Another machine checked in the same company

Re-run HitmanPro and delete the Potential Unwanted Programs

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll

After clicking Fix, exit HJT.

Uninstall the below programs. If you do not find them or they will not uninstall, just keep going.
AVG SafeGuard toolbar
Java 7 Update 9

Delete this folder:
C:\Users\rsm\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z

Now install the current version of Sun Java -

• Sun Java 32 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Attach the logfile to your next next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Now download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach the JRT.txt to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Please attach the following:

AdwCleaner[R0].txt
the JRT.TXT log
C:\MGlogs.zip​

 

Hello

Please run MSconfig and put your pc into "normal startup mode". IT should NOT be used as a long-term startup manager, but for debugging problems.

Delete this old ComboFix folder > C:\Qoobox

Re-run AdwCleaner.exe

• Click on the Scan button
• When the scan is ready click on the Clean button
• A log file will automatically open after the scan has finished
• Please attach the log file, located at C:\AdwCleaner[Sx].txt

How is the machine running now?

 

Not at this time...

Please run this:
Reset Internet Explorer to defaults

Any improvement?

 

Open IE > click on Tools > Internet options > Security > select "Restricted sites" zone

• Click on the Sites radio button
• Add the site *.vigilink.com to the zone then Close
• Click OK

Re-start IE and test.

 

You're welcome.

Alot of reading brought me to this:

[b]http://www.viglink.com/faq[/b]

Try this opt out-

[b]http://www.viglink.com/opt-out[/b]

Problem solved?

 

Hello, ONEEYEMAN

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files\PasswordBox\Application\pbbtn.dll

After clicking Fix, exit HJT.

Delete this folder > C:\Program Files\PasswordBox

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

:major

A service from PasswordBox is running...

Open notepad and copy and paste the following text in the quote box into the window:

Save this as fix.bat
Choose to save as "all files".
Double-click fix.bat and let the program run.
A small black dos window will flash, this is normal.

Now delete the C:\Program Files\PasswordBox folder.

*Asking my colleagues for their input on viglink.... otherwise - your logs are clean.

 

Are you still having trouble with viglink?
Is it only with internet explorer?
Does it affect all sites/links you try to go to/click on?



You could add this to the host file.

You could try this: http://simple-adblock.com/

 

I do not have time to further explain. Need to step out. Dr M will see what I have said and advise you further.

 

'Morning :tired

Your hosts filepath is > c:\windows\system32\drivers\etc\hosts

Some background material for you:

Blocking Unwanted Connections with a Hosts File

 

You're welcome.

* If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. It provides no "real-time" protection unless you purchase it and does not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. Go back to step 4 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
3. If running Vista or Win 7, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
4. Go to add/remove programs and uninstall HijackThis.
5. Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove, you can delete these files now.
7. Any other miscellaneous tools we may have had you install or download can be uninstalled and/or deleted.
8. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work through the below link:
   • How to Protect yourself from malware!

Safe surfing!

 

Why "hackish", when compared to the changes that Spybot - Search & Destroy had already made to the default hosts file? Which, as you see, didn't quite go far enough in securing this office pc.