Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Adobe Releases Security Update for Acrobat Vulnerability with Public PoC

Featured Deal: Get Over 90% off a Windscribe Pro VPN Lifetime Subscription Deal

Photo

Lots of PUPS at my computer

Started by Victor2K , May 11 2016 02:00 PM

  • Please log in to reply
16 replies to this topic

#1 Victor2K

Victor2K

  • Members
  • 70 posts
  • OFFLINE
    •  
  • Local time:12:35 AM

Posted 11 May 2016 - 02:00 PM

I don't know what is going on here, but I am having a lot of PUPs in my computer, a lot of unwanted programs and stuff popping up once in a while and I don't know why they are coming

 

It started some time ago and at first it was once in a while (mostly I guess due to some update to a video editor I (used to) use). But now, it's nearly every day...

 

Is that somethign that came with some software I installed? Or they are using some 'exploit' or soemthign like that? So far, Avast, MBam or SUPERantispyware did not caught anything different like a malware.


BC AdBot (Login to Remove)

 

#2 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:35 PM

Posted 11 May 2016 - 02:05 PM

Use the programs below to find and remove adware and malware. I know you said you have MBAM installed but

please rerun it using the settings below.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 


  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by buddy215, 11 May 2016 - 02:07 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Victor2K

Victor2K
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
    •  
  • Local time:12:35 AM

Posted 11 May 2016 - 05:29 PM

Did CClearner and now MBAM. Will do it by rounds, next AdWCleaner and JRT

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data da verificação: 11/05/2016
Hora da verificação: 17:52
Arquivo de registro: mbam11516.txt
Administrador: Sim
 
Versão: 2.2.1.1043
Banco de dados de malware: v2016.05.11.06
Banco de dados de rootkit: v2016.05.06.01
Licença: Premium
Proteção contra malware: Habilitado
Proteção contra website malicioso: Habilitado
Autoproteção: Desabilitado
 
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: Usuario
 
Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 357180
Tempo decorrido: 1 hr, 10 min, 57 seg
 
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado
 
Processos: 0
(Nenhum item malicioso detectado)
 
Módulos: 0
(Nenhum item malicioso detectado)
 
Chaves de registro: 2
PUP.Optional.AnySend, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPackage, Quarentena, [8220d6fe4950d0668d786d582dd6f40c], 
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\C5D8224583FCB4276DC6C159E8A81E2B, Quarentena, [228025afeeabc86e3fb503ce8f74ae52], 
 
Valores de registro: 2
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\c5d8224583fcb4276dc6c159e8a81e2b|DisplayName, Social2Search, Quarentena, [228025afeeabc86e3fb503ce8f74ae52]
PUP.Optional.AnySend, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPACKAGE|DisplayName, AnySend, Quarentena, [4c56577d9108da5c42efd9de18eb56aa]
 
Dados de registro: 0
(Nenhum item malicioso detectado)
 
Pastas: 2
PUP.Optional.ASPackage, C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage, Quarentena, [970bd004c7d21d19c75e75f7b84bf010], 
PUP.Optional.ASPackage, C:\Users\Usuario\AppData\Roaming\ASPackage, Quarentena, [356da034b9e070c69dec14897c865fa1], 
 
Arquivos: 5
PUP.Optional.ConvertAd, C:\Users\Usuario\AppData\Roaming\ASPackage\ASPackage.exe, Quarentena, [b7eb5480d9c0f73fbeb1c4d9629f7d83], 
PUP.Optional.ConvertAd, C:\Program Files (x86)\03DE0294-1462993516-05D9-3A06-3A0700080009\vnsg358.tmp, Quarentena, [6a3852825346dd59e689f4a9cf32ee12], 
PUP.Optional.ConvertAd, C:\Users\Usuario\AppData\Local\Temp\nsu3798.tmp.exe, Quarentena, [2d75934199002a0cc9a6e7b66f925da3], 
PUP.Optional.ASPackage, C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage\Configure.lnk, Quarentena, [970bd004c7d21d19c75e75f7b84bf010], 
PUP.Optional.ASPackage, C:\Users\Usuario\AppData\Roaming\ASPackage\Uninstall.exe, Quarentena, [356da034b9e070c69dec14897c865fa1], 
 
Setores físicos: 0
(Nenhum item malicioso detectado)
 
 
(end)

#4 Victor2K

Victor2K
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
    •  
  • Local time:12:35 AM

Posted 11 May 2016 - 06:00 PM

Now will add JRT and AdWCleaner. Tomorrow, due to time, will do the ESET scan

 

# AdwCleaner v5.028 - Relatório criado 05/01/2016 às 16:22:51
# Atualizado 04/01/2016 por Xplode
# Banco de dados : 2016-01-04.2 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (x64)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\AdwCleaner.exe
# Opção : Verificar
 
***** [ Serviços ] *****
 
 
***** [ Pastas ] *****
 
Pasta Encontrado : C:\Program Files\AdTrustMedia
Pasta Encontrado : C:\Program Files (x86)\simplitec
Pasta Encontrado : C:\Program Files (x86)\AdTrustMedia
Pasta Encontrado : C:\ProgramData\simplitec
Pasta Encontrado : C:\ProgramData\AdTrustMedia
Pasta Encontrado : C:\Users\Usuario\AppData\Local\PackageAware
Pasta Encontrado : C:\Users\Usuario\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Pasta Encontrado : C:\Users\Usuario\AppData\Roaming\ASPackage
Pasta Encontrado : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
 
***** [ Arquivos ] *****
 
Arquivo Encontrado : C:\Users\Usuario\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage
Arquivo Encontrado : C:\Users\Usuario\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage-journal
Arquivo Encontrado : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
Arquivo Encontrado : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.anisearch.com_0.localstorage
Arquivo Encontrado : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.anisearch.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Arquivo Encontrado : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Tarefas agendadas ] *****
 
 
***** [ Registro ] *****
 
Chave Encontrada : HKCU\Software\Mozilla\Extends
Valor Encontrada : HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
Chave Encontrada : HKCU\Software\APN PIP
Chave Encontrada : HKCU\Software\Mozilla\Extends
Chave Encontrada : HKLM\SOFTWARE\Conduit
Chave Encontrada : HKLM\SOFTWARE\simplitec
Chave Encontrada : HKU\S-1-5-21-419499787-849242958-3298517021-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\APN PIP
Chave Encontrada : HKU\S-1-5-21-419499787-849242958-3298517021-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Mozilla\Extends
 
***** [ Navegadores ] *****
 
[C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\uqcyog4w.default\prefs.js] [Preference] Encontrada : user_pref("extensions.savesense.channel", "pcdealply");
[C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\uqcyog4w.default\prefs.js] [Preference] Encontrada : user_pref("network.hxxp.request.max-start-delay", 0);
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : anidb.net
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : br.ask.com
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : en.anisearch.com
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : veoh.com
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : mais.uol.com.br
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : rfactor.softonic.com.br
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : kemulator.softonic.com.br
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Encontrada : gkcefkcdkepgkpbgncjchhbjgoanleod
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Encontrada : nfengeggddojhakldhlpjdlddgkkjkdd
[C:\Users\Usuario\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Encontrado : br.ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4584 bytes] ##########
# AdwCleaner v5.116 - Relatório criado 11/05/2016 às 19:33:49
# Atualizado 09/05/2016 por Xplode
# Banco de dados : 2016-05-09.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (X64)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Desktop\AdwCleaner.exe
# Opção : Verificar
 
***** [ Serviços ] *****
 
Serviço Encontrado : ba3ba5636768c7ae2a9c1f6ef71ffe51
 
***** [ Pastas ] *****
 
Pasta Encontrado : C:\ProgramData\AdTrustMedia
Pasta Encontrado : C:\ProgramData\Application Data\AdTrustMedia
Pasta Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea
Pasta Encontrado : C:\Users\Public\Documents\Guid
Pasta Encontrado : C:\Program Files (x86)\03DE0294-1462993516-05D9-3A06-3A0700080009
Pasta Encontrado : C:\Users\Usuario\AppData\Local\PackageAware
Pasta Encontrado : C:\Program Files\AdTrustMedia
 
***** [ Arquivos ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Tarefas agendadas ] *****
 
 
***** [ Registro ] *****
 
Valor Encontrada : HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Chave Encontrada : HKCU\Software\APN PIP
Chave Encontrada : HKCU\Software\Conduit
Chave Encontrada : HKCU\Software\Mozilla\Extends
Chave Encontrada : HKLM\SOFTWARE\Social2Sea
Chave Encontrada : [x64] HKLM\SOFTWARE\Social2Sea
Chave Encontrada : HKU\S-1-5-21-419499787-849242958-3298517021-1000\Software\APN PIP
Chave Encontrada : HKU\S-1-5-21-419499787-849242958-3298517021-1000\Software\Conduit
Chave Encontrada : HKU\S-1-5-21-419499787-849242958-3298517021-1000\Software\Mozilla\Extends
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0A3900A9-C2DD-4B6B-9321-DA94A6DC52EB}]
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{50C83A51-A8A2-4543-914D-9F26A62487A5}]
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4128B613-601E-46E2-975E-E7F7E7711E03}]
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{7809ADCB-A618-49F1-92EB-C20A6C408741}]
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{EE294111-98B0-421D-A25E-4483F3CAB8E3}]
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{06E251A3-99F2-4CC5-AA4F-4FCED1B8E7CA}]
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{ADE6D9F5-44DF-4509-9B5C-A32F2036331C}C:\program files (x86)\simplitec\kmpfaster\serviceprovider.exe]
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{52198C39-E862-4157-91A2-1B0FCE1767DD}C:\program files (x86)\simplitec\kmpfaster\serviceprovider.exe]
 
***** [ Navegadores ] *****
 
[C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\uqcyog4w.default\prefs.js] Encontrada : user_pref("extensions.savesense.channel", "pcdealply");
[C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\uqcyog4w.default\prefs.js] Encontrada : user_pref("network.hxxp.request.max-start-delay", 0);
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : br.ask.com
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Encontrada : gkcefkcdkepgkpbgncjchhbjgoanleod
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Encontrada : nfengeggddojhakldhlpjdlddgkkjkdd
[C:\Users\Usuario\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Encontrado : br.ask.com
[C:\Users\Usuario\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Encontrado : br.yahoo.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [8838 bytes] - [05/01/2016 15:22:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8911 bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Ultimate x64 
Ran by Usuario (Administrator) on 11/05/2016 at 19:51:54,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 22 
 
Failed to delete: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0SV87797 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CT5JTH93 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7JY3P3W (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FOK01LR5 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2TG90E0 (Temporary Internet Files Folder) 
Successfully deleted: C:\ProgramData\update~1 (Folder) 
Successfully deleted: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg (Folder) 
Successfully deleted: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klbibkeccnjlkjkiokjodocebajanakg_0.localstorage (File) 
Successfully deleted: C:\Users\Usuario\AppData\Roaming\productdata (Folder) 
Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP506WPM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UV13MMTJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXD9FFUU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\prefetch\ANTILOGGER FREE.EXE-8827C9B1.pf (File) 
Successfully deleted: C:\Windows\system32\REN8D32.tmp (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0SV87797 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CT5JTH93 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7JY3P3W (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FOK01LR5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP506WPM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2TG90E0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UV13MMTJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXD9FFUU (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/05/2016 at 19:58:22,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#5 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:35 PM

Posted 11 May 2016 - 06:40 PM

Sounds like a plan....we'll keep a light on for ya...:)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:35 PM

Posted 12 May 2016 - 07:51 AM

Rerun AdwCleaner and be sure to click on Clean when the scan finishes. Post the log.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Victor2K

Victor2K
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
    •  
  • Local time:12:35 AM

Posted 12 May 2016 - 12:17 PM

Reran AdwCleaner and didn't found anythig, but here is the log

 

# AdwCleaner v5.116 - Relatório criado 12/05/2016 às 14:13:40
# Atualizado 09/05/2016 por Xplode
# Banco de dados : 2016-05-09.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (X64)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Desktop\AdwCleaner.exe
# Opção : Verificar
 
***** [ Serviços ] *****
 
 
***** [ Pastas ] *****
 
 
***** [ Arquivos ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Tarefas agendadas ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [4329 bytes] - [11/05/2016 19:41:38]
C:\AdwCleaner\AdwCleaner[S1].txt - [8994 bytes] - [05/01/2016 15:22:51]
C:\AdwCleaner\AdwCleaner[S2].txt - [811 bytes] - [12/05/2016 14:13:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [883 bytes] ##########

#8 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:35 PM

Posted 12 May 2016 - 12:34 PM

After posting the results of the Eset Scan, do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Victor2K

Victor2K
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
    •  
  • Local time:12:35 AM

Posted 12 May 2016 - 07:54 PM

Eset is here, next CCleaner

 

C:\Users\Usuario\AppData\Local\Temp\4file.exe a variant of Win32/Packed.NSISmod.R suspicious application cleaned by deleting
C:\Users\Usuario\Downloads\FSSGoogleBooksDownloaderSetup.exe a variant of MSIL/Adware.OxyPumper.L application cleaned by deleting

#10 Victor2K

Victor2K
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
    •  
  • Local time:12:35 AM

Posted 12 May 2016 - 07:57 PM

Now, the CCLeaner... first, the Windows Startups

 

Sim HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Sim HKCU:Run DAEMON Tools Lite Automount Disc Soft Ltd "C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe" -autorun
Sim HKCU:Run GUDelayStartup Glarysoft Ltd "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
Sim HKCU:Run msnmsgr Microsoft Corporation "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Não HKCU:Run Raptr C:\PROGRA~2\Raptr\raptrstub.exe --startup
Sim HKCU:Run SandboxieControl Sandboxie Holdings, LLC "C:\Program Files\Sandboxie\SbieCtrl.exe"
Sim HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Sim HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Sim HKCU:Run USBListener ClevX, LLC C:\Users\Usuario\AppData\Local\Temp\{438E237C-C9D2-4803-A1FE-EE77D929E548}\USBListener.exe -autorun
Não HKLM:Run Adobe Creative Cloud Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
Não HKLM:Run AdobeCS6ServiceManager "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
Sim HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Sim HKLM:Run DivXMediaServer DivX, LLC C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
Sim HKLM:Run DriveUtilitiesHelper Western Digital Technologies, Inc. C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
Sim HKLM:Run Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
Sim HKLM:Run GrooveMonitor Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
Sim HKLM:Run HotKeysCmds Intel Corporation "C:\Windows\system32\hkcmd.exe"
Sim HKLM:Run IAStorIcon Intel Corporation "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
Sim HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
Sim HKLM:Run Malwarebytes Anti-Exploit Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Sim HKLM:Run Persistence Intel Corporation "C:\Windows\system32\igfxpers.exe"
Sim HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Sim HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Sim HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Sim HKLM:Run ZALFree Zemana Ltd. "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
Sim Startup Common Secunia PSI Tray.lnk Secunia C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
Não Startup User Digsby.lnk dotSyntax, LLC. C:\PROGRA~2\Digsby\digsby.exe 
 
The Scheduled ones
 
Sim Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Sim Task Adobe Flash Player PPAPI Notifier Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
Sim Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Sim Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Sim Task DivXUpdate DivX, LLC C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe
Sim Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Sim Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Sim Task GlaryInitialize 5 Glarysoft Ltd C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Sim Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Sim Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Sim Task GU5SkipUAC Glarysoft Ltd C:\Program Files (x86)\Glary Utilities 5\Integrator.exe $(Arg0)
Sim Task Opera scheduled Autoupdate 1392394023 Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
Sim Task SafeZone scheduled Autoupdate 1458088012 Avast Software C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
Sim Task SidebarExecute Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /addGadget
Sim Task {60ABF6AA-67EE-41B9-874F-94DF92F1E8EA} C:\Users\Usuario\Desktop\Meus documentos\Elif98 Atualizado\EDITEQ.EXE
Sim Task {7DFD1472-4CD5-4C1B-86AC-0A8FEBAD926E} C:\cm2\CM2E16.EXE
Sim Task {9AAE773A-DF4B-434F-8BA1-CA1982D881DE} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Usuario\Downloads\brasfoot2014.exe -d C:\Users\Usuario\Downloads
Sim Task {B3E008C0-D782-4C11-96E9-3310428F7A91} C:\Users\Usuario\Desktop\Meus documentos\Elif98 Atualizado\EDITEQ.EXE
Sim Task {CA532E9B-3484-4133-A720-7CD4B5D8D73A} C:\Users\Usuario\Desktop\Meus documentos\Elif98 Atualizado\ELIFOOT.EXE
 
 
And the installed ones
 
2.0 www.video-gif-converter.com 14/02/2014 2.0
Adobe Acrobat Reader DC - Português Adobe Systems Incorporated 11/05/2016 206 MB 15.016.20039
Adobe AIR Adobe Systems Incorporated 14/04/2016 21.0.0.198
Adobe Creative Cloud Adobe Systems Incorporated 2.4.1.351
Adobe Fireworks CS3 Adobe Systems Incorporated 14/02/2014 9.0
Adobe Flash Player 21 ActiveX Adobe Systems Incorporated 21.0.0.213
Adobe Flash Player 21 NPAPI Adobe Systems Incorporated 21.0.0.213
Adobe Flash Player 21 PPAPI Adobe Systems Incorporated 21.0.0.213
Adobe Help Manager Adobe Systems Incorporated 14/02/2014 4.0.244
Adobe Shockwave Player 12.2 Adobe Systems, Inc. 12.2.4.194
Adobe Shockwave Player 12.2 Adobe Systems, Inc 10/02/2016 52,3 MB 12.2.3.183
AntiLogger Free version 1.8.2.320 Zemana Ltd. 05/11/2015 1.8.2.320
Apple Software Update Apple Inc. 25/03/2016 2,69 MB 2.2.0.150
Arquivo do WinRAR
Ashampoo Burning Studio FREE v.1.14.5 Ashampoo GmbH & Co. KG 04/03/2015 1.14.5
Avast Free Antivirus AVAST Software 11.2.2262
BitTorrent BitTorrent Inc. 7.9.7.42331
BS.Player FREE AB Team, d.o.o. 2.70.1080
CCleaner Piriform 5.17
CPUID HWMonitor 1.28 03/08/2015
CryptoPrevent v4.3.0 Foolish IT LLC 21/02/2014
CVE-2014-6352
CVE-2014-6352
DAEMON Tools Lite Disc Soft Ltd 10.3.0.0154
Digsby dotSyntax, LLC
DiskCheckup v3.2 PassMark Software 25/10/2014 3.2.1000
Dropbox Dropbox, Inc. 3.20.1
Elifoot 2002 - Revision 2
ESET Online Scanner v3
FastStone Photo Resizer 3.2 FastStone Soft. 3.2
FIFA 09 Electronic Arts 29/04/2014 5,55 GB 1.0.1.1
FIFA Manager 14 Electronic Arts 1.0.0.0
FormatFactory 3.8.0.0 Free Time 3.8.0.0
Foxit Cloud Foxit Software Inc. 03/08/2015 3.6.122.702
Foxit Reader Foxit Software Inc. 15/04/2016 7.3.6.321
FSS Google Books Downloader version 1.7.0.4 FreeSmartSoft 15/12/2015 1.7.0.4
Glary Utilities 5.50 Glarysoft Ltd 5.50.0.70
Google Chrome Google Inc. 27/06/2014 50.0.2661.102
Google Earth Google 02/06/2015 179 MB 7.1.5.1557
Instalação do DivX DivX, LLC 2.8.0.18
Intel® Management Engine Components Intel Corporation 9.0.0.1323
Intel® Processor Graphics Intel Corporation 9.18.10.3186
Intel® Rapid Storage Technology Intel Corporation 13/02/2014 12.6.0.1033
Intel® SDK for OpenCL - CPU Only Runtime Package Intel Corporation 3.0.0.66956
Intel® USB 3.0 eXtensible Host Controller Driver Intel Corporation 2.5.0.19
InterVideo DeviceService InterVideo 13/06/2014 256 KB 1.0.0
Java 8 Update 77 Oracle Corporation 24/03/2016 21,3 MB 8.0.770.3
Java 8 Update 77 (64-bit) Oracle Corporation 24/03/2016 23,4 MB 8.0.770.3
Java 8 Update 91 Oracle Corporation 21/04/2016 89,2 MB 8.0.910.14
Java 8 Update 91 (64-bit) Oracle Corporation 21/04/2016 102 MB 8.0.910.14
K-Lite Mega Codec Pack 10.6.0 31/07/2014 10.6.0
KMPlayer (remove only) PandoraTV 4.0.7.1
Malwarebytes Anti-Exploit version 1.8.1.1196 Malwarebytes 05/05/2016 1.8.1.1196
Malwarebytes Anti-Malware versão 2.2.1.1043 Malwarebytes 22/03/2016 2.2.1.1043
MediaInfo 0.7.85 MediaArea.net 0.7.85
Megacubo 11 www.megacubo.net 27/06/2015 11.0.0
Microsoft .NET Framework 4.6.1 Microsoft Corporation 12/05/2016 4.6.01055
Microsoft Office Enterprise 2007 Microsoft Corporation 12/05/2016 12.0.6612.1000
Microsoft Office File Validation Add-In Microsoft Corporation 18/05/2014 10,9 MB 14.0.5130.5003
Microsoft Silverlight Microsoft Corporation 14/01/2016 348 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 14/02/2014 1,69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 13/06/2014 2,52 MB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 22/08/2014 240 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 14/02/2014 592 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14/02/2014 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 13/02/2014 13,8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 14/02/2014 11,1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 12.0.30501.0
Movier 1.1.7 1.1.7
Mozilla Firefox 46.0.1 (x86 pt-BR) Mozilla 46.0.1
Mozilla Maintenance Service Mozilla 44.0.2.5884
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14/02/2014 1,27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 14/02/2014 1,33 MB 4.20.9876.0
MSXML 4.0 SP3 Parser Microsoft Corporation 26/09/2014 1,47 MB 4.30.2100.0
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 27/09/2014 1,54 MB 4.30.2117.0
msxml4 Default Company Name 13/06/2014 48,0 KB 1.0.0
Módulo de Proteção Banco Santander (Brasil) S.A. 21/04/2014 3.7.1.1
Nero 7 Ultra Edition Nero AG 13/02/2014 534 MB 7.02.9753
Opera Stable 37.0.2178.43 Opera Software 37.0.2178.43
Origin Electronic Arts, Inc. 9.11.2.10120
Patch Bolivia 22 Equipes
Patch Japão - 42 Equipes
Patch Mato Grosso do Sul - Brasfoot 2016
Patch Qatar Stars League
PcLiga 2000 v1.2
PhotoStage Slideshow Producer NCH Software 3.31
Pidgin 2.10.12
QuickTime 7 Apple Inc. 11/01/2016 69,1 MB 7.79.80.95
Realtek Ethernet Controller Driver Realtek 13/02/2014 7.65.1025.2012
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 13/02/2014 6.0.1.6849
Revo Uninstaller 1.95 VS Revo Group 1.95
Sandboxie 5.10 (64-bit) Sandboxie Holdings, LLC 5.10
Secunia PSI (3.0.0.9016) Secunia 3.0.0.9016
ShadowExplorer 0.9 ShadowExplorer.com 24/09/2014 0.9.462.0
Skype™ 7.23 Skype Technologies S.A. 02/05/2016 421 MB 7.23.105
SpeedFan (remove only)
SpywareBlaster 5.4 BrightFort LLC 09/01/2016 5.4.0
Stella 2.5.1 Bradford W. Mott and the Stella team 25/03/2016
SUPERAntiSpyware SUPERAntiSpyware.com 6.0.1158
Suporte para Aplicativos Apple Apple Inc. 31/07/2014 64,0 MB 2.3.6
ThumbsPlus Cerious Software Inc. 23/03/2015
ThumbsPlus 10 Cerious Software 22/04/2016
ThumbsPlus version 7.0
TreeSize Free V3.4.5 JAM Software 20/02/2016 3.4.5
UltraEdit IDM Computer Solutions, Inc. 23.00.0.59
Vegas Pro 12.0 (64-bit) Sony 31/07/2014 580 MB 12.0.770
VideoPad Video Editor NCH Software 4.30
Visual Studio 2012 x64 Redistributables AVG Technologies 13/02/2014 12,9 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 13/02/2014 10,5 MB 14.0.0.1
VLC media player VideoLAN 2.2.3
VLC media player VideoLAN 2.2.2
WD Drive Utilities Western Digital Technologies, Inc. 21/08/2015 1.3.0.18
WD Quick View Western Digital Technologies, Inc. 20/08/2015 13,0 MB 2.4.12.1
WD Security Western Digital Technologies, Inc. 21/08/2015 1.3.0.18
WD SmartWare Western Digital Technologies, Inc. 20/08/2015 72,2 MB 2.4.12.1
WD SmartWare Installer Western Digital Technologies, Inc. 2.4.12.1
Winamp Nullsoft, Inc 5.666 
Windows Live Essentials Microsoft Corporation 17/04/2014 16.4.3528.0331
WinRAR 5.31 beta 1 (64-bit) win.rar GmbH 5.31.1
WOT for Internet Explorer WOT Services Oy 17/07/2014 3,10 MB 13.9.2.0

#11 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:35 PM

Posted 12 May 2016 - 09:25 PM

Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Sim HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Sim HKCU:Run DAEMON Tools Lite Automount Disc Soft Ltd "C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe" -autorun
Sim HKCU:Run GUDelayStartup Glarysoft Ltd "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
Sim HKCU:Run msnmsgr Microsoft Corporation "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Sim HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Sim HKCU:Run USBListener ClevX, LLC C:\Users\Usuario\AppData\Local\Temp\{438E237C-C9D2-4803-A1FE-EE77D929E548}\USBListener.exe -autorun

Sim HKLM:Run DivXMediaServer DivX, LLC C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

Sim HKLM:Run Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup

Sim HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"

Sim Startup Common Secunia PSI Tray.lnk Secunia C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

 

Disable these Scheduled Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Sim Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Sim Task DivXUpdate DivX, LLC C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe
Sim Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Sim Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Sim Task GlaryInitialize 5 Glarysoft Ltd C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Sim Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Sim Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Sim Task GU5SkipUAC Glarysoft Ltd C:\Program Files (x86)\Glary Utilities 5\Integrator.exe $(Arg0)
Sim Task Opera scheduled Autoupdate 1392394023 Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
Sim Task SafeZone scheduled Autoupdate 1458088012 Avast Software C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
Sim Task {60ABF6AA-67EE-41B9-874F-94DF92F1E8EA} C:\Users\Usuario\Desktop\Meus documentos\Elif98 Atualizado\EDITEQ.EXE
Sim Task {7DFD1472-4CD5-4C1B-86AC-0A8FEBAD926E} C:\cm2\CM2E16.EXE
Sim Task {9AAE773A-DF4B-434F-8BA1-CA1982D881DE} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Usuario\Downloads\brasfoot2014.exe -d C:\Users\Usuario\Downloads
Sim Task {B3E008C0-D782-4C11-96E9-3310428F7A91} C:\Users\Usuario\Desktop\Meus documentos\Elif98 Atualizado\EDITEQ.EXE
Sim Task {CA532E9B-3484-4133-A720-7CD4B5D8D73A} C:\Users\Usuario\Desktop\Meus documentos\Elif98 Atualizado\ELIFOOT.EXE
 
Uninstall these programs:

ESET Online Scanner v3

Glary Utilities 5.50 Glarysoft Ltd 5.50.0.70

Java 8 Update 77 Oracle Corporation 24/03/2016 21,3 MB 8.0.770.3
Java 8 Update 77 (64-bit) Oracle Corporation 24/03/2016 23,4 MB 8.0.770.3
QuickTime 7 Apple Inc. 11/01/2016 69,1 MB 7.79.80.95 (vulnerable...no longer supported on Windows)
SUPERAntiSpyware SUPERAntiSpyware.com 6.0.1158 (Keep... if you paid for it)
 
After doing above, tell me what problems still exist.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 Victor2K

Victor2K
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
    •  
  • Local time:12:35 AM

Posted 12 May 2016 - 09:38 PM

Did all the removals. Only kepty SUPER because I use the 'basic' free version, but if you think it's good to be deleted as well, I will do it


#13 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:35 PM

Posted 13 May 2016 - 04:18 AM

You can keep it. It's just not as useful as it once was. MBAM is much better.

 

So...any other problems? Are ads gone?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 Victor2K

Victor2K
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
    •  
  • Local time:12:35 AM

Posted 13 May 2016 - 11:00 AM

So far, things are going well, no other 'sneaky' installations happened, but will wait if they appear again


#15 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:35 PM

Posted 13 May 2016 - 11:47 AM

Good plan...let me know if problem reappears.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·