-
I'm back
Ken - did post in forum 2 days ago & just now went to support @spybot & believe there is overall problem with my program kept getting scrip error on each step of the way giving them message. For ha-ha's I went to my event viewer & found errors in past 3 days in security log 1 is system files distributed com server local host; other is sync host 8d91dof - this I believe when I tried to upgrade spybot as fits time frame, another kernel power & NPT client. Just wondering if there is anything I can run while I'm waiting to hear back from spybot to see if I'm infected again (or still?) Sorry to bother you again, but trying to be viligant. Thank you!
-
sorry sent twice - first time said there was an error & wait 30 secs so thought it didn't go thru - the 2nd time it told me it was duplicate.
-
You can try this free online virus scanner
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the http://billy-oneal.com/Canned%20Spee...esetOnline.png button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on http://billy-oneal.com/Canned%20Spee...artInstall.png to download the ESET Smart Installer. Save it to your desktop.
- Double click on the http://billy-oneal.com/Canned%20Spee...esktopIcon.png icon on your desktop.
- Check http://billy-oneal.com/Canned%20Spee...cceptTerms.png
- Click the http://billy-oneal.com/Canned%20Spee.../esetStart.png button.
- Accept any security warnings from your browser.
- Check http://billy-oneal.com/Canned%20Spee...anArchives.png
- Make sure that the option "Remove found threats" is Unchecked
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time. - When the scan completes, push http://billy-oneal.com/Canned%20Spee...istThreats.png
- Push http://billy-oneal.com/Canned%20Spee...esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply. - Push the http://billy-oneal.com/Canned%20Spee...t/esetBack.png button.
- Push http://billy-oneal.com/Canned%20Spee...esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
-
Does this mean I unstall spybot again before I use this eset scanner? I did write spybot directly for help & they gave me instructions on how to update & it worked. Going to run a scan now from spybot & will wait till I hear from you about what to disable before doing eset - does this mean Malware Bytes also? Thanks Ken.
-
spybot scan results
As noted in last reply I did run spybot & it found adware threats - I saved the log (below) & when I went to fix problems I just got the swirling ball - so after 10 mins. of that went to close it & said that it was not finished - it never fixed problems & said malware program not responding. Don't know if this is any use to you but here it is:
Search results from Spybot - Search & Destroy
1/28/2016 7:27:47 PM
Scan took 00:24:24.
12 items found.
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3611819408-1750479240-3027513373-1000\Software\Microsoft\Microsoft Management Console\Recent File List
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3611819408-1750479240-3027513373-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (12) (Browser: Cache, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)
Adware.Agent.NXO: [SBI $SpybotAV] Executable (File, nothing done)
C:\Users\Corinne\Downloads\api_Downloader (1).exe
Properties.size=4671944
Properties.md5=40997DF90235ADCDE6E5253ED5CA0082
Properties.filedate=1373088876
Properties.filedatetext=2013-07-06 00:34:35
Adware.Agent.NXO: [SBI $SpybotAV] Executable (File, nothing done)
C:\Users\Corinne\Downloads\api_Downloader (2).exe
Properties.size=4671944
Properties.md5=40997DF90235ADCDE6E5253ED5CA0082
Properties.filedate=1373265253
Properties.filedatetext=2013-07-08 01:34:13
Gen:Variant.Adware.Kazy.517148: [SBI $SpybotAV] Executable (File, nothing done)
C:\Users\Corinne\Downloads\api_Downloader (3).exe
Properties.size=4677064
Properties.md5=2B06DF6B05EB4824E11F55ACAF1BCCDB
Properties.filedate=1373691752
Properties.filedatetext=2013-07-13 00:02:32
Gen:Variant.Adware.Kazy.517148: [SBI $SpybotAV] Executable (File, nothing done)
C:\Users\Corinne\Downloads\api_Downloader (4).exe
Properties.size=4677064
Properties.md5=E2E7F4FEF629DDD6632340B568BD107A
Properties.filedate=1374120741
Properties.filedatetext=2013-07-17 23:12:21
Gen:Variant.Adware.Kazy.517148: [SBI $SpybotAV] Executable (File, nothing done)
C:\Users\Corinne\Downloads\api_Downloader (5).exe
Properties.size=4677064
Properties.md5=E2E7F4FEF629DDD6632340B568BD107A
Properties.filedate=1374120771
Properties.filedatetext=2013-07-17 23:12:51
Gen:Variant.Adware.Kazy.559039: [SBI $SpybotAV] Executable (File, nothing done)
C:\Users\Corinne\Downloads\api_Downloader (6).exe
Properties.size=4868040
Properties.md5=F44E3D7DE35C73E6B307E88A06CA4A25
Properties.filedate=1374207167
Properties.filedatetext=2013-07-18 23:12:46
Application.Downloader.TT: [SBI $SpybotAV] Executable (File, nothing done)
C:\Users\Corinne\Downloads\api_Downloader.exe
Properties.size=4671432
Properties.md5=F0749A4C86CAE476D649B123AA523BF9
Properties.filedate=1372998396
Properties.filedatetext=2013-07-04 23:26:35
--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2016-01-25 sd2-installer.exe
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2015-06-16 SDDelFile.exe (2.5.42.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2015-06-16 SDFileScanHelper.exe (2.5.42.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2015-06-16 SDHelp.exe (2.5.42.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2015-07-24 SDLicense.exe (2.4.40.0)
2014-06-24 SDLogReport.exe (2.4.40.107)
2015-06-16 SDOnAccess.exe (2.5.42.11)
2015-06-16 SDPESetup.exe (2.5.42.3)
2015-06-16 SDPEStart.exe (2.5.42.86)
2015-06-16 SDPhoneScan.exe (2.5.42.28)
2015-06-16 SDPRE.exe (2.5.42.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2015-06-16 SDQuarantine.exe (2.5.42.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2015-06-16 SDSBIEdit.exe (2.5.42.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2015-06-16 SDShell.exe (2.5.42.2)
2015-06-16 SDShred.exe (2.5.42.108)
2015-06-16 SDSysRepair.exe (2.5.42.102)
2015-06-16 SDTools.exe (2.5.42.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update-2015b.exe (2.4.40.0)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-10-01 spybotsd2-install-scannerservice.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2016-01-25 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2015-06-16 NotificationSpreader.dll (2.5.42.4)
2015-06-16 SDAdvancedCheckLibrary.dll (2.5.42.98)
2015-06-16 SDAV.dll (2.5.42.1)
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2015-06-16 SDFileScanLibrary.dll (2.5.42.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2015-06-16 SDLicense.dll (2.5.42.0)
2015-06-16 SDLists.dll (2.5.42.4)
2015-06-16 SDResources.dll (2.5.42.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2015-06-17 SDTasks.dll (2.5.42.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2015-06-16 Tools.dll (2.5.42.36)
2015-04-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2016-01-27 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2015-07-29 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2015-12-23 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2016-01-27 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2016-01-20 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2015-08-12 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2016-01-27 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-01-13 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
-
You can temporarily disable Spybot
https://www.safer-networking.org/faq...d-temporarily/
Malwarebytes
Open Malwarebytes
Go to setting
Detection and Protection
Disable Malware Protection
Disable Malicious Website Protection
Then OK your way out
After you run ESET, besure to go back into both Spybot and Malwarebytes and re enable all protection
-
Go into your Downloads folder and delete everything in there but not the downloads folder itself
C:\Users\Corinne\Downloads
-
Esets scan
Ken, here is list & I did run archives. Had to disable spybot different way than link you sent me as have home pro ver 2.4 & now will reapply protection. Thanks for your help
C:\$Recycle.Bin\S-1-5-21-3611819408-1750479240-3027513373-1000\$R1YRE24.exe a variant of Win32/BundleInstaller.D potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-3611819408-1750479240-3027513373-1000\$R39816W.exe a variant of Win32/BundleInstaller.D potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-3611819408-1750479240-3027513373-1000\$RA7KN7V.exe a variant of Win32/BundleInstaller.D potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-3611819408-1750479240-3027513373-1000\$RB0R9XS.exe a variant of Win32/BundleInstaller.D potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-3611819408-1750479240-3027513373-1000\$RKL295Y.exe a variant of Win32/BundleInstaller.D potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-3611819408-1750479240-3027513373-1000\$RVGSXB2.exe a variant of Win32/BundleInstaller.D potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-3611819408-1750479240-3027513373-1000\$RW8PMI5.exe a variant of Win32/BundleInstaller.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Corinne\AppData\LocalLow\Zynga\hk64tbZyn0.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Corinne\AppData\LocalLow\Zynga\hk64tbZyn2.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Corinne\AppData\LocalLow\Zynga\hktbZyn0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Corinne\AppData\LocalLow\Zynga\ldrtbZyng.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Corinne\AppData\LocalLow\Zynga\tbZyn0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Corinne\AppData\LocalLow\Zynga\tbZyn1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Corinne\AppData\LocalLow\Zynga\tbZyng.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
-
Nothing to worry about Corrine, 7 of those files are in your Recycle Bin and the other 7 are backups of what AdwCleaner removed.
1. Right click on your Recycle Bin and select Empty Recycle Bin
2. Double click on AdwCleaner.exe to run the tool again.
- Click on the Uninstall button.
- Click Yes when asked are you sure you want to uninstall.
- Both AdwCleaner.exe, its folder and all logs will be removed.
3. Did you empty out your Downloads folder like I previously posted ??
-
Yes I did except for my spybot license & TDS killer in download folder hope it's OK to leave those?