Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alexa51


  • Please log in to reply
17 replies to this topic

#1 26halo26

26halo26

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 12 May 2016 - 12:04 PM

It seems that everytime I reboot I am greeting by AVG with a warning that I am infected by a Trojan called Alexa.51.  AVG 'removes' it, but it just recurs.  I also am running hitman and I think it is finding the same thing but it also asks for reboot, and it's there when I reboot.  So I know I'm infected, I just have no idea what to do.

Please help....



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:50 PM

Posted 12 May 2016 - 12:27 PM

Welcome to BC...

 

The programs below should remove Alexa.51 and other adware and malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 26halo26

26halo26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 12 May 2016 - 10:28 PM

THANKS very much.  I followed all the steps. My logs follow:

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 5/12/2016

Scan Time: 7:26 PM

Logfile:

Administrator: Yes

 

Version: 2.2.1.1043

Malware Database: v2016.05.12.07

Rootkit Database: v2016.05.06.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 10

CPU: x86

File System: NTFS

User: Eli

 

 

MALWARE BYTES SCAN (Didn’t seem to identify any threats)

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 379654

Time Elapsed: 20 min, 47 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

ADWCLEANER LOG

 

# AdwCleaner v5.116 - Logfile created 12/05/2016 at 21:54:49

# Updated 09/05/2016 by Xplode

# Database : 2016-05-09.1 [Server]

# Operating system : Windows 10 Pro  (X86)

# Username : Eli - PC2

# Running from : C:\Users\Eli\Desktop\AdwCleaner(1).exe

# Option : Clean

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

[-] Service Deleted : WtuSystemSupport

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\ProgramData\AVG Secure Search

[-] Folder Deleted : C:\ProgramData\avg web tuneup

[#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search

[#] Folder Deleted : C:\ProgramData\Application Data\avg web tuneup

[-] Folder Deleted : C:\Program Files\avg web tuneup

[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

[-] Folder Deleted : C:\Users\Eli\AppData\Local\avg web tuneup

[-] Folder Deleted : C:\Users\Eli\AppData\LocalLow\avg web tuneup

[-] Folder Deleted : C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn

 

***** [ Files ] *****

 

[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

[-] File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\gf386jr4.default\extensions\Avg@toolbar.xpi

[-] File Deleted : C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage

 

***** [ DLLs ] *****

 

 

***** [ WMI ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh

[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj

[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKLM\SOFTWARE\AVG Tuneup

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [vProt]

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\gf386jr4.default\prefs.js] Deleted : user_pref("avg.wtu.ext.extParams", "{\"action\":\"extParams\",\"data\":{\"searchParams\":{\"pid\":\"wtu\",\"cid\":\"{55868161-c65c-49cc-b940-e4bf574611a0}\",\"mid\":\"a1b85392032347d293f629f8102238d8-[...]

[-] [C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com

[-] [C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

[-] [C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chfdnecihphmhljaaejmgoiahnihplgn

 

*************************

 

:: "Tracing" keys deleted

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner\AdwCleaner[C1].txt - [5383 bytes] - [12/05/2016 21:54:49]

C:\AdwCleaner\AdwCleaner[R0].txt - [1366 bytes] - [24/06/2014 15:55:27]

C:\AdwCleaner\AdwCleaner[R1].txt - [1080 bytes] - [25/06/2014 11:44:14]

C:\AdwCleaner\AdwCleaner[S0].txt - [1439 bytes] - [24/06/2014 15:56:47]

C:\AdwCleaner\AdwCleaner[S1].txt - [6495 bytes] - [25/06/2014 11:51:32]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5748 bytes] ##########

 

 

 

JUNKWARE REMOVAL TOOL

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.6 (04.25.2016)

Operating System: Windows 10 Pro x86

Ran by Eli (Administrator) on Thu 05/12/2016 at 22:05:06.41

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 0

 

 

 

 

Registry: 0

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 05/12/2016 at 22:06:22.57

End of JRT log

 

 

 

ESET ONLINESCAN RESULTS

 

C:\Users\Eli\Desktop\New folder\drofficedocskarens\Downloads\asc-setup.exe            a variant of Win32/Toolbar.Widgi potentially unwanted application             deleted

C:\Users\Eli\Desktop\New folder\drofficedocskarens\Downloads\FDM_Setup(2).exe Win32/Toolbar.Zugo potentially unwanted application    deleted

C:\Users\Eli\Desktop\New folder\drofficedocskarens\Downloads\FDM_Setup.exe       Win32/Toolbar.Zugo potentially unwanted application    deleted

C:\Users\Eli\Desktop\New folder\drofficedocskarens\Downloads\imf-setup.exe           a variant of Win32/Toolbar.Widgi potentially unwanted application             deleted

C:\Users\Eli\Desktop\New folder\drofficedocskarens\Downloads\sd2-setup220.exe    a variant of Win32/Toolbar.Widgi potentially unwanted application             deleted

C:\Users\Eli\Downloads\ccsetup517.exe              Win32/Bundled.Toolbar.Google.D potentially unsafe application                deleted

C:\Users\Eli\Downloads\KeyFinderInstaller.exe               Win32/OpenCandy potentially unsafe ap



#4 26halo26

26halo26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 12 May 2016 - 10:32 PM

I'm running a full scan now on AVG --- but it seem slike it may have another half hour to go and it's 11:30 PM.  I'll post the result tomorrow morning, as well as letting you know if the virus reappears when i reboot.  Thanks very much --- hopefully I'll have an update up by around 11 AM.



#5 26halo26

26halo26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 12 May 2016 - 10:54 PM

OK, the scan finished.  Bad news.  First, the long scan said that there were no threats detected.  However, rebooting Windows 10 resulted (after a pretty long boot time which got me wondering if something was wrong) in an AVG message popping up telling me that a threat was discovered (on the quick scan that occurs everytime I boot).

 

It Said the threat identity was: IDP.ALEXA.51

C:\windows\system32\windowspowershell\v1.0\powershell.exe

 

... and asked me, as it had so many times before (starting this morning), if I wanted to remove it or ignore it permannetly.  I of course chose remove, and it reprts that the threat is removed, but I know it isn't, because that's what it told me the last ten times.  (Additionally, Hitman Pro, which I downloaded earlier today has the follwoing message, as it did every time today:

Malicious software detected, close applications and click next to remove.

?1 133c7ee                                            TROJAN      

HKU\S-1-5-21-93976130-3316823867-8882184-1000\Microsoft\Windows\CurrentVersion\Run\

 

This is the same messgae I have been receiving all day.  ARGh! 

What shoudl my next sterp be. I'll click quarantine on hitman, but it seems that it keeps coming back.



#6 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:50 PM

Posted 13 May 2016 - 04:44 AM

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 26halo26

26halo26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 13 May 2016 - 10:17 AM

startup list

Yes    HKCU:Run    Amazon Music    Amazon Services LLC    Eli    "C:\Users\Eli\AppData\Local\Amazon Music\Amazon Music Helper.exe"
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    Eli    "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes    HKCU:Run    OneDrive    Microsoft Corporation    Eli    "C:\Users\Eli\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    All users    "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes    HKLM:Run    APSDaemon    Apple Inc.    All users    "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes    HKLM:Run    AVG_UI    AVG Technologies CZ, s.r.o.    All users    "C:\Program Files\AVG\Av\avuirunnerx.exe" C:\Program Files\AVG\Av\avgui.exe
Yes    HKLM:Run    AvgUi    AVG Technologies CZ, s.r.o.    All users    "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
Yes    HKLM:Run    BrStsMon00    Brother Industries, Ltd.    All users    C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
Yes    HKLM:Run    ControlCenter4    Brother Industries, Ltd.    All users    C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
Yes    HKLM:Run    DBRMTray    Dell Computer Corporation    All users    C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
Yes    HKLM:Run    LogMeIn GUI    LogMeIn, Inc.    All users    "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
Yes    HKLM:Run    RtHDVCpl    Realtek Semiconductor Corp.    All users    "C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe"
Yes    HKLM:Run    StartCCC    Advanced Micro Devices, Inc.    All users    "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
Yes    HKLM:Run    USB3MON    Intel Corporation    All users    "C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes    HKLM:Run    WRSVC    Webroot    All users    "C:\Program Files\Webroot\WRSA.exe" -ul
Yes    Startup Common    QuickBooks Database Server Manager.lnk    Intuit    All users    C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe
No    Startup Common    QuickBooks Update Agent.lnk    Intuit Inc.    All users    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
Yes    Startup User    4999.lnk    Microsoft Corporation    Eli    C:\Windows\System32\cmd.exe
 


scheduled task list



#8 26halo26

26halo26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 13 May 2016 - 10:18 AM

scheduled task list (sorry for the typo at the end of the last post, I meant to attached the words "scheduled task list" to the following:)

 

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    All users    C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    Amazon Music Helper        Eli    C:\Users\Eli\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    Eli    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    All users    C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    All users    C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    {5A633135-E64B-48F1-AB97-572D1FD302A1}    Microsoft Corporation    Eli    C:\Windows\system32\pcalua.exe -a C:\Users\Eli\Downloads\Always_1_2_setup.exe -d C:\Users\Eli\Downloads
Yes    Task    {DCDA54F8-C3AD-4D5F-ABAA-068342389D75}    Microsoft Corporation    Eli    C:\Windows\system32\pcalua.exe -a E:\windirstat1_1_2_setup.exe -d E:\
 



#9 26halo26

26halo26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 13 May 2016 - 10:20 AM

UNINSTALL LIST

 

 

Twitter    Twitter Inc.    5/13/2016        5.0.3.0    All users
Webroot SecureAnywhere    Webroot    5/12/2016    852 KB    9.0.8.100    All users
Malwarebytes Anti-Malware version 2.2.1.1043    Malwarebytes    5/12/2016    66.8 MB    2.2.1.1043    All users
HitmanPro 3.7    SurfRight B.V.    5/12/2016    10.0 MB    3.7.14.265    All users
ESET Online Scanner v3        5/12/2016            All users
CCleaner    Piriform    5/12/2016        5.17    All users
AVG Protection    AVG Technologies    5/12/2016        2016.71.7597    All users
Xbox    Microsoft Corporation    5/11/2016        15.17.3003.0    All users
OneNote    Microsoft Corporation    5/6/2016        17.6868.57841.0    All users
Mozilla Maintenance Service    Mozilla    5/6/2016    341 KB    46.0.1.5966    All users
Mozilla Firefox 46.0.1 (x86 en-US)    Mozilla    5/6/2016    93.9 MB    46.0.1    All users
Sway    Microsoft Corporation    5/5/2016        17.6965.45161.0    All users
Get Office    Microsoft Corporation    5/5/2016        17.6927.23501.0    All users
Candy Crush Soda Saga    king.com    5/4/2016        1.65.800.0    All users
Mail and Calendar    Microsoft Corporation    5/4/2016        17.6868.40731.0    All users
Store    Microsoft Corporation    5/2/2016        11602.1.26.0    All users
Weather    Microsoft Corporation    5/2/2016        4.9.51.0    All users
Sports    Microsoft Corporation    5/2/2016        4.9.51.0    All users
Money    Microsoft Corporation    5/2/2016        4.9.51.0    All users
Microsoft Wi-Fi    Microsoft Corporation    5/2/2016        1.1604.4.0    All users
News    Microsoft Corporation    5/2/2016        4.9.51.0    All users
Messaging + Skype    Microsoft Corporation    4/18/2016        2.15.20002.0    All users
Phone    Microsoft Corporation    4/18/2016        2.15.28004.0    All users
AVG Web TuneUp    AVG Technologies    4/12/2016        4.2.9.726    All users
Movies & TV    Microsoft Corporation    4/8/2016        3.6.19761.0    All users
Camera    Microsoft Corporation    4/8/2016        2016.325.60.0    All users
Picasa 3    Google, Inc.    4/7/2016    82.2 MB    3.9.140.248    All users
Adobe Flash Player 21 NPAPI    Adobe Systems Incorporated    4/7/2016    5.65 MB    21.0.0.213    All users
People    Microsoft Corporation    4/5/2016        10.0.10811.0    All users
Get Started    Microsoft Corporation    3/29/2016        3.5.11.0    All users
Photos    Microsoft Corporation    3/29/2016        16.325.12390.0    All users
Alarms & Clock    Microsoft Corporation    3/25/2016        10.1603.12020.0    All users
VLC media player    VideoLAN    3/16/2016    115 MB    2.2.1    All users
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    3/16/2016    4.71 MB    6.0.1.6075    All users
QuickBooks Pro 2007        3/16/2016    379 MB        All users
Microsoft Office Small Business 2007    Microsoft Corporation    3/16/2016    21.1 MB    12.0.4518.1014    All users
Microsoft Office Enterprise 2007    Microsoft Corporation    3/16/2016    21.1 MB    12.0.4518.1014    All users
Microsoft Office Basic 2007    Microsoft Corporation    3/16/2016    21.1 MB    12.0.4518.1014    All users
Microsoft Mouse and Keyboard Center    Microsoft Corporation    3/16/2016    39.0 MB    2.3.188.0    All users
Canon My Printer    Canon Inc.    3/16/2016    10.3 MB    3.2.0    All users
Canon MP Navigator 2.2        3/16/2016    22.7 MB        All users
Adobe Shockwave Player 12.1    Adobe Systems, Inc.    3/16/2016    33.1 MB    12.1.0.150    All users
Adobe AIR    Adobe Systems Incorporated    3/16/2016    23.0 MB    4.0.0.1390    All users
Windows DVD Player    Microsoft Corporation    3/8/2016        3.6.13291.0    All users
Maps    Microsoft Corporation    3/8/2016        4.1601.10150.0    All users
Groove Music    Microsoft Corporation    3/8/2016        3.6.15131.0    All users
Phone Companion    Microsoft Corporation    3/8/2016        10.1602.3010.0    All users
Calculator    Microsoft Corporation    3/8/2016        10.1601.49020.0    All users
Voice Recorder    Microsoft Corporation    3/8/2016        10.1512.21110.0    All users
3D Builder    Microsoft Corporation    3/8/2016        10.10.38.0    All users
App connector    Microsoft Corporation    3/8/2016        1.3.3.0    All users
Get Skype    Skype    3/8/2016        3.2.1.0    All users
WinDirStat 1.1.2        3/8/2016            Eli
OpenAL        3/8/2016            All users
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030    Microsoft Corporation    3/8/2016    17.3 MB    11.0.61030.0    All users
Microsoft .NET Framework 1.1        3/8/2016            All users
HandBrake 0.9.9.1        3/8/2016        0.9.9.1    All users
Canon MP530        3/8/2016            All users
Canon Easy-PhotoPrint EX    Canon Inc.    3/8/2016        4.1.6    All users
AMD Catalyst Control Center    AMD    3/8/2016        1.00.0000    All users
Amazon Music    Amazon Services LLC    3/8/2016        4.1.0.1229    Eli
QuickTime 7    Apple Inc.    2/22/2016    95.3 MB    7.79.80.95    All users
Microsoft Silverlight    Microsoft Corporation    1/14/2016    63.2 MB    5.1.41212.0    All users
LogMeIn Client    LogMeIn, Inc.    12/9/2015    19.9 MB    1.3.1675    All users
Citrix Online Launcher    Citrix    9/16/2015    302 KB    1.0.335    Eli
CNebulaX    José Ramón Torres Lapasió    6/8/2015    79.5 MB    1.5.0.0    Eli
Cartes du Ciel V3.10        5/8/2015    91.1 MB        All users
C2A        5/7/2015    109 MB        All users
Java 8 Update 40    Oracle Corporation    3/16/2015    9.52 MB    8.0.400    All users
Apple Software Update    Apple Inc.    1/5/2015    4.53 MB    2.1.3.127    All users
Apple Application Support    Apple Inc.    1/5/2015    83.6 MB    2.3.6    All users
TheSkyX First Light Edition version 10.2.0 Build 6408        11/26/2014    561 MB    10.2.0 Build 6408    All users
The Wolf Among Us    Telltale Games    9/18/2014    2.16 GB    1.0.0.0    All users
Visual Studio 2012 x86 Redistributables    AVG Technologies CZ, s.r.o.    7/16/2014    40.0 KB    14.0.0.1    All users
LogMeIn    LogMeIn, Inc.    6/9/2014    158 MB    4.1.4400    All users
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319    Microsoft Corporation    4/1/2014    22.0 MB    10.0.30319    All users
Magical Jelly Bean KeyFinder    Magical Jelly Bean    4/1/2014    1.96 MB    2.0.10.9    All users
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    3/27/2014    2.67 MB    4.20.9876.0    All users
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    3/27/2014    70.0 KB    4.20.9870.0    All users
VNC Viewer 5.1.0    RealVNC Ltd    3/25/2014    5.06 MB    5.1.0    All users
VNC Server 5.1.0    RealVNC Ltd    3/25/2014    21.7 MB    5.1.0    All users
SupportSoft Assisted Service    SupportSoft    3/25/2014    5.38 MB    15    All users
Remote Deposit Client    BankServ    3/25/2014    2.49 GB    1.3.11.6    All users
QuickBooks Product Listing Service    Intuit    3/25/2014    20.2 MB    2.0.132    Eli
Panini 3.3.1 Universal Installer    Panini    3/25/2014    673 KB    3.3.3    All users
OpenDental    Open Dental Software    3/25/2014    21.4 MB    11.1.27    All users
MSXML 4.0 SP2 Parser and SDK    Microsoft Corporation    3/25/2014    2.45 MB    4.20.9818.0    All users
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    3/25/2014    600 KB    8.0.61001    All users
Google Chrome    Google, Inc.    3/25/2014    36.7 MB    50.0.2661.102    All users
Brother MFL-Pro Suite MFC-9560CDW    Brother Industries, Ltd.    3/25/2014    2.49 GB    1.1.5.0    All users
Adobe Reader XI (11.0.06)    Adobe Systems Incorporated    3/25/2014    256 MB    11.0.06    All users
Intel® Control Center    Intel Corporation    2/19/2014        1.2.1.1008    All users
Intel® USB 3.0 eXtensible Host Controller Driver    Intel Corporation    2/19/2014        1.0.8.251    All users
Windows Live Essentials    Microsoft Corporation    2/18/2014        16.4.3505.0912    All users
Microsoft SQL Server 2005 Compact Edition [ENU]    Microsoft Corporation    2/18/2014    3.39 MB    3.1.0000    All users
Microsoft Office    Microsoft Corporation    2/18/2014    260 MB    15.0.4454.1510    All users
Intel® Network Connections 17.2.154.0    Intel    2/18/2014    3.48 MB    17.2.154.0    All users
Dell Client System Update    Dell Inc.    2/18/2014    53.9 MB    1.3.0    All users
Dell Backup and Recovery Manager    Dell Inc.    2/18/2014    167 MB    1.3.1    All users
AMD Catalyst Install Manager    Advanced Micro Devices, Inc.    2/18/2014    26.9 MB    3.0.855.0    All users
 



#10 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:50 PM

Posted 13 May 2016 - 11:15 AM

Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    HKCU:Run    Amazon Music    Amazon Services LLC    Eli    "C:\Users\Eli\AppData\Local\Amazon Music\Amazon Music Helper.exe"
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    Eli    "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

Yes    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    All users    "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes    HKLM:Run    APSDaemon    Apple Inc.    All users    "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

Yes    HKLM:Run    BrStsMon00    Brother Industries, Ltd.    All users    C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
Yes    HKLM:Run    ControlCenter4    Brother Industries, Ltd.    All users    C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun

Yes    HKLM:Run    DBRMTray    Dell Computer Corporation    All users    C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe

Yes    HKLM:Run    WRSVC    Webroot    All users    "C:\Program Files\Webroot\WRSA.exe" -ul

Yes    Startup User    4999.lnk    Microsoft Corporation    Eli    C:\Windows\System32\cmd.exe (Unless you wanted this in startup)

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    Task    Amazon Music Helper        Eli    C:\Users\Eli\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    All users    C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    All users    C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    {5A633135-E64B-48F1-AB97-572D1FD302A1}    Microsoft Corporation    Eli    C:\Windows\system32\pcalua.exe -a C:\Users\Eli\Downloads\Always_1_2_setup.exe -d C:\Users\Eli\Downloads
Yes    Task    {DCDA54F8-C3AD-4D5F-ABAA-068342389D75}    Microsoft Corporation    Eli    C:\Windows\system32\pcalua.exe -a E:\windirstat1_1_2_setup.exe -d E:\

 

Uninstall these programs:

ESET Online Scanner v3        5/12/2016            All users

Candy Crush Soda Saga    king.com    5/4/2016        1.65.800.0    All users

AVG Web TuneUp    AVG Technologies    4/12/2016        4.2.9.726    All users

Adobe AIR    Adobe Systems Incorporated    3/16/2016    23.0 MB    4.0.0.1390    All users

QuickTime 7    Apple Inc.    2/22/2016    95.3 MB    7.79.80.95    All users (no longer supported on Windows)

Java 8 Update 40    Oracle Corporation    3/16/2015    9.52 MB    8.0.400    All users

SupportSoft Assisted Service    SupportSoft    3/25/2014    5.38 MB    15    All users

 

After doing the above and rebooting, please tell me if problems still exist or not.


Edited by buddy215, 13 May 2016 - 11:17 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 26halo26

26halo26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 15 May 2016 - 09:39 AM

I did all the above, with the exception of deleting AVG Web tuneup, because when I tried uninstalling that it said

Error:2 - system can not find specified file



#12 26halo26

26halo26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 15 May 2016 - 10:02 AM

1 other thing.  I ran Hitman Pro one mor etgiem before rebotting, and it said that it still identified
the Trojan which I mentioned in my 9:51 AM post ( a few days ago).  I clicked on it and it said Trojan.Powlicks. 

 

I quarantined that (as I have done so many times before) and next I will reboot and post results.



#13 26halo26

26halo26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 15 May 2016 - 10:53 AM

Ok, we have a problem.......
The pc starts, after a few minutes it tells me in a windows 10 bsod
" your pc has a problem, it will restart aftet we collect data".
"If you want to lesrn about this error, search for
IRQL_NOT_LESS__OR_EQUAL
Netio.sys

I may have omitted a punctuation mark or something small, but the irql message and netio.sys are correct.

Please help, the pc cycles through booting and restarting......

#14 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:50 PM

Posted 15 May 2016 - 11:27 AM

Please download Powelikscleaner (by ESET) and save it to your Desktop.

  • Double-click ESETPoweliksCleaner.exe to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.

1.png
2.png

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 26halo26

26halo26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 15 May 2016 - 12:48 PM

OK, I ran a reset through windows 10 and then ran the tool you sent me --- and it seems like I'm clean! I ran  Hitman pro again and .... clean!

 

So it seems like I'm good. Thanks very much for your help!

 

PS As an amateur astronomer myself, I very much appreciate your quote!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users