slow computer getting worse

[romasf62]

ran tfc.exe
then ran ESET

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TVersitybar\ldrtbTVe2.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TVersitybar\prxtbTVe2.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TVersitybar\tbTVe0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TVersitybar\tbTVe1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TVersitybar\tbTVe2.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TVersitybar\tbTVer.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TVersitybar\TVersitybarToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\hk64tbTVe0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\hk64tbTVe2.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\hktbTVe0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\hktbTVe2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\ldrtbTVe0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\ldrtbTVe2.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\tbTVe0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\tbTVe1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\tbTVe2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\4f4mbn28.default\Extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\chrome\emusic.jar.vir Win32/Toolbar.Conduit.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Roaming\newnext.me\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmartShopper12.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmartShopper12.zip Win32/Bagle.gen.zip worm
C:\Users\romalap09\AppData\Roaming\1H1Q\Aff Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\romalap09\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\romalap09\Downloads\ChromeSetup.exe a variant of Win32/InstallCore.FJ potentially unwanted application
C:\Users\romalap09\Downloads\drivermax_7_18_cnet.exe a variant of Win32/DealPly.I potentially unwanted application
C:\Users\romalap09\Downloads\drivermax_7_21_cnet_dealply.exe a variant of Win32/DealPly.I potentially unwanted application
C:\Users\romalap09\Downloads\drivermax_7_22_cnet_dealply.exe a variant of Win32/DealPly.I potentially unwanted application
C:\Users\romalap09\Downloads\drivermax_7_23_cnet_dealply.exe a variant of Win32/DealPly.I potentially unwanted application
C:\Users\romalap09\Downloads\drivermax_7_24_cnet_dealply.exe a variant of Win32/DealPly.I potentially unwanted application
C:\Users\romalap09\Downloads\drivermax_7_25_cnet.exe a variant of Win32/DealPly.I potentially unwanted application
C:\Users\romalap09\Downloads\drivermax_7_26_cnet.exe a variant of Win32/DealPly.I potentially unwanted application
C:\Users\romalap09\Downloads\rcp_dcomnew_util_300.exe Win32/Systweak.B potentially unwanted application
F:\emusic_fx_bundle.exe Win32/Toolbar.Conduit.A potentially unwanted application

[Juliet]

Let's get rid of the bad files, when these items were downloaded it was installed with adware which my have contributed to the computers infections.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
C:\Users\romalap09\AppData\Roaming\1H1Q\Aff Packages\uninstaller.exe
C:\Users\romalap09\Downloads\ccsetup410.exe
C:\Users\romalap09\Downloads\ChromeSetup.exe
C:\Users\romalap09\Downloads\drivermax_7_18_cnet.exe
C:\Users\romalap09\Downloads\drivermax_7_21_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_22_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_23_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_24_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_25_cnet.exe
C:\Users\romalap09\Downloads\drivermax_7_26_cnet.exe
C:\Users\romalap09\Downloads\rcp_dcomnew_util_300.exe
F:\emusic_fx_bundle.exe Win32/Toolbar.
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Give me one more update as to how the computer is running now.

[Juliet]

Forgot to include this

Just right click on the Spybot – Search & Destroy icon in your system tray beside the Windows clock and navigate to “Basic Tools“ →hit the purge selected button. That should remove the items in SpyBot's quarantine folder.

[romasf62]

once again thank you for your help to me and all the other people you are helping.

the computer is running faster, more like normal. my first post stated that I could not start one of my programs, that now works.
there are a couple of strange things though

popup box says that SDonAccess.exe crashes, it is not listed in task manager processes, when i use system tray to open Spybot, task manager shows sdonaccess.exe running then it disappears.

in system tray Norton360 icon is listed twice but task manager shows only one process.

there are no items in spybot quarantine to purge


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014
Ran by romalap09 at 2014-03-05 10:11:41 Run:2
Running from C:\Users\romalap09\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\romalap09\AppData\Roaming\1H1Q\Aff Packages\uninstaller.exe
C:\Users\romalap09\Downloads\ccsetup410.exe
C:\Users\romalap09\Downloads\ChromeSetup.exe
C:\Users\romalap09\Downloads\drivermax_7_18_cnet.exe
C:\Users\romalap09\Downloads\drivermax_7_21_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_22_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_23_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_24_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_25_cnet.exe
C:\Users\romalap09\Downloads\drivermax_7_26_cnet.exe
C:\Users\romalap09\Downloads\rcp_dcomnew_util_300.exe
F:\emusic_fx_bundle.exe Win32/Toolbar.
end
*****************

C:\Users\romalap09\AppData\Roaming\1H1Q\Aff Packages\uninstaller.exe => Moved successfully.
C:\Users\romalap09\Downloads\ccsetup410.exe => Moved successfully.
C:\Users\romalap09\Downloads\ChromeSetup.exe => Moved successfully.
C:\Users\romalap09\Downloads\drivermax_7_18_cnet.exe => Moved successfully.
C:\Users\romalap09\Downloads\drivermax_7_21_cnet_dealply.exe => Moved successfully.
C:\Users\romalap09\Downloads\drivermax_7_22_cnet_dealply.exe => Moved successfully.
C:\Users\romalap09\Downloads\drivermax_7_23_cnet_dealply.exe => Moved successfully.
C:\Users\romalap09\Downloads\drivermax_7_24_cnet_dealply.exe => Moved successfully.
C:\Users\romalap09\Downloads\drivermax_7_25_cnet.exe => Moved successfully.
C:\Users\romalap09\Downloads\drivermax_7_26_cnet.exe => Moved successfully.
C:\Users\romalap09\Downloads\rcp_dcomnew_util_300.exe => Moved successfully.
"F:\emusic_fx_bundle.exe Win32/Toolbar." => File/Directory not found.

==== End of Fixlog ====

[Juliet]

popup box says that SDonAccess.exe crashes, it is not listed in task manager processes, when i use system tray to open Spybot, task manager shows sdonaccess.exe running then it disappears.

in system tray Norton360 icon is listed twice but task manager shows only one process.

Spybot - Search & Destroy 2\SDOnAccess.exe <--scheduled tasks

It would be at Spybot start center,checkmark advanced mode,click Settings(say yes to the UAC prompt,if applicable),click the Schedule tab.If task is enabled,then the add button should be greyed out.
May need to remove it, reboot, then go back and enable it.

Norton360 icon is listed twice, try the below.
http://www.sevenforums.com/tutorials...ons-reset.html


Ready to close this out?
We have quarantine folders and preventive tips yet to go.?

[romasf62]

SDonAccess is not in list in spybot/settings/schedule so I rebooted
it still is not listed (MRU scan, Updates, scan and immunization are listed, all with grayed add button)
it is not in the processes list, but i did not get the error 217 popup box on this reboot

the duplicate Norton icons are now one (although I did nothing about it)

[Juliet]

could be all that was required was a hard reboot.

I think it's time to remove quarantine folders and post preventive tips?

Any other malware problems that you know of?

[romasf62]

no obvious problems

lets get move on

[Juliet]

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.

start
DeleteQuarantine:
end

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. Download Delfix from here
2. Ensure Remove disinfection tools is ticked
   Also tick:
   
   • Create registry backup
   • Purge system restore
   
   
   
3. Click Run

Any other tools used and their files/folders can simply be deleted.


~~~~~~~~~~~~~~~~~~~~~~

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/view...557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know

CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

• AdblockPlus, Surf the web without annoying ads!
• Blocks banners, pop-ups and video ads - even on Facebook and YouTube
• Protects your online privacy
• Two-click installation, It's free!
• click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

• Green should be good to go
• Yellow for caution
• Red to stop
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  How to prevent Malware: Created by Miekiemoes
  
  
  WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
  See this article (http://www.forbes.com/sites/eliseack...-disable-java/
  and this article (http://www.nbcnews.com/technology/te...late-1B7938755
  
  I would recommend that you completely uninstall Java unless you need it to run an important software.
  In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to...r-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-un...m-the-browser/)
  
  
  Avoid P2P
  
  P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
  
  Please read these short reports on the dangers of peer-2-peer programs and file sharing.
  
  • FBI Cyber Education Letter
    USAToday
    infoworld
  
  *********************************************
  Please read the following safe computing articles..
  
  Secure My Computer: A Layered Approach
  
  
  Free Antivirus-AntiSpyware-Firewall Software

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

[Juliet]

Glad we could help.

Since this issue appears resolved ... this Topic is closed.