Spybot not removing Somoto Better Installer

[Juliet]

Not good when we see cracks/keygens
C:\Users\Ricky\Downloads\Foxit Advanced PDF Editor v3.0.5 Incl Crack [TorDigger]
They mostly come in bundled with unwanted added features.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please go to one of the below sites to scan the following files:
Virus Total (Recommended)
jotti.org
VirScan
click on Browse, and upload the following file for analysis:

C:\Users\Ryan\Downloads\WinZip180.exe


Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

****************

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan completes, press the LIST OF THREATS FOUND button
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
• Include the contents of this report in your next reply.
• Press the BACK button.
• Press Finish

 

[aranthrue]

Update

After running Spybot for my last message, I did not attempt to fix the problems. This morning I ran Spybot again, and this time I chose to fix the problems. I then rebooted and ran Spybot one more time. This time Somoto was not found. It looks like the work you asked me to do removed the underlying disease but left a 'cosmetic' entity which Spybot was able to remove.

Juliet, thank you, you've been a massive help. If you ever find yourself in Glasgow, I'm buying! I'll also be making donations to the guys whose applications ive used.

Thank you once again Juliet.

 

[aranthrue]

Not good when we see cracks/keygens
C:\Users\Ricky\Downloads\Foxit Advanced PDF Editor v3.0.5 Incl Crack [TorDigger]
They mostly come in bundled with unwanted added features.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please go to one of the below sites to scan the following files:
Virus Total (Recommended)
jotti.org
VirScan
click on Browse, and upload the following file for analysis:

C:\Users\Ryan\Downloads\WinZip180.exe


Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

****************

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan completes, press the LIST OF THREATS FOUND button
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
• Include the contents of this report in your next reply.
• Press the BACK button.
• Press Finish

==========================================================================================================================

Sorry, Juliet, I did not see this post until now. I've had malwarebytes for a nnumber of years but I cant remember where I downloaded it from. Ive therefore uninstalled it and installed it again as per your instruction. A scan is running right now. I'll post all results and upload the file on scan completion.

 

[Juliet]

Update

After running Spybot for my last message, I did not attempt to fix the problems. This morning I ran Spybot again, and this time I chose to fix the problems. I then rebooted and ran Spybot one more time. This time Somoto was not found. It looks like the work you asked me to do removed the underlying disease but left a 'cosmetic' entity which Spybot was able to remove.

Juliet, thank you, you've been a massive help. If you ever find yourself in Glasgow, I'm buying! I'll also be making donations to the guys whose applications ive used.

Thank you once again Juliet.

I'll take you up on that beer!

I enjoy helping people who are grateful, and I do not expect to see much with the resulting scans.

After you report back with those, if there is a bad file we will remove it, then we'll remove tools and quarantine folders....giving preventive tips too.

 

[aranthrue]

Virus Total link - https://www.virustotal.com/en/file/...d3330d4f02fae7de1919549e513238864c4/analysis/
============================================================================================


Malwarebytes Scan - This found some of my Nikon RAW photograph files. Possibly because the file name started with an underscore. I cleaned them regardless
============================================================================================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 25/03/2014
Scan Time: 16:26:26
Logfile:
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.25.04
Rootkit Database: v2014.03.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ricky

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331405
Time Elapsed: 44 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.FunMoods.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [98e0bb4c0e6d6bcb6ddc62b20bf717e9],
PUP.Optional.FunMoods.A, HKU\S-1-5-21-752273353-578144960-589867486-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [98e0bb4c0e6d6bcb6ddc62b20bf717e9],
PUP.Optional.FunMoods.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [98e0bb4c0e6d6bcb6ddc62b20bf717e9],
PUP.Optional.FunMoods.A, HKU\S-1-5-21-752273353-578144960-589867486-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [98e0bb4c0e6d6bcb6ddc62b20bf717e9],
PUP.Optional.Funmoods.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [5325d6314a31db5bd3c6260fa45e946c],
PUP.Optional.Funmoods.A, HKU\S-1-5-21-752273353-578144960-589867486-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [5325d6314a31db5bd3c6260fa45e946c],

Registry Values: 1
Trojan.Downloader, HKU\S-1-5-21-752273353-578144960-589867486-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Audio HD Driver, C:\Users\Guest\AppData\Local\Temp\guitarpro.exe, Quarantined, [91e77b8c83f89b9b74717c561ee4e11f]

Registry Data: 0
(No malicious items detected)

Folders: 4
Trojan.Agent, C:\Users\Ricky\20131226, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131229, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20140104, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140105, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],

Files: 94
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4865.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4850.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4851.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4852.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4853.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4854.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4855.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4856.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4857.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4858.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4859.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4860.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4861.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4862.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4863.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4864.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4866.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4867.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4868.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4869.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4870.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4871.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4872.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4873.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4874.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4875.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4876.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4877.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4878.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4879.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4880.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4881.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4882.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4883.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4884.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4885.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4886.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4887.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4888.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4889.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4890.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4891.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4892.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4893.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4902.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4903.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4904.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4905.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4906.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4907.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4908.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4909.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4910.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4911.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4912.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4913.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4914.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4915.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4916.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4917.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4918.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4919.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4920.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4921.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4922.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4923.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4924.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4925.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4926.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4927.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4928.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4929.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4930.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4931.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4932.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4933.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4934.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4935.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4936.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4937.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4938.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4939.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4940.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4941.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4942.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4943.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4944.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4945.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4946.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4947.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4948.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4949.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4950.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4951.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],

Physical Sectors: 0
(No malicious items detected)


(end)



ESETSCAN
===========================================================================================================

C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Temp\guitarpro.exe.xBAD MSIL/Arcdoor.AK worm
C:\FRST\Quarantine\C\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.26.9.505_0\APISupport\APISupport.dll a variant of Win32/Toolbar.Conduit.Z potentially unwanted application
C:\FRST\Quarantine\C\Users\Ricky\AppData\Local\Temp\Windows-Auth-Host-Service.exe.xBAD MSIL/Arcdoor.AK worm
C:\FRST\Quarantine\C\Users\Ryan\AppData\Local\Temp\Windows-Auth-Host-Service.exe.xBAD MSIL/Arcdoor.AK worm
C:\Program Files\Common Files\Windows-Auth-Host-Service.exe MSIL/Arcdoor.AK worm
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Guest\AppData\Roaming\guitarpro.exe MSIL/Arcdoor.AK worm
C:\Users\Guest\Downloads\Never_Blue04_8668_319894.exe Win32/InstallMonetizer.AG potentially unwanted application
C:\Users\Public\Documents\FoxitReader614.0217_enu_Setup.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe MSIL/Arcdoor.AK worm
C:\Users\Ricky\AppData\Roaming\GooglePlug\genius.exe MSIL/Arcdoor.AK worm
C:\Users\Ricky\Downloads\BickhamScriptFancy2_Font_Installer.exe a variant of Win32/OpenInstall potentially unwanted application
C:\Users\Ricky\Downloads\Core-Temp-setup.exe probably a variant of Win32/Complitly.A potentially unwanted application
C:\Users\Ricky\Downloads\CrK.rar a variant of MSIL/HackKMS.A potentially unsafe application
C:\Users\Ricky\Downloads\orionsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Ricky\Downloads\pal_install_r109888.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Ricky\Downloads\Unlockroot\Unlockroot\unlockroot.exe Win32/UnlockRoot potentially unsafe application
C:\Users\Ryan\AppData\Roaming\Audio-HD-Service.exe MSIL/Arcdoor.AK worm
C:\Users\Ryan\Downloads\WinZip180.exe a variant of Win32/OpenInstall potentially unwanted application
D:\My Documents\Downloads\easetup.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application
D:\NewsBin\Amateur_Photographer_-_January_4_2014__UK.zip MSIL/TrojanDownloader.Agent.NZ trojan
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 10.zip a variant of Win32/OpenInstall potentially unwanted application
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 14.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 18.zip multiple threats
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 19.zip MSIL/Arcdoor.AK worm
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 27.zip a variant of Win32/Toolbar.Conduit.Z potentially unwanted application
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 1.zip a variant of Win32/OpenCandy.A potentially unsafe application
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 11.zip a variant of Win32/OpenInstall potentially unwanted application
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 15.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 20.zip Win32/UnlockRoot potentially unsafe application
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 21.zip MSIL/Arcdoor.AK worm


WINZIP180.exe - File Upload Manager refused to allow upload saying it was an invalid file


Did you speak too soon? These scans appear to have been productive. The beer's the being kept cold.

 

[Juliet]

I need a big cold one after that!, just joking.

You had infected backup files too.


I'm going to script Farbar Recovery Scan Tool to reboot the computer at the end to completely remove what was found.
Afterwards please give me an update on how the computer is behaving.
This will be my last post for the night since it's late here but I'll be back in the morning.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
C:\Users\Ryan\Downloads\WinZip180.exe
C:\Program Files\Common Files\Windows-Auth-Host-Service.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
C:\Users\Guest\AppData\Roaming\guitarpro.exe
C:\Users\Guest\Downloads\Never_Blue04_8668_319894.exe
C:\Users\Public\Documents\FoxitReader614.0217_enu_Setup.exe
C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe
C:\Users\Ricky\AppData\Roaming\GooglePlug\genius.exe
C:\Users\Ricky\Downloads\BickhamScriptFancy2_Font_Installer.exe
C:\Users\Ricky\Downloads\Core-Temp-setup.exe
C:\Users\Ricky\Downloads\CrK.rar
C:\Users\Ricky\Downloads\orionsetup.exe
C:\Users\Ricky\Downloads\pal_install_r109888.exe
C:\Users\Ricky\Downloads\Unlockroot\Unlockroot\unlockroot.exe
C:\Users\Ryan\AppData\Roaming\Audio-HD-Service.exe
D:\My Documents\Downloads\easetup.exe
D:\NewsBin\Amateur_Photographer_-_January_4_2014__UK.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 10.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 14.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 18.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 19.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 27.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 1.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 11.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 15.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 20.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 21.zip
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[aranthrue]

FRST fixlog
===================================================================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Ricky at 2014-03-26 07:50:23 Run:3
Running from C:\Users\Ricky\Desktop\New Folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\Ryan\Downloads\WinZip180.exe
C:\Program Files\Common Files\Windows-Auth-Host-Service.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
C:\Users\Guest\AppData\Roaming\guitarpro.exe
C:\Users\Guest\Downloads\Never_Blue04_8668_319894.exe
C:\Users\Public\Documents\FoxitReader614.0217_enu_Setup.exe
C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe
C:\Users\Ricky\AppData\Roaming\GooglePlug\genius.exe
C:\Users\Ricky\Downloads\BickhamScriptFancy2_Font_Installer.exe
C:\Users\Ricky\Downloads\Core-Temp-setup.exe
C:\Users\Ricky\Downloads\CrK.rar
C:\Users\Ricky\Downloads\orionsetup.exe
C:\Users\Ricky\Downloads\pal_install_r109888.exe
C:\Users\Ricky\Downloads\Unlockroot\Unlockroot\unlockroot.exe
C:\Users\Ryan\AppData\Roaming\Audio-HD-Service.exe
D:\My Documents\Downloads\easetup.exe
D:\NewsBin\Amateur_Photographer_-_January_4_2014__UK.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 10.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 14.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 18.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 19.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 27.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 1.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 11.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 15.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 20.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 21.zip
Reboot:
end
*****************

C:\Users\Ryan\Downloads\WinZip180.exe => Moved successfully.
C:\Program Files\Common Files\Windows-Auth-Host-Service.exe => Moved successfully.
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe => Moved successfully.
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe => Moved successfully.
C:\Users\Guest\AppData\Roaming\guitarpro.exe => Moved successfully.
C:\Users\Guest\Downloads\Never_Blue04_8668_319894.exe => Moved successfully.
C:\Users\Public\Documents\FoxitReader614.0217_enu_Setup.exe => Moved successfully.
C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe => Moved successfully.
C:\Users\Ricky\AppData\Roaming\GooglePlug\genius.exe => Moved successfully.
C:\Users\Ricky\Downloads\BickhamScriptFancy2_Font_Installer.exe => Moved successfully.
C:\Users\Ricky\Downloads\Core-Temp-setup.exe => Moved successfully.
C:\Users\Ricky\Downloads\CrK.rar => Moved successfully.
C:\Users\Ricky\Downloads\orionsetup.exe => Moved successfully.
C:\Users\Ricky\Downloads\pal_install_r109888.exe => Moved successfully.
C:\Users\Ricky\Downloads\Unlockroot\Unlockroot\unlockroot.exe => Moved successfully.
C:\Users\Ryan\AppData\Roaming\Audio-HD-Service.exe => Moved successfully.
D:\My Documents\Downloads\easetup.exe => Moved successfully.
D:\NewsBin\Amateur_Photographer_-_January_4_2014__UK.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 10.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 14.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 18.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 19.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 27.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 1.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 11.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 15.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 20.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 21.zip => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====


Hope you slept well, Juliet. How is this looking?

 

[Juliet]

Looks good to me, how's the computer now?

 

[aranthrue]

Everything's ship shape and tickety boo. You're a star, Juliet. Once again, many thanks. I look forward to the beer.

 

[Juliet]

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.

start
DeleteQuarantine:
end

****************

1. Download Delfix from here
2. Ensure Remove disinfection tools is ticked
   Also tick:
   
   • Create registry backup
   • Purge system restore
   
   
   
3. Click Run

Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

***************************

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know

CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

• AdblockPlus, Surf the web without annoying ads!
• Blocks banners, pop-ups and video ads - even on Facebook and YouTube
• Protects your online privacy
• Two-click installation, It's free!
• click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

• Green should be good to go
• Yellow for caution
• Red to stop

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes


WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser ([url]http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))[/url]


Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

• FBI Cyber Education Letter
  USAToday
  infoworld

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach


Free Antivirus-AntiSpyware-Firewall Software

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

[Juliet]

Glad we could help.

Since this issue appears resolved ... this Topic is closed.