Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New System icons show up in tray


  • Please log in to reply
31 replies to this topic

#1 CRtea

CRtea

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 09 May 2014 - 03:08 PM

have windows 7 64 bit pro

I paid norton internet security the live fee of $99 to remove malware as i had  something that norton internet security could not remove

they did so and informed me my system was clean when they finished.

Two days later in my icon tray are two items I have not seen before

pia-tray.exe

cltmngui.exe

Nothing shows up as malware when I scan with noton or malware bytes

Just a little worried that every thing is not as it should be as i am on the downside of 70 and not to computer savy.

Thanks

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 09 May 2014 - 04:04 PM

Hallo CRtea and :welcome:

Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Thank you!



#3 CRtea

CRtea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 09 May 2014 - 05:27 PM

thankyou

 

I am 76 yrs old so please bare with me

 

I have both  note pad results but i can't seem to get the paste option to work

 

 



#4 CRtea

CRtea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 09 May 2014 - 05:30 PM

ok i got it

 

 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by chris (administrator) on 09-05-2014 at 16:15:58
Running from "C:\Users\chris\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




========================= Event log errors: ===============================

Application errors:
==================
Error: (05/04/2014 00:16:03 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (05/02/2014 10:48:26 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (04/28/2014 11:28:33 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (04/26/2014 02:34:33 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (04/23/2014 10:42:09 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/22/2014 02:43:31 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/21/2014 09:13:48 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/20/2014 11:30:06 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/19/2014 11:06:25 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (04/19/2014 10:33:33 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (05/09/2014 03:59:57 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (05/09/2014 11:10:16 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (05/09/2014 07:50:48 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (05/08/2014 06:26:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (05/08/2014 04:45:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (05/08/2014 08:19:39 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (05/07/2014 07:10:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (05/07/2014 03:06:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (05/07/2014 09:52:46 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (05/06/2014 05:01:38 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd


Microsoft Office Sessions:
=========================
Error: (05/04/2014 00:16:03 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (05/02/2014 10:48:26 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (04/28/2014 11:28:33 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (04/26/2014 02:34:33 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (04/23/2014 10:42:09 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/22/2014 02:43:31 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/21/2014 09:13:48 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/20/2014 11:30:06 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/19/2014 11:06:25 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (04/19/2014 10:33:33 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005


=========================== Installed Programs ============================

4 Elements II
Adobe Flash Player 13 ActiveX (Version: 13.0.0.206)
Adobe Flash Player 13 Plugin (Version: 13.0.0.206)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Agatha Christie: 4:50 from Paddington
AMD Accelerated Video Transcoding (Version: 12.5.100.21116)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.1116.1515.27190)
AMD Media Foundation Decoders (Version: 1.0.71116.1554)
AMD VISION Engine Control Center (Version: 2012.1116.1515.27190)
Around the World in 80 Days
Bejeweled 3
Big Fish: Game Manager (Version: 3.3.0.2)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.1116.1515.27190)
Catalyst Control Center InstallProxy (Version: 2012.1116.1515.27190)
Catalyst Control Center Localization All (Version: 2012.1116.1515.27190)
CCC Help Chinese Standard (Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (Version: 2012.1116.1514.27190)
CCC Help Czech (Version: 2012.1116.1514.27190)
CCC Help Danish (Version: 2012.1116.1514.27190)
CCC Help Dutch (Version: 2012.1116.1514.27190)
CCC Help English (Version: 2012.1116.1514.27190)
CCC Help Finnish (Version: 2012.1116.1514.27190)
CCC Help French (Version: 2012.1116.1514.27190)
CCC Help German (Version: 2012.1116.1514.27190)
CCC Help Greek (Version: 2012.1116.1514.27190)
CCC Help Hungarian (Version: 2012.1116.1514.27190)
CCC Help Italian (Version: 2012.1116.1514.27190)
CCC Help Japanese (Version: 2012.1116.1514.27190)
CCC Help Korean (Version: 2012.1116.1514.27190)
CCC Help Norwegian (Version: 2012.1116.1514.27190)
CCC Help Polish (Version: 2012.1116.1514.27190)
CCC Help Portuguese (Version: 2012.1116.1514.27190)
CCC Help Russian (Version: 2012.1116.1514.27190)
CCC Help Spanish (Version: 2012.1116.1514.27190)
CCC Help Swedish (Version: 2012.1116.1514.27190)
CCC Help Thai (Version: 2012.1116.1514.27190)
CCC Help Turkish (Version: 2012.1116.1514.27190)
ccc-utility64 (Version: 2012.1116.1515.27190)
Cradle Of Persia
Cradle of Rome 2
Farmscapes
Gardenscapes (Version: 1.0)
Golden Trails - The Western Rush
Golden Trails 2
HL-2240 (Version: 1.0.7.0)
Imperial Island: Birth of an Empire
LG CyberLink LabelPrint (Version: 2.5.2111)
LG CyberLink Power2Go (Version: 6.2.3325)
LG CyberLink PowerBackup (Version: 2.5.5529)
LG CyberLink PowerDVD (Version: 8.0.2815d)
LG CyberLink PowerProducer (Version: 5.0.2.2130)
LG CyberLink YouCam (Version: 2.0.3123)
LG Power Tools (Version: 6.0.3316)
MahJong Suite 2012 v9.0
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 29.0 (x86 en-US) (Version: 29.0)
Mozilla Maintenance Service (Version: 29.0)
Northern Tale (Version: 1.0)
Norton Internet Security (Version: 21.2.0.38)
Potion Bar
PowerChute Personal Edition 3.0.2 (Version: 3.0.2)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.15.209.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.7076)
Romance of Rome
Royal Envoy II
swMSM (Version: 12.0.0.1)
The Lost Inca Prophecy
The Lost Kingdom Prophecy
The Path of Hercules
The Rise of Atlantis
The Snow Fable
The Treasures of Montezuma 3

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 3839.05 MB
Available physical RAM: 2835.61 MB
Total Pagefile: 7676.28 MB
Available Pagefile: 6659.01 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.45 MB

========================= Partitions: =====================================

1 Drive c: (Windows 7) (Fixed) (Total:931.51 GB) (Free:706.78 GB) NTFS

========================= Users: ========================================

User accounts for \\CHRIS-PC

Administrator            chris                    Guest                    
jim                      


**** End of log ****

 

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 13.0.0.206  
 Adobe Reader XI  
 Mozilla Firefox (29.0)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 



#5 CRtea

CRtea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 09 May 2014 - 05:39 PM

I forgot to mention that when I try to turn on windows maintinence a window says file can't be found

 

Sorri to be so disjointed with the info



#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 10 May 2014 - 12:06 PM

Hallo CRtea!

Would you do the following:

Please download RKill by Grinler from HERE and save it to your desktop.

    Rkill
    Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
    Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
    If nothing happens or if the tool does not run, please let me know in your next reply.
    A log pops up at the end of the run. This log file is located at C:\rkill.log.
    Please post the log in your next reply.

 

After that:

Please download AdwCleaner by Xplode HERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Thank you!



#7 CRtea

CRtea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 10 May 2014 - 04:18 PM

 Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton Internet Security  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 13.0.0.206 
 Adobe Reader XI 
 Mozilla Firefox (29.0)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

# AdwCleaner v3.207 - Report created 10/05/2014 at 14:45:35
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : chris - CHRIS-PC
# Running from : C:\Users\chris\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\Users\chris\AppData\Roaming\quickclick
Folder Deleted : C:\Users\jim\AppData\Roaming\quickclick
File Deleted : C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\9tixmc35.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v

[ File : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [2086 octets] - [10/05/2014 14:43:34]
AdwCleaner[S0].txt - [1756 octets] - [10/05/2014 14:45:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1816 octets] ##########

#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 11 May 2014 - 06:42 AM

Hallo CRtea!

Please disable Windows Firewall.

Click Start menu
Open the Control Panel
Click on the Windows Firewall icon.
Click/tap on the Turn Windows Firewall on or off link in the left pane.

 

Start AdwCleaner and click Uninstall button and it will disappear.

 

Please download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

Close it.After that:

 

Download HitmanPro x64 from HERE onto your desktop.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.

 

Thank you!



#9 CRtea

CRtea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 11 May 2014 - 10:07 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by chris on 11/05/2014 at  8:55:53.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\chris\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\bigfishcache"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/05/2014 at  9:00:16.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#10 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 11 May 2014 - 10:20 AM

Ok.Next one.

Thanks.



#11 CRtea

CRtea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 11 May 2014 - 10:23 AM

HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : CHRIS-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : chris-PC\chris
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-05-11 09:13:24
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 38s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 1,770,130
   Files scanned . . . . : 115,849
   Remnants scanned  . . : 799,618 files / 854,663 keys




#12 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 11 May 2014 - 10:24 AM

Is that all?



#13 CRtea

CRtea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 11 May 2014 - 10:33 AM

Yes that is all that was in the log that I copied and posted

#14 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 11 May 2014 - 10:36 AM

Ok.Close it.

What is the situation now?

Are pia-tray.exe and cltmngui.exe existing?



#15 CRtea

CRtea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 11 May 2014 - 10:46 AM

everything seems fine now

pia-tray.exe and cltmngui.exe are gone.

I can't thank you enough for the help.

Not only did you fix my malware problem but you boosted my computer confidence 100%

Never in a million years did I think I could have done this but your directions were clear and concise and easy to follow




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users