Montera.toolbar returns after removal

[ken turbine]

Your question on Montera :
I think this is the answer

I have not seen pop-ups happening, but I keep them locked out anyway. The indication came from the Spybot S&D scan

Reagrds,
Ken

[ken545]

Ken, run another scan with Spybot and if it finds Montera post the log please

You only get the extras log on the first run of OTL, so not to worry, your doing fine

[ken turbine]

Hi Ken,

I have just run a scan and for the first time in recent history, there is no Montera.toolbar listed.
I hope that this means that the horror has been eliminated: is my hope justified?

There are some elelments listed as 'green' threat level, but I do not know if they should be removed as they all appear to be associated with Microsoft entries. I would appreciate if you tell me if I should use the Spybot Fix on these. I have pasted the Spybot log below.

Best Regards
Ken

Search results from Spybot - Search & Destroy

21/12/2013 07:25:03
Scan took 00:26:08.
10 items found.

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1830186670-2800608561-1836546306-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1830186670-2800608561-1836546306-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (19) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (6) (Browser: History, nothing done)



--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-12-08 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2013-11-12 Includes\Adware.sbi (*)
2013-12-17 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2013-10-16 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-10-29 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-12-17 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-12-10 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-10-29 Includes\SecurityC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-12-03 Includes\TrojansC-03.sbi (*)
2013-12-17 Includes\TrojansC-04.sbi (*)
2013-12-10 Includes\TrojansC-05.sbi (*)
2013-08-06 Includes\TrojansC.sbi (*)

[ken545]

Good Morning Ken,

When we ran AdwCleaner and Junkware Removal it made changes to your system so the entries are ok, but you can fix these

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (19) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (6) (Browser: History, nothing done)


Everything running ok ???

[ken turbine]

Hi Ken,

First I removed the items as you recommended.
Subsequently, I have now scanned twice with Spybot, as I went into the quarantine after the first and saw the dread Montero.toolbar there. So I purged it. My assumption was that I had missed one of the instances from earlier in this exercise and not purged at that point. To test this, I rescanned and there was no evidence of it in either the report or the quarantine.
The real question now is, in your opinion has your hard work cleaned my Win7 system?

A secondary for my own peace of mind is 'is it possible for the XP side to be infected?' I have done a scan during this exercise of the XP side and Spybot 1.xx.xx (the last before ver 2) pronounced it clean. The XP side was isolated from the internet (my nephew disabled the ?modem? driver) on creation of the Win7 partititon so has not been used anywhere on the net and could only have got infected by migration from the Win7.

If the answer to the first question is I am cleaned, and the second is 'highly unlikely'; then I will leave you in peace to help those other souls with problems.

I am extremely grateful for your time and effort in helping me, and hope that I have not been too much of a liability during the exercise.

Kindest Regards,
Ken

[ken545]

Hello Ken,

When using XP if your not having problems I would say your ok, especially if it has no internet access, the rest of your system looks fine. You did just fine, my pleasure helping you

Might want to give this a read for XP
http://techpageone.dell.com/technolo...0#.UrWqI_RDtL2


We need to update your Java to keep you more secure

1. Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 45, if not proceed with the instructions.
   
2. Go to the update Tab and update it
3. Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )
   
4. Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.

You can verify the installation Here







Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed

• How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

[ken turbine]

Hi Ken

As there is no Java section in the Control Panel I have just checked with my nephew, who actually did the installation, and JAVA itself was not installed on the Win7 system.
He got me to check using Windows Explorer, and he says that any elements of JAVA there are for individual items using JAVA functionality. (Hope that means more to you than me).
Do I need to load JAVA and update or is it OK the way it is?

I have not yet used the OTL Clean-Up until you let me know how I stand.
Sorry for continuing the saga!
Regards,
Ken

[ken545]

Ken, if Java isn't installed and you have no problems loading websites than I would say your fine Java has some serious exploits, some sites recommend disabling it, so its a catch 22 situation, if things are running fine without than just leave it be. I always recommend updating Java, my bad for not looking through your logs to see if it was installed

[ken turbine]

With that then, all that there is left is to say a huge 'Thank you' to all at Spybot, but most especially you Ken.

To all of you
A Merry Christmas and a Happy and prosperous New Year.

Kindest Regards,
Ken

[ken545]

Your very welcome

Take Care,

Ken