Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I received Trojan Virus alert...is my computer infected?


  • Please log in to reply
13 replies to this topic

#1 Arian_A

Arian_A

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 27 January 2016 - 10:04 PM

Hello,

 

My computer seemed fine until today when on my screen I noticed a warning sign that I was attacked by a Trojan virus. A few days ago I noticed that my McAffee OAS was disabled automatically, and I had to turn it on again.

 

My Windows defender is not able to detect anything.

 

Do you think I am infected? Can you please help?

 

Thank you.

Ariana



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,396 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:43 PM

Posted 28 January 2016 - 07:39 AM

Was there a phone number to call in the warning?

There are criminals who are using adware to cause a popup warning that your computer is infected. Those ads usually include

a phone number....if it includes a number...don't call it or click on any link in the warning.

 

Use the programs below to find and remove both adware and malware.

 

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Arian_A

Arian_A
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 12 March 2016 - 08:05 PM

Hello,

 

1) I ran CCleaner, thank you.

2) I can't seem to be able to download "Malwarebytes Anti-Malware". Everytime I click on the "Here" link above, my laptop freezes. Any suggestions how I can make this work?

 

3) I ran ADW AdwCleaner. Results are below:

 

# AdwCleaner v5.101 - Logfile created 12/03/2016 at 20:01:31
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ariana - ARIANA-PC
# Running from : C:\Users\Ariana\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\ByteFence
[-] Folder Deleted : C:\ProgramData\ByteFence
[-] Folder Deleted : C:\ProgramData\{57900b43-be66-89d5-5790-00b43be62d0e}
[-] Folder Deleted : C:\Users\Ariana\AppData\Local\DE93C3D7-1426025916-E111-87B2-B888E3054F5C
[-] Folder Deleted : C:\Users\Ariana\AppData\Roaming\SSN
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Ariana\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Ariana\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search provided by yahoo.com
[-] [C:\Users\Ariana\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_48&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtDyDyE0FyD0CyBtA0ByDtN0D0Tzu0StCyEtBzztN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDyD0C0AtC0FtD0CtGtA0E0FyBtG0EyDzy0DtGyEzzyByDtG0D0DzztCtB0CzyyEyD0Bzz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0F0FyC0FtCyDyDtGzz0EyBtDtGyE0FtByDtGzzzytC0AtGtDyB0Dzy0DtAyByEyDzytB0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D1652192776%26a%3Dwbf_instlmtrx_15_48%26os%3DWindows%2B7%2BHome%2BPremium
[-] [C:\Users\Ariana\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_48&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtDyDyE0FyD0CyBtA0ByDtN0D0Tzu0StCyEtBzztN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDyD0C0AtC0FtD0CtGtA0E0FyBtG0EyDzy0DtGyEzzyByDtG0D0DzztCtB0CzyyEyD0Bzz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0F0FyC0FtCyDyDtGzz0EyBtDtGyE0FtByDtGzzzytC0AtGtDyB0Dzy0DtAyByEyDzytB0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D1652192776%26a%3Dwbf_instlmtrx_15_48%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
[-] [C:\Users\Ariana\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_48&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtDyDyE0FyD0CyBtA0ByDtN0D0Tzu0StCyEtBzztN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDyD0C0AtC0FtD0CtGtA0E0FyBtG0EyDzy0DtGyEzzyByDtG0D0DzztCtB0CzyyEyD0Bzz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0F0FyC0FtCyDyDtGzz0EyBtDtGyE0FtByDtGzzzytC0AtGtDyB0Dzy0DtAyByEyDzytB0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D1652192776%26a%3Dwbf_instlmtrx_15_48%26os%3DWindows%2B7%2BHome%2BPremium
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3379 bytes] - [12/03/2016 20:01:31]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [3422 bytes] - [12/03/2016 19:59:14]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3565 bytes] ##########


#4 Arian_A

Arian_A
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 12 March 2016 - 08:15 PM

Junkware Removal Tool (JRT) results:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64
Ran by Ariana (Administrator) on 12/03/2016 at 20:12:46.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 19

Successfully deleted: C:\ProgramData\0d4294919c9a4941ba7cc97f91f909a5 (Folder)
Successfully deleted: C:\ProgramData\81d19778c51c4881a7eae8f07044d0be (Folder)
Successfully deleted: C:\Users\Ariana\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\Ariana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07KMSLU8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ariana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MVWP50B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ariana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IKMRTH1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ariana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9APCOJ4A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ariana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FELSTIYC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ariana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JY1E12CB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ariana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJYGEZ2I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ariana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4DK0EZ1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07KMSLU8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MVWP50B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IKMRTH1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9APCOJ4A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FELSTIYC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JY1E12CB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJYGEZ2I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4DK0EZ1 (Temporary Internet Files Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/03/2016 at 20:16:31.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#5 Arian_A

Arian_A
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 12 March 2016 - 11:06 PM

Results of ESETScan:

 

C:\Program Files (x86)\Software Secure, Inc\Securexam Student\SoftwareSecure.Security.Client.dll a variant of MSIL/Spy.Keylogger.BHG trojan cleaned by deleting
C:\Users\Ariana\AppData\Roaming\DE93C3D7-1426040259-E111-87B2-B888E3054F5C\vnsm95BF.tmp a variant of Win32/Adware.ConvertAd.KZ.gen application cleaned by deleting
C:\Users\Ariana\Desktop\Misc Folder\SecurexamEnglishFullv803.zip a variant of MSIL/Spy.Keylogger.BHG trojan deleted
 



#6 Arian_A

Arian_A
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 12 March 2016 - 11:57 PM

The computer seems to be working better now...

I was also able to download and run MBAM.  It found and quarantined 3 files and folders but I was unable to export the information to a text file. 

 

Is everything good now?



#7 buddy215

buddy215

  • Moderator
  • 13,396 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:43 PM

Posted 13 March 2016 - 07:40 AM

Open MBAM and click on the History tab. Find the Scan log and copy and paste its contents into your next post....NOT the update history log.

 

It is possible that two items Eset deleted may not of been malicious...a false positive. Do you still need the program Software Secure, Inc\Securexam Student?

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Arian_A

Arian_A
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 13 March 2016 - 11:23 AM

I can open the History Tab, but cannot copy/paste the contents of the Scan log for some reason. I was trying to copy and paste a screen shot here, but that was not possible either. Hence the change of font. 

 

I needed the SecureExam... I see now that the program is not working.



#9 Arian_A

Arian_A
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 13 March 2016 - 11:29 AM

CCleaner Log:

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Google Update Google Inc. "C:\Users\Ariana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run ISUSPM Acresso Corporation C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
Yes HKCU:Run RIMDeviceManager  C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
Yes HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
No HKLM:Run BackupManagerTray NTI Corporation "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run Broadcom Wireless Manager UI Broadcom Corporation C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
Yes HKLM:Run BrStsMon00 Brother Industries, Ltd. C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
Yes HKLM:Run ControlCenter4 Brother Industries, Ltd. C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
No HKLM:Run Dolby Home Theater v4 Dolby Laboratories Inc. "C:\Dolby PCEE4\pcee4.exe" -autostart
Yes HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run IndexSearch Nuance Communications, Inc. "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
No HKLM:Run InstantUpdate Acer Incorporated C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
Yes HKLM:Run IntelTBRunOnce Microsoft Corporation wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
Yes HKLM:Run LManager Dritek System Inc. C:\Program Files (x86)\Launch Manager\LManager.exe
Yes HKLM:Run McAfeeUpdaterUI McAfee, Inc. "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
Yes HKLM:Run PaperPort PTD Nuance Communications, Inc. "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
Yes HKLM:Run PDF5 Registry Controller Nuance Communications, Inc. C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
Yes HKLM:Run PDFHook Nuance Communications, Inc. C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run Power Management Acer Incorporated C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
Yes HKLM:Run PPort12reminder Nuance Communications, Inc. "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
Yes HKLM:Run RIM PeerManager BlackBerry Limited "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
Yes HKLM:Run RIMBBLaunchAgent.exe BlackBerry Limited C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
Yes HKLM:Run RtHDVBg_Dolby Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
Yes HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes HKLM:Run ShStatEXE McAfee, Inc. "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
Yes HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes Startup Common Bluetooth.lnk Broadcom Corporation. C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Yes Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
 



#10 Arian_A

Arian_A
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 13 March 2016 - 11:31 AM

Yes Task abDocsDllLoader Acer Incorporated C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe task
Yes Task AcerCloud Acer C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe task

Scheduled Tasks (CCLeaner)

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task BacKGroundAgent Acer Incorporated C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe task
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskUserS-1-5-21-537470059-3133564665-3931177193-1001Core Google Inc. C:\Users\Ariana\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-537470059-3133564665-3931177193-1001UA Google Inc. C:\Users\Ariana\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task SidebarExecute Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /showGadgets
Yes Task UALU notificatin Acer Incorporated "C:\Program Files\Acer\Acer Updater\UALU.exe"
 



#11 Arian_A

Arian_A
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 13 March 2016 - 11:36 AM

Uninstalled CCleaner. Below is a list of installed programs:

 

 

 

bDocs Acer Incorporated 02/12/2015 158 MB 1.09.2001
abDocs Acer Incorporated 02/12/2015  1.09.2001
abDocs Office AddIn Acer Incorporated 02/12/2015 3.59 MB 3.02.2001
abMedia Acer Incorporated 15/12/2015  2.09.2003.0
abMedia Acer Incorporated 15/12/2015  2.09.2003.0
abPhoto Acer Incorporated 29/11/2015  3.06.2000.22
abPhoto Acer Incorporated 29/11/2015  3.06.2000.22
Acer Backup Manager NTI Corporation 02/04/2012 337 MB 3.0.0.100
Acer Crystal Eye Webcam CyberLink Corp. 08/08/2014 41.3 MB 1.5.2108.00
Acer ePower Management Acer Incorporated 08/08/2014  6.00.3010
Acer eRecovery Management Acer Incorporated 02/04/2012  5.00.3507
Acer Games WildTangent 03/04/2012  1.0.2.5
Acer Instant Update Service Acer Incorporated 08/08/2014 9.40 MB 1.00.3004
Acer Portal Acer Incorporated 05/02/2016  3.09.2002
Acer Portal Acer Incorporated 05/02/2016  3.09.2002
Acer Registration Acer Incorporated 08/08/2014  1.04.3506
Acer ScreenSaver Acer Incorporated 08/08/2014  20.11.1107.1418
Adobe Acrobat Reader DC Adobe Systems Incorporated 08/03/2016 195 MB 15.010.20060
Adobe Acrobat XI Pro Adobe Systems 13/12/2015 6.75 GB 11.0.13
Adobe AIR Adobe Systems Incorporated 03/04/2012  2.6.0.19120
Adobe Flash Player 21 ActiveX Adobe Systems Incorporated 10/03/2016 9.95 MB 21.0.0.182
AOP Framework Acer Incorporated 05/02/2016  3.15.2000.1
AOP Framework Acer Incorporated 05/02/2016  3.15.2000.1
Bing Bar Microsoft Corporation 08/08/2014 27.0 MB 7.0.765.0
BlackBerry 10 Desktop Software BlackBerry 10/06/2015 455 MB 1.1.0.22
Broadcom Card Reader Driver Installer Broadcom Corporation 04/01/2015 2.76 MB 15.0.7.2
Broadcom NetLink Controller Broadcom Corporation 08/08/2014 524 KB 15.0.7.1
Broadcom Wireless Utility Broadcom Corporation 08/08/2014  5.100.82.120
Brother MFL-Pro Suite HL-2280DW Brother Industries, Ltd. 12/09/2014  1.1.3.0
Cantax T1Plus CGA 2013 Wolters Kluwer Limited 27/01/2015 63.4 MB 13.3.0
Cantax T2Plus Educational 14.1 Wolters Kluwer Limited 27/01/2015 62.6 MB 1.0.0
CCH Publications 4.7 CCH Canadian Limited 27/01/2015  4.7
CCleaner Piriform 12/03/2016  5.15
CyberLink MediaEspresso CyberLink Corp. 02/04/2012 164 MB 6.5.1720_38230
Dolby Home Theater v4 Dolby Laboratories Inc 08/08/2014 28.0 MB 7.2.7000.7
ETDWare PS/2-X64 10.6.9.9_WHQL ELAN Microelectronic Corp. 08/08/2014  10.6.9.9
Evernote v. 4.5.2 Evernote Corp. 02/04/2012 170 MB 4.5.2.5866
Fooz Kids FUHU, Inc. 03/04/2012  3.1.2
Fooz Kids Platform FUHU, Inc. 02/04/2012  2.1
Google Chrome Google Inc. 09/08/2014  48.0.2564.116
Identity Card Acer Incorporated 08/08/2014  1.00.3501
Intel® Control Center Intel Corporation 13/03/2016  1.2.1.1007
Intel® Management Engine Components Intel Corporation 13/03/2016  8.0.2.1410
Intel® OpenCL CPU Runtime Intel Corporation 12/03/2016  
Intel® Processor Graphics Intel Corporation 12/03/2016  8.15.10.2653
Intel® Rapid Storage Technology Intel Corporation 13/03/2016  11.1.0.1006
Intel® Turbo Boost Technology Monitor 2.5 Intel 08/08/2014 13.2 MB 2.5.1.0
Intel® USB 3.0 eXtensible Host Controller Driver Intel Corporation 12/03/2016  1.0.4.220
Intel® Trusted Connect Service Client Intel Corporation 08/08/2014 10.6 MB 1.23.605.1
Kobo Kobo Inc. 09/08/2014  2.1.5
Launch Manager Acer Inc. 08/08/2014  5.1.15
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 12/03/2016 66.0 MB 2.2.0.1024
McAfee Agent McAfee, Inc. 09/08/2014 29.8 MB 4.8.0.887
McAfee VirusScan Enterprise McAfee, Inc. 09/08/2014 49.8 MB 8.8.04001
Microsoft .NET Framework 4.5.2 Microsoft Corporation 27/04/2015 38.8 MB 4.5.51209
Microsoft Mouse and Keyboard Center Microsoft Corporation 11/08/2015  2.5.166.0
Microsoft Office Professional Plus 2010 Microsoft Corporation 19/08/2014  14.0.7015.1000
Microsoft Office Professional Plus 2016 - en-us Microsoft Corporation 23/02/2016  16.0.6568.2025
Microsoft OneDrive Microsoft Corporation 05/11/2015 30.6 MB 17.3.4604.0120
Microsoft Silverlight Microsoft Corporation 13/01/2016 249 MB 5.1.41212.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 09/08/2014 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 12/09/2014 3.00 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 08/08/2014 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 10/08/2014 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 02/04/2012 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 08/08/2014 592 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 10/08/2014 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 12/02/2015 14.6 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 12/02/2015 11.1 MB 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 12/02/2015  10.0.50903
Mozilla Firefox 40.0.3 (x86 en-US) Mozilla 15/09/2015 84.7 MB 40.0.3
Mozilla Maintenance Service Mozilla 15/09/2015 233 KB 40.0.3
MSXML 4.0 SP3 Parser Microsoft Corporation 12/09/2014 1.47 MB 4.30.2100.0
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 13/09/2014 1.54 MB 4.30.2117.0
NTI Media Maker 9 NTI Corporation 08/08/2014 0.96 GB 9.0.2.9006
Nuance PaperPort 12 Nuance Communications, Inc. 12/09/2014 201 MB 12.1.0000
Nuance PDF Viewer Plus Nuance Communications, Inc 12/09/2014 38.2 MB 5.30.3290
PaperPort Image Printer 64-bit Nuance Communications, Inc. 12/09/2014 558 KB 1.00.0001
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 08/08/2014  6.0.1.6543
Securexam Software Secure, Inc 09/03/2016  8.0.3
Skype™ 7.18 Skype Technologies S.A. 04/02/2016 79.7 MB 7.18.111
Software Update Wizard (Redist) 4.8 PowerProgrammer 09/03/2016  4.8
Virtual Professional Library CICA 06/02/2016  1
Welcome Center Acer Incorporated 08/08/2014  1.02.3507
WIDCOMM Bluetooth Software Broadcom Corporation 08/08/2014 289 MB 6.5.1.2610
WinRAR 4.20 (64-bit) win.rar GmbH 09/08/2014  4.20.0
WinSCP 5.7.5 Martin Prikryl 15/09/2015 23.6 MB 5.7.5


Edited by Arian_A, 13 March 2016 - 11:43 AM.


#12 buddy215

buddy215

  • Moderator
  • 13,396 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:43 PM

Posted 13 March 2016 - 02:04 PM

Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Google Update Google Inc. "C:\Users\Ariana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run ISUSPM Acresso Corporation C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

Yes HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

Yes HKLM:Run BrStsMon00 Brother Industries, Ltd. C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
Yes HKLM:Run ControlCenter4 Brother Industries, Ltd. C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run IndexSearch Nuance Communications, Inc. "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"

Yes HKLM:Run PaperPort PTD Nuance Communications, Inc. "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
Yes HKLM:Run PDF5 Registry Controller Nuance Communications, Inc. C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
Yes HKLM:Run PDFHook Nuance Communications, Inc. C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe

Yes HKLM:Run PPort12reminder Nuance Communications, Inc. "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

Yes Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
 

 

Disable these Windows Tasks: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Yes Task GoogleUpdateTaskUserS-1-5-21-537470059-3133564665-3931177193-1001Core Google Inc. C:\Users\Ariana\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-537470059-3133564665-3931177193-1001UA Google Inc. C:\Users\Ariana\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes Task UALU notificatin Acer Incorporated "C:\Program Files\Acer\Acer Updater\UALU.exe"

 

Uninstall these Programs:

Acer Games WildTangent 03/04/2012  1.0.2.5

Adobe AIR Adobe Systems Incorporated 03/04/2012  2.6.0.19120

Bing Bar Microsoft Corporation 08/08/2014 27.0 MB 7.0.765.0

 

Update or Uninstall Firefox Browser....to update click on Help > About Firefox > Check for update

 

You should check for updates for Firefox addons....both Extensions and Plug-ins

Click on Tools > addons > Extensions and plug-ins

 

Eset corrupted this program: Securexam Software Secure, Inc 09/03/2016  8.0.3

Uninstall and then install anew. (I hope that is not a problem to do)

 

Did you intentionally install Software Update Wizard (Redist) 4.8 PowerProgrammer 09/03/2016  4.8

If not, you should uninstall.

 

After doing the above and rebooting....please tell me what problems still exist.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 Arian_A

Arian_A
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 13 March 2016 - 04:09 PM

Thank you so much. I disabled and uninstalled the programs above (with exception of updating the Firefox -  I will do it later).

 

Questions:

1) I did not run CCleaner after disabling the programs/windows start ups/tasks because I received that these would removed permanently from the system.

2) I do not know how to remove the Software Update Wizard (I did not install it on purpose). Any advice?

3) Should I keep or uninstall CCleaner?

 

I will reinstall SecureExam again...

 

Everything looks all right now. Thanks so much again!



#14 buddy215

buddy215

  • Moderator
  • 13,396 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:43 PM

Posted 13 March 2016 - 04:47 PM

You should be able to click on the Software Update Wizard in CCleaner's list of installed programs and then

choose Uninstall.

 

Keep CCleaner and run it often to keep the computer clean and as you know now it has other useful tools, too.


Edited by buddy215, 13 March 2016 - 04:49 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users