Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some malware co-installed with PDFCreator


  • Please log in to reply
11 replies to this topic

#1 dahonk

dahonk

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:42 AM

Posted 25 July 2014 - 12:26 PM

Hello!

 

I recently installed my new computer (Windows 8.1 Pro). Along some other programs, I installed PDFCreator. After the installation was complete, some window popped up and wanted to install something different. I terminated the process with Process Explorer (it didn't even have a cancel or close button). Some components were already installed (without any confirmation), as they could be found in c:\program files (x86). Unfortunatedly, I forgot how the folder was named after removing it.

 

Now I fear that there might be residuals I missed, sitting and waiting somewhere deep in the system. :crazy:

 

I would really appreciate any help! Thank you and best regards

 

DaHonk

 

As for virus protection and personal firewall, I use Comodo Internet Security Premium.



BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 25 July 2014 - 12:56 PM

Hi dahonk and :welcome:

Where have you downloaded PDFCreator?

Removing you mean delete or uninstall?

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Does this process appear again.Can you remember and write the name of it.

Thank you!



#3 dahonk

dahonk
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:42 AM

Posted 25 July 2014 - 02:15 PM

Hello Alex&Vanko and thank you for the warm welcome!

 

I downloaded PDFCreator here, version 1.7.3:

 

[removed link] (which I guessed to be not some dubios source)

 

Removing meant deleting the folder with the strange unwanted installation c:\Program Files (x86)\forgot the name could bite my...\. PDFCreator is still installed.

MiniToolBox by Farbar  Version: 21-07-2014
Ran by SMG (administrator) on 25-07-2014 at 20:54:11
Running from "D:\Users\SMG\Downloads"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




========================= Event log errors: ===============================

Application errors:
==================
Error: (07/25/2014 06:42:44 PM) (Source: MsiInstaller) (User: Sara)
Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219'

Error: (07/25/2014 06:42:43 PM) (Source: MsiInstaller) (User: Sara)
Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219'

Error: (07/24/2014 08:45:55 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume Recovery was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/24/2014 08:23:56 PM) (Source: .NET Runtime) (User: )
Description: Application: SmartAudio.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0020001, exception address 771D1D4D
Stack:

Error: (07/23/2014 10:58:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: AsusTPCenter.exe, version: 1.0.0.69, time stamp: 0x5335253d
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532954fb
Exception code: 0xe06d7363
Fault offset: 0x0000000000005bf8
Faulting process id: 0x8d4
Faulting application start time: 0xAsusTPCenter.exe0
Faulting application path: AsusTPCenter.exe1
Faulting module path: AsusTPCenter.exe2
Report Id: AsusTPCenter.exe3
Faulting package full name: AsusTPCenter.exe4
Faulting package-relative application ID: AsusTPCenter.exe5

Error: (07/22/2014 06:06:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188

Error: (07/22/2014 06:06:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188

Error: (07/22/2014 06:06:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/22/2014 03:43:56 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume Recovery was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/22/2014 03:32:38 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume Recovery was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)


System errors:
=============
Error: (07/25/2014 06:34:26 PM) (Source: DCOM) (User: Sara)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/25/2014 06:33:56 PM) (Source: DCOM) (User: Sara)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/24/2014 08:46:49 PM) (Source: DCOM) (User: Sara)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/24/2014 08:46:19 PM) (Source: DCOM) (User: Sara)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/23/2014 10:48:53 PM) (Source: DCOM) (User: Sara)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/22/2014 03:44:54 PM) (Source: DCOM) (User: Sara)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/22/2014 03:44:24 PM) (Source: DCOM) (User: Sara)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/22/2014 03:33:36 PM) (Source: DCOM) (User: Sara)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/22/2014 03:33:06 PM) (Source: DCOM) (User: Sara)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/21/2014 04:53:42 PM) (Source: DCOM) (User: Sara)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office Sessions:
=========================
Error: (07/25/2014 06:42:44 PM) (Source: MsiInstaller)(User: Sara)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (07/25/2014 06:42:43 PM) (Source: MsiInstaller)(User: Sara)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (07/24/2014 08:45:55 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: RecoveryThe parameter is incorrect. (0x80070057)

Error: (07/24/2014 08:23:56 PM) (Source: .NET Runtime)(User: )
Description: Application: SmartAudio.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0020001, exception address 771D1D4D
Stack:

Error: (07/23/2014 10:58:34 PM) (Source: Application Error)(User: )
Description: AsusTPCenter.exe1.0.0.695335253dKERNELBASE.dll6.3.9600.17055532954fbe06d73630000000000005bf88d401cfa6ad7dea9de1C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exeC:\Windows\system32\KERNELBASE.dll1b8be44a-12ac-11e4-8277-b75f5b84e799

Error: (07/22/2014 06:06:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188

Error: (07/22/2014 06:06:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188

Error: (07/22/2014 06:06:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/22/2014 03:43:56 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: RecoveryThe parameter is incorrect. (0x80070057)

Error: (07/22/2014 03:32:38 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: RecoveryThe parameter is incorrect. (0x80070057)


CodeIntegrity Errors:
===================================
  Date: 2014-07-25 20:52:55.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-25 20:38:15.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-25 20:03:54.420
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-25 19:34:15.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-25 19:04:05.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-25 18:35:11.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-25 18:20:01.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-25 18:13:56.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-25 18:11:40.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 23:23:21.506
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.



=========================== Installed Programs ============================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.145.43581 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.145.43581 - Alcor Micro Corp.) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Backtracker (HKLM-x32\...\{C15C060C-ED1C-49EB-83B3-F7C0FD1CD661}) (Version: 3.0.4 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 3.0.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
COMODO Internet Security Premium (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.29.51 - Conexant)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{65480649-2AA6-4C5C-AAE8-DB35335D98A7}) (Version:  - Microsoft)
Digitale Bibliothek 4 (HKLM-x32\...\Digitale Bibliothek 4) (Version:  - )
IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.1 - IBM Corp)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Idoswin Pro 5.7 (HKLM-x32\...\Idoswin Pro_is1) (Version: 5.7 - Ingo Eckel)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel(R) Experience Center Driver (Version: 1.9.0.8 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.08.0000.1031 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{eff1d9d1-41fa-49ef-a986-082bfe49c293}) (Version: 16.8.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.169.1 - Intel Corporation) Hidden
JabRef 2.10 (HKLM-x32\...\JabRef 2.10) (Version: 2.10 - JabRef Team)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA Control Panel 332.35 (Version: 332.35 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0927 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ownCloud (HKLM-x32\...\ownCloud) (Version: 1.6.1.3267 - ownCloud)
paint.net (HKLM\...\{87D5082F-F857-40FE-9C8A-3F2B6C39F426}) (Version: 4.0.2 - dotPDN LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{A4EACEBA-1944-45DB-B547-8967AA7926B9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{07017577-FBD6-45E2-A796-659E8F428057}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{07017577-FBD6-45E2-A796-659E8F428057}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B23AED0C-4813-4B49-9870-2F0968824E87}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUS_{56962EB1-4DD3-48BB-934B-EA4C4516D89A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUS_{63AED158-0508-4738-A811-840B2053EF3B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PROPLUS_{23073850-B916-414F-9204-AB0512524A6A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUS_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{15033648-0DAB-4BE8-B84B-D1139BD0563F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{15033648-0DAB-4BE8-B84B-D1139BD0563F}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0409-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (05/14/2014 1.0.0.219) (HKLM\...\FDEE821D736774A5824C3D7701C8423487401A6D) (Version: 05/14/2014 1.0.0.219 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinSCP 5.5.4 (HKLM-x32\...\winscp3_is1) (Version: 5.5.4 - Martin Prikryl)
XnViewMP 0.68 (HKLM\...\XnViewMP_is1) (Version: 0.68 - Gougelet Pierre-e)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 8075.06 MB
Available physical RAM: 6462.52 MB
Total Pagefile: 9355.06 MB
Available Pagefile: 7570.04 MB
Total Virtual: 4095.88 MB
Available Virtual: 3981.54 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:95.39 GB) (Free:56.07 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:121.98 GB) (Free:94.96 GB) NTFS

========================= Users: ========================================

User accounts for \\SARA

Administrator            Guest                    SMG                      


**** End of log ****

This installer thingy only appeared once, right after installing PDFCreator. I found out where it originated (some temp folder), terminated it, removed the entry in the temp folder and then removed the new entry in c:\Program Files (x86), which I forgot. :wacko:

 

Thank you for looking into this!


Edited by dahonk, 26 July 2014 - 08:04 AM.


#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 25 July 2014 - 02:39 PM

So it is PUP Optional Monetizer
In Local\Temp\is-P9396.tmp\CBStub.exe

I tried.Remove link.



#5 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 25 July 2014 - 02:54 PM

Please download AdwCleaner by Xplode HERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Please download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

 

After that run Malwarebytes version 2 HERE and will detect it if previous does not:

How to use Malwarebytes

Post the log which is:

Open MalwareBytes Anti-Malware and then click on History

On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.

Go to the bottom left corner to Export and select Text File (*.txt)

Save it to the desktop

 

Is Comodo ok?

 

Thank you!


Edited by Alex&Vanko, 25 July 2014 - 02:57 PM.


#6 dahonk

dahonk
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:42 AM

Posted 25 July 2014 - 05:01 PM

Hello!

 

Drat, I knew there would be stuff like that left behind. There we no options to opt-out in advanced installation or any hints, otherwise I would not have installed this. I this even legal?

 

I could not find the folder "Local\Temp\is-P9396.tmp\CBStub.exe" (I looked in AppData\Local\Temp). Maybe that's what I deleted the first time?

 

"I tried.Remove link."

 

I'm sorry, what do you mean by that?

# AdwCleaner v3.216 - Report created 25/07/2014 at 22:46:31
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : SMG - SARA
# Running from : D:\Users\SMG\Downloads\AV\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\SMG\AppData\Roaming\Mozilla\Firefox\Profiles\x8v9yw9l.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [802 octets] - [11/07/2014 03:57:29]
AdwCleaner[R1].txt - [945 octets] - [25/07/2014 22:45:42]
AdwCleaner[S0].txt - [864 octets] - [11/07/2014 04:00:33]
AdwCleaner[S1].txt - [869 octets] - [25/07/2014 22:46:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [928 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro x64
Ran by SMG on 25.07.2014 at 22:50:57,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\SMG\AppData\Roaming\mozilla\firefox\profiles\x8v9yw9l.default\prefs.js

user_pref("extensions.bootstrappedAddons", "{\"firefox@ghostery.com\":{\"version\":\"5.3.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\SMG\\\\AppData\\\\Roaming\\



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.07.2014 at 23:11:23,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ghostery is junk?

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 25.07.2014
Scan Time: 23:18:54
Logfile: mam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.25.08
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: SMG

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292496
Time Elapsed: 9 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Thank you!!

 

Comodo is ok (even if it did not detect this one). I definitly like it more than Antivir or Avast. The firewall is a bit tricky, the "safe mode" is a bit too welcoming in my opinion. So I made up my own policies. Well, not enough as it seems.



#7 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 26 July 2014 - 07:32 AM

Hi dahonk!

I mean that I Installed PDFCreator from link you posted to see what thread is that.Also to delete link here you posted for PDFCreator editing your post.

If you have suspicion:

Please download the ESET Online Scanner http://download.eset.com/special/eos/esetsmartinstaller_enu.exe and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When completed select Uninstall application on close if you so wish
    Now click on Finish

 

If you want more deeper look:

Agree and download Dr.WEB CureIt http://www.freedrweb.com/download+cureit/?nc=t&lng=en on your desktop.
Start the application.
Choose objects for scan.
Set ticks in all checkboxes
Below choose files and folders for scan.
Set ticks in checkboxes in all your drives/C,D,E etc./
Do a scan and post the result as screenshot.

Comodo is too complicated.

Ghostery is add on for Firefox.

Drat? You used to express annoyance?

Not serious I think - https://www.virustotal.com/en/file/8a397cdbc6b6ae9dd9680c26d1bf257caf65bdcadcabb02bd101fa26e4aaae8b/analysis/

 

Thank you!



#8 dahonk

dahonk
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:42 AM

Posted 26 July 2014 - 10:10 AM

Hello Alex&Vanko!

 

I removed the link from my previous post.

 

This is what the programs found. First ESET:

C:\Users\SMG\AppData\Local\Microsoft\Windows\INetCache\IE\1Y3YFZOV\Setup[1].exe	a variant of Win32/InstallCore.PL potentially unwanted application	deleted - quarantined
C:\Users\SMG\AppData\Local\Microsoft\Windows\INetCache\IE\4WTVKACK\dl[1].htm	a variant of Win32/VOPackage.P potentially unwanted application	deleted - quarantined
C:\Users\SMG\AppData\Local\Microsoft\Windows\INetCache\IE\IWZA5JG6\Setup[1].exe	a variant of Win32/InstallCore.PL potentially unwanted application	deleted - quarantined
C:\Users\SMG\AppData\Local\Microsoft\Windows\INetCache\IE\LLZ401VW\dl[1].htm	a variant of Win32/VOPackage.L potentially unwanted application	deleted - quarantined
C:\Users\SMG\AppData\Local\Temp\ICReinstall_nsmE50A.tmp	a variant of Win32/InstallCore.PL potentially unwanted application	deleted - quarantined
C:\Users\SMG\AppData\Local\Temp\ICReinstall_nsmE50B.tmp	a variant of Win32/InstallCore.PL potentially unwanted application	deleted - quarantined
C:\Users\SMG\AppData\Local\Temp\nsmE50A.tmp	a variant of Win32/InstallCore.PL potentially unwanted application	deleted - quarantined
C:\Users\SMG\AppData\Local\Temp\nsmE50B.tmp	a variant of Win32/InstallCore.PL potentially unwanted application	deleted - quarantined

Now CureIt (instead of a screenshot, that would have shown "No threats detected" or something like that, because it wasn't in english, for what reason ever.)

[...]

Total 74551575463 bytes in 224667 files scanned (435401 objects)
Total 224558 files (435285 objects) are clean
There are no infected objects detected
Total 116 files are raised error condition
Scan time is 00:46:23.455

Since Comodo did not warn me about this Monetizer-thing, I will give ESET a try.

 

I know that Ghostery is an addon for Firefox but I wonder why something there was removed. Maybe this Monetizer added an exclusion, since Ghostery is supposed to block stuff.

 

"Drat" is something like "damn". Expression of annoyance, yes.

 

And again, THANK YOU! :clapping:


Edited by dahonk, 26 July 2014 - 10:12 AM.


#9 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 28 July 2014 - 12:28 PM

Ok.

CureIT just delete.ESET Online scanner you may uninstall standart way from Programs and feature if you did not after scan from window.

Thank you!



#10 dahonk

dahonk
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:42 AM

Posted 29 July 2014 - 07:12 AM

Am I to take it that my computer is clean again?

 

Thank you very much for your time and help!


Edited by dahonk, 29 July 2014 - 07:13 AM.


#11 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 29 July 2014 - 07:20 AM

I do not see this.Is there any Is there any visible problem?



#12 dahonk

dahonk
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:42 AM

Posted 29 July 2014 - 08:07 AM

Everything looks good!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users