Delta Toolbar's trying to get me again

You can let Hitman remove what it finds. Apart from that I'm not seeing anything to do.

Delta toolbar? Affecting which browser please?

 

Sorry, then I got confused by your thread title. "Delta toolbar's trying to get me again"

I see no traces of Delta.

No.

Delete this:
C:\ProgramData\InstallMate

Are you comfortable in the Windows Registry?

If so delete these keys: (bolded)

• HKU\S-1-5-21-4068628905-3708997418-1943475881-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
• HKU\S-1-5-21-4068628905-3708997418-1943475881-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)

Now rescan with Hitman again and attach the mew log.

 

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:Files
:reg
[-HKU\S-1-5-21-4068628905-3708997418-1943475881-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)]
[-HKU\S-1-5-21-4068628905-3708997418-1943475881-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)]


:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.



Now re run Hitman again and attach the new log.

 

Hmmm, so those ARE the delta remnants. They are being stubborn about being removed. I think there may have been a syntax error on my part though. Let's try again.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:reg
[-HKU\S-1-5-21-4068628905-3708997418-1943475881-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)]
[-HKU\S-1-5-21-4068628905-3708997418-1943475881-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)]

:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.


Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.



Now re run Hitman again and attach log.

 

I am so sorry, I was working very late last night and my code should not have had (22Find) at the end of it! Let's try and do this manually.

Click on start > type regedit and up will pop regedit.exe > Right click on it and opt to run as administrator. Now the Windows Registry will open up.

In the left hand pane, you will see a list of five folder icons. You need to click on the drop down arrow on the one I clicked on in my screenshot that I have attached to this post.

This is the Hive key users tree. HKEY_USERS

Next you need to click the drop down arrow for this subkey: S-1-5-21-4068628905-3708997418-1943475881-1001, then "Software" then "Microsoft" and so on until you reach "bProtectNewTabPageShow" and "bProtectShowTabsWelcome" to right click and delete.

Once done re run Hitman again and attach the log for me.

 

That's excellent. They've gone. Don't be afraid to reboot. Come back and let me know if all is ok, and then I can give you final steps.

 

After all what? We removed some useless junk. I would be more concerned about leaving it there. And as an added bonus, you got more familiar with the Windows Registry.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
   
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
   
   
7. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You are most welcome.