[Desexx]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Desmond :: DESMOND-HP [administrator]

9/7/2013 10:59:21 AM
mbam-log-2013-09-07 (10-59-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214687
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 14
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{35853321-818D-4B5D-AA6B-6C56DBBFEEE7} (PUP.Optional.WebProtect) -> Quarantined and deleted successfully.
HKCR\TypeLib\{F909BBB7-24F1-499C-88ED-CD8F8286A589} (PUP.Optional.WebProtect) -> Quarantined and deleted successfully.
HKCR\Interface\{8540A75D-34C4-4260-9DC0-839EC6BC76B4} (PUP.Optional.WebProtect) -> Quarantined and deleted successfully.
HKCR\WebProtect.WebProtect.1 (PUP.Optional.WebProtect) -> Quarantined and deleted successfully.
HKCR\WebProtect.WebProtect (PUP.Optional.WebProtect) -> Quarantined and deleted successfully.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Desmond\Downloads\FLVPlayerSetup.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.

(end)

[Advertisements]

Running eset with no threats detected as of yet... System is running a lot better. Browser is running faster... Thanks so much for all you have done..

[Desexx]

Running eset with no threats detected as of yet... System is running a lot better. Browser is running faster... Thanks so much for all you have done..

[Desexx]

results of scan

C:\_OTL\MovedFiles\09072013_012957\C_Program Files (x86)\24x7Help\App24x7Hook.dll Win32/24x7Help.A application
C:\_OTL\MovedFiles\09072013_012957\C_Program Files (x86)\24x7Help\App24x7Hook64.dll Win64/24x7Help.A application
C:\_OTL\MovedFiles\09072013_012957\C_Program Files (x86)\FLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application
C:\_OTL\MovedFiles\09072013_012957\C_Program Files (x86)\FLVPlayer\Uninstall\__Uninstall_.exe a variant of Win32/InstallCore.CH application

[Nutloaf]

ESET can take ages! Effective though, so it's worth the wait.

I will prepare my next post and have it ready for you tomorrow. I think it's just a matter of securing a few things..... we will see!

Regards Nutloaf.

[Nutloaf]

Awesome Sauce

The finish line is in sight, MBAM found some leftover registry entries and ESET found files in OTL's quarantine folder. So all is well. A small tidy up for Internet Explorer and secure some programs.

1. OTL Fix

• Right click the OTL icon and select Run as Administrator.
• Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.
  

  
  :COMMANDS
  [CREATERESTOREPOINT]
  
  :OTL
  IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
  IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
  IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
  IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
  IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
  IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
  IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
  [2013/08/31 15:16:34 | 000,001,096 | ---- | M] () -- C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\searchplugins\keybar-112-customized-web-search.xml
  
  :REG
  [HKCU\SOFTWARE\Microsoft\Internet Explorer\MAIN]
  "Start Page"="http://www.google.com"
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
  "Start Page"="http://www.google.com"
  
  :COMMANDS
  [REBOOT]
  

• Then click Run Fix
• Click O.K to Reboot.
• An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
• Copy and Paste the Fix Log in your next reply.

2. Do You Need Java? Please read:

• Java is one of the most exploited software at this time and the majority of home users can do without it. Installing the latest updates is also important
• The easiest way to find out if Java is needed is to disable Java in your web browser. (see link below)
• If a trusted program or webpage asks for Java then enable it, otherwise Uninstall completely using JavaRa
  

  Update or Remove Java

• Use this link to download JavaRa
• Run JavaRa.exe, then click on Remove Java Runtime.
• Select the Java version you have from the drop down list, and then click on Run Uninstaller
• Press Yes if it asks to uninstall the product.
• Allow the uninstaller to remove the installed version.
• Follow the next steps only if you want to install the latest version
• When its finished, go back to JavaRa, and click Back
• Click on Update Java Runtime and then select Download and install latest version.
• Press Next
• Press Java Manual Download.
• A browser window will open with the Java download page.
• Click the Windows offline link to download Java.
• Run the installer.
• Close JavaRa

3. UPDATE ADOBE

Adobe is bundled with Chrome, Google toolbar and or McAfee Security Scan. Uncheck the boxes before downloading Reader.

• ADOBE READER 11.0.03

4. ENSURE AUTOMATIC UPDATES ARE ENABLED

All security updates released by Microsoft must be Automatically Installed.

• Click Start and in the search box type windows update and press ENTER.
• Click Change Settings and make sure the Install updates automatically (recommended) option is selected, if not select it and click O.K to save settings.

Things I want to see in your next post.

• OTL fix.txt
• How is Internet Explorer? Is Google set as your Homepage?

[Desexx]

Sorry work was busy and kept me late... I will take care of steps once I am finished work today.

[Nutloaf]

No problem, no rush, thanks for letting me know and speak soon

[Desexx]

Hello, having problems finding.... C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log ran reboot and not seeing files....Thanks if you can help me.

[Desexx]

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
File C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\searchplugins\keybar-112-customized-web-search.xml not found.
========== REGISTRY ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\MAIN\\"Start Page"|"http://www.google.com" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\\"Start Page"|"http://www.google.com" /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 09092013_184543

[Nutloaf]

Hi sorry I didn't reply, I look online but I forget to sign out sometimes

I'm glad you found the logs looks like all is clear there.

Before I give my next post, and by golly it's close to the finish line now I can smell the tape, I want to know:

• Are there are any other problems?
• Is Internet Explorer functioning correctly? Google should be your Homepage?

[Desexx]

Thank you for the help, PC is running great...if I have anymore problems I will be sure to let you know, THANKS for your time.

[Nutloaf]

I have one final post for you which is important. There are quarantined files still on your PC that need to be removed plus a few other things. I will post this for you tomorrow once cleared with my instructor.

Thanks for sticking with me and prepare for the tidy up and a fond farewell

[Nutloaf]

Hi Desexx, great job The job is a goodun!

Removing the tools will also clear any quaratined items left on the machine. I have included a Defrag for you to run as this is needed and should be scheduled to run weekly automatically.



Dustpan and Brush

1. Create Restore Point and Remove OTL

Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:COMMANDS
[CREATERESTOREPOINT]

• Then click Run Fix
• When complete a log file will tell you if sucessfull. I do not need to see this.
• Now click the CleanUp button on OTL. This will delete the log files, and OTL itself.
• Click O.K to Reboot.

2. Flush Old System Restore Points

• Click on Start(Windows 7 Orb) >> All Programs >> Accessories >> System Tools >> right-click on Disk Cleanup and select Run as Administrator.
• If prompted Select the system drive, C then OK.
• Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked.
• Now click on the More Options tab. If not shown - Click on Clean up system files >> Select the system drive, C then OK. now click More Options Tab.
• Under:- System Restore and Shadow Copies Click on Clean up... select Delete >> OK then Delete Files.

3. Delete JRT icons

• Right click the Junkware Removal Tool Icon and select Delete
• Click Start then Computer and double-click Local Disk (C:) and delete the JRT Folder

4. Uninstall ADWcleaner

• Open ADWcleaner and select uninstall.

5. Uninstall ESET

• Click Start then Control Panel and select Uninstall a program or Programs and Features
• Select ESET Online Scanner and uninstall

6. Delete Security Check Icon

• Right click the Security Check Icon and select Delete

7. Defragment your Hard drive

• Click Start and in the search bar copy and paste the following: Defragment your Hard drive and click Enter
• Click Configure Schedule... ensure the Run on a schedule (recommended) box is checked and a Weekly scan selected.
• Click O.K then on the main screen click Analyze Disk Once complete click Defragment Disk

Tips For A Clean Surf with Toolbar and Homepage free waves


Avoid the following

• Torrent downloaders, Torrent files and Torrent sites. - Otherwise known as P2P. The files are mainly illegal, contain malware and\or adult material. Steer clear of P2P programs and files..
• Registry Cleaners - They can clean a little too much and remove needed entries. The best thing to do with the registry is leave it be.
• PC Performance Boosters. - Programs that promise to speed up your PC. These are useless and\or come packed with Toolbars and other uneeded software that runs in the background causing, you guessed it Performance Issues!
• Not Checking Install Screens - Dont just click next, next, next and Install when installing programs. Some of the screens may contain Browsers or Toolbars. Check each screen before clicking next.

The main thing is to Keep On Top Of Your Updates and run Weekly Scans with Malwarebytes and AVG, be sure to update these before running the scans

I will keep this post open for 24 hours if you need assistance. If after that you need help then please start a new Topic in the appropriate forum.


Select the following link and add it to your Favourites or Bookmark for future use. The answers to the majority of PC problems.

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.