View Single Post
  #11  
Old August 19th, 2019, 12:16 PM
alphaorg alphaorg is offline
New Member
 
Join Date: Aug 2019
Posts: 8
yep, now the scheduler looks fine. Thank you very much!

By the way, before running the fix I gave a look at the files inside folder: "..\system32\tasks" and they all looked similars, like they were executed by designation.exe.

Below the log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by a1005 (19-08-2019 12:43:45) Run:1
Running from C:\Users\a1005\Downloads
Loaded Profiles: a1005 (Available Profiles: defaultuser0 & a1005 & Ale)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {02AC4027-C63F-4BD0-8AE8-6D567CFEE292} - System32\Tasks\stappstapp => C:\Program Files (x86)\cano\cano.exe
Task: {182B02C7-F1AF-442B-95EF-CCDD563524D5} - System32\Tasks\psalms_ladas => C:\Program Files (x86)\Walking\Designation.exe
Task: {26547971-6B87-4C39-AACD-6346D37899F0} - System32\Tasks\teagueteague => C:\Program Files (x86)\Scored\Designation.exe
Task: {4E4E7453-B6A3-4C14-92C2-51DEC7ACA175} - System32\Tasks\psalms_ladaspsalms_ladas => C:\Program Files (x86)\Walking\Designation.exe
Task: {5430DBE0-79A5-402A-BF5B-6F426FC99027} - System32\Tasks\kristine keeton => C:\Program Files (x86)\Walking\Suspicion.exe
Task: {5AB9CF4D-DC54-425F-9456-9B334679AFA3} - System32\Tasks\doggies-walling => C:\Program Files (x86)\discount\Suspicion.exe
Task: {5B5AF129-3AC9-42EE-990D-71B7BC4F4E0F} - System32\Tasks\marijuana_nastier => C:\Users\a1005\AppData\Local\Suspicion.exe
Task: {7F7F2927-852E-43F3-A97B-6214FDD3F67F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {8F5BB1F1-9B33-4CA7-9522-BC69860C1878} - System32\Tasks\stapp => C:\Program Files (x86)\cano\cano.exe
Task: {9D26FEC7-FF88-460F-B9EC-4A7FABC16BF3} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe
Task: {B3D3A01E-E0A2-4CB6-B84F-AAA4209EA4A0} - System32\Tasks\melanocyte disciplines neutering => C:\Users\a1005\AppData\Local\Designation.exe
Task: {B7C17ACA-B0D2-4BD2-8121-F704BB5C0F20} - System32\Tasks\kristine keetonkristine keeton => C:\Program Files (x86)\Walking\Suspicion.exe
Task: {CD78EA0B-BDAA-4624-870B-4DF7B4D1888B} - System32\Tasks\doggies-wallingdoggies-walling => C:\Program Files (x86)\discount\Suspicion.exe
Task: {EDE34764-B8CB-4077-8973-5069C6DD6406} - System32\Tasks\marijuana_nastiermarijuana_nastier => C:\Users\a1005\AppData\Local\Suspicion.exe
Task: {FB3FE6D3-3D7C-40AA-B542-46CEACFA9C96} - System32\Tasks\melanocyte disciplines neuteringmelanocyte disciplines neutering => C:\Users\a1005\AppData\Local\Designation.exe
Task: {FD12B159-F2E7-4F90-B998-8DBF87D6AC34} - System32\Tasks\1 => C:\Users\a1005\Music\1.xspf [4351 2017-12-12] () [File not signed] <==== ATTENTION
Task: {FD4292EB-58A0-4E93-A4B0-0FCDC6DF1255} - System32\Tasks\teague => C:\Program Files (x86)\Scored\Designation.exe
2019-08-15 19:32 - 2019-08-15 19:32 - 000003356 _____ C:\WINDOWS\System32\Tasks\doggies-walling
2019-08-15 19:32 - 2019-08-15 19:32 - 000003354 _____ C:\WINDOWS\System32\Tasks\marijuana_nastier
2019-08-15 19:32 - 2019-08-15 19:32 - 000003354 _____ C:\WINDOWS\System32\Tasks\kristine keeton
2019-08-15 19:32 - 2019-08-15 19:32 - 000003352 _____ C:\WINDOWS\System32\Tasks\psalms_ladas
2019-08-15 19:32 - 2019-08-15 19:32 - 000003338 _____ C:\WINDOWS\System32\Tasks\teague
2019-08-15 19:32 - 2019-08-15 19:32 - 000003318 _____ C:\WINDOWS\System32\Tasks\stapp
2019-08-15 19:32 - 2019-08-15 19:32 - 000003218 _____ C:\WINDOWS\System32\Tasks\teagueteague
2019-08-15 19:32 - 2019-08-15 19:32 - 000003196 _____ C:\WINDOWS\System32\Tasks\stappstapp
2019-08-15 19:32 - 2019-08-15 19:32 - 000003388 _____ C:\WINDOWS\System32\Tasks\melanocyte disciplines neutering
2019-08-15 19:32 - 2019-08-15 19:34 - 000003320 _____ C:\WINDOWS\System32\Tasks\melanocyte disciplines neuteringmelanocyte disciplines neutering
2019-08-15 19:32 - 2019-08-15 19:34 - 000003256 _____ C:\WINDOWS\System32\Tasks\marijuana_nastiermarijua na_nastier
2019-08-15 19:32 - 2019-08-15 19:34 - 000003254 _____ C:\WINDOWS\System32\Tasks\doggies-wallingdoggies-walling
2019-08-15 19:32 - 2019-08-15 19:34 - 000002276 _____ C:\WINDOWS\System32\Tasks\a
2019-08-15 19:32 - 2019-08-15 19:34 - 000002270 _____ C:\WINDOWS\System32\Tasks\1
2019-08-15 19:32 - 2019-08-15 19:33 - 000003252 _____ C:\WINDOWS\System32\Tasks\kristine keetonkristine keeton
2019-08-15 19:32 - 2019-08-15 19:33 - 000003244 _____ C:\WINDOWS\System32\Tasks\psalms_ladaspsalms_ladas
FirewallRules: [{0DEE92D6-A12E-49B6-8540-EB6947EEA39E}] => (Allow) C:\Program Files (x86)\Walking\Suspicion.exe No File
FirewallRules: [{0F46E545-597C-4BD6-9597-226989397D71}] => (Allow) C:\Program Files (x86)\discount\Suspicion.exe No File
FirewallRules: [{08747958-F3E3-4267-8C30-22EDA793AD79}] => (Allow) C:\Program Files (x86)\Walking\Designation.exe No File
FirewallRules: [{A223F525-894D-4A86-86CC-606939BA1970}] => (Allow) C:\Program Files (x86)\Scored\Designation.exe No File
End
*****************

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02AC40 27-C63F-4BD0-8AE8-6D567CFEE292}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02AC40 27-C63F-4BD0-8AE8-6D567CFEE292}" => removed successfully
C:\WINDOWS\System32\Tasks\stappstapp => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\stappsta pp" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{182B02 C7-F1AF-442B-95EF-CCDD563524D5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{182B02 C7-F1AF-442B-95EF-CCDD563524D5}" => removed successfully
C:\WINDOWS\System32\Tasks\psalms_ladas => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psalms_l adas" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{265479 71-6B87-4C39-AACD-6346D37899F0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{265479 71-6B87-4C39-AACD-6346D37899F0}" => removed successfully
C:\WINDOWS\System32\Tasks\teagueteague => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\teaguete ague" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E4E74 53-B6A3-4C14-92C2-51DEC7ACA175}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E4E74 53-B6A3-4C14-92C2-51DEC7ACA175}" => removed successfully
C:\WINDOWS\System32\Tasks\psalms_ladaspsalms_ladas => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psalms_l adaspsalms_ladas" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5430DB E0-79A5-402A-BF5B-6F426FC99027}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5430DB E0-79A5-402A-BF5B-6F426FC99027}" => removed successfully
C:\WINDOWS\System32\Tasks\kristine keeton => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kristine keeton" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5AB9CF 4D-DC54-425F-9456-9B334679AFA3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AB9CF 4D-DC54-425F-9456-9B334679AFA3}" => removed successfully
C:\WINDOWS\System32\Tasks\doggies-walling => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\doggies-walling" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B5AF1 29-3AC9-42EE-990D-71B7BC4F4E0F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B5AF1 29-3AC9-42EE-990D-71B7BC4F4E0F}" => removed successfully
C:\WINDOWS\System32\Tasks\marijuana_nastier => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\marijuan a_nastier" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F7F29 27-852E-43F3-A97B-6214FDD3F67F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F7F29 27-852E-43F3-A97B-6214FDD3F67F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F5BB1 F1-9B33-4CA7-9522-BC69860C1878}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F5BB1 F1-9B33-4CA7-9522-BC69860C1878}" => removed successfully
C:\WINDOWS\System32\Tasks\stapp => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\stapp" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D26FE C7-FF88-460F-B9EC-4A7FABC16BF3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D26FE C7-FF88-460F-B9EC-4A7FABC16BF3}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\rempl\ shell-usoscan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\rempl\shell-usoscan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3D3A0 1E-E0A2-4CB6-B84F-AAA4209EA4A0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3D3A0 1E-E0A2-4CB6-B84F-AAA4209EA4A0}" => removed successfully
C:\WINDOWS\System32\Tasks\melanocyte disciplines neutering => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\melanocy te disciplines neutering" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7C17A CA-B0D2-4BD2-8121-F704BB5C0F20}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7C17A CA-B0D2-4BD2-8121-F704BB5C0F20}" => removed successfully
C:\WINDOWS\System32\Tasks\kristine keetonkristine keeton => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kristine keetonkristine keeton" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD78EA 0B-BDAA-4624-870B-4DF7B4D1888B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD78EA 0B-BDAA-4624-870B-4DF7B4D1888B}" => removed successfully
C:\WINDOWS\System32\Tasks\doggies-wallingdoggies-walling => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\doggies-wallingdoggies-walling" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDE347 64-B8CB-4077-8973-5069C6DD6406}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDE347 64-B8CB-4077-8973-5069C6DD6406}" => removed successfully
C:\WINDOWS\System32\Tasks\marijuana_nastiermarijua na_nastier => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\marijuan a_nastiermarijuana_nastier" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB3FE6 D3-3D7C-40AA-B542-46CEACFA9C96}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB3FE6 D3-3D7C-40AA-B542-46CEACFA9C96}" => removed successfully
C:\WINDOWS\System32\Tasks\melanocyte disciplines neuteringmelanocyte disciplines neutering => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\melanocy te disciplines neuteringmelanocyte disciplines neutering" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD12B1 59-F2E7-4F90-B998-8DBF87D6AC34}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD12B1 59-F2E7-4F90-B998-8DBF87D6AC34}" => removed successfully
C:\WINDOWS\System32\Tasks\1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD4292 EB-58A0-4E93-A4B0-0FCDC6DF1255}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD4292 EB-58A0-4E93-A4B0-0FCDC6DF1255}" => removed successfully
C:\WINDOWS\System32\Tasks\teague => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\teague" => removed successfully
"C:\WINDOWS\System32\Tasks\doggies-walling" => not found
"C:\WINDOWS\System32\Tasks\marijuana_nastier" => not found
"C:\WINDOWS\System32\Tasks\kristine keeton" => not found
"C:\WINDOWS\System32\Tasks\psalms_ladas" => not found
"C:\WINDOWS\System32\Tasks\teague" => not found
"C:\WINDOWS\System32\Tasks\stapp" => not found
"C:\WINDOWS\System32\Tasks\teagueteague" => not found
"C:\WINDOWS\System32\Tasks\stappstapp" => not found
"C:\WINDOWS\System32\Tasks\melanocyte disciplines neutering" => not found
"C:\WINDOWS\System32\Tasks\melanocyte disciplines neuteringmelanocyte disciplines neutering" => not found
"C:\WINDOWS\System32\Tasks\marijuana_nastiermariju a na_nastier" => not found
"C:\WINDOWS\System32\Tasks\doggies-wallingdoggies-walling" => not found
C:\WINDOWS\System32\Tasks\a => moved successfully
"C:\WINDOWS\System32\Tasks\1" => not found
"C:\WINDOWS\System32\Tasks\kristine keetonkristine keeton" => not found
"C:\WINDOWS\System32\Tasks\psalms_ladaspsalms_lada s" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{0DEE9 2D6-A12E-49B6-8540-EB6947EEA39E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{0F46E 545-597C-4BD6-9597-226989397D71}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{08747 958-F3E3-4267-8C30-22EDA793AD79}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{A223F 525-894D-4A86-86CC-606939BA1970}" => removed successfully

==== End of Fixlog 12:43:49 ====
Reply With Quote