istartwebsearches and a few -- please check my machine :)

Hi very helpful team,

I was so amazed when I came across this forum a few weeks ago so I promised myself to come here from time to time to get update/s by reading anything that attracts my attention. Also, the reason why discovered this forum was because my machine was a victim of the virut thing, which was called the “death sentence”

I promised myself to run a weekly scan to avoid that to happen again.

Last week, I found a few and got rid of them using the 3 scanners you guys posted.

This week I got istartwebsearches again (which was present in my machine too last week) so I was wondering if any of our professionals can help me figure out if I got something hidden in my machine that needs to be manually removed, since I believe that all programs I see in my control panel are good. I can’t see anything in my Chrome extensions too, except that I don’t usually clean cookies and cache.

Attached are my scan logs from last week, and today. also noticed there’s this MBR.dat thing that shows up after running the scans. Also, can’t find the “additional.txt” today so please let me know if I need to re-run the scans today.

Thank you so very much! :slight_smile:

Can’t upload the MBR.dat so please let me know if you guys still need those…

Here are today’s logs…

Just in case you missed, I can’t see Addition.txt today so please let me know if I need to re-run my scan today…

Hi :slight_smile:

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]

Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png

  • R on your keyboard at the same time. Type Notepad and click OK.

[*]Copy the entire content of the codebox below and paste into the Notepad document:

start
Toolbar: HKLM-x32 - No Name - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -  No File
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1397904709&from=amt&uid=ST3320418AS_5VMKWFP1XXXX5VMKWFP1
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\MarkBel\AppData\Roaming\OpenCandy
EmptyTemp:
end

[*]Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.

XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow the prompts and let this process run uninterrupted.
[*]This scan can take a while, depending on your System specs.
[*]Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

[*]Right-click on
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow the prompts and click Scan.
[*]When finished, please click Clean.
[*]Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

Hi Naathim,

thanks for the prompt reply. I stepped out a bit so it took me a while to post my reply. Attached are the two logs but I apologize, I was not able to save AdwCleaner’s report… I thought it auto-saves on the desktop. But I saw it deleted the websearches thing, together with a few stuff… Should I re-run AdwCleaner and attach the log for the second scan?

Navigate to the C:\AdwCleaner directory. You should find the logfile AdwCleaner[S*].txt there.

Hi Naat,

I decided to upload the R thing just in case you need it too…

R is the report before deleting, S is the one after :slight_smile:

Looks like the most part is gone. Did you notice this istartwebsearches after the fixes?

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.

XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Hi Naat,

I only saw the istartwebsearches on the scans, but it never shows up as pop-up when I’m using my computer so I really wouldn’t have known its existence in my computer if I didn’t do the scans…

Thanks for working with me, this is so very helpful!

Here’s the log…

PS, I think forgot to remove the first FRST log on my desktop… did this new scan just overwrite the other one?

Yes, FRST overwrites the old one.

Odd - FRST reports that the iwestartsearch was deleted, but it’s still there.

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/sc-cleaner.png
Scan with Shortcut Cleaner

Please download ShortcutCleaner by Grinler and save it to your desktop.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/sc-cleaner.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]It will run for a very short time and display the report upon completion.
[*]The report may be also found on your desktop, named sc-cleaner.txt.

Please include its content in your post.

Odd thing too, I found the sc-cleaner.txt in C:\ and not in desktop… lol…

here we go… and thanks again :slight_smile:

(copied to desktop prior to attaching here)

Report is unreadable. Save it as ANSI and not Unicode please and attach once more :slight_smile:

Hi Naat,

Here we go… Weird thing is, I was able to view it from my desktop earlier… Then what I did was I opened up the file from C:\ and did a “save as” thing to desktop, making sure it was at txt format but it told me I didn’t have permission or something. It suggested me to save it to My Documents so I did and got this thing here now.

Now since I got a no permission thing, I tried to create a folder on desktop and it allowed me too so I don’t know if I was just over reacting but these info may help you too.

Thanks so much :slight_smile:

Sorry, I’m trying to download this too so you may see downloaded many times. this file is getting more weird now.

Sometimes it’s readable, sometimes it’s not.

Please check, re-uploading 2 files but they should be just the same.

Well, it opens fine on my mobile, but refuses to be readable on PC. Actually odd :o

However, it’s not the case, cause report states there isn;t any shortcut to disinfect. Will investigate further.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.

XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

That was really odd ???

When I view that from being downloaded, it can’t be read. But if I open that from my PC on any of the directories I placed it into, it can be read. :o

Here’s the fresh log…

Thanks :slight_smile:

You are missing the Addition.txt logfile which is needed. Please re-run as instructed :slight_smile:

Make sure that Addition option is checked.

Hi Naathim,

Sorry about that… :slight_smile:

Let’s reset Chrome and see if the issue persist.

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/chrome.png
Reset Chrome to defaults

Please open Google Chrome.

[*]Enter the Chrome menu by clicking the
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/chrome-menu.png
button.
[*]Select Settings.
[*]Click Show advanced settings and find the Reset browser settings section.
[*]Click Reset browser settings.
[*]In the dialog that appears, click Reset.
[*]Chrome will reset itself.

Bare in mind that all your browsing history, passwords, cookies will be saved. This procedure will only remove all extensions, themes, plugins etc. and restore Chrome engine to a state similar after a fresh installation.

After that once more FRST, this time may be without addition.

P.S. Is this a pirated windows?

I strongly believe this PC is legit. My friend who was a head in IT department in his company installed my previous OS, a 32-bit one and he used some spare legit OS installer from his company. But when I was infected with that virut thing, I wasn’t sure if he re-installed this as a legit since I was away when he did.

I texted him now to ask him.

And oh, I’m using the internet to send txt messages to my wife, does this affect this process? So I got this forum and the site www.sfreesms.com/intl/philippines opened, nothing else.

Is your chrome synchronized between some computers?