« previous next »
Pages: [1]   Go Down

Author Topic: Stubborn Mystery Software  (Read 3751 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Stubborn Mystery Software
« on: September 18, 2014, 02:31:11 AM »
Hello there!

So I have a brand new computer and having a long list of software to install on my PC, I made the rookie error of not paying attention to the fine details of what I was downloading (yes, I'm really stupid, I know - I regret not paying more attention but alas here I am) and now I have a series of stubborn files on my hard drive that I want rid of but won't budge.

The files are situated in both :C/Programs and :/C/Programs (x84) named: 'WSE_Lasaoren', 'Optimizer Pro', 'MyPC Backup' and copy of avast! which I am pretty wary of since it came from the same batch as the rest. My immediate reaction was the old 'stop, drop and roll' of check the internet add-ons for spam, and the uninstall a program for the others and of course all of the above was either not there or the option to remove them was greyed out and here I am.

I have followed on of the sticky topics' instructions and have attached the files. Hopefully together we can get my new PC squeaky clean again (or at least as close as possible. Thanks for your help volunteers!

~Midnight Halcyon
Logged

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Stubborn Mystery Software
« Reply #1 on: September 18, 2014, 12:57:47 PM »
Hi,

First from Control Panel > Programs and Features try to uninstall the following:

MyPC Backup
Optimizer Pro v3.2
WSE_Lasaoren






1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Quote
Start
CloseProcesses:
Task: {07E6B3D0-3E66-4EA4-8F8F-D2C1C963B348} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-08-21] (PC Utilities Software Limited) <==== ATTENTION
Task: {2B5FB592-E4A1-401E-9AA3-AA02264E8462} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Lasaoren.job => C:\Users\Helen\AppData\Roaming\WSE_LA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKU\S-1-5-21-3210615963-1950644752-3436458284-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [146888 2014-08-21] (PC Utilities Software Limited)
Startup: C:\Users\Helen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
HKU\S-1-5-21-3210615963-1950644752-3436458284-1001\...\Run: [BRS] => C:\Program Files (x86)\WSE_Lasaoren\BRS\brs.exe [1074688 2014-09-17] ()
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3541448 2014-09-17] ()
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X]
Hosts:
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_app_14_38_ie&cd=2XzuyEtN2Y1L1QzuyC0C0CtBtCyByBtCtBtAyCtBzz0EtB0AtN0D0Tzu0SzyzytCtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyBzytByE0ByCtGyB0AtCtDtG0BtA0FyDtGzzyC0CtAtGtCyDtA0DyCzzyE0DzzyE0C0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0C0ByD0AtC0AtGyByC0B0BtGyEtB0CtAtG0B0F0C0EtG0D0E0ByEtC0DyDyCtAyEzzzy2Q&cr=1875469248&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_app_14_38_ie&cd=2XzuyEtN2Y1L1QzuyC0C0CtBtCyByBtCtBtAyCtBzz0EtB0AtN0D0Tzu0SzyzytCtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyBzytByE0ByCtGyB0AtCtDtG0BtA0FyDtGzzyC0CtAtGtCyDtA0DyCzzyE0DzzyE0C0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0C0ByD0AtC0AtGyByC0B0BtGyEtB0CtAtG0B0F0C0EtG0D0E0ByEtC0DyDyCtAyEzzzy2Q&cr=1875469248&ir=
SearchScopes: HKLM - {083655D8-BAA0-497D-AB97-17BA5E7CF98B} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_app_14_38_ie&cd=2XzuyEtN2Y1L1QzuyC0C0CtBtCyByBtCtBtAyCtBzz0EtB0AtN0D0Tzu0SzyzytCtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyBzytByE0ByCtGyB0AtCtDtG0BtA0FyDtGzzyC0CtAtGtCyDtA0DyCzzyE0DzzyE0C0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0C0ByD0AtC0AtGyByC0B0BtGyEtB0CtAtG0B0F0C0EtG0D0E0ByEtC0DyDyCtAyEzzzy2Q&cr=1875469248&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_app_14_38_ie&cd=2XzuyEtN2Y1L1QzuyC0C0CtBtCyByBtCtBtAyCtBzz0EtB0AtN0D0Tzu0SzyzytCtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyBzytByE0ByCtGyB0AtCtDtG0BtA0FyDtGzzyC0CtAtGtCyDtA0DyCzzyE0DzzyE0C0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0C0ByD0AtC0AtGyByC0B0BtGyEtB0CtAtG0B0F0C0EtG0D0E0ByEtC0DyDyCtAyEzzzy2Q&cr=1875469248&ir=
SearchScopes: HKCU - {083655D8-BAA0-497D-AB97-17BA5E7CF98B} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
EmptyTemp:
C:\Program Files (x86)\Optimizer Pro
2014-09-17 23:24 - 2014-09-17 23:24 - 00003244 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-09-17 23:24 - 2014-09-17 23:24 - 00000000 ____D () C:\Users\Helen\Documents\Optimizer Pro
2014-09-17 23:24 - 2014-09-17 23:24 - 00000000 ____D () C:\Users\Helen\AppData\Roaming\Optimizer Pro
2014-09-17 23:19 - 2014-09-17 23:19 - 00000000 ____D () C:\Program Files (x86)\WSE_Lasaoren
2014-09-17 23:19 - 2014-09-18 01:19 - 00000310 _____ () C:\Windows\Tasks\WSE_Lasaoren.job
2014-09-17 23:19 - 2014-09-17 23:19 - 00002648 _____ () C:\Windows\System32\Tasks\WSE_Lasaoren
2014-09-17 23:19 - 2014-09-17 23:19 - 00000000 ____D () C:\Users\Helen\AppData\Roaming\WSE_Lasaoren
2014-09-17 23:19 - 2014-09-17 23:19 - 00000000 ____D () C:\Program Files (x86)\WSE_Lasaoren
2014-09-17 23:24 - 2014-09-17 23:24 - 00003244 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-09-17 23:24 - 2014-09-17 23:24 - 00000000 ____D () C:\Users\Helen\Documents\Optimizer Pro
2014-09-17 23:24 - 2014-09-17 23:24 - 00000000 ____D () C:\Users\Helen\AppData\Roaming\Optimizer Pro
2014-09-17 23:19 - 2014-09-17 23:19 - 00002648 _____ () C:\Windows\System32\Tasks\WSE_Lasaoren
2014-09-17 23:19 - 2014-09-17 23:19 - 00001992 _____ () C:\Users\Helen\Desktop\Sync Folder.lnk
2014-09-17 23:19 - 2014-09-17 23:19 - 00001110 _____ () C:\Users\Helen\Desktop\MyPC Backup.lnk
2014-09-17 23:19 - 2014-09-17 23:19 - 00001085 _____ () C:\Users\Helen\Desktop\Optimizer Pro.lnk
2014-09-17 23:19 - 2014-09-17 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
End



2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Logged

REDACTED

  • Guest
Re: Stubborn Mystery Software
« Reply #2 on: September 18, 2014, 07:42:38 PM »
Thanks for your help!

I have attached the log you requested.
Logged

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Stubborn Mystery Software
« Reply #3 on: September 18, 2014, 07:51:10 PM »
Good. Adware is removed. Now preform the quick scan with this tool just to cache leftovers and then tell me how is the computer behavior.



Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Post logfile will also be saved in the C:\AdwCleaner folder.
Logged

REDACTED

  • Guest
Re: Stubborn Mystery Software
« Reply #4 on: September 19, 2014, 06:21:57 PM »
Hi there!

I've done the first scan however adwcleaner doesn't seem to work. It gets stuck on scan saying 'pending' and there is no files that appear in the boxes below. All the tabs remain empty.

EDIT:  Something very strange happened recently when I was downloading/installing the drivers for my printer. It asked me to restart (which took an unusually log time) and before it even booted properly a white screen appeared saying something along the lines of Your primary internet browser has been removed from your task bar. This can be changed at a later time. There was a next button that then took me to a new screen which said please ensure you are connected to the internet and the next button then just took me to a white screen where it crashed. It was very strange and all sounded very virusey to me. :/
« Last Edit: September 19, 2014, 08:44:00 PM by midnighthalcyon »
Logged
Pages: [1]   Go Up
« previous next »