XP Updates?

Once I get over this virus problem;

With your discussion about home built systems vs Dell/HP
(kitchen sinks) is there a program or way of eliminating or
tailoring those non-essential drivers so that I can make
my system more of a home built system?

Thankfully, the 8200 is still up and running and I'm still
able to function with the 8500.

I'll keep you posted,
Robert

Mark Twain wrote:
Once I get over this virus problem;

With your discussion about home built systems vs Dell/HP
(kitchen sinks) is there a program or way of eliminating or
tailoring those non-essential drivers so that I can make
my system more of a home built system?

Thankfully, the 8200 is still up and running and I'm still
able to function with the 8500.

I'll keep you posted,
Robert

On my Windows 7 laptop, I used the COA key on the sticker. Then
took a regular Windows 7 installer DVD and reinstalled the operating
system. The installer DVD is one from Microsoft. In that way,
I was able to remove all traces of the Acer added stuff.

It's not a big deal that those files are present on the Dell
install. Just that it makes your task (looking through Autoruns
for suspicious stuff) a little tougher.

Paul

On 8/19/2014 6:56 PM, Mark Twain wrote:
Hell Paul,

Here's what I've done:

I was able to delete updatefindopolis and utilfindopolis
but am unable to find mcmpfsvc to delete it.

I do know that if I use Combo fix (which I have) that I
need to delete it afterwards so perhaps its pointing to
some text? I couldn't find the 'OMCI' Open HCL port
driver.

The fst_us_208 was point to that free software so I deleted
it.

You mentioned Spybot, but I don't have Spybot installed,
although I use to.

Interesting reading on the BVT Consumer/WMI script
trigger


Well, I restarted the computer but the virus is still there
so at this point I think I'm going to post the problem to
Malwarebytes.

You can also go to: http://www.spywarehammer.com/.
You start a session and they work with you all the way thru it.


Thanks for the help and will keep you posted,
Robert







--
Ed Mc
Nam Vet '66-'67
Semper Fi

On Wednesday, August 20, 2014 6:13:58 AM UTC-7, Motor T wrote:
On 8/19/2014 6:56 PM, Mark Twain wrote:

Hell Paul,



Here's what I've done:



I was able to delete updatefindopolis and utilfindopolis

but am unable to find mcmpfsvc to delete it.



I do know that if I use Combo fix (which I have) that I

need to delete it afterwards so perhaps its pointing to

some text? I couldn't find the 'OMCI' Open HCL port

driver.



The fst_us_208 was point to that free software so I deleted

it.



You mentioned Spybot, but I don't have Spybot installed,

although I use to.



Interesting reading on the BVT Consumer/WMI script

trigger





Well, I restarted the computer but the virus is still there

so at this point I think I'm going to post the problem to

Malwarebytes.



You can also go to: http://www.spywarehammer.com/.

You start a session and they work with you all the way thru it.





Thanks for the help and will keep you posted,

Robert















--

Ed Mc

Nam Vet '66-'67

Semper Fi


As a fellow Vet (Navy) I want to thank you for
your service.

Robert

"Mark Twain" wrote in message
...
On Wednesday, August 20, 2014 6:13:58 AM UTC-7, Motor T wrote:
On 8/19/2014 6:56 PM, Mark Twain wrote:
Hell Paul,
Here's what I've done:
I was able to delete updatefindopolis and utilfindopolis
but am unable to find mcmpfsvc to delete it.
I do know that if I use Combo fix (which I have) that I
need to delete it afterwards so perhaps its pointing to
some text? I couldn't find the 'OMCI' Open HCL port
driver.
The fst_us_208 was point to that free software so I deleted
it.
You mentioned Spybot, but I don't have Spybot installed,
although I use to.
Interesting reading on the BVT Consumer/WMI script
trigger
Well, I restarted the computer but the virus is still there
so at this point I think I'm going to post the problem to
Malwarebytes.
You can also go to: http://www.spywarehammer.com/.
You start a session and they work with you all the way thru it.
Thanks for the help and will keep you posted,
Robert
Ed Mc
Nam Vet '66-'67
Semper Fi
As a fellow Vet (Navy) I want to thank you for
your service.


Orlando 76
(Navy) Vet

Truly it was advancers
Unto and Oklie like me

Keep out by a Woman
Who I believe needed a
Honorable Service Medal

But Honorable Discharge
By Navy Personnel Command

For a Job well Done

So it was one year of Hell
For a Cowboy like me

Dam Boot Camp
I Thank God for the Wave
Who said Billy Ray
I Think you need
To be
Back in School

John C.
May the Waves
Run across Your Decks

Truly
Honorable Home

Women School
Of
Aviation Warriors

Truly The Waves of
The Navy Hurricane

http://www.defense.gov/news/newsarticle.aspx?id=29276

Hello Paul,

I have been working on my virus problem
and would like you to take a look at the
programs he gave me to install (near the
end) and if you know anything about them?

https://forums.malwarebytes.org/inde...r-is-infected/


Thanks,
Robert

Mark Twain wrote:
Hello Paul,

I have been working on my virus problem
and would like you to take a look at the
programs he gave me to install (near the
end) and if you know anything about them?

https://forums.malwarebytes.org/inde...r-is-infected/


Thanks,
Robert


OK, I'm going to give you an overview of what happened.

1) You present symptoms. Good so far. A few too many
pictures perhaps.

Let's look at this picture.

https://forums.malwarebytes.org/uplo...1408570599.jpg

Autoruns...

Eleventh tick box down says "SunJavaUpdate".

Check the program path (which I cannot read).
Knowing where the file is and its name, allows a
casual legitimacy check...

You can untick the box, in an attempt to avoid
the Java Update prompt. But, read on...

You could also examine your Control Panels for "Java"
with a colorful icon, and it has an "Update" tab. This
picture is small, so zoom in to see the "Update" tab.
Unticking the box there, should result in the line
disappearing the next time, when you review Autoruns.

OK, the other thing I get from the pictures, is
an actual Findopolis installed item. In the Program
Files folder, even with a BHO (browser helper object)
label and everything.

At the current time, you should have a look in Program Files
again, to see if the Findopolis is removed. At the very
least, any BHO should have been given the boot, even if
the folder itself is still sitting there.

2) TwinHeadEagle dumps his "standard text blurb" about
Piracy and P2P clients. People who use certain clients would
constant be infected, because much of the "merchandise"
on such channels is infected by the various kinds of black
hats. For example, steal a movie, get an exe instead.
Who knows how the movie got replaced with a malicious exe.
So that warning about P2P clients is delivered to all visitors,
and was not specifically about something you'd done.

He then gets you to run FRST. This is the first
"custom action and guided help" he provided.

Next, he didn't tell you to visit Programs and Features
in Control Panel, as that's where you would remove these
if it is possible to remove them. Some Adware can actually
be removed this way. So "Programs and Features" in Windows 7
Control Panels, is where you'd look.

First, go to Control Panel and uninstall following
(skip lines that cannot be uninstalled):
- FreeSoftToday 025.208
- Remote Desktop Access
- WindowsMangerProtect20.0.0.502

Next, he gets you to run Adwcleaner.

Next, he uses Farbar (FRST) and gives you a custom fixlist.
This is a text file, which can be opened in Notepad. And you
can see that much of what was detected is listed in here as things
for it to fix.

https://forums.malwarebytes.org/inde...tach_id=142954

After that comes Adwcleaner (which does its own scan and later, clean).

3) In Post #14, TwinHeadedEagle thinks he has cured your
problems. Now, FRST has a Quarantine folder, a file is still
in there, for your later scanning to "trip over" by accident.

In this picture

https://forums.malwarebytes.org/uplo...1409189383.jpg

the MalwareBytes is detecting the thing that FRST already
quarantined. That file would probably get deleted if FRST
was uninstalled or something. Or maybe you're supposed to
manually remove it. I would not panic, as it isn't hurting
anything there. Go to Control Panels, use the
Programs and Features, and see if Farbar has an entry
for removal.

I don't think it is intended to leave Farbar on the
computer forever. It is a guided help tool, gets fed a fixlist,
and you'd want a fresh copy the next time a guided help person
asks you to run it. It probably should not stay on the computer
when the problem is removed.

4) You reported:

I also contracted Win32:Eorezo - cy [pup] via a supposed
upgrade to Firefox. I was able to delete it and ran full
scans afterward twice and it appears clean.

I can get clean, complete, copies of Firefox from the FTP server.
This is the top level where I'd look for a copy...

ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/

This would be my selection, if installing on my Windows English setup.
I have navigated to the highest release number, identified Windows
and a US English download, then located the 34MB full installer.
This is as close as you can get, to a clean complete install. If
you had a brand new computer with no Firefox, this would install it,
and install it without any further download needed. I could carry
this in my Geek Squad bag and use it to put Firefox on client computers.

ftp://ftp.mozilla.org/pub/mozilla.or...9/win32/en-US/
( look for the big "Firefox Setup 32.0b9.exe" file )

Note that Mozilla doesn't really want us pounding their release FTP
server for regular installations. My point in showing you this
link and the domain it's on, is the principle of *Go to the site
that wrote the software*.

Do not accept copies of Firefox from some random (malicious)
download page. Not every green Download button is run by whitehats.

5) In Post #17, based on the evidence, TwinHeadedEagle thinks
you have a "Java" entry in your Programs and Features control
panel, and your Java installation is legitimate. That's why he
did not panic. He sees the Autoruns entry, and assumes it was
put there by a real copy of Java. If you don't need Java, you
could remove it. You could use the actual Java control panel,
to disable updates. You would do that *only* to prove that you
have control over the dialog popping up all the time. Java
really should be kept up to date.

a) Java is not fun and games. Only install it if you actually need it.
If the need for it has passed, *remove it* from Programs and
Features.

b) If you must have it on the computer, use the "Java" control
panel to configure it. Normally, you leave updates enabled,
because Java is subject to a lot of exploits that need to
be fixed immediately. Disabling updates, is to see if the
pesky Update dialog actually belongs to Java or not. Or is
some kind of scam.

c) If you don't know why Java is on the computer, remove it
and see what breaks. Seriously.

d) If you need to reinstall it, the Oracle site offers infected
and non-infected downloads.

Top level:

http://www.oracle.com/technetwork/ja...ads/index.html

Look for JRE (Java Runtime). That is for end users.
That takes you to the next page.

http://www.oracle.com/technetwork/ja...s-2133155.html

The big ones (offline) are the safe ones. The one to use
depends on whether your Windows is 32 bit or 64 bit. Based
on the giant RAM memory your 8500 has, you want 64 bit, as
Dell would be silly to install anything other than an x64 OS.

Windows x86 Offline 32.17 MB jre-8u20-windows-i586.exe
Windows x64 91.68 MB jre-8u20-windows-x64.exe ---

You have to click the License Agreement box, before the
download links will work.

As far as I know, those are safe. I can't unpack them with
7ZIP any more, and I don't have time to use WINE to test them.
I'm getting hungry! :-)

6) In Post #17, he wants you to use Delfix.

But if you have uninstalled Farbar, and cleaned out C:\FRST, that
would amount to largely the same thing. The only reason I hesitate to
use Delfix, is whether there will be side effects (damage to MBAM).

He also gives a list of other things.

TFC - "to clean unneeded temporary files."
You could probably do this with CCleaner, avoiding any usage
of Registry cleaning, and just cleaning temporary folders with it.

Malwarebytes' Anti-Malware - "to scan your system from time to time"
You're doing this already...

Malwarebytes' Anti-Exploit - "to prevent exploits"
That looks promising. Description is here.
http://www.bleepingcomputer.com/down...-anti-exploit/

There is a nice download button here, and this *is* the source.
https://www.malwarebytes.org/antiexploit/

My main problem with some of these programs, is whether they
cause side effects and prevent legit activities on the computer.
I don't want to recommend anything which will be nothing but a
PITA.

McShield - "to prevent infections spread by removable media."
If you don't move a lot of USB keys from machine to machine,
maybe you don't need this. Disabling the Autoplay stuff, the
Microsoft way, turns off USB but leaves CDROMs enabled. If you
use U3 USB sticks (equipped with U3 software), those prevent
fake CDROM images, so can fool Microsoft's idea of protection.
I expect McShield turns it all off.

CryptoPrevent - "to secure yourself from CryptoLocker infection."
Cryptolocker makes it impossible to open your data files,
and they demand a "ransom" of $200 to get the files back.
CryptoPrevent initially started as a tool to install "Software
Restriction Policies", to prevent the bad software from running
the built-in system encryption tools. This was a good idea. The
tool adds a couple hundred rules to the Registry.

Reading the description now though, the feature set of
CryptoPrevent has expanded. It is more intrusive. It could
have side effects. The initial program design probably wasn't
all that bad. Reading the description now, I'd just pass on this.

Maybe a power user with years of experience could use this,
but once they try to do too much for you, then it's
"Why doesn't my XYZ program work any more?". And we don't
want that to happen.

Unchecky - "to prevent from installing additional foistware,
implemented in legitimate installations."

A nice idea, but likely needs to be updated once in a while
to be effective. The changelog hints at it being constantly
improved.

http://unchecky.com/changelog

FileHippo.com Update Checker - "to keep your programs up-to-date."

The only problem with this idea, is where do the
updates come from ? Are they safe ? I would get the
actual updates from a site other than FileHippo.
I like to trace as close to the source as possible,
to avoid the stinking toolbars.

If you want to run the program and just write down on a piece
of paper, what needs updating, that would be OK. Your AV scanner
will examine this program, when you download it.

Adblock - "to surf the web without annoying ads!"
Yet his link shows AdBlock Plus, which is a different thing.
https://adblockplus.org/en/chrome --- his link

Adblock, is described here.
http://en.wikipedia.org/wiki/Adblock
(Product main web site is here - https://getadblock.com
Use a modern browser to view the site... )

Adblock Plus (what he wants you to install), is described here.
http://en.wikipedia.org/wiki/Adblock_Plus
(Product main web site is here - https://adblockplus.org )

A concern here, would be side effects, and whether certain
sites would appear blocked when it comes to delivering their
actual content. If these tools put an icon in the browser
bar somewhere, you may be able to disable the stuff on a
per-site basis. I don't use either of the above...

I'm a "lightweight" protection guy. Of the list I'd
be interested in:

Malwarebytes' Anti-Exploit (find a review for it somewhere!)
McShield (if you use USB flash keys a lot)
Unchecky (may help you get one less toolbar...)

You already know and use MBAM, and for the others, I'm worried
there would be side effects and then you wouldn't know what
to switch off. We don't want to turn your computer into
something that looks like the control panel on a 747 airplane :-)

HTH,
Paul

Hello Paul,


I provided all the pictures versus trying to
explain what I was seeing. I thought it would
be easier

I barely see the SunJavaUpdate myself but
how can I click on a Autoruns image to find the
program path?

I tried to zoom in on the SunJavaUpdate icon but it just blurs. I
haven't run Autoruns since I was working with you and at this time
I'm still working with the malwarebytes forum person.

Could this be it with two JAVA entries? (hopefully you can make it out)

http://i59.tinypic.com/zwjfrb.jpg

I found Findopolis in Program and Features and
tried to uninstall it but it said an error occurred
and do I want to remove it from the list and I
clicked yes and removed it.

I couldn't find FreeSoft Today. Remote Desktop Access
or Windows Manager Protect but I seem to remember
that I removed FreeSoft Today before?

I checked and I didn't see any Farbar entries in
the Program and Features.

I still use JAVA but I'm very leery of opening it
as it may be corrupted. Maybe I should just remove it
and then reinstall it but there are (2) entries for
JAVA.

So if I reinstall JAVA I should use the JRE then you're
suggesting either of these but the offline is better?

Windows x86 Offline 32.17 MB jre-8u20-windows-i586.exe
Windows x64 91.68 MB jre-8u20-windows-x64.exe ---

Oh jeeeeeez ,.. I've already run Dellfix!@!@!

I don't use CcCleaner,... I've been working on these two
computers non-stop for awhile just to get them up and
running again that I forgot and I'm getting a little
overwhelmed with all the antivirus, anti-malware, programs
besides all the technical data he gave me to read. It takes
allot of time for me to digest all of this.

Damn! I thought those link he gave were the source ! I've
already installed malwarebytes Anti-Exploit.

That was my very concern, with so many programs I worry
about them conflicting with one another and messy up my
computer. I may be wrong but it seems to me overkill. I
like to have my computer as lean as possible.

I don't use my USB all that much. Only to upload pictures
from my camera is about all.

Most of these programs I had never heard of including
CryptoPrevent which is why I asked you to take a look at
them and also because I felt we weren't finished and that
I was still infected but I'm just following instructions.

So you recommend deleting CrytpPrevent, Unchecky, Adblock?

Your concern about FileHippo echoes mine exactly and I'm
very, very leery of it. As I said its showing my JAVA needs
updating when I had just installed it the previous day.

Part of the problem also is that I'm disabled and I don't
want to be spending more time just to keep these programs
updated than the time I spend on the computer itself and I
agree I don't want to turn my computer into a 747 cockpit
which is what its starting to look like!

I think I'll take your suggestions and remove the installed
programs and leave those that you recommend.

Thanks for taking the time to respond and explain things to
me I really appreciate it.

Robert

Oh, I get it

You pointed the arrow to the one I am suppose to use

The big ones (offline) are the safe ones. The one to use
depends on whether your Windows is 32 bit or 64 bit. Based
on the giant RAM memory your 8500 has, you want 64 bit, as
Dell would be silly to install anything other than an x64 OS.

Windows x86 Offline 32.17 MB jre-8u20-windows-i586.exe
Windows x64 91.68 MB jre-8u20-windows-x64.exe ---

Mark Twain wrote:
Oh, I get it

You pointed the arrow to the one I am suppose to use

The big ones (offline) are the safe ones. The one to use
depends on whether your Windows is 32 bit or 64 bit. Based
on the giant RAM memory your 8500 has, you want 64 bit, as
Dell would be silly to install anything other than an x64 OS.

Windows x86 Offline 32.17 MB jre-8u20-windows-i586.exe
Windows x64 91.68 MB jre-8u20-windows-x64.exe ---

That should be the 64 bit offline one. The one with the
arrow. If it is the wrong one, the installer would tell
you anyway.

*******

The purpose of attempting to uninstall the Java
first, is to see whether any remnants are still around,
and whether you still need it.

Java on an end-user machine is used a couple of
ways. You can download a program, in the same way
you'd download Firefox or Chroms and run the program.
And the Java library that is installed first, supports
the operation of a Java-based program.

There aren't many free programs of that type. I had a
commercial program (VPN software for work) which
used Java in that way. That was a reason I needed to
keep Java loaded, so I could connect (securely) to
work in the evenings.

A more popular way of using Java, is Java games in the browser.
There may be a Java tick box in the browser preferences, and
if a Java game comes along, then you're ready for it.
For example, I temporarily installed Java one day, because
there was a "3D" Java demo I wanted to try out. But after
the demo was done, I un-installed Java again. Currently,
I have no Java dependencies on the machine, so I can leave
it uninstalled.

Due to the amount of maintenance and concern Java causes,
if it was my machine, I'd uninstall it and see what things
"complained" they had no Java. Rather than leaving it installed,
having to get updates for it regularly, and so on.

Paul

Mark Twain wrote:
Hello Paul,


I provided all the pictures versus trying to
explain what I was seeing. I thought it would
be easier

I barely see the SunJavaUpdate myself but
how can I click on a Autoruns image to find the
program path?

I tried to zoom in on the SunJavaUpdate icon but it just blurs. I
haven't run Autoruns since I was working with you and at this time
I'm still working with the malwarebytes forum person.

Could this be it with two JAVA entries? (hopefully you can make it out)

http://i59.tinypic.com/zwjfrb.jpg

I found Findopolis in Program and Features and
tried to uninstall it but it said an error occurred
and do I want to remove it from the list and I
clicked yes and removed it.

I couldn't find FreeSoft Today. Remote Desktop Access
or Windows Manager Protect but I seem to remember
that I removed FreeSoft Today before?

I checked and I didn't see any Farbar entries in
the Program and Features.

I still use JAVA but I'm very leery of opening it
as it may be corrupted. Maybe I should just remove it
and then reinstall it but there are (2) entries for
JAVA.

So if I reinstall JAVA I should use the JRE then you're
suggesting either of these but the offline is better?

Windows x86 Offline 32.17 MB jre-8u20-windows-i586.exe
Windows x64 91.68 MB jre-8u20-windows-x64.exe ---

Oh jeeeeeez ,.. I've already run Dellfix!@!@!

I don't use CcCleaner,... I've been working on these two
computers non-stop for awhile just to get them up and
running again that I forgot and I'm getting a little
overwhelmed with all the antivirus, anti-malware, programs
besides all the technical data he gave me to read. It takes
allot of time for me to digest all of this.

Damn! I thought those link he gave were the source ! I've
already installed malwarebytes Anti-Exploit.

That was my very concern, with so many programs I worry
about them conflicting with one another and messy up my
computer. I may be wrong but it seems to me overkill. I
like to have my computer as lean as possible.

I don't use my USB all that much. Only to upload pictures
from my camera is about all.

Most of these programs I had never heard of including
CryptoPrevent which is why I asked you to take a look at
them and also because I felt we weren't finished and that
I was still infected but I'm just following instructions.

So you recommend deleting CrytpPrevent, Unchecky, Adblock?

Your concern about FileHippo echoes mine exactly and I'm
very, very leery of it. As I said its showing my JAVA needs
updating when I had just installed it the previous day.

Part of the problem also is that I'm disabled and I don't
want to be spending more time just to keep these programs
updated than the time I spend on the computer itself and I
agree I don't want to turn my computer into a 747 cockpit
which is what its starting to look like!

I think I'll take your suggestions and remove the installed
programs and leave those that you recommend.

Thanks for taking the time to respond and explain things to
me I really appreciate it.

Robert

DelFix is supposed to remove left-overs from things
like FRST (Farbar). It should not affect the other list
of things.

*******

TwinHeadEagle list of programs. These are *optional*. They
may help slightly, keeping the machine clean. But new threats
appear all the time. And even the most prepared organizations
get hit. One day at work, we had the best AV money could buy,
with multiple AV updates every day, and we got a worm on the
network and it tool all day to clean up. A "Doh" moment for
the IT department.

MBAB - you're already using it.

Malwarebytes' Anti-Exploit - should complement your other programs

McShield - Minor improvement, for USB based infection vector.

CryptoPrevent - The original program basically used some
"software restrict" policies, to armor the
machine. The feature set on the current version
looks a little to "ambitious and busy" for ordinary
users. It could interact with normal operation of
the machine, and cause you to "need to read the
manual" for the program.

Regular backups, stored on a hard drive not normally
connected to the computer, is better than nothing to
protect against this. It's also possible MBAE uses
rules like that.

Unchecky - Probably not a lot of side effects. Will need to be updated
once in a while, to deal with new Toolbar installer GUIs.

FileHippo.com Update Checker - You seem to know enough about
doing updates, to not need this.

Adblock - Purely optional. Some pages will not render completely
in a browser, if the advertising is blocked. So some
fiddling may be involved with Adblock or Adblock Plus.

If you installed none of them, you've still got an AV loaded,
which is a start. You're not completely unprotected. And the
new MBAE you've added, likely covers a good percentage of what
some of the other items in the list are trying to do.

And do some Java testing, and satisfy yourself the popup
really does belong to Java. If Java is un-installed, the
popup should be gone. Look in Programs and Features, check
carefully what you're removing.

*******

If you extend the Autoruns window sideways a bit, the
file path information may become visible.

Is C:\FRST empty now ? Once the quarantined content
is gone from there, your AV software scan should be
clean again.

Paul

Hello Paul,

It seems that the malwarebytes forum
thread is now closed.

I couldn't find TFC, or Adblock but
I deleted FileHippo and CryptoPrevent.
The JAVA pop-up is gone but should I
uninstall then re-install JAVA just
to make sure things are working correctly?

I know that you gave me the links for
Firefox but where would I find the
downloads for other programs e.g. Adobe
that need updating periodically ?

Here's the list in Program and Features of
what I have on my computer

http://i61.tinypic.com/2w53hmw.jpg

http://i60.tinypic.com/hv4h3t.jpg

Is there anything else that you would recommend ?

Thanks,
Robert

Hello Paul,

It seems that the malwarebytes forum
thread is now closed.

I couldn't find TFC, or Adblock but
I deleted FileHippo and CryptoPrevent.
The JAVA pop-up is gone but should I
uninstall then re-install JAVA just
to make sure things are working correctly?

I know that you gave me the links for
Firefox but where would I find the
downloads for other programs e.g. Adobe
that need updating periodically ?

Here's the list in Program and Features of
what I have on my computer

http://i61.tinypic.com/2w53hmw.jpg

http://i59.tinypic.com/dcvfo4.jpg

Is there anything else that you would recommend ?

Thanks,
Robert

Mark Twain wrote:
Hello Paul,

It seems that the malwarebytes forum
thread is now closed.

I couldn't find TFC, or Adblock but
I deleted FileHippo and CryptoPrevent.
The JAVA pop-up is gone but should I
uninstall then re-install JAVA just
to make sure things are working correctly?

I know that you gave me the links for
Firefox but where would I find the
downloads for other programs e.g. Adobe
that need updating periodically ?

Here's the list in Program and Features of
what I have on my computer

http://i61.tinypic.com/2w53hmw.jpg

http://i59.tinypic.com/dcvfo4.jpg

Is there anything else that you would recommend ?

Thanks,
Robert

Do you see this in any browser windows ?

http://www.anvisoft.com/resources/wp...m-homepage.jpg

You have "istart123" in your Program list. That
would be more junkware. I'm surprised it wasn't
removed. Perhaps it was removed, and just the
entry in the Program list remains ? If so, that's OK.
I would look in the C:\Program Files type directories,
for signs of it. Of course it could be named anything,
just to hide itself. The only reason for checking
in C:\Program Files is to see if it has been removed
by something already.

*******

You have Java 7 installed on the machine. Maybe you
can have more than one version of Java present, and
that's how it got on there.

The Java popup could come back, if there is a
pending update for Java 7. It's possible the
other thing you had was Java 8.

*******

Many of the other items, have updaters that check
at startup, whether an update is needed. They contact
the web site and check for updates. I don't know
if there's that much incentive to override the automatic
updates and install them manually. For example, to update
Adobe Flash, you have to find the right page with a full
installer, if you want to remove all doubt about what
to install. The only reason I don't like the Adobe "web"
based method of updating, is the number of failures
people report.

So there are two issues there for you. Do you see
occasional requests for Adobe Flash updates ? And
are they in the form of a dialog box which is actually
from Adobe ?

I use items from "Flash Player archives", which are
not necessarily in the correct order. You have to
scroll down the page, to find that area of the archive.

http://helpx.adobe.com/flash-player/...-versions.html

(Released 7/8/2014) Flash Player 14.0.0.145 (167 MB)

That one is relatively old. Maybe that's the version
you've got already. And actually, it is. That's the one
you're running. And I don't see any newer ones in the 14.X
series.

I think the files inside those, are for Mac and Windows.

So at the moment, there is nothing for you to download.
Maybe that means the Adobe Flash Updater is running,
and doing this work for you.

I'd say you were in pretty good shape. Just the
istart123 needs to be checked out. Maybe the
entry in Programs and Features isn't really there,
and an attempt to remove it will return a suitable
warning message there is nothing to uninstall.

I wouldn't leave the Java 7 there, unless you really needed it.
At one time, I was all in favor of Java, and liked to play
with the programs when Java was young. But the amount of
exploits made a joke of the "hardening" Sun Microsystems
put into Java. Now, it's like a Swiss Cheese. The only
reason I'd be leaving it on the machine, is if I bought
expensive software, and the expensive software absolutely
needed it.

Paul

Hello Paul,

To answer your questions;

No, I do not see the image provided on
any browser window.

I uninstalled istart123

Regarding Java, all I see is

Java 7 Update 67
Java 7 Update 67 (64 bit)

So if I uninstall Java which one or both?
Can you give me a good reliable source to
re-install it? That way I'll know it's good.

hmmmmm, I can't honestly remember seeing
updates for Adobe flash player, and even
if so how do I know the update is actually
from Adobe and not a rogue virus?

Thanks,
Robert