View Single Post
  #10  
Old August 19th, 2019, 11:09 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,870
Speccy should come back clean once we remove those bad tasks.



Go to Start Search, type notepad.exe in the Start Search box, then press Enter.

In the open Notepad box, copy and paste the following (inside the Code box), and save it to the same location FRST is as fixlist.txt


Code:
start
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {02AC4027-C63F-4BD0-8AE8-6D567CFEE292} - System32\Tasks\stappstapp => C:\Program Files (x86)\cano\cano.exe
Task: {182B02C7-F1AF-442B-95EF-CCDD563524D5} - System32\Tasks\psalms_ladas => C:\Program Files (x86)\Walking\Designation.exe
Task: {26547971-6B87-4C39-AACD-6346D37899F0} - System32\Tasks\teagueteague => C:\Program Files (x86)\Scored\Designation.exe
Task: {4E4E7453-B6A3-4C14-92C2-51DEC7ACA175} - System32\Tasks\psalms_ladaspsalms_ladas => C:\Program Files (x86)\Walking\Designation.exe
Task: {5430DBE0-79A5-402A-BF5B-6F426FC99027} - System32\Tasks\kristine keeton => C:\Program Files (x86)\Walking\Suspicion.exe
Task: {5AB9CF4D-DC54-425F-9456-9B334679AFA3} - System32\Tasks\doggies-walling => C:\Program Files (x86)\discount\Suspicion.exe
Task: {5B5AF129-3AC9-42EE-990D-71B7BC4F4E0F} - System32\Tasks\marijuana_nastier => C:\Users\a1005\AppData\Local\Suspicion.exe
Task: {7F7F2927-852E-43F3-A97B-6214FDD3F67F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {8F5BB1F1-9B33-4CA7-9522-BC69860C1878} - System32\Tasks\stapp => C:\Program Files (x86)\cano\cano.exe
Task: {9D26FEC7-FF88-460F-B9EC-4A7FABC16BF3} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe
Task: {B3D3A01E-E0A2-4CB6-B84F-AAA4209EA4A0} - System32\Tasks\melanocyte disciplines neutering => C:\Users\a1005\AppData\Local\Designation.exe
Task: {B7C17ACA-B0D2-4BD2-8121-F704BB5C0F20} - System32\Tasks\kristine keetonkristine keeton => C:\Program Files (x86)\Walking\Suspicion.exe
Task: {CD78EA0B-BDAA-4624-870B-4DF7B4D1888B} - System32\Tasks\doggies-wallingdoggies-walling => C:\Program Files (x86)\discount\Suspicion.exe
Task: {EDE34764-B8CB-4077-8973-5069C6DD6406} - System32\Tasks\marijuana_nastiermarijuana_nastier => C:\Users\a1005\AppData\Local\Suspicion.exe
Task: {FB3FE6D3-3D7C-40AA-B542-46CEACFA9C96} - System32\Tasks\melanocyte disciplines neuteringmelanocyte disciplines neutering => C:\Users\a1005\AppData\Local\Designation.exe
Task: {FD12B159-F2E7-4F90-B998-8DBF87D6AC34} - System32\Tasks\1 => C:\Users\a1005\Music\1.xspf [4351 2017-12-12] () [File not signed] <==== ATTENTION
Task: {FD4292EB-58A0-4E93-A4B0-0FCDC6DF1255} - System32\Tasks\teague => C:\Program Files (x86)\Scored\Designation.exe
2019-08-15 19:32 - 2019-08-15 19:32 - 000003356 _____ C:\WINDOWS\System32\Tasks\doggies-walling
2019-08-15 19:32 - 2019-08-15 19:32 - 000003354 _____ C:\WINDOWS\System32\Tasks\marijuana_nastier
2019-08-15 19:32 - 2019-08-15 19:32 - 000003354 _____ C:\WINDOWS\System32\Tasks\kristine keeton
2019-08-15 19:32 - 2019-08-15 19:32 - 000003352 _____ C:\WINDOWS\System32\Tasks\psalms_ladas
2019-08-15 19:32 - 2019-08-15 19:32 - 000003338 _____ C:\WINDOWS\System32\Tasks\teague
2019-08-15 19:32 - 2019-08-15 19:32 - 000003318 _____ C:\WINDOWS\System32\Tasks\stapp
2019-08-15 19:32 - 2019-08-15 19:32 - 000003218 _____ C:\WINDOWS\System32\Tasks\teagueteague
2019-08-15 19:32 - 2019-08-15 19:32 - 000003196 _____ C:\WINDOWS\System32\Tasks\stappstapp
2019-08-15 19:32 - 2019-08-15 19:32 - 000003388 _____ C:\WINDOWS\System32\Tasks\melanocyte disciplines neutering
2019-08-15 19:32 - 2019-08-15 19:34 - 000003320 _____ C:\WINDOWS\System32\Tasks\melanocyte disciplines neuteringmelanocyte disciplines neutering
2019-08-15 19:32 - 2019-08-15 19:34 - 000003256 _____ C:\WINDOWS\System32\Tasks\marijuana_nastiermarijua na_nastier
2019-08-15 19:32 - 2019-08-15 19:34 - 000003254 _____ C:\WINDOWS\System32\Tasks\doggies-wallingdoggies-walling
2019-08-15 19:32 - 2019-08-15 19:34 - 000002276 _____ C:\WINDOWS\System32\Tasks\a
2019-08-15 19:32 - 2019-08-15 19:34 - 000002270 _____ C:\WINDOWS\System32\Tasks\1
2019-08-15 19:32 - 2019-08-15 19:33 - 000003252 _____ C:\WINDOWS\System32\Tasks\kristine keetonkristine keeton
2019-08-15 19:32 - 2019-08-15 19:33 - 000003244 _____ C:\WINDOWS\System32\Tasks\psalms_ladaspsalms_ladas
FirewallRules: [{0DEE92D6-A12E-49B6-8540-EB6947EEA39E}] => (Allow) C:\Program Files (x86)\Walking\Suspicion.exe No File
FirewallRules: [{0F46E545-597C-4BD6-9597-226989397D71}] => (Allow) C:\Program Files (x86)\discount\Suspicion.exe No File
FirewallRules: [{08747958-F3E3-4267-8C30-22EDA793AD79}] => (Allow) C:\Program Files (x86)\Walking\Designation.exe No File
FirewallRules: [{A223F525-894D-4A86-86CC-606939BA1970}] => (Allow) C:\Program Files (x86)\Scored\Designation.exe No File
End
Run FRST again, and click the Fix button. Once the repairs have completed a log will open - post that back here please.

---------

Also reboot, and run Speccy again to check if those tasks are now gone.
Reply With Quote