•
• Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

# Browser hijacked, Extremely slow laptop [Solved]

26 replies to this topic

### #16 fbfbfb

fbfbfb

SuperMember

• Malware Team
• 1,218 posts

Posted 23 January 2015 - 06:57 PM

Hello, fredII.

Thank you for the fixlog.  I am glad to hear that your computer's performance has improved.

I have noted that you have several interesting questions and concerns that you would like to work through, and I will gladly help you with those later.  I would first like to continue working to ensure that we have addressed all malware on your computer by running the next scan.

ESET Online Scanner

Note:

• Disable any antivirus program and antispyware programs to avoid conflicts.
• Run Eset with Internet Explorer, but if using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install.
• Please do not surf the internet while your security programs are disabled.
• Let the scan run uninterrupted to avoid a stall.
• Remember to enable your security programs when the scan has finished.

Run ESET Online Scanner from HERE.

•   Click the green ESET Online Scanner button.
•   Click on the Start button next to it.
•   If prompted, allow the Add-On/Active X to install.

Under Computer scan settings:

•   Do not check Remove found threats
•   Check Scan Archives.
•   Click Advanced settings and select the following:
•   Scan potentially unwanted applications
•   Scan for potentially unsafe applications
•   Enable Anti-Stealth technology
•   Click Start. ESET will download updates, install itself, and begin scanning your computer. Please be patient as this scan could take up to a few hours to complete.
•   Wait for the scan to finish. When the scan completes, click List of found threats.
•   Click Export and save the file to your desktop using a unique name, such as ESETScan.
•   Copy and paste the contents of this report in your next reply.
•   Click the Back button.
•   Click the Finish button.

### #17 fredII

fredII

Authentic Member

• Authentic Member
• 79 posts

Posted 24 January 2015 - 11:29 AM

Hi Fb, that by far was the longest scan I've ever been associated with, 13 hrs +.

Here's the scan;

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3289847\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Helper\FileTypeHelper_assoc.exe.vir MSIL/FileTypeHelper.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\GamingWonderland\bar\1.bin\gtimpipe.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Bly4\AppData\Local\torch\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll.vir a variant of Win32/Toolbar.Babylon.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Bly4\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.res a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.res a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
C:\Users\Bly4\Documents\cnet_InstallFreeRARExtractFrog_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Bly4\Documents\New folder\avc-free.exe Win32/OpenCandy potentially unsafe application
C:\Users\Bly4\Videos\Desktop\recording\Sony Vegas Pro 13 Patch.zip a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\Bly4\Videos\Desktop\recording\Sony Vegas Pro 13 Patch\Sony Vegas Pro 13.0\cRCAk\vegas.pro.13.0.(64-bit)-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Windows\assembly\tmp\PONUECFP\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application
C:\Windows\System32\plsapp.dll a variant of Win32/AdWare.Sendori.A application
C:\Windows\SysWOW64\plsapp.dll a variant of Win32/AdWare.Sendori.A application

Here you go,

Fred

### #18 fbfbfb

fbfbfb

SuperMember

• Malware Team
• 1,218 posts

Posted 25 January 2015 - 07:40 AM

Hello, fredII.

Thank you for the ESET report.  We have a bit more to delete from your system.

Please open Notepad:  Press the Windows key + r (Win Key + r) > Type Notepad > Click OK.

• Copy and paste the entire contents of the code box below:  To do this, highlight the contents of the box, right click on it, and select Copy > Right-click in the open Notepad and select Paste.
• Save this to the same directory you saved FRST / FRST64 > Save it as fixlist.txt.

Note:  In order for the fix to work, fixlist.txt must be placed next to FRST / FRST64.  You can use your mouse to drag it in place.

Start
CloseProcesses:
C:\Users\Bly4\Documents\cnet_InstallFreeRARExtractFrog_exe.exe
C:\Users\Bly4\Documents\New folder\avc-free.exe
C:\Users\Bly4\Videos\Desktop\recording\Sony Vegas Pro 13 Patch.zip
C:\Users\Bly4\Videos\Desktop\recording\Sony Vegas Pro 13 Patch\Sony Vegas Pro 13.0\cRCAk\vegas.pro.13.0.(64-bit)-patch.exe
C:\Windows\assembly\tmp\PONUECFP\Interop.SHDocVw.dll
C:\Windows\System32\plsapp.dll
C:\Windows\SysWOW64\plsapp.dll
Hosts:
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine.  Running this on another machine may cause damage to your operating system.

• Run FRST / FRST64, press the Fix button once and wait.
• When finished, the tool will generate a log on the Desktop (Fixlog.txt).  Please post it to your next reply.

To remove/disable any add-ons/extensions from any browser, do the following:

For Internet Explorer:

• Open Internet Explorer.
• Click Tools > Manage Add-ons.
• In the Manage Add-ons window, under Add-on Types (found on left side) highlight Toolbars and Extensions.
• Under the Show: drop-down menu (found on left side) make sure All add-ons is selected.
• Highlight the extension you wish to remove, and select Disable.
• The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
• Click Close to exit the Manage Add-ons window.

For Firefox:

• Open Firefox.
• Click to highlight the extension you wish to remove and select Disable.  If you want to delete an extension entirely, click Remove.
• The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
• Exit the Add-ons Manager window, and restart Firefox to complete the process.

• Click the wrench icon at the top right of the browser window.
• Click Tools > Select Extensions to open the Options tab.
• Uncheck Enabled to disable the extension, or click Remove to delete it completely.

3.  Uninstall Programs from Control Panel
Look through your programs list and uninstall any outdated programs that you no longer use, as well as any unwanted toolbars that may still be present.

4.  Startup Programs
Regarding Startup items, you may find the following information useful.  You can download Malwarebytes StartUpLITE
HERE.  Once installed, it will safely eliminate unnecessary start-up programs for you by disabling or removing them.

• fixlog.txt
• Let me know if there is anything else we need to address before our final housekeeping steps.

### #19 fredII

fredII

Authentic Member

• Authentic Member
• 79 posts

Posted 27 January 2015 - 01:38 PM

Hi Fb, here is the log from your last post.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Bly4 at 2015-01-27 11:24:24 Run:2
Running from C:\Users\Bly4\Videos\Desktop
Loaded Profiles: Bly4 (Available profiles: Bly4)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
C:\Users\Bly4\Documents\cnet_InstallFreeRARExtractFrog_exe.exe
C:\Users\Bly4\Documents\New folder\avc-free.exe
C:\Users\Bly4\Videos\Desktop\recording\Sony Vegas Pro 13 Patch.zip
C:\Users\Bly4\Videos\Desktop\recording\Sony Vegas Pro 13 Patch\Sony Vegas Pro 13.0\cRCAk\vegas.pro.13.0.(64-bit)-patch.exe
C:\Windows\assembly\tmp\PONUECFP\Interop.SHDocVw.dll
C:\Windows\System32\plsapp.dll
C:\Windows\SysWOW64\plsapp.dll
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Users\Bly4\Documents\cnet_InstallFreeRARExtractFrog_exe.exe => Moved successfully.
C:\Users\Bly4\Documents\New folder\avc-free.exe => Moved successfully.
C:\Users\Bly4\Videos\Desktop\recording\Sony Vegas Pro 13 Patch.zip => Moved successfully.
C:\Users\Bly4\Videos\Desktop\recording\Sony Vegas Pro 13 Patch\Sony Vegas Pro 13.0\cRCAk\vegas.pro.13.0.(64-bit)-patch.exe => Moved successfully.
C:\Windows\assembly\tmp\PONUECFP\Interop.SHDocVw.dll => Moved successfully.
C:\Windows\SysWOW64\plsapp.dll => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 110.9 MB temporary data.

The system needed a reboot.

==== End of Fixlog 11:24:29 ====

Couple of questions on the log.  "moved successfully", where is it moved to?  "file/directory not found",  if it was found on ESET, why doesn't it get picked up with the "fix"?  Curiosity.

Will work on the additional info provided from previous questions.   I'm still have "bing" when I go to the command line and start to type out a search or site.  This google still has bing as it's search engine.  I assume I'll have to get rid of google & google chrome and choose another browser that uses it's own search engine.  Any recommendations.  I thought I saw a post on "what browsers do you (WTT people) use".

Update;

No bing toolbar

Java plugin 2 ssv helper              enabled

avast online security                    enabled

hp print enhancer                         endabled

hp network check helper              enabled

hp smart bho class                       enabled

show or hid hp smart web p...       enabled

hp smart web printing                   enabled

Microsoft live search toolbar             disabled    (websearched, msoft made bing and enabled it under this search toolbar)

windows live id sign-in helper       enabled

messenger companion helper      enabled

office document cache handler    enabled

messenger companion                 enabled

blog this in windows live writer      enabled

hp network check                           enabled

send to OneNote                           enabled

Is all this really needed?  Article or software to help me decide or automatically evaluate whether needed or not.

Search providers

bing                    status is default                 disabled  (search suggestions)      disabled  (top result)   I unchecked box "search in the address bar and the search box on the new tab page.    Now I don't get bing doing the searching for google.  Should I be adding "search providers"?  Recommendations of who if so.

Accelerators

Email

Email with windows live               live.com                      Email                 Default    (I don't know how to change this to Yahoo Mail

Map

Map with Bing                             bing.com                       Map                 Default     (Don't know how to change this)

Share

Share with Live Messinger         cloudapp.net                  Share        Default    (Don't know if I should change this)

Translate

Translate with Bing                microsofttranslator.com  Translate      Default    (Again, msoft assoc'n w Bing.  Recommendations?)

Is Bing resident on my computer, or is it only coming up off the Internet according to my "defaults"?

Will go thru "programs" and start deleting unused ones.  I have checked many times for "toolbars" and can't find any unless hidden.

Startup programs

Downloaded StartupLite.  Ran it.  Box came up immediately with "SunJavaUpdateSched"  with disable box checked.  I click continue and immediately another box (and noise) came up " X Error in value: SunJavaUpdateSched".  There was an error creating a MSConfig key".  Only option was to hit "ok".  Another box comes up "All actions executed successfully changes will take effect on restart".

I didn't get a list of anything that got changed.  Turned system off then back on.  Here was my boot speed (approx.);

From start to login                                                                                7 seconds  to

Launched IE and now usable for searching                                          2:20   total time.

To me this looks pretty decent.  I could probable kill a lot of Desktop icons from loading and clean up the screen and decrease time.

Have you used Winpatrol and/or Autoruns for helping startup and other features.  I know each is different but do overlap to some extent.

I get a lot of Java updates.  I clicked to do it and the box came up to install latest version of Java.  Again it has a statement to agree to the install highlighted.  I try to "read" it to see if anything else (software or toolbars) is being added.  It won't respond.  I clicked cancel.  Do you know if Java includes add-ons or toolbars in their download since I can't see what is going on.  Its of course made by Adobe and I'm just being extra careful.

I think that's about it.  I'm sure I'm taxing my question-it is.  I've always been intrigued with what you all do and your understanding of all this stuff that goes on in PC's.  I don't have near the issues with my Mac.  That's not to say I wouldn't mind knowing if there's evaluation software available to check its health.

Thanks for all you're doing Fb, it is appreciated.

Fred

Edited by fredII, 27 January 2015 - 04:44 PM.

### #20 fbfbfb

fbfbfb

SuperMember

• Malware Team
• 1,218 posts

Posted 29 January 2015 - 05:48 AM

Hello, fredII.

Thank you for the fixlog.  I see you have a multitude of questions.  Many of your questions are searchable online -- I will answer these for you.

. . . "moved successfully", where is it moved to?

Items moved by the fix are kept in quarantine until cleanup and deletion of FRST, and are located here:  %systemdrive%\FRST\Quarantine, in most cases this will be C:\FRST\Quarantine.

"file/directory not found",  if it was found on ESET, why doesn't it get picked up with the "fix"?

This means that the particular file is missing so Fixlist will not remove it.  It could be that an entry has been moved successfully to quarantine and is no longer active and therefore anything related to that entry cannot be found.  For example:

C:\Users\Bly4\Documents\cnet_InstallFreeRARExtractFrog_exe.exe => Moved successfully.

I'm still have "bing" when I go to the command line and start to type out a search or site.  This google still has bing as it's search engine. . .
Any recommendations.  I thought I saw a post on "what browsers do you (WTT people) use".

The WTT posting you are referring to is found HERE.  Different browsers handle data in different ways, so what is satisfactory for one person, may not be the case with another.  The following browser article found HERE may be of interest to you and may help you to decide what meets your needs.

is all this really needed?  Article or software to help me decide or automatically evaluate whether needed or not.

The purpose of add-ons is to help improve your browsing experience by providing multimedia or interactive content, such as animations, for example.  Sometimes add-ons interfere with your computers performance (ex. computer stops responding or displays pop-up ads).  In this case, you can disable all your add-ons to see if this resolves the issue.

If you prefer, you can use Add-on Manager to disable all add-ons permanently and then turn on add-ons only as you need them.

Should I be adding "search providers"?  Recommendations of who if so.

Search providers in your browsers help you to access search results faster.  Whether you wish to add search providers, and which search providers to add, is entirely up to you.

Accelerators:  Email with windows live               live.com                      Email                 Default    (I don't know how to change this to Yahoo Mail)

You can try following the instructions found HERE.

Map with Bing                             bing.com                       Map                 Default     (Don't know how to change this)

Share with Live Messinger         cloudapp.net                  Share        Default    (Don't know if I should change this)

Translate with Bing                microsofttranslator.com  Translate      Default    (Again, msoft assoc'n w Bing.  Recommendations?)

To change your default accelerators, see the article HERE.

Is Bing resident on my computer, or is it only coming up off the Internet according to my "defaults"?

Bing is Microsoft's search engine and it is the default search engine within Internet Explorer.  You may find the article HERE useful to help you take control of Bing.

StartUplite . . . I didn't get a list of anything that got changed.

Within StartUpLite's functionality, if there is nothing that needs to be disabled, it will simply tell you.  If it locates programs that it feels are unnecessary, it displays all the apps that are launched with Windows -- you can decide which ones you really want to keep and which others can be safely disabled or removed. StartUpLite leaves this choice entirely up to you.

Java Update

You are presently running Java 7 Update 71.  You need to update to the latest version, Java 8 Update 31 HERE.  After installing the newest version, please go to your Control Panel and uninstall all older versions of Java.

Your computer appears to be all clear of malware.  If there are no further issues hindering your system, I would like to move on to our final housekeeping steps.

### #21 fredII

fredII

Authentic Member

• Authentic Member
• 79 posts

Posted 29 January 2015 - 11:26 AM

Hi Fb, thanks for taking the time to answer all my questions, I understand there were a lot of them.  I agree, the answers are online, it's asking the right questions the right way and sifting thru relevant answers.  I do a lot of surfing for this kind of stuff, but a lot that's out there is dated and "it is the internet", you have to be careful.  I was relying on people that I consider very good competent sources.  I looked thru many of the sources you gave me and I have a fair amount of reading to do.  BTW, what did you think of the bootup time?  What is WWT / your opinion on utilizing WinPatol and Autorun software for guidance on startup analysis.  Thanks very much.

Yes, let's proceed with the next step and cleanup.

Fred

### #22 fbfbfb

fbfbfb

SuperMember

• Malware Team
• 1,218 posts

Posted 30 January 2015 - 10:27 AM

Hello, fredII.

You are absolutely correct -- there are many answers online, and using the right phrases to research a problem sometimes can be tricky and not yield the best response.  We all turn to competent sources when we need that extra help, and I am glad you reached out to us to help resolve your computer issues.

Regarding your start-up times, they look decent to me.  Remember that start-up times depend on so many factors ranging from the number of programs loading, amount of memory, some anti-virus programs, need to defrag, malware . . . .

What is WWT / your opinion on utilizing WinPatol and Autorun software for guidance on startup analysis. Thanks very much.

I have not used WinPatrol, so I cannot speak from experience; however, I have read very favourable reviews, including recommendations from some of our WTT members.  It won't conflict with the other programs on your system, and has very low resource usage.

Autoruns can be a valuable asset, but removing an entry that should not have been removed can cause problems.  If you need to know more about the program in detail, read HERE.

We need to perform a final bit of housekeeping. I am also including a list of recommendations to help you maintain a clean and secure system.

1.  REMOVAL OF DISINFECTION TOOLS

Please run the following application to ensure that all removal tools used during your system's disinfection are deleted.

• Tick the following boxes:
• Remove disinfection tools
• Create registry backup
• Purge system restore

• Click Run. > When finished, a report will open listing the tools that have been deleted.
• Any remaining tools, logs, files or folders remaining on your desktop can be removed manually.

Malwarebytes Anti-Malware (MBAM)
You may wish to keep MBAM. Perform weekly updates and scans to maintain system security. If you choose to delete this programme, remove it from your Control Panel.

Remember to update regularly. Updates contain important changes to improve the performance, stability and security of programs that run on your system. Many web exploits search for outdated software with security flaws resulting in compromised personal files (banking and credit card information, ID data, passwords…) and cause other major issues.

Java
You should have already installed the latest Java.  Always keep Java updated to ensure that your applications continue to run safely and efficiently.  Updates are available HERE.

You are presently running Adobe Flash 16.0.0.257.  This is up-to-date.  Always keep this software updated -- Flash-based attacks are still  among the most popular ways to infect PCs.

You are presently running Adobe Shockwave 12.0.0.112.  You need to update this software to Version 12 Update 12.1.6.156  HERE   to keep your system safe from remote attacks should your computer be infected.

3. BROWSER SECURITY

Enable Firewall

Internet Explorer:  HERE.

Firefox:  HERE.

Turn On Safe Browsing Features
For Internet Explorer, activate SmartScreen Filter.

• Open Internet Explorer.
• Click Tools > SmartScreen Filter > Turn on SmartScreen Filter.

For Mozilla Firefox:
1.  Block Attack Sites and Web Forgeries

• Open Firefox.
• Click Tools > Options.
• Click the Security tab and check mark the following:
• Warn me when sites try to install add-ons
• Block reported attack sites
• Block reported web forgeries.

For Google Chrome: Enable Phishing and Malware Protection

• Click the Customize and control icon (wrench or 3 bars) located at the top right corner of the browser.
• Click Settings > Show advanced settings > Under the Hood.
• In the Privacy section, check mark Enable phishing and malware protection.
• Restart.

To help you maintain a clean, safe, and healthy system, the following informative articles may be of interest to you:

The Dangers of P2P File Sharing HERE.
How to Prevent Malware by Miekiemoes HERE.
So How Did I Get Infected In the First Place? By Tony Klein HERE.
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams HERE.
Help!  My computer is Slow – How to improve system performance after malware removal by Miekiemoes HERE.
Create Strong Passwords by Microsoft HERE.
PC Safety and Security – What do I need to do?  by Glaswegian HERE.

fredII, thank you for using Whatthetech support and working patiently through all the procedures. Please respond to this thread one last time so we can mark it resolved.
Wishing you a very safe browsing experience.
~fbfbfb

### #23 fredII

fredII

Authentic Member

• Authentic Member
• 79 posts

Posted 31 January 2015 - 04:30 PM

Hi Fb, I ran Delfix, did some manual cleanup, and have a lot of reading to do!  I appreciate all the help, the computer is running well.  I VERY much appreciate answering all the questions and the resource links.   As I've said before, I like look at the procedure and process' used for analysis.  It would be tempting to do it myself but I don't have the education and experience in recognizing "what to do next".  I appreciate what you all do and so do so many others.

Do you have "favorite" places you utilize to get reliable info like you've provided me?  I assume this is probably a rhetorical question.  Is there a repository here that "we" can find things like this?

Again, thank you personally very much.

Fred

### #24 fbfbfb

fbfbfb

SuperMember

• Malware Team
• 1,218 posts

Posted 01 February 2015 - 07:08 PM

Hello, fredII.

I am glad to hear your computer is running very well.  It was a pleasure helping you.

You seem to be very interested in learning about the procedures and processes used in our forums.  If you are seriously interested in learning, you can visit this LINK.  Here you can read about our interactive educational program, and if you feel it would be valuable, you can submit your application located near the bottom of the page (Apply to the classroom).

There is a great deal of quality information online, and then again, some needs to be filtered. You might enjoy visiting the tutorial section at Bleeping Computer found HERE.

All the best, Fred.

~fb

### #25 fredII

fredII

Authentic Member

• Authentic Member
• 79 posts

Posted 02 February 2015 - 09:24 AM

Hi Fb, thanks for the links and the great help.  Take care.

Fred

### #26 fbfbfb

fbfbfb

SuperMember

• Malware Team
• 1,218 posts

Posted 02 February 2015 - 10:15 AM

You're welcome, Fred!

### #27 fbfbfb

fbfbfb

SuperMember

• Malware Team
• 1,218 posts

Posted 02 February 2015 - 10:15 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.