Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How do I tell what antivirus I'm running? [Solved]


  • This topic is locked This topic is locked

#16
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)




FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CloseProcesses:
    HKU\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    AlternateDataStreams: C:\ProgramData\Temp:0B174FAE
    C:\Users\VIRGINIA\AppData\Local\Mobogenie
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    GroupPolicyUsers\S-1-5-21-589063879-4051792814-2538650772-1001\User: Group Policy restriction detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.



51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.



ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

To perform the scan:

  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!


  • 0

Advertisements


#17
pingu632

pingu632

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I hope it's nicer here than it is there.  5*C and rainy. . .yuck!

 

I hope I got everything.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-10-2014 01
Ran by VIRGINIA at 2014-10-21 02:08:45 Run:1
Running from C:\Users\VIRGINIA\Desktop
Loaded Profile: VIRGINIA (Available profiles: VIRGINIA & Tanya & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
AlternateDataStreams: C:\ProgramData\Temp:0B174FAE
C:\Users\VIRGINIA\AppData\Local\Mobogenie
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
GroupPolicyUsers\S-1-5-21-589063879-4051792814-2538650772-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
EmptyTemp:
end
*****************

Processes closed successfully.
"HKU\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Classes\exefile" => Key deleted successfully.
C:\ProgramData\Temp => ":0B174FAE" ADS removed successfully.
C:\Users\VIRGINIA\AppData\Local\Mobogenie => Moved successfully.
catchme => Service deleted successfully.
C:\windows\system32\GroupPolicyUsers\S-1-5-21-589063879-4051792814-2538650772-1001\User => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
EmptyTemp: => Removed 142.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21/10/2014
Scan Time: 3:15:14 PM
Logfile: malwarebytes log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.21.09
Rootkit Database: v2014.10.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: VIRGINIA

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 437700
Time Elapsed: 22 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9f001865e99b1046be90d7062e1ea625
# engine=20703
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-21 06:55:56
# local_time=2014-10-21 02:55:56 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 0 177416646 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 165461206 0 0
# scanned=265708
# found=5
# cleaned=0
# scan_time=16486
sh=1BB29099CFE4982EF016A6A560E758B8DF799270 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\VIRGINIA\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip"
sh=659E678C5D8CE742CC03A211C59AA57E6018FDC6 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\VIRGINIA\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk"
sh=9682E6E7BF2EE064689D3FBD52A0AC70C744099D ft=1 fh=5ffc513434f0e6c1 vn="a variant of Win32/PCCleaners potentially unwanted application" ac=I fn="C:\ProgramData\pclunst.exe"
sh=9682E6E7BF2EE064689D3FBD52A0AC70C744099D ft=1 fh=5ffc513434f0e6c1 vn="a variant of Win32/PCCleaners potentially unwanted application" ac=I fn="C:\Users\All Users\pclunst.exe"
sh=4370E4F60FB96627C6AD4F4820A4FA8A61F8EC29 ft=1 fh=3b60eb1472d7e959 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\VIRGINIA\Downloads\cbsidlm-cbsi213-Remove_Empty_Directories-SEO-10755867.exe"
 


  • 0

#18
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 

I hope it's nicer here than it is there.  5*C and rainy. . .yuck!

Forget it... it's heavy raining and the temperature is about 8*C. Yesterday was quite nice, today I wish I would stay at home. On the other hand - it's the end of October, so we shouldn't expect much :)
 
Can you please update me what issues remain?


51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.


  • 0

#19
pingu632

pingu632

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Here's the scan log.  I'm going to restart and see what, if anything, is going wonky.

 

Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 Duplicate Cleaner Pro 3.2.5  
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.189  
 Adobe Reader XI  
 Mozilla Firefox (33.0)
 Google Chrome 38.0.2125.101  
 Google Chrome 38.0.2125.104  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 


  • 0

#20
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Update your AV, as Avast is outdated.
 
Do you experience any other issues? :)



51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.

Include it for my review.
Please also manually reboot your machine after posting your logfile.


  • 0

#21
pingu632

pingu632

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I'm not too sure what's going on.  I restarted and launched Chrome.  An error message popped up: "Malwarebytes was unable to load the Anti-Rootkit DDA Driver, this error may be caused by rootkit activity.  Do you want to reboot the system and attempt to install the Driver?  (If you don't choose to reboot, Anti-Rootkit scanning will be disabled for this session)."

 

I restarted and logged in and Windows didn't load properly.  Malwarebytes popped up saying it wasn't up to date.  I updated it and it launched a scan automtically with no input from me.

 

I let it scan and there were no threats detected.  Windows still hadn't loaded.  I had to CTRL-ALT-DEL to get out of it.

 

I restarted and things went normally.  I launched Chrome, closed it and re-launched it, surfed to a website and closed it again.  When I launched it a third time it gave me the blank white screen where I had to end the chrome.exe processes.  I restarted the computer again and launched Chrome, closed it, re-opened, surfed, closed it and launched it again with no issue.

 

I'm not sure why the Security Check program said my Avast was out of date.  I checked it and it says it's up to date.

 

Boot-up is significantly faster and the PC performance has improved.

 

Thanks

v


  • 0

#22
pingu632

pingu632

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Oh, here is the log from the Malwarebytes scan that ran on it's own.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 22/10/2014
Scan Time: 5:30:04 PM
Logfile: malwarebytes oct 22.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.22.10
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: VIRGINIA

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 437001
Time Elapsed: 25 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#23
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Your logs don't indicate any more signs of anything bad. Im gonna post now my recommendations for safe surfing. Please monitor your machine and don't hesitate to shout if anything strange happens :)




Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

 

Recommended reading:


icon_exclaim.gif MUST READ - security tips: Computer Security - a short guide to staying safer online.
icon_exclaim.gif MUST READ - general maintenance: What to do if your Computer is running slowly?




Recommended additional software:


icon_arrow.gif TFC - to clean unneeded temporary files.
icon_arrow.gif Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif McShield - to prevent infections spread by removable media.
icon_arrow.gif CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gif Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.


My help is always free, but if you are happy with the help provided and wish to help my fight against malware, please consider making a donation.
All donations are to refund a new HDD to replace the old one, which recently passed away!
btn_donate_SM.gif


Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.




Minion-Bye-smaller.jpg


Stay safe,
Naat :)


  • 0

#24
pingu632

pingu632

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Here's the logfile:

 

# DelFix v10.8 - Logfile created 22/10/2014 at 18:47:31
# Updated 29/07/2014 by Xplode
# Username : VIRGINIA - VIRGINIA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\Users\VIRGINIA\Desktop\FRST-OlderVersion
Deleted : C:\TDSSKiller.3.0.0.19_03.01.2014_14.58.23_log.txt
Deleted : C:\TDSSKiller.3.0.0.19_03.01.2014_15.01.45_log.txt
Deleted : C:\Users\VIRGINIA\Desktop\Addition.txt
Deleted : C:\Users\VIRGINIA\Desktop\aswMBR.exe
Deleted : C:\Users\VIRGINIA\Desktop\ComboFix.exe
Deleted : C:\Users\VIRGINIA\Desktop\ComboFix.txt
Deleted : C:\Users\VIRGINIA\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\VIRGINIA\Desktop\Fixlog.txt
Deleted : C:\Users\VIRGINIA\Desktop\FRST.txt
Deleted : C:\Users\VIRGINIA\Desktop\FRST64.exe
Deleted : C:\Users\VIRGINIA\Desktop\OTL.Txt
Deleted : C:\Users\VIRGINIA\Desktop\OTL.exe
Deleted : C:\Users\VIRGINIA\Desktop\RKreport_SCN_10192014_181523.log
Deleted : C:\Users\VIRGINIA\Desktop\RogueKillerX64.exe
Deleted : C:\Users\VIRGINIA\Desktop\SecurityCheck.exe
Deleted : C:\Users\VIRGINIA\Downloads\TFC.exe
Deleted : C:\windows\grep.exe
Deleted : C:\windows\PEV.exe
Deleted : C:\windows\NIRCMD.exe
Deleted : C:\windows\MBR.exe
Deleted : C:\windows\SED.exe
Deleted : C:\windows\SWREG.exe
Deleted : C:\windows\SWSC.exe
Deleted : C:\windows\SWXCACLS.exe
Deleted : C:\windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #365 [Windows Update | 10/16/2014 07:00:16]
Deleted : RP #366 [Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 | 10/19/2014 20:34:59]
Deleted : RP #367 [Installed Microsoft Fix it 50535 | 10/19/2014 21:05:05]
Deleted : RP #368 [Installed Microsoft Fix it 50535 | 10/19/2014 21:07:25]
Deleted : RP #369 [Windows Update | 10/20/2014 01:56:50]
Deleted : RP #370 [Windows Update | 10/20/2014 08:19:19]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#25
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

As mentioned prior... stay safe and inform me if concerned :)

 

Cheers,

Naat :)


  • 0

Advertisements


#26
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP