Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

headhunt for "FHNH" and "smishing.b"


  • Please log in to reply
14 replies to this topic

#1 Vaxinius

Vaxinius

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 05 February 2016 - 03:54 PM

A friend is telling me that some offending files "FHNH" and "smishing.b" have originated from my computer.

Naturally this is alarming, but I need to transfer data by portable hard drive so this must be fixed. I have had a difficult virus before like 5 years ago, B.exe, but this time I have no symptoms. I'm also finding nothing, but hey Im not an expert on computers either so...

 

So I have been scanning, and scanning some more.

OS: windows 10 home 64 bit

0. plugged in all portable hard drives

1. updated ccleaner and scanned all mediums

2. updated superantispyware and scanned all mediums

3. updated avast antivirus and scanned all mediums but found nothing, tried avast in safemode and it wouldn't load up. Uninstalled and replaced AV with AVG antivirus, updated

4. rebooted in safe mode with networking, unplugged wifi dongle

5. with updated malwarebytes, SAS and virus scan, scanned again with SAS and malware bytes and found some trash but none named the above.

6. with updated virus scan, scanned with AVG, found infections but wouldn't display report at end of scan so I couldn't tell what was done. Virus vault is empty.

7. scanned again with AVG in safe mode and it did the same thing not displaying result of found infections.

8. scanned with AVG not in safe mode and it finished scan and said there were no infections.

This is where I'm at now. Recommendations?

 

NOTE: I don't know how to add an attachment here so you can view my system specs

 

Thanks


Edited by Vaxinius, 05 February 2016 - 04:04 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:09 PM

Posted 05 February 2016 - 05:10 PM

I'm assuming that your friend received a text that contained a link and the text appeared to be sent from you. Criminals

can obfuscate the name of the sender to appear to be from anyone. How the criminal connected you to your friend is

what is not known. But there are known ways this could of happened.

Is that what happened? If not, what medium was used to make your friend think the smishing attack came from you?

 

The Trojan-FHNH tries to find banking info. See Trojan-FHNH - Malware - McAfee Labs Threat Center

If your friend found this trojan on his phone or computer....you should make him/ her aware of what it is capable of.

 

 

Open MBAM and under the History tab find the scan log that contains what it found and removed. Not the update history log.

Please copy and paste that log in your next post.

 

Scan your computer using the programs below.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by buddy215, 05 February 2016 - 05:21 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Vaxinius

Vaxinius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 10 February 2016 - 10:41 AM

Log copied below,

 

I am thinking that somehow malware files were transferred from my computer through my portable hard drive being connected to his computer. I want to make that connection by scanning my computer. ...Will I even be able to find these files on my computer? Or do they cut and paste themselves as they move from one computer to the next, leaving no proof behind?

 

Deal with the smart phone in another thread?

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/5/2016
Scan Time: 8:50 AM
Logfile: mbam log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.05.05
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Vaxinius

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367338
Time Elapsed: 6 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OpenCandy, C:\Users\Vaxinius\Downloads\DTLite4491-0356.exe, Quarantined, [b960ce8f7c1d8caad9d2816b44c0718f],

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by Vaxinius, 10 February 2016 - 10:43 AM.


#4 Vaxinius

Vaxinius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 10 February 2016 - 10:55 AM

# AdwCleaner v5.033 - Logfile created 10/02/2016 at 08:37:31
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Vaxinius - SHWARBY
# Running from : C:\Users\Vaxinius\Desktop\Net Tool Shortcuts\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater40.2.5

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\Users\Vaxinius\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn

***** [ Files ] *****

[-] File Deleted : C:\Users\Vaxinius\AppData\Roaming\Mozilla\Firefox\Profiles\1yq15598.default\Extensions\Avg@toolbar.xpi
[-] File Deleted : C:\Users\Vaxinius\AppData\Roaming\Mozilla\Firefox\Profiles\1yq15598.default\searchplugins\avg-secure-search.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

[-] [C:\Users\Vaxinius\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Vaxinius\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Vaxinius\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chfdnecihphmhljaaejmgoiahnihplgn

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3705 bytes] ##########



#5 Vaxinius

Vaxinius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 10 February 2016 - 11:16 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by Vaxinius (Administrator) on Wed 02/10/2016 at  8:49:05.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/10/2016 at  8:50:34.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 Vaxinius

Vaxinius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 10 February 2016 - 12:36 PM

ESET online scan log

 

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll    a variant of Win32/Systweak.N potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe    a variant of Win32/Systweak potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
C:\Users\Vaxinius\Downloads\winzip19-dl.exe    a variant of Win32/InstallCore.ADX.gen potentially unwanted application    cleaned by deleting
C:\Windows\Installer\14f0067.msi    a variant of Win32/Systweak.L potentially unwanted application    deleted
G:\Mel\Music\david gilmour dimming of day 2009.mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan    cleaned
G:\Mel\Music\gem and the holograms HIT TOP50.mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan    cleaned
G:\Mel\Music\gem and the holograms(Club RMX).mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan    cleaned
G:\Mel\Music\gem and the holograms(Disk 1).mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan    cleaned
G:\Mel\Music\gordie johnson sugar.wma    a variant of WMA/TrojanDownloader.GetCodec.gen trojan    cleaned
G:\Mel\Music\Gorillaz - Rock da house.mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan    cleaned
G:\Mel\Music\quanteisha benjamin-get loose.mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan    cleaned
G:\Mel\Music\Sarach Mclachlan Stupid.wma    a variant of WMA/TrojanDownloader.GetCodec.gen trojan    cleaned
G:\Mel\Music\[iTunes] sarach mclachlan stupid(long edition).mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan    cleaned
G:\MELONPAUL-PC\Backup Set 2015-01-08 114132\Backup Files 2015-01-08 114132\Backup files 2.zip    Win32/DownWare.L potentially unwanted application    deleted
G:\Movies\Daybreakers {2009} DVDRIP. Jaybob\jaybob's_movies_Toolbar_Firefox.xpi    Win32/Toolbar.Conduit.A potentially unwanted application    deleted
G:\Movies\Harry Brown {2009} DVDRIP. Jaybob\jaybob's_movies_Toolbar_Firefox.xpi    Win32/Toolbar.Conduit.A potentially unwanted application    deleted
G:\Movies\Invictus {2009} DVDRIP. Jaybob\jaybob's_movies_Toolbar_Firefox.xpi    Win32/Toolbar.Conduit.A potentially unwanted application    deleted
G:\Movies\Nowhere Boy {2009} DVDRIP. Jaybob\jaybob's_movies_Toolbar_Firefox.xpi    Win32/Toolbar.Conduit.A potentially unwanted application    deleted
G:\Movies\Precious {2009} DVDRIP.Jaybob\jaybob's_movies_Toolbar_Firefox.xpi    Win32/Toolbar.Conduit.A potentially unwanted application    deleted
G:\Movies\The Blind Side {2009} DVDRIP. Jaybob\jaybob's_movies_Toolbar_Firefox.xpi    Win32/Toolbar.Conduit.A potentially unwanted application    deleted
G:\Movies\The Crazies  {2010} DVDRIP. Jaybob\Sherlock Holmes {2009} DVDRIP. Jaybob\jaybob's_movies_Toolbar_Firefox.xpi    Win32/Toolbar.Conduit.A potentially unwanted application    deleted
G:\Movies\The Fourth Kind {2009} DVDRIP. Jaybob\jaybob's_movies_Toolbar_Firefox.xpi    Win32/Toolbar.Conduit.A potentially unwanted application    deleted
G:\Movies\The Informant! {2009} DVDRIP Jaybob\jaybob's_movies_Toolbar_Firefox.xpi    Win32/Toolbar.Conduit.A potentially unwanted application    deleted
G:\Movies\The Lovely Bones {2009} DVDRIP. Jaybob\jaybob's_movies_Toolbar_Firefox.xpi    Win32/Toolbar.Conduit.A potentially unwanted application    deleted
G:\Movies\The Time Traveler's Wife {2009} DVDRIP. Jaybob\jaybob's_movies_Toolbar_Firefox.xpi    Win32/Toolbar.Conduit.A potentially unwanted application    deleted
G:\Movies\Up in the Air {2009} DVDRIP Jaybob\jaybob's_movies_Toolbar_Firefox.xpi    Win32/Toolbar.Conduit.A potentially unwanted application    deleted



#7 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:09 PM

Posted 10 February 2016 - 01:09 PM

Wherever you are downloading music and movies from is infecting your computer as you can see. Possibly uTorrent or other P2P program.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Vaxinius

Vaxinius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 11 February 2016 - 10:18 AM

CCleaner Windows Tab

 

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No    HKCU:Run    DAEMON Tools Lite    Disc Soft Ltd    "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
Yes    HKCU:Run    GoogleDriveSync    Google    "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
Yes    HKCU:Run    RESTART_STICKY_NOTES    Microsoft Corporation    C:\Windows\System32\StikyNot.exe
Yes    HKCU:Run    SpybotPostWindows10UpgradeReInstall    Safer-Networking Ltd.    "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
Yes    HKCU:Run    Steam    Valve Corporation    "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes    HKCU:Run    SUPERAntiSpyware    SUPERAntiSpyware    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
No    HKCU:Run    uTorrent    BitTorrent Inc.    "C:\Users\Vaxinius\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
Yes    HKCU:RunOnce    Uninstall C:\Users\Vaxinius\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64    Microsoft Corporation    C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vaxinius\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
No    HKLM:Run    AvgUi    AVG Technologies CZ, s.r.o.    "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
Yes    HKLM:Run    FAHConsole    Nico Mak Computing    C:\Program Files\File Association Helper\FAHConsole.exe
No    HKLM:Run    iTunesHelper    Apple Inc.    "Y:\Music\iTunesHelper.exe"
Yes    HKLM:Run    Logitech Download Assistant    Microsoft Corporation    C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Yes    HKLM:Run    SDTray    Safer-Networking Ltd.    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No    HKLM:Run    Super-Charger    MSI    C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
No    HKLM:Run    WinampAgent    Nullsoft, Inc.    Y:\Music\Winamp\winampa.exe



#9 Vaxinius

Vaxinius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 11 February 2016 - 10:19 AM

CCleaner Scheduled Tasks tab

 

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
No    Task    Optimize Start Menu Cache Files-S-1-5-21-1653840766-1374053375-1089358563-1001      



#10 Vaxinius

Vaxinius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 11 February 2016 - 10:25 AM

Ccleaner Uninstall log

 

FYI, I uninstall programs from device manager. When I check device manager, I do not see "candy crush" listed under programs, but it is listed in CCleaners uninstall list.

 

3D Builder    Microsoft Corporation    12/13/2015        10.10.38.0
Adobe Acrobat Reader DC    Adobe Systems Incorporated    1/12/2016    375 MB    15.010.20056
Adobe Flash Player 20 NPAPI    Adobe Systems Incorporated    2/10/2016    8.40 MB    20.0.0.306
Adobe SVG Viewer 3.0        1/14/2016    4.91 MB     3.0
Alarms & Clock    Microsoft Corporation    12/29/2015        10.1512.58020.0
App connector    Microsoft Corporation    12/13/2015        1.3.3.0
Apple Application Support (32-bit)    Apple Inc.    12/11/2015    155 MB    4.1.1
Apple Application Support (64-bit)    Apple Inc.    12/11/2015    172 MB    4.1.1
Apple Mobile Device Support    Apple Inc.    12/11/2015    49.4 MB    9.1.0.6
Apple Software Update    Apple Inc.    12/11/2015    4.81 MB    2.1.4.131
AVG    AVG Technologies    2/5/2016        1.31.1.48846
AVG Web TuneUp    AVG Technologies    2/5/2016        4.2.5.441
Bonjour    Apple Inc.    12/11/2015    4.03 MB    3.1.0.1
Calculator    Microsoft Corporation    1/22/2016        10.1601.49020.0
Camera    Microsoft Corporation    2/4/2016        2016.128.10.0
Candy Crush Soda Saga    king.com    2/3/2016        1.58.400.0
Canon iP100 series Printer Driver    Canon Inc.    1/29/2016        
Canon MP Navigator EX 3.0        12/27/2015    72.3 MB    
Canon MP490 series MP Drivers    Canon Inc.    12/12/2015        
CCleaner    Piriform    2/11/2016        5.14
DAEMON Tools Lite    Disc Soft Ltd    12/12/2015        4.49.1.0356
DS-620    Brother Industries, Ltd.    1/25/2015    12.0 KB    1.00.0000
Fallout 4        12/29/2015    2.97 MB    
File Association Helper        1/7/2015        
Get Office    Microsoft Corporation    2/2/2016        17.6628.23511.0
Get Skype    Skype    12/13/2015        3.2.1.0
Get Started    Microsoft Corporation    1/7/2016        2.6.12.0
Google Chrome    Google Inc.    12/24/2013    472 MB    48.0.2564.109
Google Drive    Google, Inc.    2/1/2016    68.4 MB    1.27.1227.2094
Google Earth    Google    6/4/2015    213 MB    7.1.5.1557
Groove Music    Microsoft Corporation    12/13/2015        3.6.15131.0
Hi-Rez Studios Authenticate and Update Service    Hi-Rez Studios    5/5/2015    64.2 MB    3.0.0.0
Homeworld Remastered Collection    Gearbox Software    12/12/2015        
Insurgency    New World Interactive    12/12/2015        
iTunes    Apple Inc.    12/11/2015    318 MB    12.3.2.35
Java 8 Update 73    Oracle Corporation    2/8/2016    88.6 MB    8.0.730.2
Logitech Unifying Software 2.50    Logitech    12/27/2015    6.98 MB    2.50.25
Mail and Calendar    Microsoft Corporation    2/10/2016        17.6568.16901.0
Malwarebytes Anti-Malware version 2.2.0.1024    Malwarebytes    2/5/2016    66.1 MB    2.2.0.1024
Maps    Microsoft Corporation    1/20/2016        4.1601.10150.0
Messaging + Skype    Microsoft Corporation    1/22/2016        2.13.20000.0
Microsoft Chart Controls for Microsoft .NET Framework 3.5    Microsoft Corporation    5/5/2015    6.69 MB    3.5.0.0
Microsoft Silverlight    Microsoft Corporation    1/13/2016    143 MB    5.1.41212.0
Microsoft Solitaire Collection    Microsoft Studios    1/13/2016        3.7.1041.0
Microsoft SQL Server 2005 Compact Edition [ENU]    Microsoft Corporation    10/11/2015    3.85 MB    3.1.0000
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    11/23/2015    2.97 MB    8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    5/5/2015    1.62 MB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    4/1/2014    830 KB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022    Microsoft Corporation    11/21/2015    1.19 MB    9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    5/28/2015    1.19 MB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    5/5/2015    1.18 MB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    4/1/2014    565 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    2/18/2015    18.0 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    2/18/2015    14.7 MB    10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030    Microsoft Corporation    2/10/2016    20.5 MB    11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727    Microsoft Corporation    12/27/2015    17.3 MB    11.0.50727.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030    Microsoft Corporation    12/12/2015    17.3 MB    11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501    Microsoft Corporation    12/12/2015    20.5 MB    12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501    Microsoft Corporation    12/12/2015    17.1 MB    12.0.30501.0
Microsoft Wi-Fi    Microsoft Corporation    12/13/2015        1.1511.2.0
Money    Microsoft Corporation    1/27/2016        4.8.239.0
Movies & TV    Microsoft Corporation    1/29/2016        3.6.16941.0
Mozilla Firefox 43.0.4 (x86 en-US)    Mozilla    1/14/2016    89.5 MB    43.0.4
Mozilla Maintenance Service    Mozilla    1/9/2016    214 KB    43.0.4.5848
MSN Food & Drink    Microsoft Corporation    12/13/2015        3.0.4.336
MSN Health & Fitness    Microsoft Corporation    12/13/2015        3.0.4.336
MSN Travel    Microsoft Corporation    12/13/2015        3.0.4.336
News    Microsoft Corporation    1/27/2016        4.8.239.0
NVIDIA PhysX    NVIDIA Corporation    5/28/2015    157 MB    9.10.0513
OneNote    Microsoft Corporation    2/4/2016        17.6568.15721.0
OpenOffice 4.0.1    Apache Software Foundation    4/1/2014    325 MB    4.01.9714
People    Microsoft Corporation    2/4/2016        10.0.10220.0
Phone    Microsoft Corporation    1/7/2016        2.12.14001.0
Phone Companion    Microsoft Corporation    2/5/2016        10.1602.3010.0
Photos    Microsoft Corporation    2/5/2016        16.201.11370.0
PlanetSide 2    Sony Online Entertainment    12/12/2015        
Project Zomboid    The Indie Stone    12/12/2015        
PunkBuster Services    Even Balance, Inc.    12/12/2015        0.992
Razer Surround Driver Installer version 1.5    inXile Entertainment    1/2/2015    824 KB    1.5
Reader    Microsoft Corporation    2/9/2016        6.4.9926.18190
SketchUp 8    Trimble Navigation Limited    2/3/2016    123 MB    3.0.15158
Sports    Microsoft Corporation    1/27/2016        4.8.239.0
Spybot - Search & Destroy    Safer-Networking Ltd.    2/5/2016    154 MB    2.4.40
SpywareBlaster 5.4    BrightFort LLC    2/5/2016    9.16 MB    5.4.0
Steam    Valve Corporation    12/14/2015        2.10.91.91
Store    Microsoft Corporation    1/28/2016        2015.25.24.0
Super-Charger    MSI    12/24/2013    9.04 MB    1.2.018
SUPERAntiSpyware    SUPERAntiSpyware.com    12/27/2015    10.4 MB    6.0.1186
Sway    Microsoft Corporation    2/2/2016        17.6629.20261.0
System Requirements Lab    Husdawg, LLC    10/10/2015    1.20 MB    6.1.6.0
Total War: ROME II - Emperor Edition    Creative Assembly    2/4/2016    24.5 GB    
Twitter    Twitter Inc.    12/27/2015        4.3.3.0
Ventrilo Client for Windows x64    Flagship Industries, Inc.    1/10/2015    13.3 MB    3.0.8.0
Visual Studio 2012 x64 Redistributables    AVG Technologies    2/5/2016    12.9 MB    14.0.0.1
Visual Studio 2012 x86 Redistributables    AVG Technologies CZ, s.r.o.    2/5/2016    10.5 MB    14.0.0.1
Voice Recorder    Microsoft Corporation    12/27/2015        10.1512.21110.0
Weather    Microsoft Corporation    1/27/2016        4.8.239.0
Winamp    Nullsoft, Inc    12/12/2015        5.61
Winamp Detector Plug-in    Nullsoft, Inc    12/11/2015    75.0 KB    1.0.0.1
WinDirStat 1.1.2        12/12/2015        
Windows Live Essentials    Microsoft Corporation    10/11/2015        16.4.3528.0331
Windows Reading List    Microsoft Corporation    12/13/2015        6.3.9654.20947
Windows Scan    Microsoft Corporation    12/13/2015        6.3.9654.17133
Winki    MSI    12/27/2015    575 MB    3.2.131
WinZip 19.0    WinZip Computing, S.L.     1/7/2015    298 MB    19.0.11294
Xbox    Microsoft Corporation    1/9/2016        11.13.6008.0
µTorrent    BitTorrent Inc.    12/29/2015        3.4.5.41372
 



#11 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:09 PM

Posted 11 February 2016 - 11:41 AM

Delete this Windows Startup Item: Yes    HKCU:RunOnce    Uninstall C:\Users\Vaxinius\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64    Microsoft Corporation    C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vaxinius\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"

You can use CCleaner by clicking on the item and then choose Delete on the right

 

Disable these Scheduled Tasks: Use CCleaner by clicking on each item and then choosing Disable

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

 

Uninstall these programs: Use CCleaner to uninstall by clicking on each item and then choose Uninstall on the right

AVG Web TuneUp    AVG Technologies    2/5/2016        4.2.5.441

Candy Crush Soda Saga    king.com    2/3/2016        1.58.400.0

DAEMON Tools Lite    Disc Soft Ltd    12/12/2015        4.49.1.0356

Spybot - Search & Destroy    Safer-Networking Ltd.    2/5/2016    154 MB    2.4.40 (Spybot has lost the favor of the security pros for several years)

µTorrent    BitTorrent Inc.    12/29/2015        3.4.5.41372 (VERY Risky to use to download free stuff and possibly illegal, too)

 

Update Firefox....open Firefox, Tools, About Firefox, click on check for updates


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 Vaxinius

Vaxinius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 11 February 2016 - 02:27 PM

First 2 paragraphs completed.

 

-AVG web tuneup would not initiate uninstall from ccleaner. Tried uninstall from device manager, would not initiate there either.

 

-utorrent gives error message from ccleaner uninstall util "error: 2 - system cannot find the file specified"

Tried uninstall of utorrent from device manager interface and when selecting uninstall, windows message comes up asking for admins permission to allow utorrent to make changes. I did not allow and did not proceed with uninstall from device manager therefore avg and utorrent are still on.

 

I did not proceed to update firefox because encountered issues with previous step.



#13 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:09 PM

Posted 11 February 2016 - 03:15 PM

Try using Download Revo Uninstaller Freeware in Advanced Mode to uninstall those two.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 Vaxinius

Vaxinius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 11 February 2016 - 08:30 PM

Avg Web Tune up and utorrent have been uninstalled. Firefox is already up to date.


Edited by Vaxinius, 11 February 2016 - 08:30 PM.


#15 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:09 PM

Posted 11 February 2016 - 09:18 PM

Is the G Drive the one you use to transfer files? It had a lot of serious malware as you can see in the Eset log.

I can't say if that drive is completely cleaned up of malware or not.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users