Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I found three suspicious startup scheduled tasks found on CCleaner


  • Please log in to reply
8 replies to this topic

#1 Riddling

Riddling

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:01:57 PM

Posted 19 December 2016 - 07:48 AM

Hi all, I'm running Windows 7 64-bit operating system and I found three quite suspicious looking startup scheduled tasks on CCleaner and I have no idea what they are... One of them is called "NotABug" I assume its malware of some sort so I disabled it, it's executable file is even called "hack_setup.exe" but the other two are completely unknown to me, one of the program is called "Oromsuxaura" and its executable is "eksooemg.exe" and the other one is "KTRREKF" and its executable is too long to read out. They are all located in "C:/ProgramData", I am now extremely concerned and scared about rebooting my computer so please help me out and tell me what to do to remove them. Also if you guys can offer advice on which free anti-malware I should use that would be greatly appreciated. Thanks in Advance.


Edited by Riddling, 19 December 2016 - 07:55 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:57 AM

Posted 20 December 2016 - 07:33 AM

Welcome to BC...

 

Use the programs below to remove adware and to remove malware.

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Riddling

Riddling
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:01:57 PM

Posted 21 December 2016 - 03:54 AM

Hi buddy215. Thank for they reply.

 

Here are the logs from Malwarebytes, Adwcleaner and ESET. The Junkware Removal Tool looks a bit too advanced for me and I don't feel comfortable with turning off my protection.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 21/12/2016
Scan Time: 10:57
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.12.21.01
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Justin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356672
Time Elapsed: 1 hr, 21 min, 51 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner v6.041 - Logfile created 20/12/2016 at 13:30:19
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-19.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Justin - JUSTIN-STINKY
# Running from : C:\Users\Justin\Downloads\adwcleaner_6.041.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\{cf0a20a5-8286-2316-cf0a-a20a58288296}
[-] Folder deleted: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[-] Folder deleted: C:\sh4ldr
[-] Folder deleted: C:\ProgramData\cheap-o
[-] Folder deleted: C:\ProgramData\ParetoLogic
[-] Folder deleted: C:\ProgramData\SecTaskMan
[#] Folder deleted on reboot: C:\ProgramData\Application Data\cheap-o
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ParetoLogic
[#] Folder deleted on reboot: C:\ProgramData\Application Data\SecTaskMan
[-] Folder deleted: C:\Program Files (x86)\TerminusSubs
[-] Folder deleted: C:\Program Files (x86)\Common Files\ParetoLogic
[-] Folder deleted: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl
 
 
***** [ Files ] *****
 
[!] File not deleted: C:\Program Files (x86)\prefs.js
[!] File not deleted: C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\9k74m1pt.default\invalidprefs.js
[!] File not deleted: C:\Program Files (x86)\Mozilla Firefox\cfg
[!] File not deleted: C:\Program Files (x86)\Mozilla Firefox\cfg
[!] File not deleted: C:\Program Files (x86)\Mozilla Firefox\cfg
[!] File not deleted: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: paretologic registration3
[-] Task deleted: paretologic update version3
[-] Task deleted: ParetoLogic Update Version3 Startup Task
[-] Task deleted: ParetoLogic Registration3
[-] Task deleted: ParetoLogic Update Version3
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\2e20953f-c001-0f75-fd33-e8a2055b312b
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService
[-] Key deleted: HKLM\SOFTWARE\Classes\uus3url-pl
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\uus3url-pl
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{56AD7EEE-D6C0-410E-8A7B-811DEA764554}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{E8EB2F1F-661E-4A7F-8F9A-77DEB757A906}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{AF85DB83-06F2-4ECF-97CF-C46EDB06BE29}
[-] Key deleted: HKCU\Software\Classes\CLSID\{E4B02201-EA08-35F8-DE8D-19BB02BBFA9D}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Key deleted: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key deleted: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key deleted: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key deleted: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12202016014541242\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key deleted: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12202016020340426\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key deleted: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key deleted: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key deleted: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000\Software\Kromtech
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000\Software\ParetoLogic
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-821353271-122973869-2866904119-1000\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-821353271-122973869-2866904119-1000\Software\ShopperPro
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-821353271-122973869-2866904119-1000\Software\shopperz
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Kromtech
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\ParetoLogic
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Kromtech
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\ParetoLogic
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12202016014541627\Software\Kromtech
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12202016014541627\Software\ParetoLogic
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12202016020345745\Software\Kromtech
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12202016020345745\Software\ParetoLogic
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Kromtech
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\ParetoLogic
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Kromtech
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\ParetoLogic
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Software\Kromtech
[-] Key deleted: HKU\S-1-5-21-821353271-122973869-2866904119-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Software\ParetoLogic
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[#] Key deleted on reboot: HKCU\Software\Kromtech
[#] Key deleted on reboot: HKCU\Software\ParetoLogic
[#] Key deleted on reboot: HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz
[-] Key deleted: HKLM\SOFTWARE\ParetoLogic
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-821353271-122973869-2866904119-1000\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-821353271-122973869-2866904119-1000\Software\ShopperPro
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-821353271-122973869-2866904119-1000\Software\shopperz
[#] Key deleted on reboot: [x64] HKCU\Software\Kromtech
[#] Key deleted on reboot: [x64] HKCU\Software\ParetoLogic
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key deleted: [x64] HKLM\SOFTWARE\Kromtech
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] 
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\mseff32.DLL
 
 
***** [ Web browsers ] *****
 
[!] [uk.ask.com] [Search ProviderWeb data] not deleted: 
[-] [C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www.omniboxes.com/?type=hp&ts=1448767987&z=c2c42b017631261723db8c4g6z8z1bdm5q0m3t1b2m&from=amt&uid=samsungxhd103uj_s13pj1ks708104
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [10272 Bytes] - [20/12/2016 13:30:19]
C:\AdwCleaner\AdwCleaner[S0].txt - [7984 Bytes] - [19/12/2016 22:28:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [10064 Bytes] - [20/12/2016 13:17:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10493 Bytes] ##########
 
C:\ProgramData\ibkcmelkookocohljcfcplocejjpannb\lt.js JS/Kryptik.ATP trojan
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\obkodmijdkfbpmocfkfpgiodjphhmcka\3.0\mY.js JS/Kryptik.ATP trojan
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\obkodmijdkfbpmocfkfpgiodjphhmcka\3.0\mY.js JS/Kryptik.ATP trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\obkodmijdkfbpmocfkfpgiodjphhmcka\3.0\mY.js JS/Kryptik.ATP trojan
C:\Users\All Users\ibkcmelkookocohljcfcplocejjpannb\lt.js JS/Kryptik.ATP trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\obkodmijdkfbpmocfkfpgiodjphhmcka\3.0\mY.js JS/Kryptik.ATP trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\obkodmijdkfbpmocfkfpgiodjphhmcka\3.0\mY.js JS/Kryptik.ATP trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\obkodmijdkfbpmocfkfpgiodjphhmcka\3.0\mY.js JS/Kryptik.ATP trojan
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\obkodmijdkfbpmocfkfpgiodjphhmcka\3.0\mY.js JS/Kryptik.ATP trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\obkodmijdkfbpmocfkfpgiodjphhmcka\3.0\mY.js JS/Kryptik.ATP trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\obkodmijdkfbpmocfkfpgiodjphhmcka\3.0\mY.js JS/Kryptik.ATP trojan
C:\Users\Justin\AppData\Local\Mozilla\Firefox\Profiles\9k74m1pt.default\cache2\entries\28CB9DA3EDDFE3552174C88D00D9FA194AD94451 JS/Lightning.A potentially unwanted application


#4 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:57 AM

Posted 21 December 2016 - 06:10 AM

The Eset scan doesn't show you chose to quarantine/ delete what it found. If you did not choose to delete those you will need to

run Eset again per instructions.....Under scan settings, check "Scan Archives" and "Remove found threats"

 

There were 4 items in Firefox and one in Google Chrome that AdwCleaner did not delete. If that was not your decision to

delete them....then please rerun AdwCleaner. Be sure that both browsers are shut down before scanning with AdwCleaner.

 

It is safe to shut down your antivirus for the few minutes it takes for JRT to run. JRT is owned by the same company that owns MBAM and AdwCleaner.

You can run JRT from safe mode if you still choose not to in regular mode after shutting down your antivirus program.

 

Once the above is completed and you have posted the results...please do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Riddling

Riddling
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:01:57 PM

Posted 21 December 2016 - 10:46 AM

Hi, I deleted all the things that I found in the ESET scan.

 

Here are the logs for JRT and adwcleaner:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Justin (Administrator) on 21/12/2016 at 23:15:54.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
File System: 55 
 
Failed to delete: C:\Users\Justin\AppData\Local\crashrpt (Folder) 
Failed to delete: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6PNQSRJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Program Files (x86)\prefs.js (File) 
Successfully deleted: C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf (Folder) 
Successfully deleted: C:\ProgramData\1e27b5e4a2e5400d84b2fbab2b4f3b3f (Folder) 
Successfully deleted: C:\ProgramData\bledfeeaolefobgacalonbmabmmnihjn (Folder) 
Successfully deleted: C:\ProgramData\ibkcmelkookocohljcfcplocejjpannb (Folder) 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\ProgramData\t122078ed (Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage (File) 
Successfully deleted: C:\Users\Justin\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\9k74m1pt.default\Invalidprefs.js (File) 
Successfully deleted: C:\Windows\system32\Tasks\EHNQU1 (Task)
Successfully deleted: C:\Windows\Tasks\EHNQU1.job (Task) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1357WY1I (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43ZF5QSX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LVO46QS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5O1R5IEX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FM07FQI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IPURVC8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AVDGX6PS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXCPKBHB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K1NZ88FH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5EIR89S (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QC86J4M5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V539V6TS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDZ8A1IU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEPNXLYI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF5JGZZU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin\AppData\Roaming\appdataFr25.bin (File) 
Successfully deleted: C:\Users\Justin\AppData\Roaming\appdataFr3.bin (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1357WY1I (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43ZF5QSX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LVO46QS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5O1R5IEX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FM07FQI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IPURVC8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AVDGX6PS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXCPKBHB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K1NZ88FH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5EIR89S (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QC86J4M5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6PNQSRJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V539V6TS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDZ8A1IU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEPNXLYI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF5JGZZU (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_4F1741AA94B53D7A1E654D7E62AB0815 (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/12/2016 at 23:20:02.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v6.041 - Logfile created 21/12/2016 at 23:29:22
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-21.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Justin - JUSTIN-STINKY
# Running from : C:\Users\Justin\Downloads\adwcleaner_6.041.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\cfg
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\cfg
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\cfg
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[!] [uk.ask.com] [Search ProviderWeb data] not deleted: 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [10617 Bytes] - [20/12/2016 13:30:19]
C:\AdwCleaner\AdwCleaner[C2].txt - [1097 Bytes] - [21/12/2016 23:29:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [7984 Bytes] - [19/12/2016 22:28:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [10064 Bytes] - [20/12/2016 13:17:53]
C:\AdwCleaner\AdwCleaner[S2].txt - [1898 Bytes] - [20/12/2016 13:49:20]
C:\AdwCleaner\AdwCleaner[S3].txt - [1915 Bytes] - [21/12/2016 10:53:02]
C:\AdwCleaner\AdwCleaner[S4].txt - [2044 Bytes] - [21/12/2016 19:43:26]
C:\AdwCleaner\AdwCleaner[S5].txt - [2117 Bytes] - [21/12/2016 23:10:03]
C:\AdwCleaner\AdwCleaner[S6].txt - [1885 Bytes] - [21/12/2016 23:27:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1682 Bytes] ##########
 
 
Here are the Scheduled Tasks from CCleaner:
Yes Task AdobeAAMUpdater-1.0-Justin-Stinky-Justin Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GyazoUpdateTaskMachine Nota Inc. "C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"
Yes Task GyazoUpdateTaskMachineDaily Nota Inc. "C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"
Yes Task KTRREKF "C:\ProgramData\1e27b5e4a2e5400d84b2fbab2b4f3b3f\1e27b5e4a2e5400d84b2fbab2b4f3b3f.exe"
No Task NotABug c:\programdata\{cf0a20a5-8286-2316-cf0a-a20a58288296}\hack_setup.exe-1436083590288.exe --startup=1 --single
Yes Task Oromsuxaura "C:\ProgramData\Oromsuxaura\1.0.1.0\eksooemg.exe" "/e=L3A9MTg0OTAxXi91PTE2YTg0YjQ2ZWJmNDQ1NzI4OGY3ODgzMjU5ZmYwYmRkXi9kPXpvbWJpZW5ld3NhcHAuY29tXi9uPVpNQk5eL2E9Wm9tYmllTmV3c14vdA=="
Yes Task {211D3B0E-CB70-4E0A-A857-409ABE23D595} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Justin\AppData\Roaming\luckysearches\UninstallManager.exe -c  -ptid=cmi
Yes Task {38AB9EFE-1460-4A91-9BEE-64F88C7A2449} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Justin\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.25.0\dsrsetup.exe" -c /uninstl
Yes Task {9E022BDE-412B-407A-B708-0757EE5CEFC9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Justin\Desktop\New folder\AutoRun.exe" -d "C:\Users\Justin\Desktop\New folder"
 
Here are the Windows Startups from CCleaner:
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run Dxtory Update Checker 2.0 C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe
Yes HKCU:Run Gyazo Nota Inc. C:\Program Files (x86)\Gyazo\GyStation.exe
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Yes HKLM:Run Adobe Creative Cloud Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run avgnt Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
Yes HKLM:Run Avira SystrayStartTrigger Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
No HKLM:Run Discord Hammer & Chisel, Inc. C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall
Yes HKLM:Run HDAudDeck VIA C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run LogMeIn Hamachi Ui LogMeIn Inc. "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
Yes HKLM:Run Malwarebytes TrayApp Malwarebytes C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
Yes HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes HKLM:Run SQ931VSTI C:\Windows\SQ931VSTI.EXE
Yes HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Yes HKLM:Run VizzedRgrPluginServiceLoader "C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\VizzedRgrServiceLoader.exe"
Yes Startup Common Secunia PSI Tray.lnk Secunia C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
Yes Startup Common Wireless Connection Manager.lnk D-Link Corp. C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe
No Startup User optimizerpro_soft_partner.lnk C:\ProgramData\{9ff90cb3-2f11-26ed-9ff9-90cb32f132cc}\optimizerpro_soft_partner.exe /startup
 
Here are the Uninstall list from CCleaner:
7-Zip 9.20 (x64 edition) Igor Pavlov 30/08/2014 4.53 MB 9.20.00.0
7-Zip 9.38 beta
Adobe After Effects CC 2015 Adobe Systems Incorporated 13.5.0
Adobe Creative Cloud Adobe Systems Incorporated 3.4.1.181
Adobe Media Encoder CC 2015 Adobe Systems Incorporated 9.0.0
Adobe Photoshop CC 2014 Adobe Systems Incorporated 15.2.2
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 30/08/2014 26.3 MB 8.0.881.0
Apple Application Support (32-bit) Apple Inc. 07/11/2016 127 MB 5.1
Apple Application Support (64-bit) Apple Inc. 07/11/2016 142 MB 5.1
Apple Mobile Device Support Apple Inc. 07/11/2016 27.3 MB 10.0.1.3
Apple Software Update Apple Inc. 07/11/2016 2.69 MB 2.2.0.150
Assassin's Creed IV Black Flag Ubisoft
Avira Antivirus Avira Operations GmbH & Co. KG 15.0.24.146
Avira Connect Avira Operations GmbH & Co. KG 18/12/2016 1.2.77.16824
Batman: Arkham Asylum Eidos Interactive Limited 07/10/2014 1.0.0.0
Battlefield 3™ Electronic Arts 1.0.0.0
Bonjour Apple Inc. 07/11/2016 2.05 MB 3.1.0.1
Call of Duty: Modern Warfare 2 Infinity Ward
Camtasia Studio 8 TechSmith Corporation 20/12/2015 399 MB 8.6.0.2054
CCleaner Piriform 5.13
Comic Life 3 plasq LLC 18/06/2015 171 MB 3.1.0.31767
Counter-Strike Nexon: Zombies Nexon
CycoreFX HD 1.6.1 for After Effects
D-Link DWA-131 Wireless N Nano USB Adapter D-Link 31/08/2014 1
Emily is Away Kyle Seeley
Family Guy™: Back to the Multiverse Heavy Iron Studios
Far Cry Ubisoft 09/12/2014 1.00.0000
FileZilla Client 3.10.0.2 Tim Kosse 3.10.0.2
Football Manager 2016 Demo SEGA
Football Manager 2016 Editor
Fraps (remove only)
Garry's Mod Facepunch Studios
Google Chrome Google Inc. 02/03/2015 55.0.2883.87
Google Earth Google 15/10/2016 178 MB 7.1.7.2606
HandBrake 0.10.1 0.10.1
Harry Potter and the Deathly Hallows™ - Part 2 Electronic Arts 29/11/2015 1.0.0.0
HP Photosmart 6520 series Basic Device Software Hewlett-Packard Co. 13/09/2014 128 MB 28.0.1315.0
iTunes Apple Inc. 07/11/2016 243 MB 12.5.3.17
Java 8 Update 45 Oracle Corporation 04/06/2015 77.1 MB 8.0.450
Java 8 Update 45 (64-bit) Oracle Corporation 04/06/2015 89.0 MB 8.0.450
League of Legends Riot Games 08/09/2014 3.0.1
LogMeIn Hamachi LogMeIn, Inc. 16/11/2016 2.2.0.541
Malwarebytes version 3.0.4.1269 Malwarebytes 20/12/2016 3.0.4.1269
Microsoft .NET Framework 4.6.1 Microsoft Corporation 21/12/2016 4.6.01055
Microsoft Games for Windows - LIVE Microsoft Corporation 07/10/2014 9.31 MB 3.0.86.0
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 07/10/2014 31.3 MB 3.5.95.0
Microsoft Halo Microsoft
Microsoft Office Home and Student 2013 - en-us Microsoft Corporation 15.0.4885.1001
Microsoft Security Essentials Microsoft Corporation 30/11/2016 4.10.209.0
Microsoft Silverlight Microsoft Corporation 12/10/2016 398 MB 5.1.50901.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 11/04/2016 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 08/09/2014 2.61 MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 09/09/2014 572 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 30/08/2014 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11/09/2014 240 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 30/08/2014 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 14/06/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 14/06/2015 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 12.0.30501.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 12/02/2015 10.0.50903
Minecraft Mojang 01/02/2015 1.22 MB 1.0.3.0
Mozilla Firefox 43.0.1 (x86 en-US) Mozilla 43.0.1
Mozilla Maintenance Service Mozilla 43.0.1.5828
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 17/02/2015 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 17/02/2015 1.33 MB 4.20.9876.0
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 14/02/2015 1.22 MB 4.20.9818.0
No More Room in Hell No More Room in Hell Team
Notepad++ Notepad++ Team 6.9.2
NVIDIA PhysX NVIDIA Corporation 07/10/2014 120 MB 9.09.0814
OldSchool RuneScape Launcher 1.2.7 Jagex Ltd 08/06/2016 26.8 MB 1.2.7
ON_OFF Charge B12.1025.1 GIGABYTE 30/08/2014 1.00.0001
Origin Electronic Arts, Inc. 9.5.20.5318
PandoraRecovery (Remove Only)
PAYDAY 2 OVERKILL - a Starbreeze Studio.
Picasa 3 Google, Inc. 3.9
Pixelmon Launcher Ikara Software Limited 03/12/2016 1.1.58
Preset Manager 2.0 Sony 14/06/2015 6.76 MB 2.0.114
PunkBuster Services Even Balance, Inc. 0.991
QuickTime 7 Apple Inc. 18/07/2016 69.1 MB 7.79.80.95
Realtek Ethernet Controller Driver Realtek 30/08/2014 7.48.823.2011
Secunia PSI (3.0.0.9016) Secunia 3.0.0.9016
Security Task Manager 2.1e Neuber Software 2.1e
Skype™ 7.28 Skype Technologies S.A. 09/10/2016 262 MB 7.28.101
Soccer Manager 2015 Soccer Manager Ltd
Soccer Manager 2016 Soccer Manager Ltd
SpeedFan (remove only)
Steam Valve Corporation
StepMania 5 StepMania 5.0.9
SUPERAntiSpyware SUPERAntiSpyware.com 6.0.1130
TeamSpeak 3 Client TeamSpeak Systems GmbH 3.0.16
TeamViewer 11 TeamViewer 11.0.66695
The Sims 4 Electronic Arts 28/11/2015 8.71 GB 1.0.797.20
Trove Trion Worlds
Unturned Nelson Sexton
Uplay Ubisoft 4.0
VAIO - Remote Play with PlayStation®3 Sony Corporation 10/07/2015 1.1.0.15070
Vegas Pro 13.0 (64-bit) Sony 14/06/2015 786 MB 13.0.310
VIA Platform Device Manager VIA Technologies, Inc. 30/08/2014 1.39
Virtual Audio Cable 4.14
Vizzed Retro Game Room Vizzed 18/12/2016 253 MB 2.41
VLC media player VideoLAN 2.2.1
Warframe Digital Extremes
WebM Project Directshow Filters WebM Project 1.0.4.1
Windows Live Essentials Microsoft Corporation 11/04/2016 16.4.3528.0331
WinRAR 5.21 (64-bit) win.rar GmbH 5.21.0
Xiph.Org Open Codecs 0.85.17777 Xiph.Org 0.85.17777
µTorrent BitTorrent Inc. 3.4.5.41372

Edited by Riddling, 21 December 2016 - 10:54 AM.


#6 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:57 AM

Posted 21 December 2016 - 11:41 AM

Uninstall these programs:

Java 8 Update 45 Oracle Corporation 04/06/2015 77.1 MB 8.0.450
Java 8 Update 45 (64-bit) Oracle Corporation 04/06/2015 89.0 MB 8.0.450
Mozilla Firefox 43.0.1 (x86 en-US) Mozilla 43.0.1 (Or update to 50.1...your choice)
Mozilla Maintenance Service Mozilla 43.0.1.5828
QuickTime 7 Apple Inc. 18/07/2016 69.1 MB 7.79.80.95
Security Task Manager 2.1e Neuber Software 2.1e
SUPERAntiSpyware SUPERAntiSpyware.com 6.0.1130 (no longer enjoys promotion from security pros...keep if you paid for it)
µTorrent BitTorrent Inc. 3.4.5.41372 (dangerous and often illegal to use to download free pirated, stolen, hacked videos, music and software.
more than half of downloads offered have been proven to contain malware. )
 
Delete these Tasks: Use CCleaner by clicking on each item and choosing Delete on the right.

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GyazoUpdateTaskMachine Nota Inc. "C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"
Yes Task GyazoUpdateTaskMachineDaily Nota Inc. "C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"
Yes Task KTRREKF "C:\ProgramData\1e27b5e4a2e5400d84b2fbab2b4f3b3f\1e27b5e4a2e5400d84b2fbab2b4f3b3f.exe"
No Task NotABug c:\programdata\{cf0a20a5-8286-2316-cf0a-a20a58288296}\hack_setup.exe-1436083590288.exe --startup=1 --single
Yes Task Oromsuxaura "C:\ProgramData\Oromsuxaura\1.0.1.0\eksooemg.exe" "/e=L3A9MTg0OTAxXi91PTE2YTg0YjQ2ZWJmNDQ1NzI4OGY3ODgzMjU5ZmYwYmRkXi9kPXpvbWJpZW5ld3NhcHAuY29tXi9uPVpNQk5eL2E9Wm9tYmllTmV3c14vdA=="
Yes Task {211D3B0E-CB70-4E0A-A857-409ABE23D595} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Justin\AppData\Roaming\luckysearches\UninstallManager.exe -c  -ptid=cmi
Yes Task {38AB9EFE-1460-4A91-9BEE-64F88C7A2449} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Justin\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.25.0\dsrsetup.exe" -c /uninstl
Yes Task {9E022BDE-412B-407A-B708-0757EE5CEFC9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Justin\Desktop\New folder\AutoRun.exe" -d "C:\Users\Justin\Desktop\New folder"
 
Suggest Disabling these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Gyazo Nota Inc. C:\Program Files (x86)\Gyazo\GyStation.exe
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Yes HKLM:Run Adobe Creative Cloud Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run VizzedRgrPluginServiceLoader "C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\VizzedRgrServiceLoader.exe"
Yes Startup Common Secunia PSI Tray.lnk Secunia C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
 
Yes HKLM:Run SQ931VSTI C:\Windows\SQ931VSTI.EXE (Does Snap Trap Application sound familiar to you? If not...Delete this item)

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Riddling

Riddling
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:01:57 PM

Posted 21 December 2016 - 12:11 PM

Thank you so much for the help... I've deleted all the tasks and disabled all the windows startups that you asked me to, but I thought Java is pretty safe and is needed to run Minecraft .etc should I uninstall Java nevertheless?



#8 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:57 AM

Posted 21 December 2016 - 12:25 PM

If you want Java then you will still need to uninstall the old ones...old Java are malware magnets.

 

Go to java.com: Java + You

 

QUOTE:

SUBJECT: Steps you should take to fix a Java SE security risk on your computer

Dear Java SE customer:

We’re sending you this message because you may have downloaded, installed, or updated Java SE software on your computer. The Federal Trade Commission, the nation’s consumer protection agency, has sued us for making allegedly deceptive security claims about Java SE. To settle the lawsuit, we agreed to contact you with instructions on how to protect the personal information on your computer by deleting older versions of Java SE from your computer. Please take the suggested steps as soon as possible.

Here’s a summary of what the FTC lawsuit is about. The FTC alleged that, in the past, when you installed or updated Java SE, it didn’t replace the version already on your computer. Instead, each version installed side-by-side at the same time. Later, after we changed this, installing or updating Java SE removed only the most recent version already on your computer. What’s more, in many cases, it didn’t remove any version released before October 2008.

Why was that a problem? Earlier versions of Java SE have serious security risks we corrected in later versions. When people downloaded a new version, we said they could keep Java SE on their computer secure by updating to the latest version or by deleting older versions using the Add/Remove Program utility in their Windows system. But according to the FTC, that wasn’t sufficient. Updating to the latest version didn’t always remove older versions. So many computers had several versions installed.

That creates a serious security vulnerability. Even if you installed the most recent version of Java SE, the personal information on your computer may be at risk because earlier, less secure versions could still be executed.

To fix this problem, visit http://java.com/uninstall, where instructions on how to uninstall older versions of Java SE are provided. This webpage also provides a link to the Java SE uninstall tool, which you can use to uninstall older versions of Java SE. You may also go to
http://java.com/uninstallhelp if you have any additional questions or concerns.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:57 AM

Posted 21 December 2016 - 12:29 PM

You're welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users