Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: PC Cleaner & other stuff

  1. #11
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Found quite a bit.

    Please uninstall the following via Programs and Features(right-click the Windows "logo" button > Programs and Features) if it still exists:

    ByteFence Anti-Malware <<Please read http://www.systemlookup.com/O23/6543-rtop_svc_exe.html

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt <--Important
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    C:\Users\HP\AppData\Local\chromium\Application\chrome.exe
    C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    C:\Program Files\ByteFence
    C:\Users\HP\AppData\Local\chromium
    HKU\S-1-5-21-855933916-2125327620-179708743-1000\...\Run: [Chromium] => c:\users\hp\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe
    C:\Program Files\ByteFence\ByteFenceService.exe
    C:\Program Files\ByteFence
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    C:\WINDOWS\System32\Tasks\ByteFence Scan
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
    C:\ProgramData\ByteFence
    C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
    C:\Users\HP\Desktop\Chromium.lnk
    C:\Users\HP\AppData\Local\chromium
    C:\Program Files\ByteFence
    Task: {4CEF578D-6B2E-436B-BE07-CBB3A54FAE9C} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-12-18] (Byte Technologies LLC) <==== ATTENTION
    C:\WINDOWS\System32\Tasks\ByteFence
    Task: {A0DB8712-0297-44B7-96BA-1984D105F115} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-12-18] (Byte Technologies LLC) <==== ATTENTION
    Task: {ED2B6D77-9840-4539-A4B4-45903E49A788} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {FADD8E0C-63AC-4E7B-9D2D-ACE0EAC81653} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-10] (Google Inc.)
    C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    FirewallRules: [{E305633C-BD90-48BD-9DDC-BE301771D2DC}] => C:\Users\HP\AppData\Local\Chromium\Application\chrome.exe
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  2. #12
    Member
    Join Date
    Aug 2008
    Posts
    56

    Default

    Hi Juliet,

    I've uninstalled ByteFence via Apps & Features, then ran Fix

    Here's the FRST fixlog:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
    Ran by HP (19-01-2017 07:36:31) Run:2
    Running from C:\Users\HP\Desktop
    Loaded Profiles: HP (Available Profiles: HP & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    C:\Users\HP\AppData\Local\chromium\Application\chrome.exe
    C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    C:\Program Files\ByteFence
    C:\Users\HP\AppData\Local\chromium
    HKU\S-1-5-21-855933916-2125327620-179708743-1000\...\Run: [Chromium] => c:\users\hp\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe
    C:\Program Files\ByteFence\ByteFenceService.exe
    C:\Program Files\ByteFence
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    C:\WINDOWS\System32\Tasks\ByteFence Scan
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
    C:\ProgramData\ByteFence
    C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
    C:\Users\HP\Desktop\Chromium.lnk
    C:\Users\HP\AppData\Local\chromium
    C:\Program Files\ByteFence
    Task: {4CEF578D-6B2E-436B-BE07-CBB3A54FAE9C} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-12-18] (Byte Technologies LLC) <==== ATTENTION
    C:\WINDOWS\System32\Tasks\ByteFence
    Task: {A0DB8712-0297-44B7-96BA-1984D105F115} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-12-18] (Byte Technologies LLC) <==== ATTENTION
    Task: {ED2B6D77-9840-4539-A4B4-45903E49A788} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {FADD8E0C-63AC-4E7B-9D2D-ACE0EAC81653} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-10] (Google Inc.)
    C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    FirewallRules: [{E305633C-BD90-48BD-9DDC-BE301771D2DC}] => C:\Users\HP\AppData\Local\Chromium\Application\chrome.exe
    EmptyTemp:
    Hosts:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    C:\Users\HP\AppData\Local\chromium\Application\chrome.exe => moved successfully
    "C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" => not found.
    "C:\Program Files\ByteFence" => not found.
    C:\Users\HP\AppData\Local\chromium => moved successfully
    HKU\S-1-5-21-855933916-2125327620-179708743-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium => value removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
    C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
    C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
    ByteFenceService => service not found.
    "C:\Program Files\ByteFence\ByteFenceService.exe" => not found.
    "C:\Program Files\ByteFence" => not found.
    rtop => service not found.
    "C:\WINDOWS\System32\Tasks\ByteFence Scan" => not found.
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware" => not found.
    "C:\ProgramData\ByteFence" => not found.
    C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk => moved successfully
    C:\Users\HP\Desktop\Chromium.lnk => moved successfully
    "C:\Users\HP\AppData\Local\chromium" => not found.
    "C:\Program Files\ByteFence" => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CEF578D-6B2E-436B-BE07-CBB3A54FAE9C} => key not found.
    C:\WINDOWS\System32\Tasks\ByteFence Scan => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence Scan => key not found.
    "C:\WINDOWS\System32\Tasks\ByteFence" => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0DB8712-0297-44B7-96BA-1984D105F115} => key not found.
    C:\WINDOWS\System32\Tasks\ByteFence => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED2B6D77-9840-4539-A4B4-45903E49A788} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED2B6D77-9840-4539-A4B4-45903E49A788} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FADD8E0C-63AC-4E7B-9D2D-ACE0EAC81653} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FADD8E0C-63AC-4E7B-9D2D-ACE0EAC81653} => key removed successfully
    C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
    "C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" => not found.
    "C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe" => not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E305633C-BD90-48BD-9DDC-BE301771D2DC} => value removed successfully
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 32768 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13798972 B
    Java, Flash, Steam htmlcache => 492 B
    Windows/system/drivers => 615924 B
    Edge => 207621195 B
    Chrome => 0 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 0 B
    NetworkService => 13992 B
    HP => 39679186 B
    DefaultAppPool => 0 B

    RecycleBin => 969331 B
    EmptyTemp: => 250.6 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 07:37:34 ====

  3. #13
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    How is it now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #14
    Member
    Join Date
    Aug 2008
    Posts
    56

    Default

    Hi Juliet,

    I have just reinstalled Chrome. It seems better - I'll use it this eve and post back later with an update.

  5. #15
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    that'll work
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #16
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    How we doing?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #17
    Member
    Join Date
    Aug 2008
    Posts
    56

    Default

    Hi Juliet,

    We seem to be doing a lot better. No more pop ups or take overs! Chrome seems to be ok.

  8. #18
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I think your good to go.

    DelFix

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    ***************


    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.

    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #19
    Member
    Join Date
    Aug 2008
    Posts
    56

    Default

    Hi,

    Thought all my problems had finished, I don't know what's happened but I keep getting pop-ups and pages loading - some porno.

    I think whatever has happened has come from a GTA exe file that my son (9yrs) downloaded. I have spoken to him about not clicking Anything on you tube and only watching, but I may have to ban him from the comp.

    Shall I start a new thread?

    Many thanks

  10. #20
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    we can start over here

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Here

    • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
    • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"

    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
    • When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
    • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
    • Please paste the log back into this thread for review

    • Exit Malwarebytes



    ~~~~~~~~~~~~~~~

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
      In order to use AdwCleaner, you have to agree the Eula:
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~
    please post these logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •