Malware – “TOSHIBA LAPTOP” - 2013.06.16- Part 1

Discussion in 'Malware Help (A Specialist Will Reply)' started by manilka835, Jun 16, 2013.

  1. manilka835

    manilka835 Specialist

    Dear MajorGeeks Forum,

    Malware – “TOSHIBA LAPTOP” - 2013.06.16- Part 1


    Our laboratory has received a new Laptop Computer.

    I have run READ & RUN ME FIRST- Malware Removal Guide to make sure there are no Malware. The relevant logs are attached. Hope I have followed instructions correctly.

    Our Apologies for the inconvenience.

    Thanking you.​

    Yours Sincerely,
    Manilka​
     

    Attached Files:

    manilka835, Jun 16, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0cbc9d4000000000000001644f1656e
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
    R3 - URLSearchHook: OurWorld.com Toolbar - {80f6f9bf-9fd1-4f41-9ddf-6dd070f4f62f} - C:\Program Files\OurWorld.com\prxtbOurW.dll (file missing)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: OurWorld.com - {80f6f9bf-9fd1-4f41-9ddf-6dd070f4f62f} - C:\Program Files\OurWorld.com\prxtbOurW.dll (file missing)
    O2 - BHO: phpnuke Helper Object - {890CA547-B66C-48BF-9663-DBE0BFDC7D0C} - C:\Program Files\phpnuke\phpnuke\1.8.8.12\bh\phpnuke.dll (file missing)
    O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll
    O3 - Toolbar: OurWorld.com Toolbar - {80f6f9bf-9fd1-4f41-9ddf-6dd070f4f62f} - C:\Program Files\OurWorld.com\prxtbOurW.dll (file missing)
    O3 - Toolbar: phpnuke Toolbar - {7B206A1E-933F-4A50-9E60-5167598BDB03} - C:\Program Files\phpnuke\phpnuke\1.8.8.12\phpnukeTlbr.dll (file missing)
    O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll
    O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files\SmartTweak Software\FixMyRegistry\FixMyRegistry.exe /ot /as
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [WebCake Desktop] "C:\Users\TOSHIBA\AppData\Roaming\WebCake\WebCakeDesktop.exe"
    O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    O23 - Service: WebCake Desktop Updater - WebCake LLC - C:\Program Files\WebCake\WebCakeDesktop.Updater.exe


    After clicking Fix, exit HJT.


    Now uninstall the below programs:
    BrowserProtect
    Delta Chrome Toolbar
    Delta toolbar
    ffdshow v1.1.3356 [2010-04-11]
    FixMyRegistry
    Haali Media Splitter
    Java(TM) 6 Update 30
    Java(TM) 6 Update 6
    Java(TM) SE Development Kit 6
    Java(TM) SE Runtime Environment 6
    OurWorld.com Toolbar
    phpnuke toolbar
    WebCake 3.00


    Now install the current version of Sun Java from: Sun Java Runtime Environment


    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe

:Services
BrowserProtect
WebCake Desktop Updater
 
:Files
C:\Program Files\SmartTweak Software\FixMyRegistry
C:\Program Files\Delta\delta
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml (Babylon)
C:\ProgramData\Babylon
C:\ProgramData\BrowserProtect
C:\Users\TOSHIBA\AppData\Roaming\Babylon
C:\Users\TOSHIBA\AppData\Roaming\Delta
C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\7i42evr4.default\bProtector_extensions.sqlite
C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\7i42evr4.default\bprotector_prefs.js
C:\Users\TOSHIBA\AppData\Roaming\WebCake
C:\Program Files\OurWorld.com
C:\Qoobox
C:\ProgramData\Tarma Installer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
C:\Program Files\TornTV.com
C:\Program Files\WebCake
C:\Windows\Temp\*.*
C:\Users\TOSHIBA\AppData\Local\Temp\*.*

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"FixMyRegistry"=-
"Pokki"=-
"uTorrent"=-
"WebCake Desktop"=-

[HKEY_USERS\S-1-5-21-3499386517-3271569961-2321647779-1000\Software\Microsoft\Windows\CurrentVersion\run]
"FixMyRegistry"="C:\\Program Files\\SmartTweak Software\\FixMyRegistry\\FixMyRegistry.exe /ot /as"
"Pokki"=-
"uTorrent"=-
"WebCake Desktop"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltaHlpr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltaHlpr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}]
[-HKEY_USERS\S-1-5-21-3499386517-3271569961-2321647779-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltadskBnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltadskBnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_USERS\S-1-5-21-3499386517-3271569961-2321647779-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserProtect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escort.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortApp.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortEng.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escorTlbr.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\esrv.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltaappCore.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltaappCore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltadskBnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltadskBnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltaHlpr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltaHlpr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.deltaESrvc.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.deltaESrvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Prod.cap]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Delta\delta]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (Delta Search)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{A8F0AD53-1AEE-447E-89CD-71C325796F84}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{F5F971A9-DBF8-4EEC-81E3-5F1660573E6C}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserProtect]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrowserProtect]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserProtect]
[-HKEY_USERS\S-1-5-21-3499386517-3271569961-2321647779-1000\Software\DataMngr]
[-HKEY_USERS\S-1-5-21-3499386517-3271569961-2321647779-1000\Software\DataMngr_Toolbar]
[-HKEY_USERS\S-1-5-21-3499386517-3271569961-2321647779-1000\Software\Delta\delta]
[-HKEY_USERS\S-1-5-21-3499386517-3271569961-2321647779-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}]
[-HKEY_USERS\S-1-5-21-3499386517-3271569961-2321647779-1000\Software\Microsoft\Internet Explorer\Main\bProtector Start Page]
[-HKEY_USERS\S-1-5-21-3499386517-3271569961-2321647779-1000\Software\Microsoft\Internet Explorer\SearchScopes\bProtectorDefaultScope]
[-HKEY_USERS\S-1-5-21-3499386517-3271569961-2321647779-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-21-3499386517-3271569961-2321647779-1000\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings]
[-HKEY_USERS\S-1-5-21-3499386517-3271569961-2321647779-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}]
[-HKEY_USERS\S-1-5-21-3499386517-3271569961-2321647779-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
[-HKEY_USERS\S-1-5-21-3499386517-3271569961-2321647779-1000\Software\Softonic]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80f6f9bf-9fd1-4f41-9ddf-6dd070f4f62f}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{890CA547-B66C-48BF-9663-DBE0BFDC7D0C}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{149C316C-E93C-4531-9CE9-2B31DA56DBAB}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
"bProtectTabs"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXTlog
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jun 16, 2013
    #2
  3. manilka835

    manilka835 Specialist

    The following lines were not found when I ran C:\MGtools\analyse.exe. Prior to this I tried manually uninstalling unwanted programmes.

    O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll
    O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll
    O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files\SmartTweak Software\FixMyRegistry\FixMyRegistry.exe /ot /as
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [WebCake Desktop] "C:\Users\TOSHIBA\AppData\Roaming\WebCake\WebCakeDesktop.exe"
    O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    O23 - Service: WebCake Desktop Updater - WebCake LLC - C:\Program Files\WebCake\WebCakeDesktop.Updater.exe


    The following could not be uninstalled by going to Control Panel > Program and Features > Uninstall:

    ffdshow v1.1.3356 [2010-04-11]: When I tried to uninstall, the following message appeared.
    File “C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.dat” doesnot exist. Cannot uninstall.

    I also tried to uninstall the following Programmes in the same way but could not, to have all the space and performance I can get.

    GlassFish V2 UR2: When I tried to uninstall, the following message appeared.
    Java SE Development Kit (JDK) was not found on this computer
    JDK 6 or JDK 5 is required for installing the NetBeans IDE. Make sure that the JDK is properly installed and run installer again. You can specify valid JDK location using
    --javahome installer argument.
    To download the JDK, visit http://java.sun.com/javase/downloads
    Yahoo! Messenger
    Could not open INSTALL.LOG file
    K-Lite Codec Pack 5.5.1 (Full)
    File “C:\Program Files\K-Lite Codec Pack\unins000.dat” does not exist. Cannot uninstall.
    Norton Security Scan: Norton_Removal_Tool did not uninstall this.
    Entropia Universe

    Can I uninstall the following programmes?
    DVD Movie Factory for TOSHIBA
    TOSHIBA DVD PLAYER
    Windows Driver Package - Intel (NETw5v32) net (05/28/2009 12.4.3.9)
    Windows Driver Package - Ralink (RT73) Net (12/21/2006 1.02.00.0000)
    Windows Driver Package - Ralink (RT2500USB) Net (11/08/2006 2.01.01.0000)
    TOSHIBA Disc Creator
    TOSHIBA hardware setup
    TOSHIBA Supervisor Password
    Nokia Connectivity Cable Driver
    Marvell Miniport Driver
    pokki download helper
    Activation Assistant for the 2007 Microsoft Office suites

    Can I disable the following Startups by StartupCPL?
    Startup (Common)
    TosBtMng.exe- Bluetooth Manager

    HKLM/Run
    TCrdMain .exe- 00TCrdMain
    Apoint.exe- Apoint
    Traybar/exe/start- Camera Assistant Software
    HSON.exe- HSON
    ItSecMng.exe/START- ITSecMng
    NDSTray.exe
    SmoothView.exe- SmoothView
    TPwrMain.EXE- TPwrMain

    HKCU/Run
    DrvUpdater.exe – DrvUpdater
    FixMyRegistry.exe/ot/as- FixMyRegistry
    msnmsgr- msnmsgr.exe/background
    sapisvr.exe-SpeechUX-Startup- Speech Recognition

    I will inform you regarding the progress further.

    Thank You very much for the help for salvaging this laptop for our laboratory, which was used by my former boss and gave it to me for safe keeping.
     

    Attached Files:

    manilka835, Jun 19, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. All of your questions about non-malware programs/startups need to be asked in the Software Forum. We are too busy here with malware removal to address these kinds of topics. However just quick comment, be careful what you uninstall because you may make internal hardware none functional if you remove things like below
    Your logs are clean.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    chaslang, Jun 21, 2013
    #4
  5. manilka835

    manilka835 Specialist

    In your "How to Protect yourself from malware!" thread, it is mentiond,

    “What do we recommend for antispyware?
    • one realtime blocking tool from the list
    • Spybot - installed as recommended using SDhelper and Immunize
    • SpywareBlaster with all protection enabled.”

    I have the following installed in this laptop. Out of these, is there an item that should be uninstalled and have only one realtime blocking tool?
    • Microsoft Security Essentials for Windows Vista
    • Comodo Firewall
    • Windows Defender for Vista

    I have also performed the following which were included in your threads some years ago during Malware Cleanup of other Computers.

    1. looked for the following malware in Control Panel > Programme and Features for removal
    Look for any of the below items in Add/Remove programs and if found select them and uninstall them.
    #1 Spyware Killer
    1 Click Spy Clean
    100 Percent Anti-Spyware
    1-2-3 Spyware Free
    180 Search Assistant
    180ClientStubInstall
    180Solutions
    1stAntiVirus
    888Bar
    Acoona Toolbar
    Active alert
    ActivShop
    Ad Armor
    Ad Behavior
    Ad Destroyer
    Ad Service
    AdDriller
    Ad-Eliminator
    AdProtector
    Ad-Purge Adware
    ADS Adware Remover
    Ads Alert
    Adssite Advanced Toolbar
    AdTools
    AdTools Service
    Adware Remover
    Adware Sheriff
    AdwareFilter
    AdwarePunisher
    Alexa toolbar
    AlfaCleaner
    ALOT eMusic Toolbar
    AlwaysUpdatedNews
    Anti Virus Pro
    Anti Virus Pro 2009
    Anti Virus Pro 2010
    AntiSpy Advanced
    AntiSpyPro
    AntiSpyZone
    AntiVermins
    AntiVirus Protector
    Antivirus Solution
    AntiVirusAdvance
    AntivirusGold
    Antivirus-Golden or Antivirus-Golden 3.4 - or any other version number
    AntiVirusPCSuite
    AntivirusXP (any version/year)
    Ask Toolbar
    AUN
    AutoUpdate
    AVSystemCare
    AzeSearch
    BargainBuddy
    BearShare
    BearShare Accelerator
    BearShare MediaBar
    BestGuardPlatinum
    BestOffers
    BestOffers Shopping BHO
    Brave Sentry
    BreakSpyware
    Browser Optimizer Dcads
    Browser Protection Volume
    BrowserPal
    Bullseye Networks
    CAS
    CashBack
    Casino Client
    CasStub
    CC2KUI
    Comet Cursor Plus
    CleanX
    ClearSearch
    ClockSync (this is part of WhenU)
    CNSMin
    Command
    ContraVirus
    Copperhead AntiSpyware
    Cosmi
    CurePCSolution
    Delfin
    Delfin Media
    DelFin Media Viewer
    Desktop Defender 2010
    Desktop Security 2010
    DIARemover
    DMVlite
    DownloadWare
    E2Give
    e2Give
    EasySearchBar
    eGroup
    Elite Bar
    Elite Sidebar
    Elite Toolbar
    Elitum
    Enhancement Browser Tools Superiorads
    ExpertAntivirus
    e-zshopper
    Fixer AntiSpy
    Froggie Scan
    Frontier Browser Assistant
    Frontier Search Helper
    GAIN
    Gator
    Grokster
    Grokster Wiseupdt
    Hotbar Browser
    Hotbar Outlook Tools
    Hotbar Web Tools
    HuntBar
    IE Host
    IEDefender
    IExplorer Security Plug-in
    iMesh
    Internet Explorer Secure Bar
    Internet Explorer Secure Plug-in
    Internet Explorer Security Plugin 2006
    Internet Optimizer
    Internet Security 2010
    Internet Security Add-On
    InternetShield
    ISTbar
    ISTSvc
    Kazaa
    Logitech Desktop Messenger <-- this is not Malware but very few people need it or want it and it does annoying things to the registry
    Malware Stopper
    MalwareAlarm
    MalwareScanner
    MalwareWipe
    MalwareWiped
    MalwareWiper
    Malware Defense
    Malware Stopper
    MaxiFiles
    Media Access
    Media Gateway
    MediaCodec
    Media-Codec
    MediaGateway
    MediaLoads Installer
    MediaPipe P2P Loader
    MediaTickets
    MediaTickets by OIN
    Messenger Plus (We highly recommend uninstalling any version of Messenger Plus)
    Messenger Plus Live (We highly recommend uninstalling any version of Messenger Plus)
    Messenger Plus! Live & Sponsor (CiD)
    Messenger Service
    Middadle
    MMediaCodec
    Morpheus (any version)
    Morpheus 5.3 (remove only)
    Morpheus Toolbar
    Mr.AntiSpy
    My Global Search Bar
    My Way Search Assistant
    My Web Search (Outlook, Outlook Express, and IncrediMail)
    My Web Search Bar
    MySidesearch Search Assistant
    MySPyProtector
    MyWay
    MyWay Search Assistant
    MyWayBar
    MyWaySearchBar
    MyWaySpeed
    MyWebSearch
    MyWebSearch Email Plugin
    NavExcel Search Toolbar
    NavHelper
    NaviSearch
    Ncase
    Need2Find
    Need2Find Bar
    NeoSpace
    Network Monitor
    NewDotNet
    Notification Utility
    Oemji Toolbar
    Oin
    OnWebMedia
    Open Site
    Outerinfo
    OuterInfoAdSponsor
    P2P Networking
    p2pnetworks
    Paltalk
    PCODEC 6.0
    PerfectCleaner
    PestCapture
    PestTrap
    PestWiper
    Preview AdService
    Privacy Champion
    Privacy Crusader
    PrivacyScanner
    PSGuard
    Quick
    QuickSearch
    QuickSearch Toolbar
    RazeSpyware
    Rdso
    Red Swoosh EDN Client (remove only)
    RelevantKnowledge
    RemoveIT Pro <---- Any version! Not malware but always has too many ridiculous false detections. The program is not properly tested and does not even know valid System files from malware.
    Safety Alert 2006
    Safety Bar
    SaveNow
    Scan & Repair Utilities 2006
    screensaver_rp Screen Saver
    Screensavers Installer Version 2
    Search and Destroy <----This is a rogue Do not confuse this with Spybot Search & Destroy which is valid
    Search Assistant - My Way
    Search Assistant - My Web SearchBar
    Search Assistant Adssite
    Search Maid
    Search Relevancy
    Search Settings (any version)
    Search Toolbar (HuntBar/WinTools)
    SearchAssist
    SearchExe
    Security IGuard
    Security Messenger
    SeekmoToolbar
    SelectRebates
    ShopperLink 1.0.4
    ShopperLink 1.0.5 (or any other versions)
    ShopperReports by Hotbar
    Sidefind
    SideSearch
    SideStep
    Slotchbar
    SmileyDistrict
    SmileyDistrict Optimizer
    Soap
    Soap Pro
    Software Update Manager
    SpamBlockerUtility Browser
    SpamBlockerUtility Email Toolbar
    Spy Analyst
    Spy Defence
    Spy Officer
    Spy Reaper
    SpyAdvanced
    SpyAway
    SpyAxe
    SpyBan
    SpyBuster
    SpyCleaner
    SpyContra
    SpyCrush
    SpyCut
    SpyDawn
    SpyDeface
    SpyFalcon
    SpyiBlock
    SpyiKiller
    SpyLocked
    SpyMarshal
    SpyOnThis
    SpySheriff
    SpyShield
    Spy-Shield
    SpySoldier
    SpySpotter
    SpyVampire
    Spyware & Adware Removal
    Spyware Disinfector
    Spyware IT
    Spyware Knight
    Spyware Quake
    Spyware Remover
    Spyware Scrapper
    SpyWare Secure
    Spyware Sheriff
    Spyware Sledgehammer
    Spyware Striker
    SpywareBot
    SpywareStop
    Spyware-Stop
    SpywareStrike
    SpywareXP
    SSK
    StartGuard
    StarWare
    StopGuard
    Super Codec 6.0
    SurfAccuracy
    SurfSideKick
    SurfSideKick 3 (uninstall any version you find)
    Sysnet
    System Alert Popup
    System Soap Pro
    TargetSaver
    The Spyware Shield
    Think-Adz Search Assistant removal
    ToolBar
    Top Search
    TopSpyware
    TurboDownload
    TV Media
    Ultimate Defender
    Ultimate-Spyware Adware Remover
    UnSpyPC
    Upspiral Toolbar
    Utility Notification
    VBouncer
    Vbouncer
    VCClient
    Vidctrl
    Video ActiveX Solution (of any version number)
    Viewpoint <------- See additional info about all this Viewpoint stuff here: Viewpoint and Viewpoint to Plunge Into Adware

    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Viewpoint Toolbar
    Viewpoint Toolbar (Remove Only)
    Virtual Bouncer
    Virtual Maid
    VirusBurst
    VirusBursters
    VirusGuard
    VisFx
    VSAdd-in
    VSAdd-in for Internet Explorer
    VSToolbar
    VSToolbar for Internet Explorer
    WareOut
    WareOut Spyware Remover
    Warez P2P Client
    Weather and Wowpapers Tools
    Weather Check
    Weather Services
    WeatherBug (this is really optional since it is only a minor Adware nuisance)
    Web Nexus Network
    Web Offer
    Web Rebates
    Web Savings from Ebates
    Web Search Toolbar (WinTools)
    WebHance Customer Companion
    WebHancer
    WebSearch Toolbar
    WeirdOnTheWeb
    WhenU (any entry)
    WildTangent
    Win Police Pro 2009
    Win Police Pro 2010
    WinAntiSpy 2005
    WinAntiSpyware 2005
    WinAntiSpyware 2006
    WinAntiVirus 2005
    WinAntiVirus 2006
    Win-dh
    Window Active
    Windows AdService
    Windows AdStatus
    Windows Safety Alert
    Windows ServeAd
    Windows SR 2.0
    WinFixer
    WinFixer 1.1.62.4 <--- (or any other version too)
    Winhound
    Winhound Spyware Remover
    WinTools
    WinTools Easy Installer
    Winupdates
    WSEM Update
    X-Con Spyware Destroyer
    XP Antivirus Protection (any version/year)
    Yazzle Sudoku by OIN

    MyWay
    MyWay Search Assistant
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Viewpoint Toolbar
    Viewpoint Toolbar (Remove Only)

    2. Installed SUPERAntiSpyware - free version
    3. Uninstall Microsoft Java and Replace with Sun Java with MSJVM Removal Tool 1.0a
    4. Run MessengerDisable.exe to remove Windows Messenger
    5. Install AutoEater.
    6. Flash Disinfector by sUBs in the desktop to clean up flash drive and/or other removable drives including your mobile phone

    I would be grateful if you can inform me whether these steps are required as they are no longer included in your threads.
     
    manilka835, Jun 24, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This fine. Windows Defender was actually replaced by Microsoft Antimalware when you installed Microsoft Security Essentials

    Waste of time now a days which is why it is not there anymore. MBAM finds and removes most fake tools.

    You can use the SUPERAntiSpyware scanner if you wish to have it as a backup scanner.

    You did not have Microsoft Java. So there was nothing to remove. This stop appearing with Windows around the time of Windows XP SP2. The same was true for Windows Messenger.

    Autorun Eater is fine. I would not use Flash Disinfector though.
     
    chaslang, Jun 24, 2013
    #6
  7. manilka835

    manilka835 Specialist

    Thank You for the Advice.

    The other computers are yet to be infected with Malware even with the free tools after I have performed the steps in "READ & RUN ME FIRST. Malware Removal Guide" and "How to Protect yourself from malware!" when they were initially were infected with Malware back in 2008.

    Keep up the Good Work.


    Yours Faithfully,

    Dr. K.D.J.H. Manilka Jayawardena


    Medical Officer,

    National Tuberculosis Reference Laboratory ( NTRL /Central Laboratory of NPTCCD),

    Chest Hospital Premises,

    Welisara,
    Sri Lanka.




    Telephone:

    (00 or +)94777-271424,

    (00 or +)9411-2956702 or (00 or +)9411-2951428 or (00 or +)9411-2951751 or (00 or +)9411-2958271 and Ext. 421.
     
    manilka835, Jun 30, 2013
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Glad we can help and happy to hear the news that your othe r PCs have remained malware free.. :)
     
    chaslang, Jun 30, 2013
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds