web-page --> Java Downloads for All Operating Systems

    Scroll down to:-

    Which should I choose?

    Follow the advice per We have detected you may be viewing this page etc etc >> download the appropriate installation file to the desktop.

    In your case it should be Windows Offline (32-bit), once downloaded >> right-click on the installation file and select Run as Administrator >> follow the prompts.

    Then follow the advice below:-

    How to Disable Java in your Web Browser

    FileHippo Update Checker:

    Download and install FileHippo Update Checker from here to the desktop.

    • During the installation process deselect the option:- Run at Startup >> then once installed...
    • Click on Start(Windows 7 Orb) >> All Programs >> right-click on Update Checker and select Run as Administrator >> a browser window will open after the scan is complete.
    • Download any updates detected to the desktop >> uninstall anything that requires updating via Uninstall a program or Add/Remove Programs in the Control Panel.
    • Re-install the updated software...then delete the installers and empty the Recycle Bin.

    Note: When I give the all clear my advice would be to consider keeping FileHippo Update Checker installed. Then periodically use it to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.

    Next:

    When completed the above let myself know and if any further issues remaining. If not we will remove all tools used during the course of the malware removal process and I will also provide some advise about online safety.
    Last edited by Dakeyras; 2013-12-05 at 11:21. Reason: Grammar.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •