Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with malware


  • Please log in to reply
17 replies to this topic

#1 choo

choo

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 05 May 2015 - 10:32 PM

I am running Windows 7 professional.  I keep getting Comodo Maleware warnings when I use Firefox browser.  The most recent is #23 Jiokeh9yzbc and it links to C:\Users\MG\Appdata\Local\Temp\tmp-jdp.xpi.  I have scanned with Trend Micro (online) and Malewarebytes.  I found a folder HCBackup that contains a file HCPackage64, HCVersion.xml, and iCRCReserve.temp.   Comodo only quarantines the files.  Can you give me directions for removal?  Thank you,

 



BC AdBot (Login to Remove)

 


m

#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:07 PM

Posted 06 May 2015 - 02:57 AM

Hello there :)

Please follow the instructions below. If you do not understand anything, feel free to stop and ask.

MiniToolbox by Farbar

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Regards,
Alex

#3 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 07 May 2015 - 01:41 PM

Thanks for such a quick reply.  Here is the result from Mini Toolbox

 

MiniToolBox by Farbar  Version: 14-04-2015
Ran by MG (administrator) on 07-05-2015 at 14:29:46
Running from "C:\Users\MG\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: Alienware Area-51 R2 Manufacturer: Alienware
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Killer e2200 Gigabit Ethernet Controller (NDIS 6.30) = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 2 (Media disconnected)
Intel® Dual Band Wireless-AC 7260 = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
TunnelBear Adapter V9 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Roswell
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TunnelBear Adapter V9
   Physical Address. . . . . . . . . : 00-FF-87-34-55-3E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : CE-3D-82-71-E2-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : CE-3D-82-71-E2-02
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 7260
   Physical Address. . . . . . . . . : CC-3D-82-71-E2-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : F8-B1-56-FE-EB-1E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::9924:9aa:9193:6184%16(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, May 07, 2015 1:58:34 PM
   Lease Expires . . . . . . . . . . : Friday, May 08, 2015 1:58:34 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 335065430
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-C7-9B-32-F8-B1-56-FE-EB-1E
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
   Physical Address. . . . . . . . . : CC-3D-82-71-E2-05
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F8B0FE4A-A3A7-4254-86A6-89B44911830F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8734553E-D3E9-4E3F-B3AD-AAC8BD77CD67}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4002:c07::71
      74.125.196.138
      74.125.196.139
      74.125.196.102
      74.125.196.101
      74.125.196.113
      74.125.196.100


Pinging google.com [74.125.196.113] with 32 bytes of data:
Reply from 74.125.196.113: bytes=32 time=26ms TTL=45
Reply from 74.125.196.113: bytes=32 time=21ms TTL=45

Ping statistics for 74.125.196.113:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 26ms, Average = 23ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=76ms TTL=48
Reply from 98.139.183.24: bytes=32 time=67ms TTL=48

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 67ms, Maximum = 76ms, Average = 71ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 26...00 ff 87 34 55 3e ......TunnelBear Adapter V9
 20...ce 3d 82 71 e2 01 ......Microsoft Virtual WiFi Miniport Adapter #2
 19...ce 3d 82 71 e2 02 ......Microsoft Virtual WiFi Miniport Adapter
 18...cc 3d 82 71 e2 01 ......Intel® Dual Band Wireless-AC 7260
 16...f8 b1 56 fe eb 1e ......Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
 14...cc 3d 82 71 e2 05 ......Bluetooth Device (Personal Area Network) #2
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    266
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    266
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 16    266 fe80::/64                On-link
 16    266 fe80::9924:9aa:9193:6184/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/07/2015 01:58:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/06/2015 07:20:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2015 06:33:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/04/2015 08:22:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2015 11:33:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: CTSUApp.exe, version: 1.0.4.0, time stamp: 0x422c00a0
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b3e0
Exception code: 0xc0000374
Fault offset: 0x000cea0b
Faulting process id: 0x1e40
Faulting application start time: 0xCTSUApp.exe0
Faulting application path: CTSUApp.exe1
Faulting module path: CTSUApp.exe2
Report Id: CTSUApp.exe3

Error: (05/03/2015 10:00:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2015 09:47:39 PM) (Source: Application Hang) (User: )
Description: The program Free Roxio Creator 2011 Full V Downloader__3687_i1508012336_il1 version 1.1.5.26 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12cc

Start Time: 01d0860c0bb2f07b

Termination Time: 16

Application Path: C:\Users\MG\Downloads\Free Roxio Creator 2011 Full V Downloader__3687_i1508012336_il1102004.exe

Report Id:

Error: (05/03/2015 09:10:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: EvtEng.exe, version: 17.1.0.0, time stamp: 0x53a1e792
Faulting module name: EvtEng.exe, version: 17.1.0.0, time stamp: 0x53a1e792
Exception code: 0xc0000005
Fault offset: 0x0000000000034501
Faulting process id: 0x5c4
Faulting application start time: 0xEvtEng.exe0
Faulting application path: EvtEng.exe1
Faulting module path: EvtEng.exe2
Report Id: EvtEng.exe3

Error: (05/03/2015 11:29:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2015 11:22:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/03/2015 09:10:52 PM) (Source: Service Control Manager) (User: )
Description: The Intel® PROSet/Wireless Event Log service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/03/2015 11:29:23 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MSICPU_CC service.

Error: (05/02/2015 09:06:46 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MSICPU_CC service.

Error: (05/01/2015 05:38:05 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MSICPU_CC service.

Error: (05/01/2015 11:38:06 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MSICPU_CC service.

Error: (04/30/2015 07:01:24 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MSICPU_CC service.

Error: (04/29/2015 08:16:39 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (04/29/2015 08:16:39 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (04/29/2015 07:44:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MSICPU_CC service.

Error: (04/29/2015 02:44:20 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MSICPU_CC service.


Microsoft Office Sessions:
=========================


=========================== Installed Programs ============================
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Alienware)
Alienware Command Center (HKLM-x32\...\InstallShield_{3B0BFF91-F5EE-4EE3-84B9-5822AF012632}) (Version: 4.0.51.0 - Dell Inc.)
Alienware Command Center (Version: 4.0.51.0 - Dell Inc.) Hidden
Alienware Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
calibre 64bit (HKLM\...\{A96A1330-17E9-485A-BC51-341CF4FE2CE3}) (Version: 2.26.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
COMODO Internet Security (HKLM\...\{E62381A7-B1C1-4121-8262-84D38C77786C}) (Version: 5.12.59641.2599 - COMODO Security Solutions Inc.)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Foundation Services (HKLM\...\{76966FD2-4189-41F1-9CF6-9D177B4DEC97}) (Version: 2.0.42.1 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Halloween Spirit Board 2.1 (HKLM-x32\...\Halloween Spirit Board) (Version: 2.1 - Passfield Games)
HDHomeRun (HKLM\...\{0B2A704F-63C3-4648-A690-82EA9C508A18}) (Version: 1.0.18509.0 - Silicondust)
Helium Music Manager 10.0.1 (HKLM-x32\...\{CF92B1C3-4738-4A0C-83BB-EA9B25DF5D12}}_is1) (Version: 10.0.1.12230 - Imploded Software)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel® Management Engine Components (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (Version: 10.0.2.1000 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® PRO/Wireless Driver (Version: 17.01.0000.1697 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 13.1.0.1058 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.20 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.0.1427.2) (HKLM\...\{302600C1-6BDF-4FD1-1406-148929CC1385}) (Version: 17.1.1406.0472 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{694000a5-c594-49d2-b6e4-ef3960120b0f}) (Version: 17.1.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 17.1.0.0396 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.35.127.1 - Intel Corporation) Hidden
K-Lite Codec Pack 11.1.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.0 - )
Kyodai Mahjongg (HKLM-x32\...\Kyodai Mahjongg_is1) (Version:  - Rene-Gilles Deberdt)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
MiPony 1.4.0 (HKLM-x32\...\MiPony) (Version: 1.4.0 - )
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.7 - Micro-Star Int'l Co., Ltd.)
MSI ODD Monitor (x32 Version: 1.0.0.7 - Micro-Star Int'l Co., Ltd.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 344.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.46 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Control Panel 347.52 (Version: 347.52 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.173.1392 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.42.1080 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.42.1080 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.42.1080 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.42.1080 - Qualcomm Atheros) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39060 - Realtek Semiconductor Corp.)
Sound Blaster Recon3Di (HKLM-x32\...\{FF9FE80C-F189-42CE-83CC-0547DCCB2656}) (Version: 1.00.06 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Stagelight (HKLM\...\Stagelight) (Version: 2.0.0.5045 - Open Labs, LLC.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
TunnelBear (HKLM-x32\...\{e0f2a0a0-0c9a-4732-b06a-c7b175d785d5}) (Version: 2.3.14.0 - TunnelBear)
TunnelBear (x32 Version: 2.3.14.0 - TunnelBear) Hidden
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Y!Fit (HKLM-x32\...\{47C26313-29A9-4AD1-820D-DF7F91591DD8}) (Version: 1.00.0000 - responDESIGN)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 16271.58 MB
Available physical RAM: 13321.22 MB
Total Pagefile: 32541.35 MB
Available Pagefile: 29239.93 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.29 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:1850.17 GB) (Free:1657.83 GB) NTFS
3 Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.47 GB) FAT32
4 Drive y: (RECOVERY) (Fixed) (Total:12.2 GB) (Free:3.8 GB) NTFS

========================= Users: ========================================

User accounts for \\ROSWELL

Administrator            Guest                    MG                       

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

01-05-2015 04:11:11 Windows Update
03-05-2015 01:13:42 Windows Update
03-05-2015 15:24:55 Device Driver Package Install: TunnelBear Provider V9 Network adapters
04-05-2015 01:21:18 TunnelBear
04-05-2015 01:22:07 TunnelBear

**** End of log ****

This is the result from AdwCleaner

 

# AdwCleaner v4.203 - Logfile created 07/05/2015 at 14:32:13
# Updated 30/04/2015 by Xplode
# Database : 2015-05-05.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : MG - ROSWELL
# Running from : C:\Users\MG\Desktop\adwcleaner_4.203.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files\StageLight
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StageLight
Folder Found : C:\Users\MG\AppData\Local\PackageAware

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Conduit

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


*************************

AdwCleaner[R0].txt - [830 bytes] - [07/05/2015 14:32:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [888 bytes] ##########
 

 



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:07 PM

Posted 07 May 2015 - 03:31 PM

Hi there,

Please uninstall Spybot Search & Destroy - it is rather ineffective and TeaTimer interferes with the removal of malware.

Please re-run AdwCleaner, but this time chooses Cleaning for the two following entries:

Folder Found : C:\Users\MG\AppData\Local\PackageAware
Key Found : HKLM\SOFTWARE\Conduit

Do you recognize the StageLight entries?

Please run these afterwards.

Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#5 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 07 May 2015 - 10:22 PM

Stagelight is music software that came on the computer.  I have uninstalled Spybot, disabled anti-virus and run programs.  Here is the JunkWare log 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.8 (05.06.2015:1)
OS: Windows 7 Professional x64
Ran by MG on Thu 05/07/2015 at 22:52:03.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\MG\AppData\Roaming\pcdr





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/07/2015 at 22:54:58.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

This is the Security Check log

 Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
COMODO Antivirus   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 17.0.0.169  
 Mozilla Firefox (37.0.2)
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe
 Alienware Command Center ThermalsWindowsService.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Thanks

 



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:07 PM

Posted 08 May 2015 - 02:35 AM

Hi there,

Please post the cleaning log from AdwCleaner also.

Afterwards please run these.

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

ESET Online Scanner

You will need to use Internet Explorer for this scan.
  • Hold down Ctrl and click here to open ESET Online Scanner in a new window.
  • Click the ESET Online Scanner button.
  • Put a checkmark in "YES, I accept the Terms of Use."
  • Click Start.
  • Accept any security warnings from your browser.
  • Under Scan settings, put a checkmark in Scan Archives.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Scan.
  • ESET Online Scanner will automatically update and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats.
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#7 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 08 May 2015 - 05:16 AM

AdwareCleaning log

# AdwCleaner v4.203 - Logfile created 07/05/2015 at 22:46:03
# Updated 30/04/2015 by Xplode
# Database : 2015-05-05.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : MG - ROSWELL
# Running from : C:\Users\MG\Desktop\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StageLight
[x] Not Deleted : C:\Program Files\StageLight
Folder Deleted : C:\Users\MG\AppData\Local\PackageAware

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Conduit

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


*************************

AdwCleaner[R0].txt - [966 bytes] - [07/05/2015 14:32:13]
AdwCleaner[R1].txt - [1024 bytes] - [07/05/2015 22:43:56]
AdwCleaner[S0].txt - [961 bytes] - [07/05/2015 22:46:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1019  bytes] ##########

MalewareBytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/8/2015
Scan Time: 5:22:44 AM
Logfile: Malewarebytes Scan.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.08.02
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MG

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340018
Time Elapsed: 10 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Zoom.A, HKLM\SOFTWARE\WOW6432NODE\ZoomWebLists, , [fa38e7aa058569cdcd899d31d52e629e],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

ESET

C:\Program Files (x86)\AlienRespawn\Components\DBRUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Software\apk\Angry Birds 2_apkfiles.com.apk    a variant of Android/Inmobi.A potentially unsafe application
C:\Software\apk\flappy_bird.apk    a variant of Android/TrojanSMS.Agent.ANC trojan

 

AlienRespawn is software that shipped with the computer.  Thanks


Edited by choo, 08 May 2015 - 05:19 AM.


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:07 PM

Posted 08 May 2015 - 05:23 AM

And I recognize Flappy Bird... something my countrymen is proud of :lol:

Can you use Firefox normally and see if Comodo Internet Security still throws warnings?

Thank you.

Regards,
Alex

#9 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 08 May 2015 - 12:18 PM

Comodo is not throwing up any warnings. Firefox seems to be OK.  Those two files are gone!  I have a folder that concerns me it is located in MG/AppData/LocalTemp/HCBackup

It showed up on the same day as the problem started.  It contains AUCache, AUStrg, 7zip HCPackage 64, and HCVersion64.xml.temp.  I think this is what started this problem. Should  I delete it?  Thanks



#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:07 PM

Posted 08 May 2015 - 12:41 PM

Hi there,

Yes, you can delete the folder - it is related to Trend Micro HouseCall.

Regards,
Alex

#11 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 08 May 2015 - 02:59 PM

I can't thank you enough for all your help.  Can I delete the programs and files that were created?  Do you think that it is all gone?  Is there anything else I should do? 



#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:07 PM

Posted 08 May 2015 - 03:03 PM

Hi there,

I want to do a little checkup.

Can you open Comodo Internet Security's GUI and see if its firewall is enabled?

Thank you.

Regards,
Alex

#13 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 08 May 2015 - 03:14 PM

On the summary for Comodo it says firewall - safe mode, defense- safe mode, and antivirus - stateful.



#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:07 PM

Posted 08 May 2015 - 03:25 PM

Hi there,

Can you take a screenshot of the Comodo GUI, then post it here?

You can upload the screenshot to an external image hosting service (i.e. Imgur), then copy the link into your post.

Thank you.

Regards,
Alex

#15 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 08 May 2015 - 03:49 PM

Hope this is correct

http://i.imgur.com/g5xDv9f.png






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users