dang....their making it harder for people with older operating systems to use their tools any more, I dislike this.
Can you see where the infections are located?
does it give an option to delete or quarantine?, and without having to pay?
dang....their making it harder for people with older operating systems to use their tools any more, I dislike this.
Can you see where the infections are located?
does it give an option to delete or quarantine?, and without having to pay?
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
https://www.eset.com/us/home/online-scanner/
this one claims to be Vista compatible.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Hi Juliet,
Not having much luck! Where would the report from the online scan be stored? When I went to bed last night the scan was still running (3hrs at this point), when I looked this morning, the comp had rebooted but I can't find the log. I tried going back online but that just restares the scan...
try a search for
ESET
ESETScan.txt
EsetOnlineScanner\log.txt
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Happy New Year!
Hi Juliet,
here's the scan from Eset:
C:\AdwCleaner\quarantine\files\bgukgwojiahklsqqzjxavvmozhdcfkdf\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\bgukgwojiahklsqqzjxavvmozhdcfkdf\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\bgukgwojiahklsqqzjxavvmozhdcfkdf\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\esoexofynmwvfdiwczwotalrusthkjxm\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\esoexofynmwvfdiwczwotalrusthkjxm\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\esoexofynmwvfdiwczwotalrusthkjxm\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\xmtpssrdmpcmsmlhfndniuqvkfbzbuyz\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\xmtpssrdmpcmsmlhfndniuqvkfbzbuyz\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\xmtpssrdmpcmsmlhfndniuqvkfbzbuyz\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\xodblqmblihylsykpxejvdutbomtjukd\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\xodblqmblihylsykpxejvdutbomtjukd\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\xodblqmblihylsykpxejvdutbomtjukd\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\yhbxioprczuceehxwvdyartrsqtzuwjq\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\yhbxioprczuceehxwvdyartrsqtzuwjq\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\yhbxioprczuceehxwvdyartrsqtzuwjq\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files\CCleaner\ccsetup525.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\Installer\f54e8.msi a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
We are still running slow - could that be due to age of computer?
It's possible.We are still running slow - could that be due to age of computer?
Let's remove those 2 files found by Eset, the other files found are already in a quarantine folder.
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
Open FRST/FRST64 and press the > Fix < button just once and wait.start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\CCleaner\ccsetup525.exe
C:\Windows\Installer\f54e8.msi
EmptyTemp:
Hosts:
End
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~
Let's see if there are any startup items we can disable to improve performance.
Go here to download HJT
http://www.bleepingcomputer.com/download/hijackthis/
- Save HJTsetup.exe to your desktop.
- Doubleclick on the HJTsetup.exe icon on your desktop.
- By default it will install to C:\Program Files\Hijack This.
- Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
- Put a check by Create a desktop icon then click Next again.
- Continue to follow the rest of the prompts from there.
- At the final dialogue box click Finish and it will launch Hijack This.
- Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
~~~~~~~~~~~~~~
please post these 2 logs when finished.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Hi juliet,
here's the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:20:38, on 01/01/2017
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16811)
FIREFOX: 49.0.1 (x86 en-GB)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\valerie\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\Users\valerie\AppData\Local\Temp\E_S59C8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'Default user')
O4 - Global Startup: Kaspersky Software Updater Beta.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab...l_4.4.24.0.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate1c95fd8b90ceb00) (gupdate1c95fd8b90ceb00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Kaspersky Security Scan Service (kss) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8001 bytes
And JRT Log:
Fix result of Farbar Recovery Scan Tool (x86) Version: 21-12-2016
Ran by valerie (01-01-2017 15:32:09) Run:3
Running from C:\Users\valerie\Desktop
Loaded Profiles: valerie (Available Profiles: valerie)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\CCleaner\ccsetup525.exe
C:\Windows\Installer\f54e8.msi
EmptyTemp:
Hosts:
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Program Files\CCleaner\ccsetup525.exe => moved successfully
C:\Windows\Installer\f54e8.msi => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10569121 B
Java, Flash, Steam htmlcache => 991 B
Windows/system/drivers => 597083469 B
Edge => 0 B
Chrome => 105472 B
Firefox => 275536507 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 65960 B
LocalService => 0 B
NetworkService => 27058 B
valerie => 70244064 B
RecycleBin => 1401 B
EmptyTemp: => 917.5 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 15:39:22 ====
Are you using Microsoft Security Essentials and Kaspersky Internet Security?
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Hi Juliet,
No, just Windows Essentials - the kaspersky is what we downloaded to scan the comp - but wouldn't run.
Also last night Firefox crashed, tried to refresh but wouldn't load up - so I've uninstalled it for now, so using IE.
Thats strange about Firefox, I have no idea why it would do that.
I looked back through logs to check on Kaspersky, it doesn't appear to be listed in add/remove programs....odd because it was listed in startup programs.
Typically, these entries are infrequently used tasks that can be started manually, if necessary.
Removing/disabling these items from statup will help with system resources.
Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\Users\valerie\AppData\Local\Temp\E_S59C8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKUS\S-1-5-18\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'Default user')
O4 - Global Startup: Kaspersky Software Updater Beta.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
Reboot the computer to set the registry.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.