Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Running Windows 8.1 - previously had "istartwebsearches" infect the system  (Read 15853 times)

0 Members and 1 Guest are viewing this topic.

oneian

    Topic Starter


    Rookie

    • Experience: Familiar
    • OS: Windows 8
    Hello,
    I previously had istartwebsearches hijack the browser and and spent a little time cleaning that out of the system and the broswers which was good.
    I noticed that my Win Defender was turned off and Security Centre was also off (This was after the websearches was removed from system). So i thought the PC was still infected.
    Researched some more and found a way to get into registry and turn win defender back on. Security Centre is working now, However, I noticed when I got to "Services" - "Security Centre" I can't make any changes. It's on automatic delayed option - but if I try to change it to manual it says "access denied."
    I tried to enter my admin password and name under "browse" and that didn't allow me either. I somehow feel the PC is still infected.
    I have run ComboFix, MalwareBytes, Win Defender, Avast Boot time scan and no malware/virus was picked up.
    Thank you in advance - if you can help me have some control over changing the Security Centre Service.

    his is a screenshot of what "Hijack This" found:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:00:44 PM, on 10/09/2014
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17278)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\system32\taskhostex.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Windows\System32\SettingSyncHost.exe
    C:\Program Files\Online Armor\oaui.exe
    C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
    C:\Program Files\Online Armor\OAhlp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Symform\Node Service\symformstatus.exe
    C:\WINDOWS\system32\taskeng.exe
    C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
    C:\Windows\System32\WWAHost.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\WINDOWS\WinStore\WSHost.exe
    C:\WINDOWS\explorer.exe
    C:\Windows\System32\skydrive.exe
    C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\oaui.exe"
    O4 - HKLM\..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Symform Status] "C:\Program Files\Symform\Node Service\symformstatus.exe"
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvvsvc.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
    O23 - Service: Privacyware network service (PFNet) - Privacyware/PWI, Inc. - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe
    O23 - Service: Symform Contribution Service (symformcontrib) - Symform, Inc. - C:\Program Files\Symform\Node Service\symformcontrib.exe
    O23 - Service: Symform Synchronization Service (symformsync) - Symform, Inc. - C:\Program Files\Symform\Node Service\symformsync.exe
    O23 - Service: Symform Software Updater Service (symformupdater) - Symform, Inc. - C:\Program Files\Symform\Node Service\symformupdater.exe

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
    « Reply #1 on: September 10, 2014, 01:08:40 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Download Windows Repair (all in one) from this site
    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:



    Go to Step 4 and under "System Restore" click on Create button:



    Go to Start Repairs tab and click Start button.



    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):



    Click on box next to the Restart System when Finished. Then click on Start.
    Windows 8 and Windows 10 dual boot with two SSD's

    oneian

      Topic Starter


      Rookie

      • Experience: Familiar
      • OS: Windows 8
      Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
      « Reply #2 on: September 10, 2014, 08:47:57 PM »
      hi Dave, thank you for responding and for providing the steps to follow. I will do that and shall let you know how it goes.
      Many thanks again :)

      oneian

        Topic Starter


        Rookie

        • Experience: Familiar
        • OS: Windows 8
        Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
        « Reply #3 on: September 10, 2014, 10:51:03 PM »
        hi Dave, I carried out the tasks advised above and the action centre still has the message that security centre is off and I couldn't turn it back on.
        When I did a clean reinstall of Windows yesterday, All was good and back to working order. I noticed TiWorker.exe was trying to get access and I allowed it through Online Armour (thinking it is a normal process) and then within minutes my security centre went off. And has stayed off. That's the only last known thing/clue I can remember.

        oneian

          Topic Starter


          Rookie

          • Experience: Familiar
          • OS: Windows 8
          Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
          « Reply #4 on: September 11, 2014, 03:26:27 AM »
          I've reinstalled win 8 and everything works well.
          It's when I upgrade that things go awry.
          Staying with win 8, for now :)
          Thanks for your help again, Dave. Much appreciated.

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
          « Reply #5 on: September 11, 2014, 12:32:55 PM »
          Please do a search for TiWorker.exe and tell me the file path. It should be in a Windows subfolder. Also, please tell me the size.
          Windows 8 and Windows 10 dual boot with two SSD's

          oneian

            Topic Starter


            Rookie

            • Experience: Familiar
            • OS: Windows 8
            Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
            « Reply #6 on: September 12, 2014, 02:09:43 AM »
            hi Dave, did a search and came up this:

            C:\windows\softwaredistribution\download\32966 182kb
            C:\winSxs\x86_microsoft-windows-servicing.... 182kb

            that first one doesn't look right.
            Please advise.

            oneian

              Topic Starter


              Rookie

              • Experience: Familiar
              • OS: Windows 8
              Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
              « Reply #7 on: September 12, 2014, 03:17:14 AM »
              I've also noticed I can't get any updates installed on win 8.
              Access denied.

              SuperDave

              • Malware Removal Specialist


              • Genius
              • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
              « Reply #8 on: September 12, 2014, 12:25:50 PM »
              Ok. Please try this tool
              We should run a few scans on this computer to make sure it's clean.


              Please download AdwCleaner by Xplode onto your Desktop.

              Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



              If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
              When the AdwCleaner program will open, click on the Scan button as shown below.



              AdwCleaner will now start to search for malicious files that may be installed on your computer.
              To remove the files that were detected in the previous step, please click on the Clean button.



              AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
              Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
              *********************************************
              Please download Malwarebytes Anti-Malware from here.
              Double Click mbam-setup.exe to install the application.
              • It should update automatically if the computer is connected to the internet.
              • Click on Threat Scan and click on Scan Now.
              • The scan may take some time to finish,so please be patient.
              • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
              • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
              • When disinfection is completed you can click on "Copy to Clipboard".
              • Paste the log in you next reply (CTRL+ V)
              *************************************************
              Please download Junkware Removal Tool to your desktop.

              Warning! Once the scan is complete JRT will shut down your browser with NO warning.

              Shut down your protection software now to avoid potential conflicts.

              •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

              •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

              •The tool will open and start scanning your system.

              •Please be patient as this can take a while to complete depending on your system's specifications.

              •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

              •Copy and Paste the JRT.txt log into your next message.
              *****************************************
              Download Security Check by screen317 from one of the following links and save it to your desktop.

              Link 1
              Link 2

              * Double-click Security Check.bat
              * Follow the on-screen instructions inside of the black box.
              * A Notepad document should open automatically called checkup.txt
              * Post the contents of that document in your next reply.

              Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
              Windows 8 and Windows 10 dual boot with two SSD's

              oneian

                Topic Starter


                Rookie

                • Experience: Familiar
                • OS: Windows 8
                Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                « Reply #9 on: September 12, 2014, 04:57:12 PM »
                Thanks Dave, will get on it.

                oneian

                  Topic Starter


                  Rookie

                  • Experience: Familiar
                  • OS: Windows 8
                  Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                  « Reply #10 on: September 12, 2014, 05:22:40 PM »
                  Log from AdwCleaner:
                  # AdwCleaner v3.310 - Report created 13/09/2014 at 09:20:39
                  # Updated 12/09/2014 by Xplode
                  # Operating System : Windows 8 Pro  (32 bits)
                  # Username : Ian - DESKTOPPC
                  # Running from : C:\Users\Ian\Downloads\adwcleaner_3.310.exe
                  # Option : Scan

                  ***** [ Services ] *****


                  ***** [ Files / Folders ] *****


                  ***** [ Scheduled Tasks ] *****


                  ***** [ Shortcuts ] *****


                  ***** [ Registry ] *****


                  ***** [ Browsers ] *****

                  -\\ Internet Explorer v10.0.9200.16384


                  -\\ Mozilla Firefox v32.0 (x86 en-GB)

                  [ File : C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\cibbpfd2.default\prefs.js ]


                  -\\ Google Chrome v37.0.2062.120

                  [ File : C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\preferences ]


                  *************************

                  AdwCleaner[R0].txt - [251 octets] - [13/09/2014 09:17:20]
                  AdwCleaner[R1].txt - [974 octets] - [13/09/2014 09:17:50]
                  AdwCleaner[R2].txt - [895 octets] - [13/09/2014 09:20:39]
                  AdwCleaner[S0].txt - [1034 octets] - [13/09/2014 09:19:16]

                  ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1014 octets] ##########

                  oneian

                    Topic Starter


                    Rookie

                    • Experience: Familiar
                    • OS: Windows 8
                    Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                    « Reply #11 on: September 12, 2014, 05:36:56 PM »
                    MBAM Results:

                    Malwarebytes Anti-Malware
                    www.malwarebytes.org

                    Scan Date: 13/09/2014
                    Scan Time: 9:24:36 AM
                    Logfile:
                    Administrator: Yes

                    Version: 2.00.2.1012
                    Malware Database: v2014.09.12.08
                    Rootkit Database: v2014.09.12.01
                    License: Trial
                    Malware Protection: Enabled
                    Malicious Website Protection: Enabled
                    Self-protection: Disabled

                    OS: Windows 8
                    CPU: x86
                    File System: NTFS
                    User: Ian

                    Scan Type: Threat Scan
                    Result: Completed
                    Objects Scanned: 270904
                    Time Elapsed: 9 min, 59 sec

                    Memory: Enabled
                    Startup: Enabled
                    Filesystem: Enabled
                    Archives: Enabled
                    Rootkits: Disabled
                    Heuristics: Enabled
                    PUP: Enabled
                    PUM: Enabled

                    Processes: 0
                    (No malicious items detected)

                    Modules: 0
                    (No malicious items detected)

                    Registry Keys: 0
                    (No malicious items detected)

                    Registry Values: 0
                    (No malicious items detected)

                    Registry Data: 0
                    (No malicious items detected)

                    Folders: 0
                    (No malicious items detected)

                    Files: 1
                    PUP.Optional.OpenCandy, C:\Users\Ian\Downloads\InternationalPrimoPDF.exe, Quarantined, [68605894d9a20f2791d26cb5a95c47b9],

                    Physical Sectors: 0
                    (No malicious items detected)


                    (end)

                    oneian

                      Topic Starter


                      Rookie

                      • Experience: Familiar
                      • OS: Windows 8
                      Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                      « Reply #12 on: September 12, 2014, 06:24:22 PM »
                      JRT:

                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                      Junkware Removal Tool (JRT) by Thisisu
                      Version: 6.1.3 (03.23.2014:1)
                      OS: Windows 8 Pro x86
                      Ran by Ian on Sat 13/09/2014 at 10:12:50.50
                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




                      ~~~ Services



                      ~~~ Registry Values



                      ~~~ Registry Keys



                      ~~~ Files



                      ~~~ Folders



                      ~~~ Event Viewer Logs were cleared





                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                      Scan was completed on Sat 13/09/2014 at 10:22:59.00
                      Computer was rebooted
                      End of JRT log
                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

                      oneian

                        Topic Starter


                        Rookie

                        • Experience: Familiar
                        • OS: Windows 8
                        Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                        « Reply #13 on: September 12, 2014, 07:16:46 PM »
                        Security check results. Thanks again, Dave.

                         Results of screen317's Security Check version 0.99.87 
                           x86 (UAC is enabled) 
                         Internet Explorer 10 Out of date!
                        ``````````````Antivirus/Firewall Check:``````````````[/u]
                         Windows Firewall Enabled! 
                        Windows Defender   
                         WMI entry may not exist for antivirus; attempting automatic update.
                        `````````Anti-malware/Other Utilities Check:`````````[/u]
                         CCleaner     
                         Adobe Reader XI 
                         Mozilla Firefox (32.0)
                         Google Chrome 37.0.2062.120 
                        ````````Process Check: objlist.exe by Laurent````````[/u] 
                         Windows Defender MSMpEng.exe
                         Malwarebytes Anti-Malware mbamservice.exe 
                         Malwarebytes Anti-Malware mbam.exe 
                         Tall Emu Online Armor OAcat.exe
                         Tall Emu Online Armor oasrv.exe
                         Tall Emu Online Armor oaui.exe
                         Tall Emu Online Armor OAhlp.exe
                         Privatefirewall 6.1 pfsvc.exe 
                         Malwarebytes Anti-Malware mbamscheduler.exe   
                         Windows Defender MsMpEng.exe   
                        `````````````````System Health check`````````````````[/u]
                         Total Fragmentation on Drive C:: 
                        ````````````````````End of Log``````````````````````[/u]

                        SuperDave

                        • Malware Removal Specialist


                        • Genius
                        • Thanked: 1020
                        • Certifications: List
                        • Experience: Expert
                        • OS: Windows 10
                        Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                        « Reply #14 on: September 12, 2014, 07:44:20 PM »
                        Did the WU update tool have any effect?
                        Windows 8 and Windows 10 dual boot with two SSD's

                        oneian

                          Topic Starter


                          Rookie

                          • Experience: Familiar
                          • OS: Windows 8
                          Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                          « Reply #15 on: September 12, 2014, 10:03:50 PM »
                          Upon executing the WU Tool, a message appears advising I need to download 3.5NET Frameworks, which when I try to download, I am unable to with an access denied.
                          I downloaded the offline 3.5Net file another computer and tried to install on this PC with no effect :(

                          SuperDave

                          • Malware Removal Specialist


                          • Genius
                          • Thanked: 1020
                          • Certifications: List
                          • Experience: Expert
                          • OS: Windows 10
                          Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                          « Reply #16 on: September 13, 2014, 12:53:36 PM »
                          You should upgrade to 8.1 and then see if you get your updates.
                          Windows 8 and Windows 10 dual boot with two SSD's

                          oneian

                            Topic Starter


                            Rookie

                            • Experience: Familiar
                            • OS: Windows 8
                            Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                            « Reply #17 on: September 13, 2014, 04:59:06 PM »
                            Only thing is, when I upgrade to 8.1 - my security centre gets switched off and I don't have any access to changing the service.
                            I could try again, I suppose.

                            SuperDave

                            • Malware Removal Specialist


                            • Genius
                            • Thanked: 1020
                            • Certifications: List
                            • Experience: Expert
                            • OS: Windows 10
                            Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                            « Reply #18 on: September 14, 2014, 12:53:17 PM »
                            You've tried to upgrade before? How did you go back to 8.0?
                            Windows 8 and Windows 10 dual boot with two SSD's

                            oneian

                              Topic Starter


                              Rookie

                              • Experience: Familiar
                              • OS: Windows 8
                              Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                              « Reply #19 on: September 15, 2014, 04:48:28 PM »
                              Now am getting errors trying to download win 8 updates.
                              Tried to upgrade to 8.1 - got a message saying "you need to download imp updates first"
                              So am stuck.

                              I did a reformat, and clean install and went back to win 8.

                              SuperDave

                              • Malware Removal Specialist


                              • Genius
                              • Thanked: 1020
                              • Certifications: List
                              • Experience: Expert
                              • OS: Windows 10
                              Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                              « Reply #20 on: September 16, 2014, 08:35:46 AM »
                              Is this a legal version of Windows 8 and did you do the activation?
                              Windows 8 and Windows 10 dual boot with two SSD's

                              oneian

                                Topic Starter


                                Rookie

                                • Experience: Familiar
                                • OS: Windows 8
                                Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                                « Reply #21 on: September 17, 2014, 12:48:51 AM »
                                Yes, a legal version. Took advantage of an invitation last year to sign up for win 8.
                                At the moment I've downloaded and installed as many updates as possible. If I install in batches, then it's better.
                                Thanks again for your help Dave.

                                SuperDave

                                • Malware Removal Specialist


                                • Genius
                                • Thanked: 1020
                                • Certifications: List
                                • Experience: Expert
                                • OS: Windows 10
                                Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                                « Reply #22 on: September 17, 2014, 01:01:14 PM »
                                Ok, let's do some clean up and we'll be done.

                                This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
                                This is a very crucial step so make sure you don't skip it.
                                Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

                                Double-click Delfix.exe to start the tool.
                                Make sure the following items are checked:
                                • Activate UAC (optional; some users prefer to keep it off)
                                • Remove disinfection tools
                                • Create Registry backup
                                • Purge System Restore Points
                                • Re-set system settings
                                Now click "Run" and wait patiently.
                                Once finished a logfile will be created. You don't have to attach it to your next reply.
                                ******************************************
                                Click Start> Computer> right click the C Drive and choose Properties> enter
                                Click Disk Cleanup from there.



                                Click OK on the Disk Cleanup Screen.
                                Click Yes on the Confirmation screen.



                                This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
                                ****************************************
                                I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                                Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                                Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                                Safe Surfing!
                                Windows 8 and Windows 10 dual boot with two SSD's

                                emmastone24



                                  Newbie

                                  • Experience: Familiar
                                  • OS: Windows 7
                                  Re: Running Windows 8.1 - previously had "istartwebsearches" infect the system
                                  « Reply #23 on: September 20, 2014, 11:19:39 AM »
                                  Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.Superdave.
                                  « Last Edit: September 20, 2014, 01:06:24 PM by SuperDave »