Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove 94982c5b634975e5010ce96082d2827.adsk2.co and terraclicks.com


  • Please log in to reply
10 replies to this topic

#1 ComputerJinx

ComputerJinx

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:36 PM

Posted 18 April 2016 - 03:38 PM

My computer is infected with some malware.  I am unable to remove 94982c5b634975e5010ce96082d2827.adsk2.co and terraclicks.com.

 

I get the following messages from Malwarebytes:

 

Malicious Website Blocked
Domain: terraclicks.com
IP:  127.42.0.2
Port: 49628
Type: Outbound
Process: C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe

 

Malicious Website Blocked
Domain: 94982c5b634975e5010ce96082d2827.adsk2.co
IP:  127.42.0.6
Port: 49663
Type: Outbound
Process: C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe

 

I spent all day yesterday going through the process of virus removal described on your page
http://www.bleepingcomputer.com/forums/t/585771/terraclicks-new-tab-opens-and-loads-camsite-when-randomly-browsing-the-net/?hl=%2Bremove+%2Bterraclicks#entry3786166 [exept for the programs for which the links no longer work] but I still have the problem.  I need to pay bills but am afraid that important information could be stolen from me.

 

I have run all of the following:

Junkware Removal Tool  [log available]


ESET online scanner
Malwarebytes
Malwarebytes Anti-Root Kit
Minitoolbox  [log available]
Adwcleaner [log available]
rKill  [log available]
Sophos Virus Removal Tool
Avast

 

OS: Windows 7, SP1, 64-bit

 

It would be wonderful if someone could please help me clean this computer.  Thank you.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:36 PM

Posted 18 April 2016 - 05:20 PM

Backup your bookmarks if you want to save them and then uninstall and reinstall Opera.

Be sure your Opera profile is deleted, too.

 

More info Reset Opera to default settings

 

After doing that, do this:

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 ComputerJinx

ComputerJinx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:36 PM

Posted 20 April 2016 - 03:54 AM

After your post, I discovered that my Chrome browser was similarly infection.  Thus, I performed the tasks you outlined for both Chrome and Opera.  It didn’t work, so I did it again, and it still didn’t work.  I am still getting the “outbound” malicious website threat warnings from Malwarebytes.  Unfortunately, I don’t see a way to attached copies for you to review.

 

Listed below is the information you requested from CCleaner.

 

LIST OF STARTUP PROGRAMS

No        HKCU:Run         Advanced Uninstaller PRO Installation Monitor                "C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Monitor.exe" THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED.

 

No        HKCU:Run         DriverMax         Innovative Solutions       "F:\DriverMax\DriverMax\drivermax.exe" -agent

No        HKCU:Run         DriverMax_RESTART                 

No        HKCU:Run         Google Update  Google Inc.        "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c

No        HKCU:Run         Google+ Auto Backup                "C:\Users\Owner\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart

No        HKCU:Run         Grindstone 2     Epiforge Software          "C:\Program Files (x86)\Grindstone 2\Grindstone 2.exe"

 

No        HKCU:Run         ISUSPM  Macrovision Corporation            "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" –scheduler           DON’T KNOW WHAT THIS IS

 

No        HKCU:Run         msnmsgr           Microsoft Corporation    "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

No        HKCU:Run         RoboForm         Siber Systems   "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

No        HKCU:Run         Skype   Skype Technologies S.A.            "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

No        HKCU:Run         SUPERAntiSpyware         SUPERAntiSpyware         C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

No        HKCU:Run         Xmarks Xmarks.com      C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe -q

 

No        HKCU:Run         xwidget                        C:\Program Files (x86)\XWidget\xwidget.exe     DON’T KNOW WHAT THIS IS

 

No        HKLM:Run         Adobe ARM       Adobe Systems Incorporated      "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

No        HKLM:Run         Autorun Eater    Old McDonald's Farm     c:\program files (x86)\autorun eater\oldmcdonald.exe

 

No        HKLM:Run         DivXMediaServer           DivX, LLC          C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe  THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

No        HKLM:Run         DivXUpdate                   "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

No        HKLM:Run         Dropbox           Dropbox, Inc.    "c:\program files (x86)\dropbox\client\dropbox.exe" /systemstartup

No        HKLM:Run         GrooveMonitor   Microsoft Corporation    "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

No        HKLM:Run         iTunesHelper    Apple Inc.         "C:\Program Files\iTunes\iTunesHelper.exe"

No        HKLM:Run         Logitech Download Assistant      Microsoft Corporation    C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

No        HKLM:Run         PDFPrint            Geek Software GmbH     "C:\Program Files (x86)\PDF24\pdf24.exe"

No        HKLM:Run         QuickTime Task                        "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

 

No        HKLM:Run         RealDownloader                        C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe  THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

No        HKLM:Run         SunJavaUpdateSched     Oracle Corporation        "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

No        HKLM:Run         TkBellExe                      "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" –osboot  THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

No        HKLM:Run         WinampAgent    Nullsoft, Inc.      "C:\Program Files (x86)\Winamp\winampa.exe"

No        HKLM:RunOnce  Raptor  McAfee Inc.        "C:\Program Files\McAfee\Raptor\Raptor.exe" --run

 

No        Startup Common           RealPlayer Cloud Service UI.lnkC:\PROGRA~2\Real\REALPL~1\RPDS\Bin64\RPSYST~1.EXE  THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

No        Startup User      OneNote 2007 Screen Clipper and Launcher.lnk  Microsoft Corporation            C:\PROGRA~2\MICROS~2\Office12\ONENOTEM.EXE

No        Startup User      Super Finder XT.lnk       FSL       C:\PROGRA~2\FSL\SUPERF~1\SUPERF~1.EXE

Yes       HKCU:Run         FBackup 6 Tray Agent    Softland            "C:\Program Files (x86)\Softland\FBackup 6\bTray.exe"

Yes       HKCU:Run         Sidebar Microsoft Corporation    C:\Users\Owner\Downloads\Programs\Gadgets\Windows Gadgets Programs\Sidebar7\sidebar.exe /autoRun

Yes       HKLM:Run         AvastUI.exe       AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

Yes       HKLM:Run         MsmqIntCert                 regsvr32 /s mqrt.dll  DON’T KNOW WHAT THIS IS

Yes       HKLM:Run         NvBackend        NVIDIA Corporation        "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

 

LIST OF SCHEDULED TASKS

No        Task     Application Starter - e1e900fa914ea9880281e32446f6ede6    Innovative Solutions            F:\DriverMax\DriverMax\innostp.exe –install  THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

No        Task     DivXUpdate       DivX, LLC          C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe  THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

No        Task     DropboxUpdateTaskMachineCore           Dropbox, Inc.    C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c

No        Task     DropboxUpdateTaskMachineUA  Dropbox, Inc.    C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

No        Task     G2MUpdateTask-S-1-5-21-4259379208-1929102571-3933233249-1000    Citrix Online, a division of Citrix Systems, Inc.        C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\4151\g2mupdate.exe

No        Task     G2MUploadTask-S-1-5-21-4259379208-1929102571-3933233249-1000    Citrix Online, a division of Citrix Systems, Inc.        C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\4151\g2mupload.exe

No        Task     GoogleUpdateTaskUserS-1-5-21-4259379208-1929102571-3933233249-1000Core Google Inc.            C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe /c

No        Task     GoogleUpdateTaskUserS-1-5-21-4259379208-1929102571-3933233249-1000UA   Google Inc.            C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

 

No        Task     RealDownloaderRealUpgradeLogonTaskS-1-5-21-4259379208-1929102571-3933233249-1000                   C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /logoncheck  THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

No        Task     RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4259379208-1929102571-3933233249-1000             C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /scheduledcheck  THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

No        Task     {18FD8C36-E1E9-458F-A3EB-08B802713556} VisualStat Computing    C:\Program Files (x86)\VisualStat\VST8\visualstat.exe

No        Task     {361884FB-C36A-4386-BD00-8658AEA2ED12}                        C:\Program Files (x86)\American Institutes for Research\AMBeta\Am.exe

No        Task     {3630C97D-F427-4C05-B2A1-403B9A72BE6C}            Foxit Software Inc.         C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe

No        Task     {85D91B50-6E0E-44C9-815C-CB7D2C44502E}            VisualStat Computing    C:\Program Files (x86)\VisualStat\VST8\visualstat.exe

No        Task     {95F570A6-D617-4E65-8700-2E68E66AC561}                        C:\Program Files (x86)\Java\j2re1.4.2_01\javaws\javaws.exe

 

No        Task     {98D02545-E8E6-4D25-9E4F-4B651087C39A}                        C:\Program Files (x86)\Image Search Pony\bin\vsp.exe   THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

No        Task     {9EB9072E-77CC-4A6D-8F25-720072F1B131} Maritz Research            C:\Program Files (x86)\Maritz Stats\Maritz Stats.exe

No        Task     {B5E94626-1BD7-44C8-A21B-04ADC2EED829}                        C:\Program Files (x86)\American Institutes for Research\AMBeta\Am.exe

No        Task     {BD486651-1473-4905-9075-A59E823A19C6}           Foxit Software Inc.         C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe

No        Task     {BE3FCF45-5A5F-4898-857F-97D038265A33} AceIT Software  C:\Program Files (x86)\AceIT Calculator\AceIt Calculator.exe

 

No        Task     {BF74FB40-538E-4CD9-AE93-B5F8E8702A7E}              C:\Users\Owner\Desktop\DO NOW\Computer\avira_antivirus_en-us.exe  THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

No        Task     {C18E7F03-962A-420C-9846-3EB42428ACCC}            Microsoft Corporation            C:\Windows\system32\pcalua.exe -a "C:\Users\Owner\Desktop\Programs\INSTALL\Analysis - Data\Calc98\c9853a.exe" -d "C:\Users\Owner\Desktop\Programs\INSTALL\Analysis - Data\Calc98"

No        Task     {C1F89EE6-1D90-49DF-8169-0D201AF0609F} VisualStat Computing    C:\Program Files (x86)\VisualStat\VST8\visualstat.exe

No        Task     {C97602F8-C9AA-4461-8178-C02702266408}            VisualStat Computing    C:\Program Files (x86)\VisualStat\VST8\visualstat.exe

 

No        Task     {D2AA4F2F-6D84-4907-91A6-377D9EFB54EA}             C:\Program Files (x86)\Image Search Pony\bin\vsp.exe   THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

No        Task     {D6ECFD14-6538-4D37-A7F4-41A7E4617E67}                        C:\Users\Owner\Desktop\DO NOW\Computer\avira_antivirus_en-us.exe  THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

No        Task     {E96C5711-6FAE-4F74-8B60-FDD80A872CE4}             C:\Users\Owner\Desktop\DO NOW\Computer\avira_antivirus_en-us.exe  THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

No        Task     {F79FA111-A042-4C96-B5ED-3A82538B8B40}             C:\Users\Owner\Desktop\DO NOW\Computer\avira_antivirus_en-us.exe   THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

Yes       Task     Adobe Flash Player PPAPI Notifier           Adobe Systems Incorporated            C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin

Yes       Task     Adobe Flash Player Updater       Adobe Systems Incorporated            C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Yes       Task     ASC Task (One-Time)                C:\Program Files (x86)\IObit\Advanced SystemCare\ASCPromote.exe /runtask

Yes       Task     BackUp_Maker-Owner    ASCOMP Software GmbH            "C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe" /winstart

Yes       Task     GoogleUpdateTaskMachineCore Google Inc.        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c

Yes       Task     GoogleUpdateTaskMachineUA    Google Inc.        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes       Task     LexmarkPUDCTask         Lexmark International, Inc.         C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe /s

Yes       Task     Macrium-Backup-{35186E1A-66CA-4188-94DA-1B3CD39A9FE4}         Paramount Software UK Ltd            c:\program files\macrium\reflect\reflect.exe -e -w "C:\Users\Owner\Documents\Reflect\E med compression stay on Sundays noon.xml" -full -g {35186E1A-66CA-4188-94DA-1B3CD39A9FE4}

Yes       Task     Macrium-Backup-{47EC0C6F-11C6-46B2-81CE-6093BF0DABA5}           Paramount Software UK Ltd            c:\program files\macrium\reflect\reflect.exe -e -w "C:\Users\Owner\Documents\Reflect\C&K med compress stay on Sundays 3am.xml" -full -g {47EC0C6F-11C6-46B2-81CE-6093BF0DABA5}

Yes       Task     Open URL by RoboForm  Microsoft Corporation    C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMLJJMOMOMKJKMLJCNMJHMGMNJCNLMMJOJLMCNHMLMMMNJCNKMJJLMOMOMMJNMGMKMPMKMJJJNJICMIMCNGMCNOMIMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMOMLMPMJMJNHICMEKMICNJJCKJNBJCMALIIBJKJNIJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMMMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"

Yes       Task     Opera scheduled Autoupdate 1461137135        Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)

Yes       Task     Run RoboForm Process   Siber Systems   C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

Yes       Task     Run RoboForm TaskBar Icon       Siber Systems   C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

Yes       Task     SafeZone scheduled Autoupdate 1458689951    Avast Software  C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)

Yes       Task     Uninstaller_SkipUac_Owner        IObit     C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer

 

Yes       Task     UninstallMonitor                        C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe –AUSCAN   THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

Yes       Task     {3944F642-533D-40E9-AC02-70948F4BF0F4} Microsoft Corporation    C:\Windows\system32\pcalua.exe -a "C:\Users\Owner\Downloads\Programs\Security\Autorun eater\aesetup2.6.exe" -d "C:\Users\Owner\Downloads\Programs\Security\Autorun eater"

 

Yes       Task     {816F1BD3-F876-449B-9764-C97FE55171DB}             C:\Users\Owner\Desktop\DO NOW\Computer\avira_antivirus_en-us.exe   THIS SHOULDN’T BE LISTED; IT WAS UNINSTALLED

 

Yes       Task     {852DFA28-8FCC-4148-A188-9CC3EB9D00B5}            Opera Software "c:\program files (x86)\opera\launcher.exe" http://ui.skype.com/ui/0/7.18.85.103/en/eula

Yes       Task     {A724E534-B1C7-4B1A-81E3-646F49443DA9}            Opera Software "c:\program files (x86)\opera\launcher.exe" http://ui.skype.com/ui/0/7.18.85.103/en/privacy

Yes       Task     {A96E1104-BB11-4924-AF21-49C459B20306} Opera Software "c:\program files (x86)\opera\launcher.exe" http://ui.skype.com/ui/0/7.18.85.103/en/eula

 

Yes       Task     {D81E7A08-58F8-4EB5-9DB0-83AAD6F6E530} Microsoft Corporation    C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Desktop\SETUP.EXE -d C:\Users\Owner\Desktop  DON’T KNOW WHAT THIS IS

 

Yes       Task     {F1B5C59D-7912-44C5-AAEB-24DBB033E751} Microsoft Corporation    C:\Windows\system32\pcalua.exe -a L:\autorun\installer.exe -d L:\autorun   DON’T KNOW WHAT THIS IS

 

Yes       Task     {FA1DD368-4171-4733-A7C7-66AE78D647C4}           Opera Software "c:\program files (x86)\opera\launcher.exe" http://ui.skype.com/ui/0/7.18.85.103/en/eula

 

 

LIST OF PROGRAMS FROM UNINSTALLER

7-Zip 15.12 (x64 edition)         Igor Pavlov        1/12/2016       4.85 MB            15.12.00.0

7-Zip 15.14 (x64)         Igor Pavlov        3/8/2016         4.72 MB            15.14   DON’T KNOW WHY IT IS LISTED TWICE

 

ABBYY FineReader 9.0 Sprint     ABBYY   12/14/2014                 9.00.595.5857

AceIT Calculator                        11/30/2014                

Adobe Flash Player 21 ActiveX   Adobe Systems Incorporated      4/10/2016       5.09 MB            21.0.0.213

Adobe Flash Player 21 NPAPI      Adobe Systems Incorporated      4/10/2016       5.65 MB            21.0.0.213

Adobe Flash Player 21 PPAPI      Adobe Systems Incorporated      4/10/2016       19.4 MB            21.0.0.213

Adobe Reader XI (11.0.14)        Adobe Systems Incorporated      1/12/2016       188 MB 11.0.14

Advanced Renamer        Hulubulu Software         4/12/2016       26.4 MB            3.72

Amazon Kindle  Amazon            12/1/2014                  

Apple Application Support (32-bit)        Apple Inc.         1/12/2016       114 MB 4.1.2

Apple Application Support (64-bit)        Apple Inc.         1/12/2016       128 MB 4.1.2

Apple Mobile Device Support     Apple Inc.         1/12/2016       28.0 MB            9.1.0.6

Apple Software Update  Apple Inc.         1/12/2016       2.39 MB            2.1.4.131

Autorun Eater v2.6        Old McDonald's Farm     4/15/2016                   2.6

Avast Free Antivirus       AVAST Software 2/18/2016                   11.1.2253

Bonjour Apple Inc.         1/12/2016       2.05 MB            3.1.0.1

CCleaner           Piriform            3/23/2016                   5.16

Citrix Online Launcher   Citrix    9/23/2015       302 KB 1.0.357

Compatibility Pack for the 2007 Office system    Microsoft Corporation    7/16/2015       129 MB 12.0.6612.1000

Data Lifeguard Diagnostic for Windows 1.28       Western Digital Corporation       2/29/2016       1.56 MB           

DFTransfer                    11/30/2014                

Dropbox           Dropbox, Inc.    4/14/2016                   3.18.1

Easy Picture2Icon 3.0     Picture2Icon.com           12/9/2014                   3.0

FBackup 6.0      Softland            4/1/2016         152 MB 6.0.137.0

File Renamer - Basic      Sherrod Computers        4/12/2016                   6.3

FormatFactory 3.6.0.0   Format Factory  5/16/2015                   3.6.0.0

Foxit Reader     Foxit Software Inc.         3/8/2016         154 MB 7.3.0.118

G*Power 3.1.9.2            Franz Faul, Uni Kiel, Germany     2/17/2015       12.7 MB            3.1.92

Google Chrome Google Inc.        4/20/2016                   50.0.2661.75

Google Update Helper               11/19/2014                

GoToMeeting 7.8.0.4151          CitrixOnline      12/19/2015                 7.8.0.4151

Grindstone 2                 1/3/2015                    

HitmanPro 3.7   SurfRight B.V.    3/10/2016                   3.7.13.258

HomeBase 2.3               12/2/2014                  

ImgBurn            LIGHTNING UK!  11/19/2014                 2.5.8.0

IObit Uninstaller            IObit     4/19/2016       39.0 MB            5.3.0.138

IPP Run-Time 5.3                      7/22/2015                  

iTunes  Apple Inc.         1/12/2016       215 MB 12.3.2.35

Java 8 Update 77 (64-bit)         Oracle Corporation        3/23/2016       23.4 MB            8.0.770.3

join.me LogMeIn, Inc.     6/8/2015                     1.20.0.503

Lexmark Pro4000 Series Uninstaller       Lexmark International, Inc.         1/25/2015                  

Lexmark Software Uninstall        Lexmark International, Inc.         12/13/2014                

LibreOffice 4.3.5.2        The Document Foundation          2/14/2015       455 MB 4.3.5.2

Macrium Reflect Free Edition      Paramount Software (UK) Ltd.     10/17/2015                 6.1

Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes    4/10/2016       66.8 MB            2.2.1.1043

Maritz Stats      Maritz Research            12/1/2014       1.09 MB            2.0.01.0824

Microsoft Image Composite Editor          Microsoft Corporation    1/3/2015         5.16 MB            1.4.4

Microsoft Mouse and Keyboard Center    Microsoft Corporation    1/14/2015                   2.3.188.0

Microsoft Office PowerPoint 2003 Template Pack 1         Microsoft Corporation    1/3/2015         24.2 MB            11.0.5614.0

Microsoft Office PowerPoint 2003 Template Pack 2         Microsoft Corporation    1/3/2015         25.6 MB            11.0.5614.0

Microsoft Office PowerPoint 2003 Template Pack 3         Microsoft Corporation    1/3/2015         25.6 MB            11.0.5614.0

Microsoft Office Ultimate 2007  Microsoft Corporation    12/5/2014                   12.0.6612.1000

Microsoft Report Viewer Redistributable 2008 (KB971118)         Microsoft Corporation    1/4/2015                    

Microsoft Silverlight      Microsoft Corporation    2/7/2016         199 MB 5.1.41212.0

Microsoft SQL Server 2005 Compact Edition [ENU]          Microsoft Corporation    12/21/2014     1.72 MB            3.1.0000

Microsoft Sync Framework Runtime Native v1.0 (x86)      Microsoft Corporation    12/21/2014     625 KB 1.0.1215.0

Microsoft Sync Framework Services Native v1.0 (x86)      Microsoft Corporation    12/21/2014     1.44 MB            1.0.1215.0

Microsoft Visual C++ 2005 Redistributable       Microsoft Corporation    12/5/2014       298 KB 8.0.61001

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17            Microsoft Corporation    4/27/2015       788 KB            9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation    4/29/2015       788 KB            9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17            Microsoft Corporation    2/17/2015       596 KB            9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation    2/18/2015       600 KB            9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319  Microsoft Corporation    12/5/2014       13.7 MB            10.0.30319

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319  Microsoft Corporation    12/5/2014       9.90 MB            10.0.30319

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation    3/15/2016       17.1 MB            12.0.30501.0

Moo0 File Shredder 1.21                       11/30/2014                

Mozilla Firefox 45.0.2 (x86 en-US)         Mozilla 4/14/2016       89.2 MB            45.0.2

Mozilla Maintenance Service      Mozilla 4/14/2016       404 KB 45.0.2.5941

Mozilla Thunderbird 38.6.0 (x86 en-US)            Mozilla 3/9/2016         79.8 MB            38.6.0

MPEG2 Codec(libmpeg2/mad)               7/22/2015                  

MYSTAT 12       SYSTAT Software, Inc.    2/16/2015       136 MB 12.2.0

MYSTAT 12 Manuals      SYSTAT Software, Inc.    12/1/2014       74.7 MB            12.1.4

Network Recording Player          Cisco WebEx LLC            1/12/2016       51.4 MB            29.10.1.10115

Notepad++      Notepad++ Team         2/29/2016                   6.9

NVIDIA 3D Vision Driver 340.52 NVIDIA Corporation        11/30/2014                 340.52

NVIDIA Graphics Driver 340.52  NVIDIA Corporation        11/30/2014                 340.52

NVIDIA HD Audio Driver 1.3.30.1           NVIDIA Corporation        11/30/2014                 1.3.30.1

NVIDIA Update 10.4.0   NVIDIA Corporation        11/30/2014                 10.4.0

Opera Stable 36.0.2130.65       Opera Software 4/20/2016                   36.0.2130.65

PDF Download for Internet Explorer        Nitro PDF Software        11/29/2014     507 KB 3.0.0

Picasa 3            Google, Inc.       1/4/2015                     3.9

QuickTime 7     Apple Inc.         1/12/2016       69.1 MB            7.79.80.95

Recuva  Piriform            12/13/2015                 1.52

RoboForm 7-9-17-5 (All Users) Siber Systems   2/7/2016         20.0 MB            7-9-17-5

SigmaGraph      SIDI.CC  12/1/2014                   2.0.4.1

Skype Click to Call        Microsoft Corporation    1/15/2016       10.1 MB            8.0.0.9103

Skype™ 7.18     Skype Technologies S.A.            1/12/2016       79.9 MB            7.18.103

Sophos Virus Removal Tool        Sophos Limited 4/18/2016       149 MB 2.5.5

Speccy  Piriform            12/13/2015                 1.29

SUPERAntiSpyware         SUPERAntiSpyware.com  3/15/2016       59.2 MB            6.0.1216

Unlocker 1.9.2  Cedrick Collomb            7/26/2015                   1.9.2

VisualStat 2009            VisualStat Computing    12/1/2014       102 MB 8.00.1863

VLC media player          VideoLAN          3/9/2016                     2.2.2

Winamp            Nullsoft, Inc       1/19/2016                   5.666

Winamp Detector Plug-in           Nullsoft, Inc       1/19/2016       75.0 KB            1.0.0.1

Windows Deployment Tools        Microsoft           1/12/2016       23.4 MB            8.59.25584

Windows Live Essentials Microsoft Corporation    12/21/2014                 14.0.8117.0416

Windows Live Sign-in Assistant  Microsoft Corporation    12/21/2014     1.93 MB            5.000.818.5

Windows Live Sync         Microsoft Corporation    12/21/2014     2.78 MB            14.0.8117.416

Windows Live Upload Tool          Microsoft Corporation    12/21/2014     224 KB 14.0.8014.1029

Windows PE x86 x64     Microsoft           1/12/2016       1.24 GB            8.59.25584

Windows PE x86 x64 wims         Microsoft           1/12/2016       284 MB 8.59.25584

Xmarks for IE     Xmarks 7/28/2015       3.52 MB            127.0.177

XML Notepad 2007       Microsoft Corporation    3/6/2016         2.04 MB            2.3.0.0

 

 

Thank you very much for your time and assistance.  I look forward to whatever additional help you can provide.



#4 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:36 PM

Posted 20 April 2016 - 07:18 AM

Rerun AdwCleaner and scan with JRT using instructions below.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

The items you have uninstalled but still show in Startups and Tasks.....please attempt to delete those by using CCleaner. Click on each item

and then choose Delete on the right. You will likely get an error message for one or possibly all....just move on to the next.

 

Disable these Tasks: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes       Task     ASC Task (One-Time)                C:\Program Files (x86)\IObit\Advanced SystemCare\ASCPromote.exe /run

Yes       Task     GoogleUpdateTaskMachineCore Google Inc.        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c

Yes       Task     GoogleUpdateTaskMachineUA    Google Inc.        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes       Task     LexmarkPUDCTask         Lexmark International, Inc.         C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe /s

Yes       Task     Open URL by RoboForm  Microsoft Corporation    C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMLJJMOMOMKJKMLJCNMJHMGMNJCNLMMJOJLMCNHMLMMMNJCNKMJJLMOMOMMJNMGMKMPMKMJJJNJICMIMCNGMCNOMIMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMOMLMPMJMJNHICMEKMICNJJCKJNBJCMALIIBJKJNIJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMMMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"

Yes       Task     Opera scheduled Autoupdate 1461137135        Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)

Yes       Task     SafeZone scheduled Autoupdate 1458689951    Avast Software  C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)

Yes       Task     Uninstaller_SkipUac_Owner        IObit     C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer

Yes       Task     {3944F642-533D-40E9-AC02-70948F4BF0F4} Microsoft Corporation    C:\Windows\system32\pcalua.exe -a "C:\Users\Owner\Downloads\Programs\Security\Autorun eater\aesetup2.6.exe" -d "C:\Users\Owner\Downloads\Programs\Security\Autorun eater"

Yes       Task     {852DFA28-8FCC-4148-A188-9CC3EB9D00B5}            Opera Software "c:\program files (x86)\opera\launcher.exe" http://ui.skype.com/ui/0/7.18.85.103/en/eula

Yes       Task     {A724E534-B1C7-4B1A-81E3-646F49443DA9}            Opera Software "c:\program files (x86)\opera\launcher.exe" http://ui.skype.com/ui/0/7.18.85.103/en/privacy

Yes       Task     {A96E1104-BB11-4924-AF21-49C459B20306} Opera Software "c:\program files (x86)\opera\launcher.exe" http://ui.skype.com/ui/0/7.18.85.103/en/eula

 

Yes       Task     {D81E7A08-58F8-4EB5-9DB0-83AAD6F6E530} Microsoft Corporation    C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Desktop\SETUP.EXE -d C:\Users\Owner\Desktop  DON’T KNOW WHAT THIS IS

 

Yes       Task     {F1B5C59D-7912-44C5-AAEB-24DBB033E751} Microsoft Corporation    C:\Windows\system32\pcalua.exe -a L:\autorun\installer.exe -d L:\autorun   DON’T KNOW WHAT THIS IS

 

Yes       Task     {FA1DD368-4171-4733-A7C7-66AE78D647C4}           Opera Software "c:\program files (x86)\opera\launcher.exe" http://ui.skype.com/ui/0/7.18.85.103/en/eula

 

Uninstall these programs:

7-Zip 15.12 (x64 edition)         Igor Pavlov        1/12/2016       4.85 MB            15.12.00.0 

Google Update Helper               11/19/2014              

IObit Uninstaller            IObit     4/19/2016       39.0 MB            5.3.0.138

QuickTime 7     Apple Inc.         1/12/2016       69.1 MB            7.79.80.95 Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced

Skype Click to Call        Microsoft Corporation    1/15/2016       10.1 MB            8.0.0.9103

Sophos Virus Removal Tool        Sophos Limited 4/18/2016       149 MB 2.5.5

SUPERAntiSpyware         SUPERAntiSpyware.com  3/15/2016       59.2 MB            6.0.1216


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 ComputerJinx

ComputerJinx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:36 PM

Posted 20 April 2016 - 08:40 AM

After I sent my most recent reply, I tried to install some Windows updates.  The result was a Blue Screen event and none of the updates were installed.  Are there any instructions that you would like to change based on that?  [Should I address that problem first, before the malware problem?] Please let me know.  Thank you. 



#6 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:36 PM

Posted 20 April 2016 - 11:19 AM

BC has a forum for helping in solving blue screen events. I think it best to follow my last post if possible before referring you

to that forum.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 ComputerJinx

ComputerJinx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:36 PM

Posted 20 April 2016 - 04:56 PM

Thank you for the additional assistance.  I am not sure these are the results you expect.
 
Using CCleaner, I disabled the tasks you listed, except for the following:
  • Yes       Task     GoogleUpdateTaskMachineUA    Google Inc.        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
"Failed to enable/disable startup item; The system could not find the specified file.  [error when trying to disable schedule tasks, not disable in startup]"
  • Yes       Task     Opera scheduled Autoupdate 1461137135        Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
I had Uninstalled opera again so there is no task here to be disabled, although I did reinstall it before running the AdwsCleaner and JRT programs,
 
I uninstalled the programs you listed. 
Question: what is wrong with 7zip?  I’ve been using it for years.  What other file compression program would you recommend?  WinRAR just trashes my files.
 
Using CCleaner, I deleted the startups and tasks for programs that had previously been uninstalled.  I did not receive error messages while doing that. 
 
Here is the log info from AdwCleaner:
# AdwCleaner v5.112 - Logfile created 20/04/2016 at 13:28:02
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Owner - DFD-DESKTOP
# Running from : C:\Users\Owner\Desktop\Terraclicks removal\Adwcleaner\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
***** [ Folders ] *****
[-] Folder Deleted : C:\Users\Owner\AppData\Local\Temp\FoxTab
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\FoxTab
 
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1354 bytes] - [20/04/2016 07:51:57]
C:\AdwCleaner\AdwCleaner[C2].txt - [988 bytes] - [20/04/2016 13:28:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [1174 bytes] - [20/04/2016 07:42:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [1111 bytes] - [20/04/2016 13:12:28]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1206 bytes] ##########
 
When I tried to run Junkware Removal Tool, I got a Blue Screen event.  Here is the basic information from the Blue Screen:
SNIP.  A device driver attempting to corrupt the system has been cauth.  The faulty driver currently on kernel stack must be replaced with a working version.  
Check to make sure any new or software is properly installed.
SNIP.
If problem continues, disable or remove any newly installed hardware or software.  Disable BIOS memory options such as caching or shadowing.  If you need to use Safe Mode … SNIP.
Technical information:
*** Stop: 0x000000C4 (0x0000000000000091, 0x000000000000000000, 0xFFFFFA800728EA10, 0x0000000000000000)
Collection data for crash dump…
Initializing disk for crash dump…
Beginning dump of physical memory…
Dumping physical memory to disk: 100
Physical memory dump complete
 
  1. There is no new/recently installed hardware.  The only new software installed has been the Chrome and Opera browsers, AdwCleaner, and JRT.exe.  The Windows update that I attempted to install last night were not installed; instead, when I returned to my computer this morning, I returned to a black screen and had to use the reset button on the computer because I could not get a response any other way.
     
  2. Although I can get into the BIOS, I have no idea how to disable caching or shadowing.
Again, thank you for your help and patience.


#8 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:36 PM

Posted 20 April 2016 - 05:11 PM

Okay....post that info in a new topic in the BSOD Kernel Dump Expert Zone

 

You may still have 7zip installed. I only mentioned uninstalling the older version.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 ComputerJinx

ComputerJinx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:36 PM

Posted 20 April 2016 - 09:18 PM

Hi~~

 

I can't reach the web page to which you referred me. I get the following message:
 
"Sorry, we couldn't find that!
[#103139]
You do not have permission to view this forum.
Need Help?
Our help documentation
Contact the community administrator"
 
Where else would you suggest?  Just the regular BSOD forum?
 
Thank you.


#10 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:36 PM

Posted 21 April 2016 - 06:29 AM

OOPS....Yes...this forum: Windows Crashes, BSOD, and Hangs Help and Support


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 ComputerJinx

ComputerJinx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:36 PM

Posted 21 April 2016 - 04:47 PM

Thanks for your help.  All the best....






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users