Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CloudScanner.Trojan.Gen@2@1 Trojan Downloaded


  • Please log in to reply
14 replies to this topic

#1 ShadowRewind

ShadowRewind

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 24 November 2015 - 06:53 PM

Hey I'm ShadowRewind and I downloaded something without checking it and got a trojan.

So when I was trying to do something from a youtube video I downloaded this application and ran it then my comodo antivirus told me I a malicious program tried to run and that it detected it and blocked it from running successfully. I have a Windows 8.1 Laptop and surprisingly the performance of my computer hasn't decreased or fallen after a restart or anything like that after downloading the trojan. I have ran my comodo antivirus a full scan, quick scan, and a rating scan but for some reason it didn't find anything. Also right after running the application I immediantly deleted it from my computer when that message popped up that may be why comodo didn't find it. I ran hitman pro though just incase and it did detect a trojan but I can't run it and remove it due to the trial license expiring. Also I can't use malwarebytes on my computer because it caused my computer to go into automatic repair mode after restarting and took a while to fix just incase you guys suggest that. That's about what has happened. Thanks! (Accidentally put in wrong forum this is right forum for this right)



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:44 PM

Posted 26 November 2015 - 02:15 PM

Hello,

 

Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe
http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

§  Double-click on the Rkill desktop icon to run the tool.

§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.

§  black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

§  If not, delete the file, then download and use the one provided in Link 2.

§  Do not reboot until instructed.

§  If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from Safe Mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

-----

 

Kaspersky Virus Removal Tool

Please download Kaspersky Virus Removal Tool from here.

§  Right click on KVRT.exe and select Run as Administrator.

§  Read the EULA, then select Accept.

§  Wait for Kaspersky Virus Removal Tool to initialize.

§  In the main screen, select Change parameters, place a checkmark in System drive, then click OK.

§  Click Start scan.

§  Wait for Kaspersky Virus Removal Tool to complete scanning.

§  When the scan is finished, select Neutralize all for all detected objects.

§  Close Kaspersky Virus Removal Tool when done.

Informe me if something is detected.

-----


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 ShadowRewind

ShadowRewind
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 26 November 2015 - 08:16 PM

Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/26/2015 12:20:08 PM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * aupdate.exe debugger. [IFEO Debugger Deleted]
 
Backup Registry file created at:
 C:\Users\jespi_000\Desktop\rkill\rkill-11-26-2015-12-20-17.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 11/26/2015 12:22:22 PM
Execution time: 0 hours(s), 2 minute(s), and 14 seconds(s)
 
For the Kaspersky scan it detected 1 thing


#4 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:44 PM

Posted 27 November 2015 - 03:04 AM

Can you tell me what was found by Kaspersky?

 

Do you still have problems, can you use MBAM?

 

Do you have some problems?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#5 ShadowRewind

ShadowRewind
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 27 November 2015 - 03:00 PM

Kaspersky found something in adwcleaner called Mobogenie but it says it's in quarantine and that kaspersky deleted it. For MBAM I have never used it after the automatic repair loop, that was the first time I actually used MBAM on my computer though. When I used it though it detected a lot of things I think a few 100 PuP on my laptop but that was over a year ago. I've used lots of software to get rid of other viruses on my laptop. Aside from my computer being a bit slower to open and run things like google chrome that's about it. I just want to make sure the trojan didn't get anywhere on my computer.



#6 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:44 PM

Posted 27 November 2015 - 03:40 PM

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices

§  List Users, Partitions and Memory size.

Click Go and post the result (MTB.txt). A copy of MTB.txt will be saved in the same directory the tool is run.

-------

 

Which programs did you used?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#7 ShadowRewind

ShadowRewind
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 27 November 2015 - 04:47 PM

I've used a lot, minitoolbox, tdsskiller, adwcleaner, JRT, esetsmartinstaller, emsisoft emergency kit, comodo dragon(Main Antivirus), hitmanpro, security check, advanced system care, ccleaner, MBAM(Used only once), MBAR, Roguekiller, Combofix, and I think that's about it. I used to post on this website forum before which is why I used these programs.



#8 ShadowRewind

ShadowRewind
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 27 November 2015 - 04:50 PM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by jespi_000 (administrator) on 27-11-2015 at 13:48:06
Running from "C:\Users\jespi_000\Desktop"
Microsoft Windows 8.1  (X64)
Model: HP 2000 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/27/2015 12:59:24 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073422302
 
Error: (11/27/2015 12:48:16 PM) (Source: AdvancedSystemCareService8) (User: )
Description: The handle is invalid
 
Error: (11/27/2015 12:48:16 PM) (Source: AdvancedSystemCareService8) (User: )
Description: The handle is invalid
 
Error: (11/27/2015 12:42:24 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (11/26/2015 04:26:44 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1500
 
Start Time: 01d128a98de705ad
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 86231ba6-949d-11e5-bf90-9cb654422a60
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/26/2015 03:56:48 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f90
 
Start Time: 01d128a55a6bbcc5
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 542e8898-9499-11e5-bf90-9cb654422a60
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/26/2015 03:27:26 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 12dc
 
Start Time: 01d128a12a5bf65d
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 2638dc96-9495-11e5-bf90-9cb654422a60
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/26/2015 02:56:44 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1440
 
Start Time: 01d1289cfa42784e
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: efcf10ae-9490-11e5-bf90-9cb654422a60
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/26/2015 02:31:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: JOSHUA_COMPUTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/26/2015 02:30:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: JOSHUA_COMPUTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (11/27/2015 12:48:21 PM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (11/27/2015 12:48:09 PM) (Source: DCOM) (User: JOSHUA_COMPUTER)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (11/27/2015 12:48:09 PM) (Source: DCOM) (User: JOSHUA_COMPUTER)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (11/27/2015 12:48:09 PM) (Source: DCOM) (User: JOSHUA_COMPUTER)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (11/27/2015 12:48:09 PM) (Source: DCOM) (User: JOSHUA_COMPUTER)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (11/26/2015 02:31:00 PM) (Source: DCOM) (User: JOSHUA_COMPUTER)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (11/26/2015 02:30:04 PM) (Source: DCOM) (User: JOSHUA_COMPUTER)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (11/26/2015 02:22:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (11/26/2015 02:22:22 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (11/26/2015 02:21:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (11/27/2015 12:59:24 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073422302
 
Error: (11/27/2015 12:48:16 PM) (Source: AdvancedSystemCareService8)(User: )
Description: The handle is invalid
 
Error: (11/27/2015 12:48:16 PM) (Source: AdvancedSystemCareService8)(User: )
Description: The handle is invalid
 
Error: (11/27/2015 12:42:24 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (11/26/2015 04:26:44 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20911150001d128a98de705ad4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe86231ba6-949d-11e5-bf90-9cb654422a60microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/26/2015 03:56:48 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20911f9001d128a55a6bbcc54294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe542e8898-9499-11e5-bf90-9cb654422a60microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/26/2015 03:27:26 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.2091112dc01d128a12a5bf65d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe2638dc96-9495-11e5-bf90-9cb654422a60microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/26/2015 02:56:44 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20911144001d1289cfa42784e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exeefcf10ae-9490-11e5-bf90-9cb654422a60microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/26/2015 02:31:00 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: JOSHUA_COMPUTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (11/26/2015 02:30:05 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: JOSHUA_COMPUTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-11-27 13:47:19.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-27 12:47:44.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-27 12:27:29.390
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-27 12:16:12.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-27 11:41:57.012
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-26 17:46:30.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-26 14:01:12.788
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-26 12:19:59.855
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-25 12:40:14.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-25 12:27:04.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
4 Elements II (HKLM-x32\...\WTA-6b165739-cc17-44fb-9161-0b91e6f35d1f) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Airport Mania (HKLM-x32\...\WTA-375a0e55-cd3a-4c16-9a2b-90fc87ad3251) (Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Azteca (HKLM-x32\...\WTA-bd098083-8aec-4116-bc7f-838892f2e5b1) (Version: 2.2.0.97 - WildTangent) Hidden
BattlEye (A2Free) Uninstall (HKLM-x32\...\BattlEye A2 Free) (Version:  - )
Bejeweled 3 (HKLM-x32\...\WTA-48b4081b-9ba4-4d1a-a4ad-2fb3bea18eca) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-228410ec-d7d9-4317-876b-62a7cd04447c) (Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (HKLM-x32\...\WTA-630ca1fd-7cac-459e-b73f-23591c93a24e) (Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
COMODO Internet Security Premium (HKLM\...\{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}) (Version: 8.0.0.4337 - COMODO Security Solutions Inc.)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-fd9dff3b-1e28-4fe7-bf1d-3aac9b60fd53) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-2d250a85-130f-4286-90f6-a0eeaf2af42c) (Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (HKLM-x32\...\WTA-9158d569-bf86-4837-bdd4-5d0f1357d8ca) (Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5108 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-eb90b425-3b16-4c96-b888-94de9a596323) (Version: 3.0.2.32 - WildTangent) Hidden
Driver Booster 2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.0 - IObit)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WTA-0d042821-e5d0-4050-bd92-1162637bd9c0) (Version: 2.2.0.98 - WildTangent) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-6326e85e-a93a-42b9-9d55-6001fce85592) (Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-c31e055b-bd5d-4cf5-957b-f989a59a9b4b) (Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}) (Version: 1.4.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{B2F0406F-1609-489A-8626-7DB46776AB57}) (Version: 1.0.5 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
HydraVision (HKLM-x32\...\{89CE7F9B-B4DF-8585-638B-6BD807ADE9C7}) (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.30 - IObit)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-a411b977-fa79-400a-97c9-66ad88b4f055) (Version: 2.2.0.98 - WildTangent) Hidden
Luxor Evolved (HKLM-x32\...\WTA-2353306b-0f8c-413b-86d6-03f2c12b6d04) (Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-f2881011-c386-4e19-9ebc-e80298e43475) (Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\WTA-e81c4185-304c-4c8f-8b1a-103914a79607) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-41bc01bd-aec8-403e-b222-8ba0f4d48094) (Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-ba445468-a111-4898-9a78-1bc254c48580) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-69038ccf-b460-4b33-b8a7-f5b664264ee2) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-45f7cc77-68d0-4870-bed3-8dd9d4cbc120) (Version: 2.2.0.97 - WildTangent) Hidden
Prio (HKLM\...\Prio) (Version: 2.0.0.2960 - )
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Roads of Rome 3 (HKLM-x32\...\WTA-e34e6e84-4c0e-4852-a3d0-7d7b2d50a91c) (Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (HKLM-x32\...\WTA-eaca0cc1-df9b-4fec-acec-3e74dce6e89d) (Version: 3.0.2.32 - WildTangent) Hidden
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-cc8f5fe4-f5e0-41b3-a0b8-5132e9fbb7c2) (Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
USB Video Device (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10270 - Realtek Semiconductor Corp.)
Vacation Quest™ - Australia (HKLM-x32\...\WTA-f59e06a0-0f6c-4733-90e7-ae6f9c5c5649) (Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
Youda Jewel Shop (HKLM-x32\...\WTA-fae39fc5-aca2-481b-851d-241514319e1b) (Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-0a314f35-ef5e-4c6c-833a-a24a80fe7a65) (Version: 2.2.0.98 - WildTangent) Hidden
 
========================= Devices: ================================
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Device ID: ROOT\STORLIB\0000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 45%
Total physical RAM: 3682.26 MB
Available physical RAM: 2018.45 MB
Total Virtual: 4450.26 MB
Available Virtual: 1983.81 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:442.59 GB) (Free:374.75 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:21.96 GB) (Free:2.19 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\JOSHUA_COMPUTER
 
Administrator            Greg                     Guest                    
jespi_000                
 
 
**** End of log ****


#9 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:44 PM

Posted 27 November 2015 - 05:06 PM

Uninstall:
7-Zip 9.20 (you have WinRAR)
Advanced SystemCare 8
Driver Booster 2 
IObit Uninstaller
Smart Defrag 3
Surfing Protection
 
Update Malwarebytes Anti-Exploit version 1.04.1.1012 to newer version. 
 
You don't have Malwarebytes Anti-Malware installed?

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#10 ShadowRewind

ShadowRewind
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 27 November 2015 - 05:15 PM

I deleted it after the automatic repair loop, do you want me to install it?



#11 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:44 PM

Posted 27 November 2015 - 05:24 PM

If Hitman pro license is expiring you can uninstall it also.

 

I don't think that you are infected anymore. 

 

If Comodo scan is clean, and Kaspersky didn't find anything (Kaspersky found something in AdwCleaner quarantine folder, no big deal) , then you are clean. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#12 ShadowRewind

ShadowRewind
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 27 November 2015 - 05:33 PM

Really! Alright! But what about the trojan that was installed (CloudScanner.Trojan.Gen@2@1) Does that mean that it didn't do anything harmful to my computer at all?



#13 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:44 PM

Posted 27 November 2015 - 05:44 PM

Well, Comodo blocked it, like you said so, and Kaspersky can't find it either. 

 

If you want extra check, do the following:

 

ESET Online Scanner

§  Click here to download the installer for ESET Online Scanner and save it to your Desktop.

§  Disable all your antivirus and antimalware software - see how to do that here.

§  Right click on esetsmartinstaller_enu.exe and select Run as Administrator.

§  Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.

§  Select Enable detection of potentially unwanted applications.

§  Click Advanced Settings, then place a checkmark in the following:

o    Remove found threats

o    Scan archives

o    Scan for potentially unsafe applications

o    Enable Anti-Stealth technology

§  Click Start to begin scanning.

§  ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.

§  When the scan is done, click List threats (only available if ESET Online Scanner found something).

§  Click Export, then save the file to your desktop.

§  Click Back, then Finish to exit ESET Online Scanner.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#14 ShadowRewind

ShadowRewind
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 27 November 2015 - 06:05 PM

No thanks, I think my computer is running good so far and nothing seems wrong with it from my point of view. Thanks Severac! I really appreciate it.



#15 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:44 PM

Posted 27 November 2015 - 06:11 PM

No problem.  :thumbup2:


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users