[DianneH2014]

I have still been trying to create a repair disc. No luck.

No luck on the laptop. It is also a 64-bit, Windows 7.

Here is what I have done:

Create a system repair disc.

Then the following happens:

MS Windows Repair Disc has stopped working.

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

When I click DeBug...nothing happens.

The only thing it allows you to do is "Close"

This is what happens on this PC and the Laptop.

Strange

[Advertisements]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4f07e2f3cc1b7946a9ebdb54a1268878
# engine=16196
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-09 03:19:03
# local_time=2013-12-09 10:19:03 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777213 88 94 1325576 34319570 0 0
# scanned=192301
# found=8
# cleaned=0
# scan_time=4977
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=4DB6ABAC9E03D222F883A56E8B9F8F88BA6B768D ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="C:\Users\DIANNE\Documents\PLRMiniMarket\internet_money_maker_bue101.zip"
sh=4795EBF2E3E8F89D6262719451CC256F35D506BE ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="C:\Users\DIANNE\Documents\PLRMiniMarket\target_money_business_bue089.zip"
sh=F8AC0CC3293C9F927AD06DD61EE8863FDFDB45B8 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="C:\Users\DIANNE\Documents\Wordpress Plugins\WPRobot-Shopping Pages\WPR3150.zip"
sh=05D0E16052107CD86BF2928A396A7B0F4CEE0563 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="C:\Users\DIANNE\Documents\Wordpress Themes\Disney\disney2.rar"
sh=4DB6ABAC9E03D222F883A56E8B9F8F88BA6B768D ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="C:\Users\DIANNE\Documents\Wordpress Themes\PLRMiniMarket\internet_money_maker_bue101.zip"
sh=41130C6797301639ABDFE97306F921E22F96C607 ft=1 fh=7eec9de1a59930c1 vn="Win32/InstallMate.D application" ac=I fn="C:\Users\DIANNE\Downloads\FastDownload.exe"

[DianneH2014]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4f07e2f3cc1b7946a9ebdb54a1268878
# engine=16196
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-09 03:19:03
# local_time=2013-12-09 10:19:03 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777213 88 94 1325576 34319570 0 0
# scanned=192301
# found=8
# cleaned=0
# scan_time=4977
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=4DB6ABAC9E03D222F883A56E8B9F8F88BA6B768D ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="C:\Users\DIANNE\Documents\PLRMiniMarket\internet_money_maker_bue101.zip"
sh=4795EBF2E3E8F89D6262719451CC256F35D506BE ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="C:\Users\DIANNE\Documents\PLRMiniMarket\target_money_business_bue089.zip"
sh=F8AC0CC3293C9F927AD06DD61EE8863FDFDB45B8 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="C:\Users\DIANNE\Documents\Wordpress Plugins\WPRobot-Shopping Pages\WPR3150.zip"
sh=05D0E16052107CD86BF2928A396A7B0F4CEE0563 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="C:\Users\DIANNE\Documents\Wordpress Themes\Disney\disney2.rar"
sh=4DB6ABAC9E03D222F883A56E8B9F8F88BA6B768D ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="C:\Users\DIANNE\Documents\Wordpress Themes\PLRMiniMarket\internet_money_maker_bue101.zip"
sh=41130C6797301639ABDFE97306F921E22F96C607 ft=1 fh=7eec9de1a59930c1 vn="Win32/InstallMate.D application" ac=I fn="C:\Users\DIANNE\Downloads\FastDownload.exe"

[Dakeyras]

Hi.

I have still been trying to create a repair disc. No luck.

No luck on the laptop. It is also a 64-bit, Windows 7.

I think this particular problem is due to the OEM(original equipment manufacturer), in this case both Dell and HP adding functionalities to Windows utilities. Which basically hinders the correct running of recdisc.exe and hence the error(s) you encountered.

However I will research further into this and get back to you.

Next:

Lets deal with the results of the online scan first as follows...

Most of the detections are known as false positive detections and just one file it would be prudent to delete. Navigate to your downloads folder, locate and delete the following:-

FastDownload.exe

Then empty the Recycle Bin.

Disable Windows Sidebar:

Since your machine did not like the Fixit we used prior we will use a alternative methodology to disable this feature.

• Click on Start(Windows 7 Orb) >> Control Panel >> Uninstall a program or Programs and Features
• Now click on Turn Windows features on or off >> a new windows called Windows Features will appear, be patient as it may take awhile to fully populate.
• In the aforementioned new window, scroll down and locate Windows Gadget Platform >> deselect the option >> OK, this may take some time to process.
• Once it has and the Windows Features window has closed, reboot your machine.

Windows 7 - System File Checker:

• Click on Start(Windows 7 Orb).
• Then click on All Programs >> Accessories
• Right click on Command Prompt and select Run as Administrator.
• Click on Continue in the UAC prompt.
• At the Command Prompt C:\Windows\System32> type in the following exactly:
• cd c:\
• Then depress the Enter/Return key, then type in the following exactly:
• sfc /scannow
• Then depress the Enter/Return key.

Note: This may take awhile to finish. When completed close the Administrator Command Prompt window, via typing Exit then depress the Enter/Return key.

Next:

When completed the above let myself know and if any problems encountered. Also are there any remaining issues with your machine apart from the CD/DVD drive one and the creating a start up repair disk etc ?

[DianneH2014]

Actions Taken:

FastDownload.exe: (DELETED)

Empty Recycle Bin: (Note: after emptying it closed Google Chrome)

Disable Sidebar Windows: (DISABLED)

Command Prompt: Windows Resource Protection did not find any integrity violations.

Any problems or remaining issues other then CD repair disc, etc.: No. But that being said, I have not really been using this computer to try and work...yet. All I have been doing on this computer is running all the instructions we have been going through to clean the machine.

Questions:

Is the machine clean now at this point?

What on earth had infected my machine and how do I prevent it again?

Did you mention getting rid of SuperAntiSpyware somewhere? If so, what would be a good alternative?

Is Microsoft Essentials the best program to prevent issues?

[Dakeyras]

Hi.

FastDownload.exe: (DELETED)

Empty Recycle Bin: (Note: after emptying it closed Google Chrome)

Disable Sidebar Windows: (DISABLED)

Command Prompt: Windows Resource Protection did not find any integrity violations.

Good and that is fine re the Chrome browser.

All I have been doing on this computer is running all the instructions we have been going through to clean the machine.

Acknowledged.

Is the machine clean now at this point?

What on earth had infected my machine and how do I prevent it again?

Did you mention getting rid of SuperAntiSpyware somewhere? If so, what would be a good alternative?

Is Microsoft Essentials the best program to prevent issues?

Certainly looking that way and I will advise about the rest in due course.

Create a Windows 7 System Repair Disc

Note: you will require a blank rewritable CD/DVD to create the below.

• Download this iso file to your desktop.
• Now double click on recdisc.iso and the below should appear:

• Select the option Verify disc after burning >> click on Burn
• The process should now begin:

• Once created/the burning process has completed, it will be verified:

• After that the optical drive of your machine will re-open and you can remove the disc:

• Click on Close, you now have a Windows 7 System Repair Disc.

FileHippo Update Checker:

Download and install FileHippo Update Checker from here to the desktop.

• During the installation process deselect the option:- Run at Startup >> then once installed...
• Click on Start(Windows 7 Orb) >> All Programs >> right-click on Update Checker and select Run as Administrator >> a browser window will open after the scan is complete.
• Download any updates detected to the desktop >> uninstall anything that requires updating via Uninstall a program or Add/Remove Programs in the Control Panel.
• Re-install the updated software...then delete the installers and empty the Recycle Bin.

Note: When I give the all clear my advice would be to consider keeping FileHippo Update Checker installed. Then periodically use it to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.

Next:

When completed the above let myself know and if any further issues remaining. If not we will remove all tools used during the course of the malware removal process and I will also provide some advise about online safety.

[DianneH2014]

Hi

Create a Windows 7 System Repair Disc: COMPLETED.

FileHippo Update Checker: Downloaded. WILL NOT RUN.

Edited by DianneH2014, 10 December 2013 - 10:30 AM.

[Dakeyras]

Hi.

Create a Windows 7 System Repair Disc: COMPLETED.

Good.

FileHippo Update Checker: Downloaded. WILL NOT RUN.

Now there is a surprise not, considering how much your machine does not like to play nice for us at times!

Levity aside...

Actually encountered similar before with this particular software; both online and with my Son's machine and never been able diagnose the root cause. Sometimes certain software will just not work on any one machine and you could spend countless hours debugging and ultimately still be none the wiser.

Anyway uninstall that(FileHippo'), then download this variation of it:-

FileHippo Update Checker Portable Version

And save to your desktop, no installation is required...merely right-click on it and select Run as Administrator.

[DianneH2014]

Hi

I agree with you. This machine definitely has had a mind of its own. lol

This download worked and I updated most of the things it recommended. It would not update Adobe Reader for some reason. I am not worried about that. It will let me know when it needs updating again.

Adobe Air and Flash Player update recommendations were BETA so I didn't download those either.

Let me know what else you would like to do.

[Dakeyras]

Hi.

It would not update Adobe Reader for some reason. I am not worried about that. It will let me know when it needs updating again.

Fair play and or you could try the inbuilt updater:

Start Adobe Reader >> Help >> Check for Updates..

Be prudent to secure the software also, when running:

• Click on Edit and select Preferences.
• On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
• Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
• Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
• Click the OK button.

Adobe Air and Flash Player update recommendations were BETA so I didn't download those either.

Let me know what else you would like to do.

Aye not prudent to use beta versions of software as they are far from stable.

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall AdwCleaner:

• Right-click on AdwCleaner.exe nd select Run as Administrator to start the program
• Click on Uninstall >> Yes, this will remove the application and its log(s) etc.

Clean up with OTL:

• Right-click OTL and select Run as Administrator to start the program.
• Close all other programs apart from OTL as this step will require a reboot.
• On the OTL main screen, depress the CleanUp button.
• Say Yes to the prompt and then allow the program to reboot your computer.

The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-

• Right click on Computer and select Properties >> System protection >> Create....
• Give this restore point a descriptive name and click Create.
• When the new restore point is created click on OK >> close the System Properties window.

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-

• Click on Start(Windows 7 Orb) >> All Programs >> Accessories >> System Tools >> right-click on Disk Cleanup and select Run as Administrator.
• Select the system drive, C >> OK.
• Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
• Click on Clean up system files >> Select the system drive, C >> OK.
• Now click on the More Options tab.
• Under:-

System Restore and Shadow Copies

• Click on Clean up... >> Delete >> OK >> Delete Files.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

If you wish to install this and replace it with SUPERAntiSpyware(and or keep, your call) the installer can be downloaded from here.

Once installed, check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, Microsoft Security Essentials automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Registry Backup:

Tweaking.com - Registry Backup, I advise you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Note: As mentioned prior a tutorial for Registry Backup explaining the various features be viewed here.

Further reading/resources:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

As is this: Computer Security - a short guide to staying safer online

And these are worth reading also: Understanding Windows Firewall settings & Securing Your Router

Keep Your System Updated:

Microsoft releases patches for Windows and other products regularly:

• Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
• In the navigation pane, click Check for updates.
• After Windows Update has finished checking for updates, click View available updates.
• Click to select the check box for any found, then click Install.
• When completed Reboot(restart) your computer if not prompted to do so.

Plus check Automatic Updates is enabled.

Update to Internet Explorer v11:

IE9 has been superseded by IE10 for Windows 7 and above. I strongly advise you download and install the new browser from here. This will increase overall security whist browsing online.

Even if you do not use IE often having the latest version installed will still increase your machines overall security. This web-page is worth bookmarking/reading for future reference:-

Securing Your Web Browser

Be careful when opening attachments and downloading files:

1 - Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

2 - Never open emails from unknown senders.

4 - Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

5 - Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on FileHippo or MajorGeeks

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

I will further add; P2P software has the ability to create a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their infected dross onto your computer. Further to that, if your P2P software is not configured correctly you may be sharing more files than you realise. There have been cases where people's address books, passwords, other personal, private and financial details have been exposed to the file sharing network by a badly configured P2P applications

My friendly advice is to avoid these types of software applications.

Consider the below extra/layered security for your machine:

Custom Host File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

• MVPS Hosts File
• hpHosts

Only use one of the above!

WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

Any questions? Feel free to ask, if not stay safe!

[DianneH2014]

"Reset the System Restore points:

Create a new, clean System Restore point:-

Right click on Computer and select Properties >> System protection >> Create.... "

The computer sits there and churns and churns. It will not to to the next step.

[Dakeyras]

Hi.

The computer sits there and churns and churns. It will not to to the next step.

Feasible the threshold limit has been reached going by this from a prior log:

18
Restore point made on: 2013-11-19 23:22:59
Restore point made on: 2013-11-20 13:31:56
Restore point made on: 2013-11-20 13:36:05
Restore point made on: 2013-11-22 23:57:02
Restore point made on: 2013-11-23 13:32:59
Restore point made on: 2013-11-23 13:33:02
Restore point made on: 2013-11-23 13:39:04
Restore point made on: 2013-11-26 23:13:59
Restore point made on: 2013-11-27 13:32:57
Restore point made on: 2013-11-27 13:33:06
Restore point made on: 2013-11-30 04:07:48
Restore point made on: 2013-11-30 14:59:02
Restore point made on: 2013-12-02 13:32:50
Restore point made on: 2013-12-04 06:07:31
Restore point made on: 2013-12-05 03:08:41
Restore point made on: 2013-12-05 15:54:08
Restore point made on: 2013-12-05 15:58:53
Restore point made on: 2013-12-05 16:02:12

Cancel the current creation process if you have not already done so...

Re-download OTL to the desktop from here.

• Right-click OTL.exe and select Run as Administrator to start the program.
• Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Files
%systemroot%\sysnative\vssadmin delete shadows /for=c: /all /quiet /c

:Commands
[CreateRestorePoint]

• Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
• Then click the red Run Fix button.
• Let the program run unhindered and the report should appear in Notepad upon completion.
• Post the contents in your next reply.

Note: The log file/report can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

[DianneH2014]

Retract that last bit of information...

It just took an unreasonably long time to complete the System Restore Task but eventually it proceeded and I was able to perform your instructions. We have had a LOT of rain here in our area and when we do it affects our internet connection so we have had problems on and off the last couple of days.

I have noted all of your helpful tips and completed any instructions for new, helpful software.

I will keep this file bookmarked for reference and continue to monitor/perform cleanup tasks as suggested.

Question:

1) I have Malware Bytes and SuperAntiSpyware. Malware is paid version. SuperAntiSpyware is free version. Do they both do the same thing? If yes, which should I keep?

2) I don't know if I ever did find out exactly which bug, virus, trojan, malware had attached itself and to what? or did I? After 8 days of this my brain is mush

Is it time to celebrate yet?

[Dakeyras]

Hi.

Retract that last bit of information...

It just took an unreasonably long time to complete the System Restore Task but eventually it proceeded and I was able to perform your instructions. We have had a LOT of rain here in our area and when we do it affects our internet connection so we have had problems on and off the last couple of days.

I have noted all of your helpful tips and completed any instructions for new, helpful software.

I will keep this file bookmarked for reference and continue to monitor/perform cleanup tasks as suggested.

Acknowledged.

1) I have Malware Bytes and SuperAntiSpyware. Malware is paid version. SuperAntiSpyware is free version. Do they both do the same thing? If yes, which should I keep?

Do you mean opted to use the trial version after installation or purchased a subscription for Malwarebyte's Anti-Malware ? Either way if you wish to keep the freeware version of SuperAntiSpyware that is fine and it would be known as what is a on-demand scanner, personally I do not use or recommend the software myself but your call on what you wish to do.

2) I don't know if I ever did find out exactly which bug, virus, trojan, malware had attached itself and to what? or did I? After 8 days of this my brain is mush

I do not know what was the initial malware as that was removed by yourself but what we removed for the main part was adware related and basically as a consequence malware had messed up some of your machines settings etc. Which it appears to have been sorted now.

Is it time to celebrate yet?

Aye indeed it is...far as I can ascertain your machine appears to be malware free.

[DianneH2014]

Hi

I have the paid version of Malware Bytes and the free version of SuperAntiSpyware.

Regarding SuperAntispyware, I do not have a preference one way or the other. My dad is the one who recommended that particular item. If there is something else that you feel would do a better job I am open to that. Recommendation?

Thank you so much for all your help. I will definitely recommend your site to other people who might be having problems such as mine.

I think my friend also said that donations can be made so I am not sure how to do that but will look into that. Your group here is a life saver!

Thanks again,

Dianne

[Dakeyras]

Hi.

Regarding SuperAntispyware, I do not have a preference one way or the other. My dad is the one who recommended that particular item. If there is something else that you feel would do a better job I am open to that. Recommendation?

As I mentioned prior absolutely fine to leave installed and use as a on-demand scanner if you so wish or not. My reason for neither recommending or using it is because I personally think it not particularly effective and a waste of installation space, however that is merely my own humble opinion.

Thank you so much for all your help. I will definitely recommend your site to other people who might be having problems such as mine.

A pleasure to be of assistance and you're most welcome!

I think my friend also said that donations can be made so I am not sure how to do that but will look into that. Your group here is a life saver!

That they can, I myself choose not to accept donations as why would a Woolly Mammoth need money eh ?

Levity aside...

Feel free to donate to the site/forum if you so wish. A link for such is in my forum signature below and or you can read here about it.