Hello Naat,
The Malwarebyte scan did not produce a report.
I will run the ESET program this evening as I cannot avoid using the computer until then
Cheers,
Ian
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Hello Naat,
The Malwarebyte scan did not produce a report.
I will run the ESET program this evening as I cannot avoid using the computer until then
Cheers,
Ian
Ok, awaiting
Cheers,
Naat
Hello Naat,
Here is the ESET log.
It took 24hrs to run
Cheers
Ian
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6d8b79bd39b82541b7100f98020af4ca
# engine=20259
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=false
# utc_time=2014-09-24 01:31:51
# local_time=2014-09-24 02:31:51 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1093160 34542304 0 0
# scanned=1258169
# found=51
# cleaned=0
# scan_time=86106
sh=FA8DF71E4C48423BD774EAFFA99A37AF1609EF05 ft=1 fh=138ef7aad9355dab vn="a variant of Win32/Amonetize.BR potentially unwanted application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3090621729-691808380-2464640456-1000\$RCT83D1.exe"
sh=FA8DF71E4C48423BD774EAFFA99A37AF1609EF05 ft=1 fh=138ef7aad9355dab vn="a variant of Win32/Amonetize.BR potentially unwanted application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3090621729-691808380-2464640456-1000\$RM22DB3.exe"
sh=7A4ED106C12BA69990BA5B227DB73E818423E3C3 ft=1 fh=a4d89f748c13b6d1 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Meo\meo.exe.vir"
sh=7759C118387FFCC1342D4CD3873A21F93249CDCB ft=1 fh=ed75b0c0ec5b8d9e vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Meo\meosetup_v2.17.exe.vir"
sh=E53CC39D393CC4B918667F391FF5404C6B54C91E ft=1 fh=bd97e4d9fb89f2ab vn="Win32/SpeedUpMyPC potentially unwanted application" ac=I fn="C:\Downloads\Norton\speedupmypc.exe"
sh=CAC9E75490A13E5E3D4C482ABD32EB54B58B623D ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.ErrorRepair application" ac=I fn="C:\Downloads\setup_1.exe.nco"
sh=38DE099C1C58304946665DC8BB7EEA38F7215F22 ft=0 fh=0000000000000000 vn="Win32/Adware.SpyNoMore application" ac=I fn="C:\Downloads\spynomore.exe.nco"
sh=40CBD68473A0078463B8CF8E9C541A55A4619FB7 ft=1 fh=e45995f2a8cc5d9c vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Program Files\DAP\Offers\SBToolbar.EXE"
sh=F57F8943B139EEE8D8F4B06EB9C78899FE83CB37 ft=1 fh=2ef7e8aacf3d3dcd vn="a variant of Win32/AdInstaller potentially unwanted application" ac=I fn="C:\Program Files\DAP\Offers\VA21_DAPSO.exe"
sh=7ACB17BC45CF6EDC71726E59FB8A1D37ECA51A55 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\ProgramData\InstallMate\{E12F616C-3300-4B6B-A980-7B223ACC439A}\Custom.dll"
sh=7ACB17BC45CF6EDC71726E59FB8A1D37ECA51A55 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{E12F616C-3300-4B6B-A980-7B223ACC439A}\Custom.dll"
sh=BEEEDFA0596A7846C8CA306566DE65DA6ABD43EE ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\Hightorque UK\AppData\Local\AOL\C_AOL Desktop 9.7c\browserCache\f_001211"
sh=837748FDE7AEC2E8F906E19A368905E959343B9F ft=1 fh=62774b013863bfbe vn="Win32/Systweak.D potentially unwanted application" ac=I fn="C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000787"
sh=7A7DB93C47B2EEC4AB347D46C94B4553045B8C58 ft=1 fh=9bb301a97c45b947 vn="a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application" ac=I fn="C:\Users\Hightorque UK\AppData\LocalLow\ReadingFanatic_6xEI\Installr\Cache\009EB398.exe"
sh=EE1E39975BF7116E482984FEB57B545060F49E33 ft=1 fh=a507b8b2dcd5e9df vn="Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\Hightorque UK\is360setup.exe"
sh=F3F91E0B76EF58119652FDCD93902F8F295959D5 ft=1 fh=701dd8335a58b5ae vn="a variant of Win32/Systweak.A potentially unwanted application" ac=I fn="C:\Windows\System32\roboot.exe"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Hightorque UK_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Hightorque UK_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Hightorque UK_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Hightorque UK_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe"
sh=EE1E39975BF7116E482984FEB57B545060F49E33 ft=1 fh=a507b8b2dcd5e9df vn="Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Hightorque UK_is360setup.exe.vir"
sh=E53CC39D393CC4B918667F391FF5404C6B54C91E ft=1 fh=bd97e4d9fb89f2ab vn="Win32/SpeedUpMyPC potentially unwanted application" ac=I fn="K:\Downloads\Norton\speedupmypc.exe"
sh=0CD347065DB65936F97938365748AC2EB4912243 ft=1 fh=74390c794b3d26ed vn="a variant of Win32/AdWare.ErrorEND.A application" ac=I fn="K:\Others\REGSERVO_Installer.exe"
sh=BEEEDFA0596A7846C8CA306566DE65DA6ABD43EE ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="K:\Users\AppData\Local\AOL\C_AOL Desktop 9.7c\browserCache\f_001211"
sh=0CD347065DB65936F97938365748AC2EB4912243 ft=1 fh=74390c794b3d26ed vn="a variant of Win32/AdWare.ErrorEND.A application" ac=I fn="K:\Users\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0011ca"
sh=99741D990F0CFC2AC8AC89E065C2998F0443E81B ft=1 fh=89825dbea5eb09e7 vn="Win32/AdInstaller potentially unwanted application" ac=I fn="K:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YVF8YF6\ReadingFanatic[1].exe"
sh=CAB9630FD4CA0B0F167824744B5B7CF96A5CFAF3 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="K:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JAR4SDXH\Wife%20Watching.avi[1].html"
sh=99741D990F0CFC2AC8AC89E065C2998F0443E81B ft=1 fh=89825dbea5eb09e7 vn="Win32/AdInstaller potentially unwanted application" ac=I fn="K:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D3PVW300\ReadingFanatic[1].exe"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="K:\Users\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="K:\Users\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="K:\Users\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="K:\Users\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="K:\Users\AppData\Local\Temp\NeroInstallFiles\NERO20120416094526368\ISSetupPrerequisites\neroAskToolbar\ApnIC.dll"
sh=FDC2005CED8ACF86C68FE1B86B0698D0539E8CE0 ft=1 fh=1aa6a68885750335 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="K:\Users\AppData\Local\Temp\NeroInstallFiles\NERO20120416094526368\ISSetupPrerequisites\neroAskToolbar\ApnStub.exe"
sh=0E21B4B011AF3625278279C3598B7584CEC6D7A9 ft=1 fh=db225e0c516169ed vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="K:\Users\AppData\Local\Temp\NeroInstallFiles\NERO20120416094526368\ISSetupPrerequisites\neroAskToolbar\ApnToolbarInstaller.exe"
sh=47ABDEFBD9186AA511ACDAB641926E5A46B1941B ft=1 fh=b4d752f8dfdf848a vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="K:\Users\AppData\Local\Temp\NeroInstallFiles\NERO20120416094526368\ISSetupPrerequisites\neroAskToolbar\AskToolbarNRO.exe"
sh=2AE17B2C81189A7F9F7015BE694C8038E64ACA46 ft=1 fh=1b6042c2b4fe97dc vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="K:\Users\AppData\Local\Temp\NeroInstallFiles\NERO20120416094526368\ISSetupPrerequisites\neroAskToolbar\AskToolbarNRO3.exe"
sh=37B6DF1A210AB605A28A024B89558951FE451B77 ft=1 fh=b9bb0c16c5f371cb vn="a variant of MSIL/Adware.PullUpdate.A application" ac=I fn="K:\Users\AppData\Local\Temp\nsp8FEE.tmp\Helper.dll"
sh=427A0EF68C9994F542C26A6E3CED8D713B942D6B ft=1 fh=f03ecc66fd6bd499 vn="a variant of Win32/Toolbar.Conduit.AE potentially unwanted application" ac=I fn="K:\Users\AppData\Local\Temp\nsr359.tmp\webapphost.dll"
sh=2557A57B429F1403D4C0E283CDAD3CC1CF163960 ft=1 fh=31024e5e2a933bec vn="a variant of MSIL/Adware.PullUpdate.A application" ac=I fn="K:\Users\AppData\Local\Temp\nsxC746.tmp\Helper.dll"
sh=BE9B9FA0BE024111DAC02989863257FEE9EDA690 ft=1 fh=9a70f3035e8f2cca vn="a variant of MSIL/SBWatchman.A potentially unwanted application" ac=I fn="K:\Users\AppData\Local\Temp\Stub\-121225892\sbw.exe"
sh=08D31DF0523374958EE7A2A33F82680D10A1D1FC ft=1 fh=c71c00118ec36d6c vn="a variant of Win32/SBWatchman.A potentially unwanted application" ac=I fn="K:\Users\AppData\Local\Temp\Stub\622015059\bundle.tmp"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="K:\Users\AppData\Local\Temp\AskSLib.dll"
sh=0FCB9C39049368080EE2A0D7B8701BF3E7BC7C7B ft=1 fh=b742d207808bfa69 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="K:\Users\AppData\Local\Temp\nseE723.tmp"
sh=179D2C5CB59A81FFFDA46F6BB737DFD3D5790C4C ft=1 fh=97a266427025c0e4 vn="Win32/SearchPlugin.A potentially unwanted application" ac=I fn="K:\Users\AppData\Local\Temp\ReimageRepair.exe"
sh=6012B6680540F6FA20ACCCEB7942E9079199E972 ft=1 fh=8c839b20eb3c54e5 vn="Win32/SearchPlugin.A potentially unwanted application" ac=I fn="K:\Users\AppData\Local\Temp\ReimageRepairTemp.exe"
sh=7A7DB93C47B2EEC4AB347D46C94B4553045B8C58 ft=1 fh=9bb301a97c45b947 vn="a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application" ac=I fn="K:\Users\AppData\LocalLow\ReadingFanatic_6xEI\Installr\Cache\009EB398.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="K:\Users\Downloads\cbsidlm-cbsi176-EPUB_to_MOBI-ORG-75613706.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="K:\Users\Downloads\cbsidlm-cbsi176-File_Shredder-ORG-10662831.exe"
sh=7759C118387FFCC1342D4CD3873A21F93249CDCB ft=1 fh=ed75b0c0ec5b8d9e vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="K:\Users\Downloads\meofreesetup.exe"
sh=EE1E39975BF7116E482984FEB57B545060F49E33 ft=1 fh=a507b8b2dcd5e9df vn="Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="K:\Users\is360setup.exe"
Some of the detections come from K: drive. Could you tell me what's there?
Also DAP (you;ve got it installed) is bundled with some adware offers. I suggest you uninstallation, unless you really like to stay with it.
Hi Naat,
I have been moving a lot of files around, using K drive as a "hub", there are a lot of downloaded epubs and old movies in there, I am still cleaning out a number of the files and then I will be defraging the drives.
I have unistaled DAP, I do not use it any more.
Cheers
Ian
Hi
Fix with Farbar Recovery Scan Tool
This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.
Press the + R on your keyboard at the same time. Type Notepad and click OK.
start CloseProcesses: C:\Downloads\Norton\speedupmypc.exe C:\Downloads\setup_1.exe.nco C:\Downloads\spynomore.exe.nco C:\Program Files\DAP C:\ProgramData\InstallMate C:\Users\Hightorque UK\AppData\Local\AOL\C_AOL Desktop 9.7c\browserCache\f_001211 C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000787 C:\Users\Hightorque UK\AppData\LocalLow\ReadingFanatic_6xEI\Installr\Cache\009EB398.exe C:\Users\Hightorque UK\is360setup.exe C:\Windows\System32\roboot.exe K:\Downloads\Norton\speedupmypc.exe K:\Others\REGSERVO_Installer.exe K:\Users\AppData\Local\AOL\C_AOL Desktop 9.7c\browserCache\* K:\Users\AppData\Local\Google\Chrome\User Data\Default\Cache\* K:\Users\AppData\Local\Mobogenie K:\Users\AppData\Local\Temp\* K:\Users\AppData\LocalLow\ReadingFanatic_6xEI\Installr\Cache\* K:\Users\Downloads\cbsidlm-cbsi176-EPUB_to_MOBI-ORG-75613706.exe K:\Users\Downloads\cbsidlm-cbsi176-File_Shredder-ORG-10662831.exe K:\Users\Downloads\meofreesetup.exe K:\Users\is360setup.exe Emptytemp: end
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Please include it in your reply.
Scan with Security Check
Please download Security Check by Screen317 and save it to your desktop.
Please include the content of that document.
Hello Naat,
Her are the logs,
Cheers
Ian
FRST log
Hello Geekimnot,
I am stepping in for Naathim. Give me a few hours and I'll be back with further instructions.
Biscuithd
Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.
How is the machine running now?
Hello Biscuithd
Nice to meet you.
I have deleted and reinstalled Adobe Reader.
PC is running smoothly now thank you.
Is Naat away on holiday ?
Cheers
Ian
Nice to meet you too!!
I have deleted and reinstalled Adobe Reader.
Excellent!
PC is running smoothly now thank you.
I will pass your thanks on to Naat as he did the heavy lifting
Is Naat away on holiday ?
I don't know the exact details to be honest.
Let's clean off the tools that we used.
Clean with DelFix
Please download DelFix by Xplode and save it to your desktop.
Below you will find Naat's thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.
Recommended reading:
MUST READ - security tips: Computer Security - a short guide to staying safer online.
MUST READ - general maintenance: What to do if your Computer is running slowly?
Recommended additional software:
TFC - to clean unneeded temporary files.
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
McShield - to prevent infections spread by removable media.
CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.
Hello Biscuithd
Thank you for the information and assistance.
Should all of these additional programs be run all the time ?
Will they not interfere with each other ?
Otherwise I think that the topic can be closed.
My grandson has been given a laptop that had a lot of downloaded games on it, it runs quite slow, it probably needs a good cleanout. Is there a program that identifies unused programs. I know that when you open programs and features it is supposed to show the date last used but it is not accurate, sometimes it says a program has been used frequently but does not even show a last used date.
Best regards, and thanks again to you and Naat.
Ian
Thank you for the information and assistance.
Glad to help! Naat did the heavy lifting and I will forward your thanks to him upon his return.
Should all of these additional programs be run all the time ?
Well, depends on the program. Have a read at the details of each.
Crypto Prevent is a "run once" and you'll never need it again. But, is hugely important.
The other are used on an "as needed basis". They are not installed and running.
Otherwise I think that the topic can be closed.
Will do!
My grandson has been given a laptop that had a lot of downloaded games on it, it runs quite slow, it probably needs a good cleanout. Is there a program that identifies unused programs. I know that when you open programs and features it is supposed to show the date last used but it is not accurate, sometimes it says a program has been used frequently but does not even show a last used date.
Feel free to open a topic for that machine. We do "spring cleanings" all the time!
Best regards, and thanks again to you and Naat.
Ian
You as well!!
Hi Biscuithd,
OK I will start a new post shortly for my grandsdon's Laptop.
Cheers,
Ian
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.