Superuser

## Re: fouten update windows 7

Looks a bit complex, that one.

Scholar

## Re: fouten update windows 7

O..k

I started hitmanpro  and it solved my problem

it found 586 errors

and solves them bij deleting or put them in quaratine

Thanks every one for inputting answers to me

I will also inform microsoft that the problem could be solved so easely

and not the way they suggested

## Re: fouten update windows 7

Glad to hear you are sorted out but can you provide a little more detail.

Did HitmanPro find errors or malware? Could you post one of the "errors" it corrected?

Your experience confirms that HitManPro is a good backup scanner to have in anyone's protection arsenal.

Superuser

## Re: fouten update windows 7

- HitmanPro probably always (doesn't matter if you choose "one time scan") create a log-files local-folders (AppData/Local Settings) in txt-files; Already not sure - but it's can to have any "user information", but must be possible to "copy" just "found items";

- HitmanPro also detected most part of tracking cookies (F-Secure can to not deleting some of them "as design" by "safe-status"; or just if you use any alternative browser);

Also HitmanPro can to "give" a little be more "numbers" of "found items", than it's can be - just because it's a little be another kind of "statistics" (it's mean 586 items - can be not really indeed 586 trouble-files or registry-keys or just tracking cookies);

But... probably indeed HitmanPro can to "back to default" any system settings. But that can to do Malwarebytes too (especially about part of "blocked Windows update"-keys). :)

Anyway - you can be close to "sure" - that system are OK. But still you need to check more (it's must be related with kind of found-items) :).

Highlighted
Scholar

## Re: fouten update windows 7

Here are the details of hitmanpro

Scan date . . . . . . : 2014-04-19 10:34:46
Scan mode . . . . . . : Normal
Scan duration . . . . : 13m 45s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes

Threats . . . . . . . : 586
Traces . . . . . . . : 889

Objects scanned . . . : 2.286.197
Files scanned . . . . : 152.748
Remnants scanned . . : 824.134 files / 1.309.315 keys

Malware _____________________________________________________________________

C:\ProgramData\Wincert\win32cert.dll -> Quarantined
Size . . . . . . . : 7.168 bytes
Age . . . . . . . : 109.0 days (2013-12-31 11:14:04)
Entropy . . . . . : 5.0
SHA-256 . . . . . : 667985D140FF2E4AB20FDF12F1F5195693E0AB32318827D446CA182CC311F1EE
> Kaspersky . . . . : not-a-virus:WebToolbar.Win32.SearchSuite.a
Fuzzy . . . . . . : 106.0

C:\Users\hcc FVC platform\AppData\Local\Temp\{45F4935D-CF7A-4BFB-A910-87589E17B1AB}\Custom.dll -> Quarantined
Size . . . . . . . : 61.440 bytes
Age . . . . . . . : 369.7 days (2013-04-14 16:57:30)
Entropy . . . . . : 6.4
SHA-256 . . . . . : D269508431C5F9946D7A2C4217B24A2E9FD30AFA2B32E23FF40960D04CF5E994
Product . . . . . : SoftSafe
Publisher . . . . : SoftSafe
Description . . . : Custom DLL for SoftSafe
Version . . . . . : 2013.4.
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.aeph
Fuzzy . . . . . . : 100.0

C:\Users\hcc FVC platform\AppData\Roaming\OpenCandy\6894ED5653D54DA6AFE460B86873752B\SSStub_SearchProtect_p1v0.exe -> Quarantined
Size . . . . . . . : 322.680 bytes
Age . . . . . . . : 20.6 days (2014-03-29 19:38:50)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 74D1728E35E66597921E27256C6EA6997498BD61BC6EB2536FB250D368964630
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virusownloader.Win32.Agent.baxm
Fuzzy . . . . . . : 108.0

Potential Unwanted Programs _________________________________________________

Size . . . . . . . : 1.520.776 bytes
Age . . . . . . . : 359.0 days (2013-04-25 09:44:14)
Entropy . . . . . : 6.8
SHA-256 . . . . . : F20D2999461349323E7D44795ABED7A2A1EA8D3B6A32F91B3B1B58822503766F
Product . . . . . : Toolbar
Publisher . . . . : Ask
Description . . . : Ask Toolbar
Version . . . . . : 5.15.23.36191
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -17.0
Startup
HKU\S-1-5-21-905213307-2693827331-2924149415-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\
HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\

Size . . . . . . . : 71.816 bytes
Age . . . . . . . : 359.0 days (2013-04-25 09:44:15)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 4A343C9AAF47664B14C03AFB281C15F6705C6A750B59A6C578D712200A180F07
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0

Size . . . . . . . : 198.280 bytes
Age . . . . . . . : 359.0 days (2013-04-25 09:44:15)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 7939C565BD4751048F57854DEE262D437E79B992EA05EE29D6111A39F7A7DAB7
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0

Size . . . . . . . : 1.646.216 bytes
Age . . . . . . . : 359.0 days (2013-04-25 09:44:14)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 0CEEC40C38DEBE1012C6D9FD08FF648AD3AB8080B388E5B62A6946847A2BB243
Product . . . . . : Updater
Publisher . . . . : Ask
Description . . . : Ask Updater
Version . . . . . : 1.2.536191
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Running processes : 5180
Fuzzy . . . . . . : -17.0

Size . . . . . . . : 137.864 bytes
Age . . . . . . . : 359.0 days (2013-04-25 09:44:15)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 727D5CF5392C6E53306C6029455EEAD2C45923010297958975700A17101698FE
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -11.0
Startup

C:\Program Files (x86)\Conduit\ (Conduit) -> Deleted
C:\Program Files (x86)\Conduit\Community Alerts\ (Conduit) -> Deleted
Size . . . . . . . : 638.560 bytes
Age . . . . . . . : 651.7 days (2012-07-06 18:55:19)
Entropy . . . . . : 6.4
SHA-256 . . . . . : F22E58CDFE94D4A5FBBF2795A743B167ED9923E289E14654631E0077DD306C1D
Product . . . . . : Alert
Publisher . . . . : Conduit Ltd.
Description . . . : Alert
Version . . . . . : 1.1.4.1
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0

C:\Program Files (x86)\DealPly\ (Delta Search) -> Deleted
C:\Program Files (x86)\DealPly\DealPlyTune.dll (Delta Search) -> Deleted
Size . . . . . . . : 71.272 bytes
Age . . . . . . . : 669.8 days (2012-06-18 14:22:21)
Entropy . . . . . : 6.4
SHA-256 . . . . . : CDF6791EEB0EE9FBC9BBA1E96694B708EC51F0B10B68941E96D62AB217F84D4C
Product . . . . . : DealPlyTune.dll
Publisher . . . . : DealPly Technologies Ltd.
Description . . . : http://www.dealply.com/
Version . . . . . : 1.0.0.1
Copyright . . . . : Copyright (C) 2011 DealPly Technologies Ltd.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0

As you see several programs caused the problems

Superuser

## Re: fouten update windows 7

How you can see... a lot of troubles was about adware/riskware/toolbars, which marked as "not-a-virus";

And F-Secure practically doesn't detect that files; because marked like as "clean/legimate programs" (a little be sad about it);

But detected any certainly malicious adware/riskware/toolbars/not safe (for user's data) and etc.

- some of toolbars/riskware/adware (legimate) can be worst for users, than malware.

If user want to install it - all OK. Program will be do, which user want.

But some kind of "marketing" for that programs as "payload" - and user just not "unchecked" any in installer for another program... and already have a lot of any toolbars in system or other kind of protectors/guards (which so related with any search/media big companies);

DeltaSearch, OpenCandy and AskToolbar - some kind of already "known" mainstream in that situations... and it's a little be sad... that F-Secure doesn't prevent that yet (because current programs did a really trash things with system/registry).

If you can to remember... which installers was with that "payload" (potential) - you can transfer that sample for F-Secure SAS (service for analysis samples) and ask about "are that normal or not";

Just because current samples... most related with any not good things with system (include any broken default settings);

-----------

But.... very important - that possibly current "samples" indeed was like "payload" in any installer for another program (uncheck any settings during installation - and all good with system); Or installed by any "service-provider";

This is some kind of "normal" and close to "legimate" process for most companies (but some of them - detected that items as "not-a-virus" or include current items to PuPs/Riskware category);

And it's totally different with situations, when:

- valid certs by any that of companies (because it's all with any SaaS-relationships) compromissed;

- payload in installer - indeed malicious totally;

That kind of "malware" F-Secure detected practically always. Also it's related with any "unknown" companies (which same with ask.com, but "unknown" so good).

Anyway - you can able to transfer any "samples" for F-Secure.... because:

- what if.. current situation... "variant of compromissed" and malicious items (not likely);

- what if - F-Secure must to detect that... and it's missing in somewhat reasons.

----

667985d140ff2e4ab20fdf12f1f5195693e0ab32318827d446ca182cc311f1ee - can to check on virustotal.com

Here practically visible.. that detected by some of companies (and most of them with category "toolbar"/"not-a-virus"/"generic-behavior-heur");

Except HitmanPro (just because it's close to "trial-program" or which need to buy);

I still also can to recommend Online Scanner by NOD32 - it's practically detected most related "PuPs/Adware" and it's good "help" too.

All other means - F-Secure better or with "one-line" about other companies (it's mean - can not be "greates level up" if you use any other scanners for detection malicious items in malicious means);

## Re: fouten update windows 7

As suspected your errors are threats. But as Ukko states most of these are PUPS/unwanted Toolbars/BHOs, which nearly all AVs including F-Secure are not too hot in detecting.

Although you now appear threat free I would carry out additional scans to make sure you have in fact detected all the threats.