Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Downloader in Avira temp file?


  • Please log in to reply
14 replies to this topic

#1 Eszy

Eszy

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:03:34 AM

Posted 12 November 2016 - 10:34 AM

Hi!

 

Everytime I start up my laptop Avira starts a quick scan. Whenever the Avira scan runs, Microsoft Security Essentials notices a Trojan Downloader (Win32/Esaprof!rfn), but Avira says everything is fine even after an additional scan. MSE isn't running a scan at that time, just real time protection. I also have Malware Bytes Anti Malware on real time protection, but MBAM doesn't notice anything.

 

When I look at the details in MSE it says the Trojan Downloader is in a temporary file of Avira, named AVSCAN with the date and time of that day and some other numbers. In the details it comes with this error code:  0x80508023 

MSE puts it in quarantaine and I delete it. But the next day is the same story. It keeps coming back, but MSE is the only software that sees it. Other anti malware, virus etcetra software doesn't notice anything and that confuses me.

 

Is this a real threat or is MSE making me worried over nothing?

 

My operating system is Windows 7 Home Premium

 

(English isn't my first language, so I'm sorry for any weird words/sentences)



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:34 PM

Posted 12 November 2016 - 11:31 AM

Welcome to BC....and your English is fine.

 

Open Avira and permanently delete the files it has quarantined.

 

Use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download


 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

Edited by buddy215, 12 November 2016 - 11:33 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Eszy

Eszy
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:03:34 AM

Posted 12 November 2016 - 05:35 PM

Thank you for your reply and help! I had some trouble with AdwCleaner but it worked perfectly in safe mode. It didn't find any threats. When I looked up the log in the C drive I did notice there were some files in the quarantaine folder. I have used AdwCleaner before, a few months ago. Is it normal for deleted quarantaine files to stay in the folder on the C Drive? Or should I delete them somehow?

 

(I just realised the first two logs have some Dutch words in it. I hope it doesn't matter. If it's easier I'll try to change the language settings to English before starting)

 

AdwCleaner log:

 

# AdwCleaner v6.030 - Logbestand aangemaakt 12/11/2016 op 20:53:13
# *Updated on 19/10/2016 by Malwarebytes
# Gebruik lokale database : 2016-11-12.1 [*Server]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (X64)
# Gebruikersnaam : Esther - ESTHER-PC
# Gestart vanuit : C:\Users\Esther\Desktop\AdwCleaner.exe
# *Mode: Scan
 
 
 
***** [ *Services ] *****
 
*No malicious services found.
 
 
***** [ Mappen ] *****
 
*No malicious folders found.
 
 
***** [ Bestanden ] *****
 
*No malicious files found.
 
 
***** [ DLL ] *****
 
*No malicious DLLs found.
 
 
***** [ WMI ] *****
 
*No malicious keys found.
 
 
***** [ Snelkoppelingen ] *****
 
Zoeken naar bestanden ...
 
 
***** [ Geplande taken ] *****
 
*No malicious task found.
 
 
***** [ Register ] *****
 
Zoeken naar register-items ...
 
 
***** [ Internetbrowsers ] *****
 
Zoeken naar register-items ...
Zoeken naar register-items ...
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [1175 bytes] - [12/11/2016 19:26:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [1248 bytes] - [12/11/2016 20:39:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [1169 bytes] - [12/11/2016 20:53:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1242 bytes] ##########
 
JRT log:
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Esther (Administrator) on za 12-11-2016 at 21:58:45,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 16 
 
Successfully deleted: C:\Users\Esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2F4XXZI2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KGMGLWO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3WO58IWT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ELQ0SNU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78ZYDRIW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9TA3AWQ1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G7E6WPST (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K1EXOHYB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2F4XXZI2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KGMGLWO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3WO58IWT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ELQ0SNU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78ZYDRIW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9TA3AWQ1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G7E6WPST (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K1EXOHYB (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on za 12-11-2016 at 22:13:20,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
SecurityCheck log:
 

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 12.11.2016 22:48:01
Path starting: C:\Users\Esther\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Esther
VersionXML: 3.51is-12.11.2016
___________________________________________________________________________
 
Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: Dutch(0413)
Installation date OS: 09.02.2012 19:53:49
LicenseStatus: Windows® 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Users\Esther\AppData\Local\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [232.9 Gb] Used: [124.2 Gb] Free: [108.7 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18015 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Notify before download
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.6612.1000
Microsoft Office 2010 x86 v.14.0.7015.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
Avira Antivirus (enabled and up to date)
Microsoft Security Essentials (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Microsoft Security Essentials (enabled and up to date)
Avira Antivirus (enabled and up to date)
Windows Defender (disabled and out of date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Microsoft Security Essentials v.4.9.218.0
Avira Antivirus v.15.0.23.58
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 4.00 (64-bit) v.4.00.0 Warning! Download Update
Microsoft Silverlight v.5.1.40728.0 Warning! Download Update
VLC media player v.2.2.3 Warning! Download Update
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.4.1.6 Warning! Download Update
^Please use Apple Software Update tool.^
QuickTime v.7.73.80.64 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour-service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.3.8.0.870 Warning! Download Update
Adobe Flash Player 13 ActiveX v.13.0.0.214 Warning! Download Update
Adobe Flash Player 20 NPAPI v.20.0.0.286 Warning! Download Update
Adobe Shockwave Player 12.0 v.12.0.2.122 Warning! Download Update
Adobe Reader 9.0.1 v.9.0.1 Warning! This software is no longer supported. Please uninstall it and use Adobe Reader XI or Adobe Acrobat Reader DC.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.54.0.2840.71 Warning! Download Update
Mozilla Firefox 34.0.5 (x86 nl) v.34.0.5 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Users\Esther\AppData\Local\Google\Chrome\Application\chrome.exe v.54.0.2840.71
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avira Planner (AntiVirSchedulerService) - The service is running
C:\Program Files (x86)\Avira\Antivirus\sched.exe v.15.0.23.58
Avira Real-Time Protection (AntiVirService) - The service is running
C:\Program Files (x86)\Avira\Antivirus\avguard.exe v.15.0.23.58
Avira Mail Protection (AntiVirMailService) - The service has stopped
Avira Web Protection (AntiVirWebService) - The service has stopped
Avira Service Host (Avira.ServiceHost) - The service is running
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe v.1.2.71.9779
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe v.15.0.23.58
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe v.15.0.23.58
MBAMService (MBAMService) - The service is running
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe v.1.60.0.25
Microsoft Antimalware Service (MsMpSvc) - The service is running
C:\Program Files\Microsoft Security Client\MsMpEng.exe v.4.9.218.0
Microsoft Netwerkinspectie (NisSrv) - The service is running
C:\Program Files\Microsoft Security Client\NisSrv.exe v.4.9.218.0
Windows Defender (WinDefend) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
 

 



#4 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:34 PM

Posted 12 November 2016 - 06:30 PM

Open AdwCleaner. Click on Uninstall. That will remove AdwCleaner and whatever it found to delete previously.

 

Were you able to permanently delete the files that Avira had placed in quarantine? If so, does MSE still find the same file?

 

You need to do some updating and uninstalling of some programs.

 

Uninstall These Programs:

Adobe AIR

Adobe Flash Player 13 ActiveX v.13.0.0.214 (use instructions and the Uninstaller at Uninstall Flash Player for Windows)

Adobe Flash Player 20

QuickTime

 

Update These programs:

Adobe Reader 9.0.1 (Uninstall if you don't use it...Firefox has its own built in PDF reader. )

Google Chrome v.54.0.2840.71

Mozilla Firefox 34.0.5

Adobe Flash Player 20 (For Firefox...click on Tools > Addons > Plugins > Click check for updates)


Edited by buddy215, 12 November 2016 - 06:33 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Eszy

Eszy
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:03:34 AM

Posted 12 November 2016 - 07:04 PM

Thanks again for your reply! Uninstalling AdwCleaner deleted the folders as well, as you told. I uninstalled and updated all the programs you mentioned.

 

Avira quarantine is empty but MSE still finds the same file, with the same code and same location.



#6 Eszy

Eszy
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:03:34 AM

Posted 12 November 2016 - 07:09 PM

Right after I replied I wanted to delete the file from MSE quarantine, but now it gives an error (that's new). Translated from Dutch it says: Some deteced threats can not be removed. The RPC-server isn't available. 

 

It has the following error code: 0x800706ba

 

Pressing the Help button only directs me to a page with basic information about MSE. 

 

Trying again gives the same response, I can't delete the file from quarantine.



#7 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:34 PM

Posted 12 November 2016 - 07:32 PM

I think this is a false positive. Are you using the Free version of Avira or the paid version?

 

Can you tell MSE to ignore that file?

 

Try one more scan.

 

  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it
  • This time, click on Logs
  • From there, go under the Quarantine Log tab, and click on the Export button
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Eszy

Eszy
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:03:34 AM

Posted 13 November 2016 - 07:13 AM

I'm using the free version of Avira. 

 

In MSE there's a button to allow the file, so it appears I can tell it to ignore the file. This morning I tried to delete it again and this time it worked. The RPC-server error code must have been a temporary thing.

Is there a way to be sure it's a false positive? Do you know if there'se maybe some list of detected files by MSE and a list of installed updates? Maybe I will be able to find out if the file started to get detected right after an update or something like that. Or maybe after an Avira update.

 

I used the Emisoft malware scan. It didn't find anything. 

 

This is the log I got after using the scan:

 

Emsisoft Emergency Kit - Versie 11.9
Laatste Update: 13-11-2016 12:38:54
Gebruikersaccount: Esther-PC\Esther
Computer name: ESTHER-PC
OS version: Windows 7x64 Service Pack 1
 
Scaninstellingen:
 
Scanmodus: Malware Scan
Objecten: Rootkits, Geheugen, Sporen, Bestanden
 
Detecteer PUPs: Aan
Scan archieven: Uit
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit
 
Scan gestart: 13-11-2016 12:39:26
 
Gescand: 87375
Gevonden: 0
 
Scan geëindigd: 13-11-2016 13:04:35
Scantijd: 0:25:09


#9 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:34 PM

Posted 13 November 2016 - 07:25 AM

I did try to find more info on what MSE was identifying....nothing useful was found...you probably did the same. If after doing the below

and following my suggestions using the lists from CCleaner and MSE still finds that file...there is another option for a more thorough look that I will ask you to take.

 

Okay...since it is the free version...then do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Eszy

Eszy
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:03:34 AM

Posted 13 November 2016 - 08:21 AM

Windows Startups:

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\Esther\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run f.lux Flux Software LLC "C:\Users\Esther\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
Yes HKCU:Run Google Update Google Inc. "C:\Users\Esther\AppData\Local\Google\Update\GoogleUpdate.exe" /c
No HKCU:Run Spotify Spotify Ltd "C:\Users\Esther\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Esther\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:Run Workrave The Workrave development team C:\Program Files (x86)\Workrave\lib\workrave.exe
Yes HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
No HKLM:Run Adobe Reader Speed Launcher "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
No HKLM:Run ADSMTray ASUSTek Computer Inc. C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
No HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
No HKLM:Run ASUS Screen Saver Protector ASUS C:\Windows\AsScrPro.exe
Yes HKLM:Run ATKMEDIA ASUS C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
Yes HKLM:Run avgnt Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
Yes HKLM:Run Avira SystrayStartTrigger Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
Yes HKLM:Run ETDCtrl ELAN Microelectronic Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
Yes HKLM:Run ETDWare ELAN Microelectronic Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
Yes HKLM:Run HControlUser ASUS C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
No HKLM:Run HTC Sync Loader "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
No HKLM:Run IJNetworkScannerSelectorEX CANON INC. C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run MacroKeyManager WTMKM.exe
Yes HKLM:Run Malwarebytes' Anti-Malware Malwarebytes Corporation "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Yes HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
No HKLM:Run NBAgent Nero AG "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
No HKLM:Run QuickTime Task "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run SmartAudio Conexant Systems, Inc. C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
No HKLM:Run VirtualCloneDrive Elaborate Bytes AG "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
Yes HKLM:Run Wireless Console 3 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
Yes Startup Common FancyStart daemon.lnk C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
Yes Startup Common SRS Premium Sound.lnk Acresso Software Inc. C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
No Startup User EvernoteClipper.lnk C:\PROGRA~2\Evernote\Evernote\EVERNO~2.EXE 
 
Scheduled tasks:
 
Yes Task ACMON ATK C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task ASPG ASUS C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
Yes Task ASUS Live Update ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
Yes Task ASUS P4G ATK C:\Program Files\P4G\BatteryLife.exe
Yes Task ASUS SmartLogon Console Sensor ASUS C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
Yes Task ASUSControlDeck asus C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
Yes Task ATKOSD2 ASUS "C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
Yes Task Avira Browser Safety Updater Task Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe"
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DropboxUpdateTaskUserS-1-5-21-4145153186-13887760-1831717603-1000Core Dropbox, Inc. C:\Users\Esther\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-4145153186-13887760-1831717603-1000UA Dropbox, Inc. C:\Users\Esther\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task G2MUpdateTask-S-1-5-21-4145153186-13887760-1831717603-1000 Citrix Online, a division of Citrix Systems, Inc. C:\Users\Esther\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe
Yes Task G2MUploadTask-S-1-5-21-4145153186-13887760-1831717603-1000 Citrix Online, a division of Citrix Systems, Inc. C:\Users\Esther\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-4145153186-13887760-1831717603-1000Core Google Inc. C:\Users\Esther\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-4145153186-13887760-1831717603-1000UA Google Inc. C:\Users\Esther\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Launch HTC Sync Loader C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup
Yes Task SkypeAutoUpdate C:\Users\Esther\AppData\Roaming\Skype\download.exe /VERYSILENT /AFFID000046
Yes Task SkypeUpdater C:\Users\Esther\AppData\Roaming\Skype\download.exe /VERYSILENT /AFFID000046
Yes Task {1AE36DB6-D4D6-43E4-A044-727D77B765AC} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\Sims3EP01Setup.exe" -c -runfromtemp -l0x0013 -removeonly
Yes Task {60C95A08-A08D-4A8E-9C9C-0ACE20222DAC} Google Inc. "c:\users\esther\appdata\local\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.5.85.102/nl/abandoninstall?page=tsProgressBar
Yes Task {8CB9B7C2-11DE-4549-9342-B882B35F7325} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "H:\Nieuwe Sims 3\The Sims 3 - World Adventures\# Crack\Crack 3\Sims3_1.2.7.00002_from_1.0.631.00002.exe" -d "H:\Nieuwe Sims 3\The Sims 3 - World Adventures\# Crack\Crack 3"
Yes Task {A188E5BC-D5F8-468E-B9EC-2C0C1643A488} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\VIRTUA~1\UNWISE.EXE -c C:\PROGRA~2\VIRTUA~1\INSTALL.LOG
Yes Task {CD05DBB8-C32A-44DA-B24F-E8EC4F74F78F} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "H:\Nieuwe Sims 3\The sims 3 - Island Paradise\Sims3EP10Setup.exe" -d "H:\Nieuwe Sims 3\The sims 3 - Island Paradise"
 

List of all programs installed:

 

Acrobat.com Adobe Systems Incorporated 18-1-2012 1,58 MB 1.1.377
Add or Remove Adobe Creative Suite 3 Master Collection Adobe Systems Incorporated 10-2-2012 5,19 GB 1.0
Adobe Acrobat Reader DC - Nederlands Adobe Systems Incorporated 13-11-2016 212 MB 15.020.20042
Adobe Photoshop Lightroom 3.6 64-bit Adobe 10-2-2012 341 MB 3.6.1
Amazon Kindle Amazon 1-3-2015
Apple Application Support (32-bit) Apple Inc. 25-6-2016 117 MB 4.3.1
Apple Application Support (64-bit) Apple Inc. 25-6-2016 131 MB 4.3.1
Apple Mobile Device Support Apple Inc. 25-6-2016 28,3 MB 9.3.0.15
Apple Software Update Apple Inc. 25-6-2016 2,69 MB 2.2.0.150
ASUS AI Recovery ASUS 29-3-2012 9,10 MB 1.0.24
ASUS CopyProtect ASUS 18-1-2012 3,62 MB 1.0.0015
ASUS Data Security Manager ASUS 18-1-2012 15,1 MB 1.00.0014
ASUS FancyStart ASUSTeK Computer Inc. 18-1-2012 12,0 MB 1.0.8
ASUS LifeFrame3 ASUS 18-1-2012 27,7 MB 3.0.20
ASUS Live Update ASUS 19-1-2012 2.5.9
ASUS MultiFrame ASUS 19-1-2012 1.0.0021
ASUS Power4Gear Hybrid ASUS 18-1-2012 12,2 MB 1.1.37
ASUS SmartLogon ASUS 18-1-2012 10,9 MB 1.0.0008
ASUS Splendid Video Enhancement Technology ASUS 18-1-2012 24,4 MB 1.02.0028
ASUS Virtual Camera asus 18-1-2012 3,12 MB 1.0.20
ATK Package ASUS 18-1-2012 12,3 MB 1.0.0006
Avira Antivirus Avira Operations GmbH & Co. KG 2-11-2016 317 MB 15.0.23.58
Avira Browser Safety Avira Operations GmbH & Co KG 20-4-2016 11,2 MB 1.4.5.509
Avira Launcher Avira Operations GmbH & Co. KG 19-9-2016 12,5 MB 1.2.71.9779
Bonjour Apple Inc. 25-6-2016 2,05 MB 3.1.0.1
Canon IJ Network Scanner Selector EX ‪Canon Inc.‬ 24-8-2014
Canon IJ Network Tool Canon Inc. 24-8-2014 3.1.0
Canon IJ Scan Utility ‪Canon Inc.‬ 24-8-2014
Canon MG4200 series MP Drivers Canon Inc. 24-8-2014 1.01
Canon My Printer Canon Inc. 24-8-2014 3.0.0
CCleaner Piriform 12-11-2016 5.23
Citrix Online Launcher Citrix 11-11-2016 276 KB 1.0.445
Conexant HD Audio Conexant 19-1-2012 4.111.0.63
ControlDeck ASUS 18-1-2012 1,81 MB 1.0.8
CopyTrans Suite Alleen Verwijderen WindSolutions 7-11-2015 4.004
De Sims™ 3 Electronic Arts 17-1-2015 1.67.2
De Sims™ 3 Ambities Electronic Arts 17-1-2015 4.0.87
De Sims™ 3 Beestenbende Electronic Arts 18-1-2015 10.0.96
De Sims™ 3 Buitenleven Accessoires Electronic Arts 18-1-2015 7.0.55
De Sims™ 3 Diesel Accessoires Electronic Arts 17-1-2015 14.0.48
De Sims™ 3 Exotisch Eiland Electronic Arts 18-1-2015 19.0.101
De Sims™ 3 Levensweg Electronic Arts 17-1-2015 8.0.152
De Sims™ 3 Na Middernacht Electronic Arts 17-1-2015 6.0.81
De Sims™ 3 Slaap- en badkamer Accessoires Electronic Arts 18-1-2015 11.0.84
De Sims™ 3 Supersnelle Accessoires Electronic Arts 17-1-2015 5.8.1
Dr. Langeskov, The Tiger, and The Terribly Cursed Emerald: A Whirlwind Heist Crows Crows Crows 12-3-2016
Dropbox Dropbox, Inc. 10-11-2016 14.4.19
ETDWare PS/2-x64 7.0.5.16_WHQL ELAN Microelectronics Corp. 27-6-2016 7.0.5.16
f.lux 7-6-2014
Fast Boot ASUS 18-1-2012 1,46 MB 1.0.6
Gebruikersregistratie voor Canon MG4200 series Canon Inc.‎ 24-8-2014
Google Chrome Google Inc. 10-2-2012 54.0.2840.99
Google Drive Google, Inc. 3-11-2016 35,5 MB 1.32.3592.6117
Google Earth Google 30-10-2016 178 MB 7.1.7.2606
Google Update Helper 18-1-2012
GoToMeeting 7.26.0.5808 CitrixOnline 11-11-2016 7.26.0.5808
HTC BMP USB Driver HTC 4-10-2015 284 KB 1.0.5375
HTC Driver Installer Uw bedrijfsnaam 4-10-2015 2,66 MB 4.5.0.001
Intel® Control Center Intel Corporation 18-1-2012 1.2.1.1007
Intel® Management Engine Components Intel Corporation 18-1-2012 6.0.0.1179
Intel® Processor Graphics Intel Corporation 9-7-2015 8.15.10.2993
Intel® Driver Update Utility Intel 8-7-2015 6,91 MB 2.0.0.29
IPTInstaller HTC 4-10-2015 300 KB 4.0.8
iTunes Apple Inc. 25-6-2016 215 MB 12.4.1.6
Jasc Paint Shop Pro 9 Jasc Software Inc 27-10-2012 197 MB 9.01.0000
JMicron Ethernet Adapter NDIS Driver JMicron Technology Corp. 19-1-2012 6.0.17.1
JMicron Flash Media Controller Driver JMicron Technology Corp. 19-1-2012 1.0.33.2
MacroKey Manager 9-12-2013
Microsoft .NET Framework 4.5.2 Microsoft Corporation 14-1-2015 38,8 MB 4.5.51209
Microsoft .NET Framework 4.5.2 (Nederlands) Microsoft Corporation 25-2-2015 2,93 MB 4.5.51209
Microsoft Access Runtime 2010 Microsoft Corporation 15-5-2014 14.0.7015.1000
Microsoft Office Enterprise 2007 Microsoft Corporation 12-2-2012 12.0.6612.1000
Microsoft Office File Validation Add-In Microsoft Corporation 13-5-2014 10,9 MB 14.0.5130.5003
Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 12-2-2012 7,71 MB 8.0.50727.42
Microsoft Security Essentials Microsoft Corporation 4-3-2016 4.9.218.0
Microsoft SQL Server Native Client Microsoft Corporation 15-5-2014 5,81 MB 9.00.4035.00
Microsoft SQL Server VSS Writer Microsoft Corporation 15-5-2014 1,10 MB 9.00.4035.00
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 13-2-2012 300 KB 8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 12-2-2012 700 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 18-4-2012 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 19-4-2012 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 8-7-2015 1,41 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12-2-2012 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 12-2-2012 596 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 13-2-2012 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 12-3-2016 13,8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 12-3-2016 15,0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Corporation 18-1-2016 20,5 MB 11.0.60610.1
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 19-8-2016 20,5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 19-8-2016 17,1 MB 12.0.30501.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 12-2-2015 10.0.50903
Microsoft WSE 3.0 Runtime Microsoft Corp. 19-2-2012 942 KB 3.0.5305.0
Move or Die Those Awesome Guys 7-10-2016
Mozilla Firefox 49.0.2 (x86 nl) Mozilla 13-11-2016 162 MB 49.0.2
Mozilla Maintenance Service Mozilla 16-1-2015 326 KB 34.0.5
MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 12-7-2012 1,53 MB 4.30.2114.0
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 10-1-2013 1,54 MB 4.30.2117.0
MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 18-1-2012 1,53 MB 4.30.2107.0
Nero BackItUp 10 Nero AG 12-2-2012 107 MB 5.4.11600.19.100
Nero Burning ROM 10 Nero AG 12-2-2012 162 MB 10.0.11100.10.100
Nero BurnRights 10 Nero AG 12-2-2012 6,41 MB 4.0.11000.12.100
Nero CoverDesigner 10 Nero AG 12-2-2012 77,0 MB 5.0.10900.11.100
Nero DiscSpeed 10 Nero AG 12-2-2012 7,47 MB 6.0.10800.7.100
Nero Express 10 Nero AG 12-2-2012 159 MB 10.0.11000.10.100
Nero InfoTool 10 Nero AG 12-2-2012 8,35 MB 7.0.10800.8.100
Nero MediaHub 10 Nero AG 12-2-2012 157 MB 1.0.13400.11.100
Nero Multimedia Suite 10 Nero AG 12-2-2012 1,30 GB 10.0.13100
Nero Recode 10 Nero AG 12-2-2012 80,0 MB 4.6.10900.4.100
Nero RescueAgent 10 Nero AG 12-2-2012 6,82 MB 3.0.10900.9.100
Nero SoundTrax 10 Nero AG 12-2-2012 95,6 MB 4.6.10600.2.100
Nero StartSmart 10 Nero AG 12-2-2012 108 MB 10.0.11200.12.100
Nero Update Nero AG 12-2-2012 1,41 MB 1.0.0017
Nero Vision 10 Nero AG 12-2-2012 214 MB 7.0.11100.8.100
Nero WaveEditor 10 Nero AG 12-2-2012 76,6 MB 5.6.10600.2.100
OpenAL 13-8-2012
Origin Electronic Arts, Inc. 20-7-2013 9.2.1.4399
Roller Coaster Tycoon 3 Platinum  - CarlesNeo ! 26-8-2012
Serif WebPlus X6 Serif (Europe) Ltd 23-12-2014 499 MB 14.0.3.27
Spooky's Jump Scare Mansion Lag Studios 10-10-2016
Spotify Spotify AB 24-10-2016 1.0.39.157.g674ae377
SRS Premium Sound Control Panel SRS Labs, Inc. 18-1-2012 1,82 MB 1.8.5700
Steam Valve Corporation 15-8-2012 1,59 MB 1.0.0.0
System Requirements Lab for Intel Husdawg, LLC 9-6-2014 1,12 MB 4.5.24.0
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD Microsoft Corporation 12-2-2015 10.0.50903
USB 2.0 1.3M UVC WebCam 19-1-2012
VirtualCloneDrive Elaborate Bytes 9-2-2012
VLC media player VideoLAN 7-5-2016 2.2.3
WD Drive Utilities Western Digital Technologies, Inc. 25-8-2015 13,6 MB 1.0.6.3
Windows Live - Hulpprogramma voor uploaden Microsoft Corporation 3-12-2012 224 KB 14.0.8014.1029
Windows Live aanmeldhulp Microsoft Corporation 3-12-2012 1,93 MB 5.000.818.5
Windows Live Essentials Microsoft Corporation 3-12-2012 14.0.8117.0416
WinFlash ASUS 18-1-2012 852 KB 2.30.3
WinPcap 4.1.2 CACE Technologies 13-8-2016 4.1.0.2001
WinRAR 4.00 (64-bit) win.rar GmbH 9-2-2012 4.00.0
Wireless Console 3 ASUS 18-1-2012 2,43 MB 3.0.18


#11 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:34 PM

Posted 13 November 2016 - 09:48 AM

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task ASUS Live Update ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

Yes Task Avira Browser Safety Updater Task Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe"

Yes Task DropboxUpdateTaskUserS-1-5-21-4145153186-13887760-1831717603-1000Core Dropbox, Inc. C:\Users\Esther\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-4145153186-13887760-1831717603-1000UA Dropbox, Inc. C:\Users\Esther\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task G2MUpdateTask-S-1-5-21-4145153186-13887760-1831717603-1000 Citrix Online, a division of Citrix Systems, Inc. C:\Users\Esther\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe
Yes Task G2MUploadTask-S-1-5-21-4145153186-13887760-1831717603-1000 Citrix Online, a division of Citrix Systems, Inc. C:\Users\Esther\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-4145153186-13887760-1831717603-1000Core Google Inc. C:\Users\Esther\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-4145153186-13887760-1831717603-1000UA Google Inc. C:\Users\Esther\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task SkypeAutoUpdate C:\Users\Esther\AppData\Roaming\Skype\download.exe /VERYSILENT /AFFID000046
Yes Task SkypeUpdater C:\Users\Esther\AppData\Roaming\Skype\download.exe /VERYSILENT /AFFID000046
Yes Task {1AE36DB6-D4D6-43E4-A044-727D77B765AC} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\Sims3EP01Setup.exe" -c -runfromtemp -l0x0013 -removeonly
Yes Task {60C95A08-A08D-4A8E-9C9C-0ACE20222DAC} Google Inc. "c:\users\esther\appdata\local\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.5.85.102/nl/abandoninstall?page=tsProgressBar
Yes Task {8CB9B7C2-11DE-4549-9342-B882B35F7325} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "H:\Nieuwe Sims 3\The Sims 3 - World Adventures\# Crack\Crack 3\Sims3_1.2.7.00002_from_1.0.631.00002.exe" -d "H:\Nieuwe Sims 3\The Sims 3 - World Adventures\# Crack\Crack 3"
Yes Task {A188E5BC-D5F8-468E-B9EC-2C0C1643A488} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\VIRTUA~1\UNWISE.EXE -c C:\PROGRA~2\VIRTUA~1\INSTALL.LOG
Yes Task {CD05DBB8-C32A-44DA-B24F-E8EC4F74F78F} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "H:\Nieuwe Sims 3\The sims 3 - Island Paradise\Sims3EP10Setup.exe" -d "H:\Nieuwe Sims 3\The sims 3 - Island Paradise"
 
Uninstall these programs:
Avira Browser Safety Avira Operations GmbH & Co KG 20-4-2016 11,2 MB 1.4.5.509
Google Update Helper 18-1-2012
 
After doing the above and rebooting....tell me if MSE still complains
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 Eszy

Eszy
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:03:34 AM

Posted 13 November 2016 - 02:36 PM

I did all the things you mentioned. MSE is still complaining.

 

When MSE detected the file I took a look at the folder the file was in and I noticed the folder disappeared when Avira was done with the quick scan.



#13 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:34 PM

Posted 13 November 2016 - 02:49 PM

It's a false positive....tell MSE to ignore it. But if you want a second opinion on that then follow the instructions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 Eszy

Eszy
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:03:34 AM

Posted 13 November 2016 - 03:35 PM

Thanks for all your help, I really appreciate it! I don't think I'll ask for a second opinion because I'm also convinced it's a false positive.

 

This topic can be closed.



#15 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:34 PM

Posted 13 November 2016 - 05:52 PM

You are welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users