Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have installed KMSPico virus - how do I get rid of it?


  • Please log in to reply
19 replies to this topic

#1 maverick8369

maverick8369

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 16 August 2017 - 01:08 PM

Hi there

 

I installed KMSPico on my PC, not realising it was a virus.

 

I have since tried many Malware and anti virus programs and they say they have cleaned everything but when you scan again then malware are still present.

 

Advertising pages open up every now and again in my browser and I believe they can get your passwords off your PC as well.

 

How do I get rid of this?

 

I am running Windows 10.


Edited by hamluis, 16 August 2017 - 02:10 PM.
Moved from MRL to AII - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:55 AM

Posted 16 August 2017 - 04:03 PM

The only reason to have that is to avoid paying for software such as Office or Windows.

 

Use programs below to clean, remove malware and remove adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

If you are unable to run a scan using MBAM:

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 JoshRoss

JoshRoss

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:55 AM

Posted 17 August 2017 - 06:57 AM

Addition to Buddy215's advice, if you are still struggling with KMSPico issue, try doing the steps in Safe Mode. Since KMSPico installs registries and exclusions both to firewall and anti-virus software to keep itself from being detected, it can be quite troublesome removing it. Keep us posted on how it goes!



#4 maverick8369

maverick8369
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 19 August 2017 - 02:32 PM

 

The only reason to have that is to avoid paying for software such as Office or Windows.

 

Use programs below to clean, remove malware and remove adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

If you are unable to run a scan using MBAM:

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

 

# AdwCleaner 7.0.1.0 - Logfile created on Sat Aug 19 08:35:41 2017
# Updated on 2017/05/08 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: WMPNetworkAcSvc
Deleted: pcas
 
 
***** [ Folders ] *****
 
Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Users\user\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\user\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\ProgramData\BSD\DriverHive
Deleted: C:\ProgramData\Application Data\BSD\DriverHive
Deleted: C:\Users\All Users\BSD\DriverHive
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Deleted: C:\Program Files (x86)\myfree codec
Deleted: C:\Users\user\AppData\Local\Tencent
Deleted: C:\ProgramData\BSD\DriverHiveEngine
Deleted: C:\ProgramData\Application Data\BSD\DriverHiveEngine
Deleted: C:\Users\All Users\BSD\DriverHiveEngine
Deleted: C:\Users\user\AppData\Local\AdvinstAnalytics
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\Users\All Users\Documents\XMUpdate
Deleted: C:\Users\Public\Documents\XMUpdate
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Deleted: C:\ProgramData\Auslogics
Deleted: C:\ProgramData\Application Data\Auslogics
Deleted: C:\Program Files (x86)\Auslogics
Deleted: C:\Users\All Users\Auslogics
Deleted: C:\Users\user\AppData\Roaming\Auslogics
Deleted: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
Deleted: C:\ProgramData\3b9ea03a-25c7-0
Deleted: C:\ProgramData\3b9ea03a-26d1-0
Deleted: C:\ProgramData\3b9ea03a-3ab7-1
Deleted: C:\ProgramData\3b9ea03a-5ec5-1
Deleted: C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
Deleted: C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
Deleted: C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
 
 
***** [ Files ] *****
 
Deleted: C:\\user.js
Deleted: C:\Users\All Users\Desktop\Free YouTube Downloader.lnk
Deleted: C:\Users\Public\Desktop\Free YouTube Downloader.lnk
Deleted: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.08.18.11
  rootkit: v2017.08.02.01
 
Windows 10 x64 NTFS
Internet Explorer 11.540.15063.0
user :: USER-PC [administrator]
 
19-Aug-17 10:28:00
mbar-log-2017-08-19 (10-28-00).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 335989
Time elapsed: 2 minute(s), 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} (Adware.Elex.SHHKRST) -> Data:  -> Delete on reboot. [7e55d4ba6c3d7bbbf698cd8cf50bfe02]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

 



#5 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:55 AM

Posted 19 August 2017 - 03:28 PM

Got rid of a lot of junk. You ran the MBAR scan. Were you unable to run the MBAM scan?

 

What about the Junkware Removal Tool Scan and the Online FREE Eset scan?

 

After you have posted the results of those two scans, please follow the directions below.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 maverick8369

maverick8369
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 21 August 2017 - 12:58 AM

The MBAMDOR file does not run when I open it.....nothing happens.

 

Here is the ESET log:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications\BearShare\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application error while cleaning (Access denied)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application error while cleaning (Access denied)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir a variant of Win32/Thinknice.B potentially unwanted application error while cleaning (Access denied)
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3289075\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AR potentially unwanted application error while cleaning (Access denied)
C:\AdwCleaner\Quarantine\C\ProgramData\saophase\GrooveStrong.dll.vir a variant of Win32/Toolbar.Linkury.Y potentially unwanted application error while cleaning (Access denied)
C:\AdwCleaner\Quarantine\C\ProgramData\saophase\Iskayfan.dll.vir a variant of Win64/Toolbar.Linkury.M potentially unwanted application error while cleaning (Access denied)
C:\AdwCleaner\Quarantine\C\ProgramData\saophase\Lightnamjob.exe.vir a variant of Win64/Toolbar.Linkury.I potentially unwanted application error while cleaning (Access denied)
C:\AdwCleaner\Quarantine\C\ProgramData\saophase\Saophase.exe.vir a variant of Win32/Toolbar.Linkury.AC potentially unwanted application error while cleaning (Access denied)
C:\AdwCleaner\Quarantine\C\ProgramData\saophase\Scotstrong.dll.vir a variant of Win64/Toolbar.Linkury.M potentially unwanted application error while cleaning (Access denied)
C:\AdwCleaner\Quarantine\C\ProgramData\saophase\Topex.dll.vir a variant of Win32/Toolbar.Linkury.Y potentially unwanted application error while cleaning (Access denied)
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Conduit\Chrome\CT380577\CHUninstaller.exe.vir a variant of Win32/Toolbar.Conduit.AR potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Conduit\Chrome\CT380577\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AR potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\NativeMessaging\CT380577\1_0_0_10\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application cleaned by deleting
C:\Games\Dying Light\steam_api64.dll a variant of Win64/HackTool.Crack.D potentially unsafe application cleaned by deleting
C:\Program Files\Blon Phone Letter\Blon Phone Letter.dll a variant of Win64/Wdfload.M trojan error while cleaning (Access denied)
C:\Program Files\Common Files\cjhcoc2t\4dc58l0vk24rl.exe a variant of MSIL/Toolbar.Linkury.AG potentially unwanted application error while cleaning (Access denied)
C:\ProgramData\SecTaskMan\g9FEC.tmp.exe.q_Quarantine_5706207_q a variant of Win64/CoinMiner.BU trojan cleaned by deleting
C:\Users\user\AppData\Local\Temp\00007578\test.exe a variant of Win64/BitCoinMiner.CF potentially unsafe application cleaned by deleting
C:\Users\user\AppData\Local\Temp\00007584\tezt.exe a variant of Win64/BitCoinMiner.CF potentially unsafe application cleaned by deleting
C:\Users\user\AppData\Local\Temp\00012638\test.exe a variant of Win64/BitCoinMiner.CF potentially unsafe application cleaned by deleting
C:\Users\user\AppData\Local\Temp\00012638\tezt.exe a variant of Win64/BitCoinMiner.CF potentially unsafe application cleaned by deleting
C:\Users\user\AppData\Local\Temp\00012641\B3.exe a variant of Win32/Injector.DQVB trojan cleaned by deleting
C:\Users\user\AppData\Local\Temp\00012772\test.exe a variant of Win64/BitCoinMiner.CF potentially unsafe application cleaned by deleting
C:\Users\user\AppData\Local\Temp\00012772\tezt.exe a variant of Win64/BitCoinMiner.CF potentially unsafe application cleaned by deleting
C:\Users\user\AppData\Local\Temp\00012821\test.exe a variant of Win64/BitCoinMiner.CF potentially unsafe application cleaned by deleting
C:\Users\user\AppData\Local\Temp\17849187\ic-0.02d3941bdebd7c.exe a variant of Win32/Adware.Eszjuxuan.A application cleaned by deleting
C:\Users\user\AppData\Local\Temp\17849187\ic-0.3a13922729081c.exe a variant of Generik.CISDBYI trojan cleaned by deleting
C:\Users\user\AppData\Local\Temp\17849187\ic-0.96199029123ef8.exe a variant of Win32/Adware.Adposhel.B application cleaned by deleting
C:\Users\user\AppData\Local\Temp\17849187\RunBoosterSetup64_3231.exe a variant of Win64/Adware.RunBooster.A application cleaned by deleting
C:\Users\user\AppData\Roaming\svchost store files\data.exe a variant of Win32/Kryptik.FVLN trojan deleted
C:\Users\user\AppData\Roaming\uTorrent\updates\3.3.2_30416.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting
C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\user\Downloads\ccsetup510.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\user\Downloads\ccsetup533.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\user\Downloads\driver-updater-setup.exe a variant of Win32/Auslogics.A potentially unwanted application cleaned by deleting
C:\Users\user\Downloads\FreeAVIVideoConverter.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\user\Downloads\FreemakeVideoConverterSetup.exe a variant of Win32/FusionCore.K potentially unwanted application,a variant of Win32/FusionCore.I potentially unwanted application cleaned by deleting
C:\Users\user\Downloads\Daemon Tools Pro Advanced v5.1.0.333 Cracked.6000th Release-BRD\Setup\DAEMONToolsPro510-0333.exe Win32/OpenCandy potentially unsafe application cleaned by deleting
C:\Users\user\Downloads\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET].rar a variant of MSIL/HackKMS.I potentially unsafe application deleted
C:\Users\user\Downloads\Office 2016 activator - KMSAuto Lite\KMSAuto.exe a variant of Win32/HackKMS.Q potentially unsafe application cleaned by deleting
C:\Users\user\Downloads\Office KMS Activator 2016 Ultimate 1.1 - AppzDam\Office KMS Activator 2016 Ultimate 1.1 - AppzDam\Office 2016 KMS Activator Ultimate v1.1 Final Setup.exe a variant of MSIL/Riskware.HackAV.S application cleaned by deleting
C:\Users\user\Downloads\Quantum.Break-SKIDROW\sr-quantumbreak.iso a variant of Win32/Packed.VMProtect.ABO trojan deleted
C:\Users\user\Downloads\Quantum.Break-SKIDROW\SKIDROW\dx11\steam_api64.dll a variant of Win32/Packed.VMProtect.ABO trojan cleaned by deleting
C:\Users\user\Downloads\The.Sims.4-RELOADED[rarbg]\rld-thesims4.iso a variant of Win32/HackTool.Crack.DK potentially unsafe application,Win32/HackTool.Crack.CY potentially unsafe application deleted
C:\Windows\C_KE763.dat a variant of Win64/BitCoinMiner.CF potentially unsafe application cleaned by deleting
C:\Windows\System32\drivers\etc\hosts Win32/Qhost trojan error while cleaning (Access denied)
Autostart locations Win32/Qhost trojan unable to clean
 

 

Here is the JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 10 Home x64
Ran by user on 19-Aug-17 at 10:49:58.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\ProgramData\free youtube downloader"
Failed to delete: [Folder] "C:\ProgramData\simplitec"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\free youtube downloader"
Failed to delete: [Folder] "C:\Program Files (x86)\free youtube downloader"
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{0E96CAB8-C179-4C48-AF5E-31B6BBE1BC13}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1C387EAD-7F42-445D-AFC9-D672AA933A2E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3B66BDD9-47F5-4A06-B103-7D5A4B5C3C6B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4CF8515C-E548-4CEF-8201-D69B073F3DAB}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5EFCF14A-F579-4749-BE09-F8DB55EAA7C0}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{87DDF7A0-F7BF-41B4-A7AD-EBB1D7093544}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9FF4748A-B0C7-43EE-8DBE-587EDC0D4196}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B25DA749-A2B0-482B-97ED-0FA8057C8127}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D03BC4F4-7D6B-4B16-AD54-5391DB32776E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F305A14C-8961-47D4-99BD-327A7C1E9833}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19-Aug-17 at 10:57:25.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 maverick8369

maverick8369
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 21 August 2017 - 01:03 AM

Ccleaner startups:

 

Yes HKCU:Run aliim Alibaba (China) Co., Ltd. "C:\Program Files (x86)\TradeManager\AliIM.exe" /autorun
Yes HKCU:Run BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} Nero AG "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
No HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09 Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
No HKCU:Run swg "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
No HKCU:Run uTorrent BitTorrent Inc. "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
Yes HKLM:Run Avira System Speedup User Starter Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
Yes HKLM:Run HotKeysCmds Intel Corporation "C:\WINDOWS\system32\hkcmd.exe"
Yes HKLM:Run IgfxTray Intel Corporation "C:\WINDOWS\system32\igfxtray.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run Persistence Intel Corporation "C:\WINDOWS\system32\igfxpers.exe"
Yes HKLM:Run SecurityHealth Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCuiL.exe
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:RunOnce USER-PC C:\WINDOWS\TEMP\g5CC1.tmp.exe
 
 
Ccleaner Uninstalls:
 
3D Builder Microsoft Corporation 16-May-17 14.1.1302.0
Adobe Acrobat Reader DC Adobe Systems Incorporated 14-Aug-17 375 MB 17.012.20095
Adobe AIR Adobe Systems Incorporated 07-Jul-17 13.5 MB 24.0.0.180
Adobe Flash Player 26 NPAPI Adobe Systems Incorporated 09-Aug-17 5.49 MB 26.0.0.151
Adobe Photoshop CS6 Adobe Systems Incorporated 11-Aug-17 450 MB 13.0
AGEIA PhysX v7.03.21 AGEIA Technologies, Inc. 24-Jun-16 129 MB 7.03.21
Alarms & Clock Microsoft Corporation 07-Jul-17 10.1706.1531.0
Alipay Cert Component 2.6.0.0 Alipay.com Co., Ltd. 07-Jul-17 2.6.0.0
App connector Microsoft Corporation 03-Oct-16 1.3.3.0
App Installer Microsoft Corporation 18-Feb-17 1.0.10332.0
Apple Application Support (32-bit) Apple Inc. 23-Jul-17 163 MB 5.6
Apple Application Support (64-bit) Apple Inc. 23-Jul-17 183 MB 5.6
Apple Mobile Device Support Apple Inc. 22-May-17 42.0 MB 10.3.2.3
Apple Software Update Apple Inc. 28-Mar-17 4.94 MB 2.3.0.177
Avira System Speedup Avira Operations GmbH & Co. KG 15-Aug-17 43.6 MB 3.8.1.5618
Backup4all 3 Softland 14-Jun-12 10.2 MB
Bonjour Apple Inc. 28-Sep-15 3.28 MB 3.1.0.1
Bound By Flame 19-Jul-14 4.62 GB
Calculator Microsoft Corporation 22-Jul-17 10.1706.1862.0
Camera Microsoft Corporation 02-Aug-17 2017.619.10.0
CCleaner Piriform 19-Aug-17 20.4 MB 5.33
Citrix Online Launcher Citrix 01-Feb-16 584 KB 1.0.393
Clarendon Park D6 Technology 14-Oct-14 20.5 MB
CyberLink PowerDVD 9.5 CyberLink Corp. 30-Jun-11 69.2 MB 9.5.1.3225
Dark Souls Prepare to Die Edition NAMCO BANDAI Games Europe S.A.S. 07-Jul-17 1.81 GB 1.0.0000.130
Darkest Dungeon GOG.com 22-Jul-16 1.65 GB 2.0.0.2
Darksiders II 17-Nov-12 5.45 GB
Dell Getting Started Guide Dell Inc. 30-Jun-11 2.92 MB 1.00.0000
Dell Product Registration Dell Inc. 30-Jun-11 7.91 MB 1.0.6
Dell Support Center Dell Inc. 07-Jul-17 61.4 MB 3.1.5803.11
Dropbox Dropbox, Inc. 11-Aug-17 119 MB 32.4.23
eBay eBay Inc. 30-Jun-11 1.69 MB 1.4.0
EPUB Converter 9.7.3 AniceSoft 12-Jul-16 423 MB 9.7.3
Fallout 4 11-Jan-16 2.97 MB
Fallout New Vegas - Ultimate Edition R.G. Mechanics, Panky 03-Nov-15 9.07 GB
Far Cry 4 Релиз от R.G. Steamgames 20-Dec-14 26.7 GB 1.0
Feedback Hub Microsoft Corporation 15-Aug-17 1.1705.2121.0
FormatFactory 3.1.1 Free Time 07-Jul-17 134 MB 3.1.1
Free M4a to MP3 Converter 7.1 ManiacTools.com 27-Jul-12 3.83 MB
Free YouTube Downloader 4.1.551 HOW Inc. 30-Sep-16 19.1 MB
GameShadow GameShadow Ltd 31-Aug-15 18.9 MB 2.04.0000
Get Office Microsoft Corporation 22-Jul-17 17.8414.5925.0
GIMP 2.8.20 The GIMP Team 14-Apr-17 283 MB 2.8.20
Google Chrome Google Inc. 28-Aug-12 363 MB 60.0.3112.101
Google Earth Plug-in Google 19-Aug-16 111 MB 7.1.5.1557
Google Earth Pro Google 30-Jul-17 203 MB 7.3.0.3830
Groove Music Microsoft Corporation 26-Jul-17 10.17062.14111.0
HandBrake 1.0.7 16-Jul-17 1.0.7
Intel® Processor Graphics Intel Corporation 09-Mar-17 9.17.10.4229
iTunes Apple Inc. 23-Jul-17 571 MB 12.6.2.20
Java 8 Update 131 Oracle Corporation 24-Jun-17 190 MB 8.0.1310.11
Logitech Webcam Software Logitech Inc. 07-Jul-17 1.98 MB 2.51
Magic DVD Ripper V9.0.0 Magic DVD Software, Inc. 07-Oct-16 18.1 MB
Mail and Calendar Microsoft Corporation 20-Aug-17 17.8400.40955.0
Maps Microsoft Corporation 08-Aug-17 5.1706.2001.0
Messaging Microsoft Corporation 07-Jul-17 3.26.24002.0
Metro: Last Light © Deep Silver version 1 04-Jan-14 8.53 GB 1
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 02-Sep-15 2.47 MB 4.0.40804.0
Microsoft Flight Simulator X Microsoft Game Studios 23-Dec-12 6.36 GB 10.0.60905
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 02-Sep-12 23.8 MB 3.5.88.0
Microsoft Games for Windows Marketplace Microsoft Corporation 02-Sep-12 8.03 MB 3.5.50.0
Microsoft Office Professional Plus 2016 - en-us Microsoft Corporation 20-Aug-17 442 MB 16.0.8326.2073
Microsoft OneDrive Microsoft Corporation 25-Jul-17 106 MB 17.3.6943.0625
Microsoft SharePoint Designer 2010 Microsoft Corporation 07-Jul-17 5.59 MB 14.0.7015.1000
Microsoft Silverlight Microsoft Corporation 14-Jun-17 143 MB 5.1.50907.0
Microsoft Solitaire Collection Microsoft Studios 03-Jul-17 3.16.6200.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 30-Jun-11 3.39 MB 3.1.0000
Microsoft Sticky Notes Microsoft Corporation 07-Apr-17 1.8.0.0
Microsoft Support and Recovery Assistant for Office 365 Microsoft Corporation 07-Jul-17 16.0.1660.14
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 14-Jun-12 596 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 20-Jul-12 1.11 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 04-Jun-13 504 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 20-Jul-12 1.52 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 22-Jul-12 1.53 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 30-Jun-11 1.18 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 02-Jul-12 460 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20-Jul-12 444 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14-Jun-12 1.17 MB 9.0.30729.6161
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 Microsoft Corporation 25-Dec-16 16.1 MB 10.0.40219
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 Microsoft Corporation 25-Dec-16 7.83 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Corporation 07-Jul-17 11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 15-Mar-17 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Корпорация Майкрософт 07-Jul-17 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 07-Jul-17 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Корпорация Майкрософт 15-Mar-17 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 07-Jul-17 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 Microsoft Corporation 07-Jul-17 19.5 MB 14.0.24215.1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 20-Aug-17 16.0 MB 10.0.50903
Microsoft Wi-Fi Microsoft Corporation 03-Oct-16 1.1604.4.0
Money Microsoft Corporation 07-Jun-17 4.21.1434.0
Movies & TV Microsoft Corporation 21-Jul-17 10.17062.12911.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14-Jun-12 2.55 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 14-Jun-12 2.67 MB 4.20.9876.0
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 23-Dec-12 72.0 KB 4.20.9818.0
MyPhoneExplorer F.J. Wechselberger 07-Jul-17 1.8.7
Nero 7 Ultra Edition Nero AG 10-Oct-16 533 MB 7.02.8631
News Microsoft Corporation 07-Jun-17 4.21.1434.0
NVIDIA 3D Vision Controller Driver 352.65 NVIDIA Corporation 01-Sep-15 8.52 MB 352.65
NVIDIA 3D Vision Driver 355.82 NVIDIA Corporation 01-Sep-15 35.2 MB 355.82
NVIDIA Display Control Panel NVIDIA Corporation 07-Jul-17 1.25 MB 6.14.12.5915
NVIDIA GeForce Experience 2.8.1.21 NVIDIA Corporation 26-Dec-15 26.0 MB 2.8.1.21
NVIDIA Graphics Driver 355.82 NVIDIA Corporation 01-Sep-15 512 MB 355.82
NVIDIA HD Audio Driver 1.3.34.3 NVIDIA Corporation 01-Sep-15 8.40 MB 1.3.34.3
NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 01-Sep-15 348 MB 9.15.0428
office Convert Pdf to Jpg Jpeg Tiff Free 6.5 Officeconvert Software, Inc. 22-Apr-14 5.27 MB
OneNote Microsoft Corporation 17-Aug-17 17.8471.57721.0
Online Application 10-Aug-17
OpenAL 07-Jul-17 780 KB
Outlast 2 17-Jun-17 2.97 MB
OutlookTempCleaner HowTo-Outlook 21-Aug-14 140 KB 1.2.0
Paid Wi-Fi & Cellular Microsoft Corporation 01-Aug-17 2.1706.1934.0
Paint 3D Microsoft Corporation 13-Jul-17 2.1707.1017.0
PDF to Kindle Converter 3.0.6 DONGSOFT Company, Inc. 04-Jun-13 11.3 MB
People Microsoft Corporation 08-Jun-17 10.2.1451.0
Phone Microsoft Corporation 03-Oct-16 2.17.27003.0
Phone Companion Microsoft Corporation 03-Oct-16 10.1609.2561.0
Photos Microsoft Corporation 16-Aug-17 2017.35071.13510.0
Pillars of Eternity GOG.com 10-Oct-16 2.58 MB 2.0.0.1
Revo Uninstaller 2.0.3 VS Revo Group, Ltd. 13-Aug-17 21.2 MB 2.0.3
Roxio Creator Starter Roxio 07-Jul-17 45.2 MB 12.1.77.0
Samsung Kies Samsung Electronics Co., Ltd. 04-Jun-13 136 MB 2.5.3.13043_14
Samsung Kies3 Samsung Electronics Co., Ltd. 02-May-17 46.9 MB 3.2.16084.2
Samsung SCX-4x21 Series Samsung Electronics CO.,LTD 07-Jul-17 62.9 MB
Samsung Universal Print Driver Samsung Electronics Co., Ltd. 07-Jul-17 2.52 MB 2.03.01.00:36
Samsung Universal Scan Driver Samsung Electronics Co., Ltd. 07-Jul-17 2.73 MB 1.2.5.0
Samsung USB Driver for Mobile Phones Samsung Electronics Co., Ltd. 07-Jul-17 34.8 MB 1.5.61.0
Security Task Manager 2.1i Neuber Software 15-Aug-17 4.04 MB 2.1i
Shared C Run-time for x64 McAfee 03-Oct-12 2.76 MB 10.0.0
Skype Skype 16-Jul-17 11.19.820.0
Skype™ 7.38 Skype Technologies S.A. 30-Jun-17 172 MB 7.38.101
SMTSA D6 Technology 07-Feb-13 20.6 MB
Sports Microsoft Corporation 20-Jun-17 4.21.1434.0
Store Microsoft Corporation 25-Jul-17 11706.1001.26.0
Store Experience Host Microsoft Corporation 16-Aug-17 11707.1707.25006.0
Striata Reader (64-bit) Striata Communication Solutions 07-Jul-17 265 KB 2.21-1
SUPERAntiSpyware SUPERAntiSpyware.com 07-Jul-17 12.1 MB 5.6.1014
Sway Microsoft Corporation 15-Aug-17 17.8471.45081.0
TeamViewer 12 TeamViewer 20-Aug-17 86.8 MB 12.0.75813
Tips Microsoft Corporation 25-Jul-17 5.11.1641.0
TomTom HOME TomTom 11-Oct-13 98.1 MB 2.9.6
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 16-Nov-12 3.45 MB 1.0.2
TradeManager 2015 Alibaba (China) Network Technology Co., Ltd. 20-Aug-17 819 MB
Twitter Twitter Inc. 07-Jul-17 5.8.1.0
View 3D Microsoft Corporation 05-Aug-17 1.1706.29032.0
Voice Recorder Microsoft Corporation 07-Jul-17 10.1706.1561.0
Wallet Microsoft Corporation 06-Jul-17 1.0.16328.0
Weather Microsoft Corporation 21-Apr-17 4.20.1102.0
WildTangent Games WildTangent 14-Aug-17 8.22 MB 1.0.2.5
Windows 10 Update and Privacy Settings Microsoft Corporation 29-Jun-17 2.10 MB 1.0.14.0
Windows DVD Player Microsoft Corporation 03-Oct-16 3.6.13291.0
Windows Live Essentials Microsoft Corporation 30-Jun-11 15.4.3508.1109
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 30-Jun-11 11.1 MB 15.4.5722.2
WinRAR 5.40 (64-bit) win.rar GmbH 07-Jul-17 5.73 MB 5.40.0
Xbox Microsoft Corporation 15-Aug-17 31.32.11001.0
Xbox Game bar Microsoft Corporation 14-Jul-17 1.19.11001.0
Xbox Game Speech Window Microsoft Corporation 06-Jul-17 1.14.2002.0
Xbox Identity Provider Microsoft Corporation 12-Jul-17 11.29.23003.0
µTorrent BitTorrent Inc. 07-Jul-17 48.8 MB 3.5.0.43916
Ö§¸¶±¦°²È«¿Ø¼þ 4.0.0.101 Alipay.com Co., Ltd. 07-Jul-17 4.0.0.101
 


#8 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:55 AM

Posted 21 August 2017 - 07:29 AM

The list of Scheduled Tasks is missing. Please post that list per instructions.

 

Delete these Startups: Click on each item and then choose Delete on the right.

Yes HKCU:Run BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} Nero AG "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

Yes HKCU:Run GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09 Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5

No HKCU:Run swg "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
No HKCU:Run uTorrent BitTorrent Inc. "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
Yes HKLM:Run Avira System Speedup User Starter Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:RunOnce USER-PC C:\WINDOWS\TEMP\g5CC1.tmp.exe
 
Disable these Startups: Click on each item and then choose Disable on the right.
Yes HKCU:Run aliim Alibaba (China) Co., Ltd. "C:\Program Files (x86)\TradeManager\AliIM.exe" /autorun (Keep in Startup if you use it daily)
Yes HKLM:Run IgfxTray Intel Corporation "C:\WINDOWS\system32\igfxtray.exe"

Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"

 

Uninstall these programs:

Avira System Speedup Avira Operations GmbH & Co. KG 15-Aug-17 43.6 MB 3.8.1.5618

Free YouTube Downloader 4.1.551 HOW Inc. 30-Sep-16 19.1 MB

Java 8 Update 131 Oracle Corporation 24-Jun-17 190 MB 8.0.1310.11

WildTangent Games WildTangent 14-Aug-17 8.22 MB 1.0.2.5

Windows Live Essentials Microsoft Corporation 30-Jun-11 15.4.3508.1109
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 30-Jun-11 11.1 MB 15.4.5722.2
µTorrent BitTorrent Inc. 07-Jul-17 48.8 MB 3.5.0.43916 (probably the source of several trojans found on your computer from downloading free stuff...and illegal stuff)
 

After completing the above and posting your list of Scheduled Tasks, please do this:

 

Rerun Junkware Removal Tool and post its log.

 

download Zemana AntiMalware and install it

  • Run the application
  • Click "Next" and then Scan
  • When the scan has finished click Next to remove any threats.
  • Click the bars in the top right corner to display the logs, double click your log
  • copy and paste the log into your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 maverick8369

maverick8369
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 21 August 2017 - 01:27 PM

CCleaner startups:

 

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AutoKMS C:\Windows\AutoKMS\AutoKMS.exe
Yes Task AviraSystemSpeedupUpdate Avira Operations GmbH & Co. KG                               C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART
Yes Task Blon Phone Letter Microsoft Corporation C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Blon Phone Letter\Blon Phone Letter.dll",tehaVHR
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task doweloadie C:\WINDOWS\system32\config\systemprofile\AppData\Local\Donflex /t 7154 2458
Yes Task DropboxUpdateTaskUserS-1-5-21-1819151945-2214989505-3867848102-1000Core1d23702b4082163 Dropbox, Inc. C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-1819151945-2214989505-3867848102-1000UA1d23702b43ff051 Dropbox, Inc. C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task FreeAntiVirus Microsoft Corporation C:\WINDOWS\explorer.exe "http://destyy.com/qNHR3u"
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task iolo Process Governor C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
Yes Task n4w2zk5g C:\Program Files\Common Files\cjhcoc2t\4dc58l0vk24rl.exe
Yes Task OneDrive Standalone Update Task-S-1-5-21-1819151945-2214989505-3867848102-1000 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Yes Task {35DD3AF0-8F6B-4EAC-8AF0-AD73532833AE} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\VirtualCD10500Demo.exe -d C:\Users\user\Downloads


#10 maverick8369

maverick8369
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 21 August 2017 - 01:51 PM

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 10 Home x64
Ran by user on 21-Aug-17 at 20:44:20.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\ProgramData\free youtube downloader"
Failed to delete: [Folder] "C:\ProgramData\simplitec"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21-Aug-17 at 20:49:09.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#11 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:55 AM

Posted 21 August 2017 - 01:51 PM

Delete these Tasks: Click on each item and choose Delete on the right.

Yes Task AutoKMS C:\Windows\AutoKMS\AutoKMS.exe
Yes Task AviraSystemSpeedupUpdate Avira Operations GmbH & Co. KG                               C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART
Yes Task doweloadie C:\WINDOWS\system32\config\systemprofile\AppData\Local\Donflex /t 7154 2458
Yes Task FreeAntiVirus Microsoft Corporation C:\WINDOWS\explorer.exe "http://destyy.com/qNHR3u"
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task iolo Process Governor C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
Yes Task n4w2zk5g C:\Program Files\Common Files\cjhcoc2t\4dc58l0vk24rl.exe
Yes Task {35DD3AF0-8F6B-4EAC-8AF0-AD73532833AE} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\VirtualCD10500Demo.exe -d C:\Users\user\Downloads

 

Disable these Tasks: Click on each item and choose Disable on the right.

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe

Yes Task DropboxUpdateTaskUserS-1-5-21-1819151945-2214989505-3867848102-1000Core1d23702b4082163 Dropbox, Inc. C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-1819151945-2214989505-3867848102-1000UA1d23702b43ff051 Dropbox, Inc. C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task OneDrive Standalone Update Task-S-1-5-21-1819151945-2214989505-3867848102-1000 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:55 AM

Posted 21 August 2017 - 01:55 PM

After completing the Tasks changes.....uninstall Junkware Removal Tool by simply right clicking on it choosing delete.

 

Install JRT again and run another scan. Post the results.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 maverick8369

maverick8369
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 21 August 2017 - 03:05 PM

Zemana log:

 

Zemana AntiMalware 2.74.179.150 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017-8-21
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-2300 CPU @ 2.80GHz
BIOS Mode              : Legacy
CUID                   : 12C62720EA667B253AFAB3
Scan Type              : System Scan
Duration               : 71m 8s
Scanned Objects        : 260931
Detected Objects       : 12
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Security Center Disabled
Status             : Scanned
Object             : HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Start
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Potentially Unwanted Modification
Cleaning Action    : Repair
Related Objects    :
                Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Start = 4
 
Security Center Disabled
Status             : Scanned
Object             : HKLM\SYSTEM\CurrentControlSet\services\wscsvc\DelayedAutoStart
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Potentially Unwanted Modification
Cleaning Action    : Repair
Related Objects    :
                Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\wscsvc\DelayedAutoStart = disabled
 
Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : A5220083D05F2FD1EB4CD9E068A8C9DF
Publisher          : -
Size               : 13842
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Related Objects    :
                Hosts file - 127.0.0.1 - avast.com
                File - %systemroot%\system32\drivers\etc\hosts
 
Blon Phone Letter.dll
Status             : Scanned
Object             : %programw6432%\blon phone letter\blon phone letter.dll
MD5                : 58C079FB52198D9109EE335A21A4A7C6
Publisher          : -
Size               : 2265088
Version            : -
Detection          : Trojan:Win64/Tazzi.A!Alaa
Cleaning Action    : Quarantine
Related Objects    :
                File - %programw6432%\blon phone letter\blon phone letter.dll
                DLL - 1872 - C:\Windows\System32\rundll32.exe
                Scheduled Task - C:\WINDOWS\System32\Tasks\Blon Phone Letter
 
Trojan:Win32/Poweliks
Status             : Scanned
Object             : %systemroot%\system32\tasks\freeantivirus|c:\windows\explorer.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Fileless Malware
Cleaning Action    : Delete
Related Objects    :
                Scheduled Task - C:\WINDOWS\System32\Tasks\FreeAntiVirus
 
wwbizsrv.exe
Status             : Scanned
Object             : %programfiles%\alibaba\wwbizsrv\wwbizsrv.exe
MD5                : 6EE55AA456F8596270E4991D384DC412
Publisher          : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size               : 2909584
Version            : 1.0.0.15
Detection          : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\alibaba\wwbizsrv\wwbizsrv.exe
                Process - 2704 - C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe
                Registry Entry - HKLM\System\CurrentControlSet\Services\wwbizsrv\ImagePath = "C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe"
 
collina.dll
Status             : Scanned
Object             : %programfiles%\trademanager\collina.dll
MD5                : BA2ED91E48CD00A184D34E4B94C33A84
Publisher          : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size               : 437216
Version            : 1.0.0.4
Detection          : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\trademanager\collina.dll
                DLL - 9000 - C:\Program Files (x86)\TradeManager\AliIM.exe
 
g85C6.tmp.exe
Status             : Scanned
Object             : %systemroot%\temp\g85c6.tmp.exe
MD5                : D457114B81F3990D74CF0E77725955C3
Publisher          : -
Size               : 483840
Version            : -
Detection          : RiskTool:Win32/BitCoinMiner
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\temp\g85c6.tmp.exe
                Process - 7196 - C:\Windows\Temp\g85C6.tmp.exe
 
4dc58l0vk24rl.exe
Status             : Scanned
Object             : %commonprogramw6432%\cjhcoc2t\4dc58l0vk24rl.exe
MD5                : DD447775B268E90264D5F45EFF374395
Publisher          : -
Size               : 57344
Version            : 0.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %commonprogramw6432%\cjhcoc2t\4dc58l0vk24rl.exe
                Scheduled Task - C:\WINDOWS\System32\Tasks\n4w2zk5g
 
ucbrowser
Status             : Scanned
Object             : NE->c:\users\user\appdata\local\ucbrowser
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/UCBrowser.C!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
g5cc1.tmp.exe
Status             : Scanned
Object             : NE->c:\windows\temp\g5cc1.tmp.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Malware:Win32/Generic.F!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
g85c6.tmp.exe
Status             : Scanned
Object             : NE->c:\windows\temp\g85c6.tmp.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Malware:Win32/Generic.F!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 12
Reported as safe      : 0
Failed                : 0


#14 maverick8369

maverick8369
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 21 August 2017 - 03:16 PM

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 10 Home x64
Ran by user on 21-Aug-17 at 22:11:24.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\ProgramData\free youtube downloader"
Failed to delete: [Folder] "C:\ProgramData\simplitec"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21-Aug-17 at 22:15:46.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#15 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:55 AM

Posted 21 August 2017 - 03:23 PM

Very good...I wasn't sure about two of the items I saw in the Startups and Tasks. Zemana took care of them.

 

Delete this Scheduled Task:

Yes Task Blon Phone Letter Microsoft Corporation C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Blon Phone Letter\Blon Phone Letter.dll",tehaVHR

 

I don't know why JRT is unable to delete those items. I will ask you to try running JRT in Safe Mode after doing the below.

 

I did not see MBAM in your list of installed programs. If you uninstalled after it failed to reboot and remove what it found...please reinstall and

try again to run a scan using it. Let me know if the same problem persists.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users