[njnauticalnut17]

I saved the EEventManager.bat to the desktop.  When I ran the program, I got a C:\ pop up box and it asks:

Permanently delete the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" /V EEventManager /F (Yes/No)?

What should I answer?

[Advertisements]

Depress the Y key >> then Enter/Return.

[Dakeyras]

Depress the Y key >> then Enter/Return.

[njnauticalnut17]

Thanks.  I didn't want to delete a registry file without asking.  Sorry for the delay, had a pipe burst today and computer took second to that!

 

Here is the ESET log

 

ESET log:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=73ad80bc3378aa4385dcfb1023b75281

# engine=18321

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-05-19 03:50:30

# local_time=2014-05-19 11:50:30 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 66 85 24741586 152058080 0 0

# scanned=226407

# found=1

# cleaned=0

# scan_time=8538

sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Eileen Pulsinelli\AppData\Local\Temp\GLF323F.tmp.tbooVo.dll.xBAD"

[Dakeyras]

Hi.
 

Thanks. I didn't want to delete a registry file without asking

Absolutely fine to ask myself if in doubt about something.
 

Sorry for the delay, had a pipe burst today and computer took second to that!

Not a problem and most unfortunate...

Next:

The results of the online scan are favourable and what has been detected is in the quarantine folder of FRST which will be fully purged in due course.

Next:

Let check/update some software as follows shall we...

• Download and install FileHippo Update Checker from here.
• Once installed(during the installation process deselect the option:- Run at Startup) >> Start(Windows 7 Orb) >> All Programs >> right-click on Update Checker and select Run as Administrator >> a browser window will open after the scan is complete.
• Download any updates detected(apart from beta updates) to the desktop >> uninstall anything that requires updating via Uninstall a program or Programs and Features in the Control Panel.
• Re-install the updated software, delete the installers and then empty the Recycle Bin.
• When completed the above let myself know and if any further issues remaining, thank you.

Note: When I give the all clear my advice would be to consider keeping FileHippo Update Checker installed. Then periodically use it to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.

[njnauticalnut17]

I installed FileHippo Update checker. I ran it as administrator.  I presume it ran behind the scenes because there was no indication that it was running except that in the task manager the process was running, but not an application.  So I really don't know if it ran or not.  I never saw a browser window open but I also was not sure if this is a quick scan or a very long scan.  It has been about 10 minutes.  

 

I am going to reboot and try running it again.  

 

I am not sure what you mean by the following two things,

1. "uninstall anything that requires updating via Uninstall a program or Programs and Features in the Control Panel."  How will I know which programs require updating in that method?

2. "Re-install the updated software"  Will the updated software be uninstalled? 

or if the Update checker had run or had found something, would I see these prompts and thus it would be more intuitive?

 

Prior to typing this, one window did pop up, but it was not a browser window.  It was an Apple Update wanting to install Safari, Quicktime and update itunes.  I updated itunes but did not install the other software.  Was this a response from the Update checker or just coincidence?

 

Thanks!

[njnauticalnut17]

PS, after checking the Apple message, it was updates to Safari and Quicktime not installation so I updated them via the Apple Software Update window. 

[Dakeyras]

Hi.
 

I installed FileHippo Update checker. I ran it as administrator. I presume it ran behind the scenes because there was no indication that it was running except that in the task manager the process was running, but not an application. So I really don't know if it ran or not. I never saw a browser window open but I also was not sure if this is a quick scan or a very long scan. It has been about 10 minutes.

Sometimes the software may not work correctly with any-one machine and have encountered similar before and no discernible reason as too why. With regard to this you also mentioned:-
 

I am not sure what you mean by the following two things

Fair play but quite moot now(I will elaborate further in due course if the below works) since it appears FileHippo is not working correctly. OK merely uninstall FileHippo please.
 

Was this a response from the Update checker or just coincidence?

The latter not FileHippo, the software in question merely auto updated and not a cause for concern.

Next:

Please download and save this standalone version of FileHippo(UpdateChecker) to your desktop. It does not require any installation at all...

Now right-click on UpdateChecker.exe and select Run as Administrator >> does the below window/gui(graphical user interface) now appear on your desktop:-

[attachment=70672:FHexample.gif]

Then a new browser window is launched afterwards or not ? Just let myself know what occurs in your next reply please.

[njnauticalnut17]

The gui did appear and a browser opened with updates.  I have not updated yet, just reporting to you.  There are 7 programs detected, three are beta. I tried to post the screen print but do not see how to add a jpg or attach any file for that matter.

 

Now you can respond to the following 2 items.

 

I am not sure what you mean by the following two things,

1. "uninstall anything that requires updating via Uninstall a program or Programs and Features in the Control Panel."  How will I know which programs require updating in that method?

2. "Re-install the updated software"  Will the updated software be uninstalled? 

or if the Update checker had run or had found something, would I see these prompts and thus it would be more intuitive?

 

Thanks!

[Dakeyras]

Hi.
 

There are 7 programs detected, three are beta.

Just download the four installers for the programs to be updated, not the beta ones as they will be in the test stage and far from stable.

Once downloaded, uninstall all four programs to be updated >> then run the installers one by one to re-install the programs with the updated versions >> once completed delete the installers and empty the Recycle Bin.

When completed the above let myself know and if any further issues remaining, thank you.

[njnauticalnut17]

Appreciate your continued assistance in this matter. 

 

I downloaded the installers, uninstalled the programs, reinstalled the programs, deleted the installers and emptied the recycle bin.  On this computer whenever something is downloaded it automatically goes to a download folder without prompting so all of the files I downloaded plus some others are in that download folder.  Should I delete these other files in the download fold as well?  

 

FYI.  During the update process I disabled the Bing toolbar.

 

I do not see any other issues.  The computer is running much better.  The original symptoms are gone.   

[Dakeyras]

Hi.
 

I do not see any other issues. The computer is running much better. The original symptoms are gone.

Good.
 

Appreciate your continued assistance in this matter.

You're welcome!
 

FYI. During the update process I disabled the Bing toolbar.

Not a problem, re-enable it and or uninstall if you do not use it etc.
 

On this computer whenever something is downloaded it automatically goes to a download folder without prompting so all of the files I downloaded plus some others are in that download folder. Should I delete these other files in the download fold as well?

We will remove all tools used shortly via a specific methodology, however all will need to be on the desktop, so merely drag/move all to that location.

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Clean-Up with DelFix:

Please download DelFix to your desktop

• Right-click on delfix.exe and select Run as Administrator to launch the application.
• Referring to the image below, select all available options:

• Then click on Run.
• Once it has finished processing, a notepad file named DelFix.txt will open. Post the contents in your next reply for my review.
• The log can also be located at the root of the system drive, C:\DelFix.txt.
• After you have posted the aforementioned DelFix.txt, delete it and empty the Recycle Bin.

Now some advice for on-line safety:

The below is worth reading/bookmarking for future reference:

Computer Security - a short guide to staying safer online

Next:

Any questions ? Feel free to ask, if not stay safe!

[njnauticalnut17]

I moved all of the files from the Malware Removal folder onto the desktop.  I ran the DelFix and it left about 40 files on the desktop.  There are still files in the download folder as they are duplicates to files that were on the desktop.

 

DelFix log:

# DelFix v10.7 - Logfile created 22/05/2014 at 19:42:32

# Updated 27/04/2014 by Xplode

# Username : Eileen Pulsinelli - EILEENPULSINELL

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

 

~ Activating UAC ... OK

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\Users\Eileen Pulsinelli\Desktop\Addition (2).txt

Deleted : C:\Users\Eileen Pulsinelli\Desktop\Addition.txt

Deleted : C:\Users\Eileen Pulsinelli\Desktop\AdwCleaner.exe

Deleted : C:\Users\Eileen Pulsinelli\Desktop\AdwCleaner[S0].txt

Deleted : C:\Users\Eileen Pulsinelli\Desktop\aswmbr (1).exe

Deleted : C:\Users\Eileen Pulsinelli\Desktop\aswmbr.exe

Deleted : C:\Users\Eileen Pulsinelli\Desktop\aswMBR.txt

Deleted : C:\Users\Eileen Pulsinelli\Desktop\esetsmartinstaller_enu.exe

Deleted : C:\Users\Eileen Pulsinelli\Desktop\Fixlog.txt

Deleted : C:\Users\Eileen Pulsinelli\Desktop\FRST.txt

Deleted : C:\Users\Eileen Pulsinelli\Desktop\FRST64.exe

Deleted : C:\Users\Eileen Pulsinelli\Desktop\JRT.exe

Deleted : C:\Users\Eileen Pulsinelli\Desktop\JRT.txt

Deleted : C:\Users\Eileen Pulsinelli\Desktop\MBR.dat

Deleted : C:\Users\Eileen Pulsinelli\Desktop\TFC.exe

Deleted : C:\Users\Eileen Pulsinelli\Downloads\AdwCleaner.exe

Deleted : C:\Users\Eileen Pulsinelli\Downloads\FRST64.exe

Deleted : C:\Users\Eileen Pulsinelli\Downloads\JRT.exe

Deleted : C:\Users\Eileen Pulsinelli\Downloads\TFC.exe

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #257 [Scheduled Checkpoint | 05/22/2014 04:00:01]

Deleted : RP #258 [Removed Adobe Reader 9.5.1 MUI. | 05/22/2014 15:21:42]

Deleted : RP #259 [Removed ooVoo | 05/22/2014 15:24:25]

Deleted : RP #260 [Installed Adobe Reader XI. | 05/22/2014 15:52:06]

Deleted : RP #261 [Windows Live Essentials | 05/22/2014 16:01:26]

Deleted : RP #262 [Installed DirectX | 05/22/2014 16:02:31]

Deleted : RP #263 [Installed DirectX | 05/22/2014 16:04:59]

Deleted : RP #264 [Installed DirectX | 05/22/2014 16:06:03]

Deleted : RP #265 [WLSetup | 05/22/2014 16:08:59]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

[Dakeyras]

Reboot your machine please and check if they are still present afterwards.

[njnauticalnut17]

Rebooted and they are still present.  

Edited by njnauticalnut17, 23 May 2014 - 10:22 AM.

[Dakeyras]

Hi.
 

Rebooted and they are still present.

I think I know what has happened and it appears to be a sporadic occurrence with some machines, I will inform the developer of DelFix.

In the meantime just check for myself if you can manually delete what is left or not please and we will then go from there.