Is there a task on Ccleaner list that shouldn't be there?

June 17, 2015 at 12:42:01
Specs: Windows 7, AMD
Weird Scheduled Tasks

Hi, I was using the tools section of Ccleaner and went to the
Scheduled tasks section. I found some interesting things,
and one doggy program that I deleted right away, YTDownloader.
So can anyone help me with this list. I was able to save it as a test file.
I've made it easier for people to read by giving each entry it's own line.
It might not come out as I was thinking after I submit it,
So i spaced each process out. Hope that helps.
Any info will be greatly appreciated.
Thank You for taking the time to read this.


No Task AD RMS Rights Policy Template Management (Automated) \Microsoft\Windows\Active Directory Rights Management Services Client

No Task AutoWake \Microsoft\Windows\SideShow

No Task Calibration Loader \Microsoft\Windows\WindowsColorSystem

No Task HiveUploadTask \Microsoft\Windows\User Profile Service

No Task PeriodicScanRetry Microsoft Corporation %windir%\ehome\MCUpdate.exe -pscn 0 \Microsoft\Windows\Media Center

No Task PolicyConverter Microsoft Corporation %windir%\system32\appidpolicyconverter.exe \Microsoft\Windows\AppID

No Task RecordingRestart %SystemRoot%\ehome\ehrec /RestartRecording \Microsoft\Windows\Media Center

No Task SessionAgent \Microsoft\Windows\SideShow

No Task SystemDataProviders \Microsoft\Windows\SideShow

No Task UserTask-Roam \Microsoft\Windows\CertificateServicesClient

Yes Task ActivateWindowsSearch Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch \Microsoft\Windows\Media Center

Yes Task AD RMS Rights Policy Template Management (Manual) \Microsoft\Windows\Active Directory Rights Management Services Client

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe \

Yes Task AitAgent aitagent \Microsoft\Windows\Application Experience

Yes Task AnalyzeSystem Microsoft Corporation %SystemRoot%\System32\powercfg.exe -energy -auto \Microsoft\Windows\Power Efficiency Diagnostics

Yes Task CacheTask \Microsoft\Windows\Wininet

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) \

Yes Task Check for updates Safer-Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate /silent /autoclose /background \Safer-Networking\Spybot - Search and Destroy

Yes Task ConfigNotification Microsoft Corporation %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION \Microsoft\Windows\WindowsBackup

Yes Task ConfigureInternetTimeService Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService \Microsoft\Windows\Media Center

Yes Task Consolidator Microsoft Corporation %SystemRoot%\System32\wsqmcons.exe \Microsoft\Windows\Customer Experience Improvement Program

Yes Task CRFWIZ C:\Users\Zeus\AppData\Roaming\CRFWIZ.exe /infocmdline=ZXKoQNuako2F05EVA7oO77uLZWLE8TFZzn7K3Q3LQLxdem2JgwOxPLr1umpAWkSipP4MVtvkcl7Q4WMEcdsV3ZdWznwAw2AjNHRMeg1amL1EqqRQTonsUQGkHmO5MqXbl1bmv7Hw79QzQSysfVpS9zOWGkBQmwjflEfwW9I9M5xVHgrcHxUp9ExAMW1bGku7jot6iKVRW+KiE/34CRP0WALrTb494DEO3M57K1g8zNeFq01Ad4mG2oN5lI6UQknEEkrv1oXXTECKc97ZUMI8h1YZNDfCbK4zR6KdNtd7l+u3IZhmMU1BMrq9pU0RGlQhEJ9Q87f3faF0r/tNW/fEtDFdjXUzJTGvwUHdn45uqjqo4yqcugukp/6xVzij7K9XYLrV69ScbqYWVSYhpXEqaITPiOnTYvdLsuU8CynQzj7HqkZDDsyHWAMtEuthRkRmVpbZgc0gcPImYu53Bvq32AxNuErDQ8aFaf1emw08Oa11yipL9jAn28RaluMzmpk5 \
Yes Task DispatchRecoveryTasks Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) \Microsoft\Windows\Media Center

Yes Task ehDRMInit Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DRMInit \Microsoft\Windows\Media Center

Yes Task Extractor Definitions Update Task \Microsoft\Windows Live\SOXE

Yes Task GadgetManager \Microsoft\Windows\SideShow

Yes Task GatherNetworkInfo %windir%\system32\gatherNetworkInfo.vbs \Microsoft\Windows\NetTrace

Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c \

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler \

Yes Task HotStart \Microsoft\Windows\MobilePC

Yes Task HP Support Assistant Quick Start Hewlett-Packard Company C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart \Hewlett-Packard\HP Support Assistant

Yes Task HPCeeScheduleForZeus Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForZeus (null) \

Yes Task InstallPlayReady Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) \Microsoft\Windows\Media Center

Yes Task IpAddressConflict1 Microsoft Corporation %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem \Microsoft\Windows\Tcpip

Yes Task IpAddressConflict2 Microsoft Corporation %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem \Microsoft\Windows\Tcpip

Yes Task LPRemove Microsoft Corporation %windir%\system32\lpremove.exe \Microsoft\Windows\MUI

Yes Task mcupdate %SystemRoot%\ehome\mcupdate $(Arg0) \Microsoft\Windows\Media Center

Yes Task MediaCenterRecoveryTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask \Microsoft\Windows\Media Center

Yes Task MobilityManager \Microsoft\Windows\Ras

Yes Task Notifications Microsoft Corporation %windir%\System32\LocationNotifications.exe \Microsoft\Windows\Location

Yes Task ObjectStoreRecoveryTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask \Microsoft\Windows\Media Center

Yes Task OCURActivate Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate \Microsoft\Windows\Media Center

Yes Task OCURDiscovery Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) \Microsoft\Windows\Media Center

Yes Task PBDADiscovery Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery \Microsoft\Windows\Media Center

Yes Task PBDADiscoveryW1 Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery \Microsoft\Windows\Media Center

Yes Task PBDADiscoveryW2 Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery \Microsoft\Windows\Media Center

Yes Task PC Health Analysis Hewlett-Packard Company C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis \Hewlett-Packard\HP Support Assistant

Yes Task ProgramDataUpdater Microsoft Corporation %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate \Microsoft\Windows\Application Experience

Yes Task Proxy Microsoft Corporation %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations \Microsoft\Windows\Autochk

Yes Task PvrRecoveryTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask \Microsoft\Windows\Media Center

Yes Task PvrScheduleTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -PvrSchedule \Microsoft\Windows\Media Center

Yes Task QueueReporting Microsoft Corporation %windir%\system32\wermgr.exe -queuereporting \Microsoft\Windows\Windows Error Reporting

Yes Task Refresh immunization Safer-Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe" /immunize /silent /autoclose \Safer-Networking\Spybot - Search and Destroy

Yes Task RegisterSearch Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) \Microsoft\Windows\Media Center

Yes Task ReindexSearchRoot Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot \Microsoft\Windows\Media Center

Yes Task Scan the system Safer-Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe" /scan /cleanclose \Safer-Networking\Spybot - Search and Destroy

Yes Task ScheduledDefrag Microsoft Corp. %windir%\system32\defrag.exe -c \Microsoft\Windows\Defrag

Yes Task SqlLiteRecoveryTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask \Microsoft\Windows\Media Center

Yes Task SR Microsoft Corporation %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation \Microsoft\Windows\SystemRestore

Yes Task SynchronizeTime Microsoft Corporation %windir%\system32\sc.exe start w32time task_started \Microsoft\Windows\Time Synchronization

Yes Task SystemSoundsService \Microsoft\Windows\Multimedia

Yes Task SystemTask \Microsoft\Windows\CertificateServicesClient

Yes Task UninstallDeviceTask Microsoft Corporation BthUdTask.exe $(Arg0) \Microsoft\Windows\Bluetooth

Yes Task Update Check Hewlett-Packard Company C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe /s /p 1 \Hewlett-Packard\HP Support Assistant

Yes Task UpdateLibrary "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" \Microsoft\Windows\Windows Media Sharing

Yes Task UpdateRecordPath Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) \Microsoft\Windows\Media Center

Yes Task UPnPHostConfig Microsoft Corporation sc.exe config upnphost start= auto \Microsoft\Windows\UPnP

Yes Task UserTask \Microsoft\Windows\CertificateServicesClient

Yes Task VerifiedPublisherCertStoreCheck Microsoft Corporation %windir%\system32\appidcertstorecheck.exe \Microsoft\Windows\AppID

Yes Task WarrantyChecker_DeviceScan Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 \Hewlett-Packard\HP Support Assistant

Yes Task WinSAT \Microsoft\Windows\Maintenance

message edited by D_Synth


See More: Is there a task on Ccleaner list that shouldnt be there?

Report •

#1
June 17, 2015 at 13:50:22
I only have 2 Tasks listed on my system - Adobe Flash & CCleaner.

"one doggy program that I deleted right away, YTDownloader"

That's for downloading videos from YouTube. What does your Windows Startup list look like? It must be loaded! How does your system run?


Report •

#2
June 17, 2015 at 15:33:07
Wow! I don't have ANYTHING listed under "Scheduled Tasks".
Under "Windows" I have one item and under "Context Menu" is
one which I disabled as soon as I saw it just now.

-- Jeff, in Minneapolis


Report •

#3
June 18, 2015 at 03:42:38
Here are the next 2 steps I would try, there may more steps needed, after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://i.imgur.com/r3PoAEG.gif

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

Related Solutions

#4
June 19, 2015 at 07:06:50
I only have one listed, and it's from a GPO.

Report •

#5
June 20, 2015 at 13:02:17
Here's the 2 logs. sorry it took a while. Thanks for your help.
From ADW

# AdwCleaner v4.206 - Logfile created 20/06/2015 at 14:12:55
# Updated 01/06/2015 by Xplode
# Database : 2015-06-17.1 [Server]
# Operating system : Windows 7 Ultimate (x64)
# Username : *********
# Running from : C:\Users\Zeus\Downloads\adwcleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : iSafeKrnl
[#] Service Deleted : iSafeKrnlBoot
[#] Service Deleted : iSafeKrnlKit
[#] Service Deleted : iSafeKrnlR3
[#] Service Deleted : iSafeNetFilter
[#] Service Deleted : SPBIUpdd

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\Users\Zeus\AppData\LocalLow\Check Point Software Technologies LTD
Folder Deleted : C:\Users\Zeus\AppData\Roaming\eCyber
Folder Deleted : C:\Users\Zeus\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Zeus\AppData\Roaming\Elex-tech
Folder Deleted : C:\Users\Zeus\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
File Deleted : C:\Users\Zeus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage
File Deleted : C:\Users\Zeus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Users\Zeus\AppData\Roaming\CRFWIZ

***** [ Scheduled tasks ] *****

Task Deleted : ShopperPro
Task Deleted : ShopperProJSUpd
Task Deleted : SMupdate1
Task Deleted : SPDriver
Task Deleted : SpeedUpMyPC Maintenance
Task Deleted : SpeedUpMyPC Startup
Task Deleted : CRFWIZ

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Zeus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Deleted : HKLM\SOFTWARE\01d34b66-127d-4705-88b9-12e6703d2761
Key Deleted : HKLM\SOFTWARE\8e85df35-293d-4f01-88fc-d80efa88d61b
Key Deleted : HKLM\SOFTWARE\a0fc70c6-b837-4a0e-80fb-daadd41fdcff
Key Deleted : HKLM\SOFTWARE\b69708d6-7183-4e82-a172-26e9c94a0c30
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\AppDataLow\Software\Object Browser
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\ShopperPro
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Elex-tech
Key Deleted : [x64] HKCU\Software\GlobalUpdate
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
Key Deleted : [x64] HKLM\SOFTWARE\SearchModule

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[ck4lrsnl.default\prefs.js] - Line Deleted : user_pref("extensions.a927571a5c34c476fbf9f2ed9e8e7e940e6a314c63a357ced35576dcom61913.61913.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A757210%2C%22ver%22%3A1%2C%22status[...]
[ck4lrsnl.default\prefs.js] - Line Deleted : user_pref("extensions.a927571a5c34c476fbf9f2ed9e8e7e940e6a314c63a357ced35576dcom61913.61913.internaldb.Resources_resource_757219.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29[...]
[ck4lrsnl.default\prefs.js] - Line Deleted : user_pref("extensions.a927571a5c34c476fbf9f2ed9e8e7e940e6a314c63a357ced35576dcom61913.61913.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%2[...]
[ck4lrsnl.default\prefs.js] - Line Deleted : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]

-\\ Google Chrome v43.0.2357.124

[C:\Users\Zeus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Zeus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [5684 bytes] - [20/06/2015 13:45:30]
AdwCleaner[S0].txt - [5708 bytes] - [20/06/2015 14:12:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5767 bytes] ##########
________________________________________________________________________________
FROM JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.3 (06.19.2015:1)
OS: Windows 7 Home Premium x64
Ran by Zeus on Sat 06/20/2015 at 14:30:44.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Users\Zeus\appdata\local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage

Successfully deleted: [File] C:\Users\Zeus\appdata\local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal

~~~ Folders

Successfully deleted: [Folder] C:\Users\Zeus\appdata\local\installer

~~~ FireFox

~~~ Chrome

[C:\Users\Zeus\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Zeus\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Zeus\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Zeus\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/20/2015 at 14:36:28.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#6
June 20, 2015 at 17:14:46
"Here's the 2 logs"
We are on the right track, here is the next step.


Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
If the log is too large, upload it using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the link please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

message edited by Johnw


Report •

#7
June 24, 2015 at 14:29:20
Thank you. Sorry, I haven't been on the computer in a while. I'll run Combofix in an hour or so and post the results. Thank you so much for helping.

Report •

Ask Question