Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Java updater


  • Please log in to reply
7 replies to this topic

#1 aslum

aslum

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 24 December 2014 - 06:53 PM

This is my mom's Windows 7 Machine. I'm pretty sure it's infected with some kind of malware, but it's been a while since I've had to deal w/ a virus so my chops are a bit rusty.

The issue appears to be cross browser (IE, Chrome and Firefox).

Several pop ups come up saying the Java or Flash player is out of date and the computer needs to be updated. Also there will occasionally be a confirmation dialog to download setup.exe

Chrome's home page was set to trovi.com and the Firefox search box is set to search using trovi

She's running MS Security Essential, but it hasn't detected anything wrong.

I'm downloading Ad Aware, Malware Bytes, ADW Cleaner, Junk Removal Tool, SuperAntiSpyware and plan on running them in that order.

Of course, it being the holidays I may not get to it all tonight. 

 

Any help, or suggestions for which programs to run (or avoid) or just prioritize would be recommended.

Edit:

Ad Aware found nothing.

Malware Bytes found 2 Threats and 240 less malicious things. It asked to reboot the computer after  Quarantining them and I've got the logs. One was definitely listed as a Trojan Installer of somekind.

AdwCleaner FOund one item: SMUpdd


Edited by aslum, 24 December 2014 - 08:38 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,512 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:05 AM

Posted 24 December 2014 - 09:28 PM

Along with using three that you mentioned...Malware Bytes, ADW Cleaner, Junk Removal Tool, (Ad Aware is no longer considered worthwhile to use)

Scan with Eset Online Scanner. It will take more than an hour to run but is worth it.

 

Hold down Control and click on this link to open ESET OnlineScan in a new window.

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

If CCleaner takes more than few minutes to complete cleaning, shut it down and check scanning settings. Make sure it

set for Normal File Deletion.

 

To change CCleaner's deletion method:

  1. In CCleaner, click the Options icon at left, and then click the Settings button.
  2. Do one of the following:
  • Select Normal file deletion (Faster) to delete files more quickly, but less securely.
  • Select Secure file deletion (Slower) to delete files more securely, but much more slowly.

CCleaner has four methods of secure deletion: a Simple Overwrite (1 pass), DOD 5220.22-M (3 passes), NSA (7 passes), and Gutmann (35 passes). A 'pass' refers to how many times CCleaner writes over the spot on the hard drive. The more times CCleaner writes to that spot, the harder the file will be to recover by any means. The drawback is that it will take CCleaner longer to complete the job.

 

If you are still having trouble with Trovi then the info in link below may be useful for removing it. As reported there Trovi may

be listed in your list of programs. CCleaner conveniently allows you to view those programs and a button to uninstall. Click on

Tools and choose Uninstall. Then highlight the program you want to uninstall by clicking on it and then click on the Uninstall button.

How to Remove Trovi / Conduit / Search Protect Browser Hijack Malware


Edited by buddy215, 25 December 2014 - 07:24 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 aslum

aslum
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 24 December 2014 - 11:31 PM

Here is he ESET scan log:

C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ginimini\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application deleted - quarantined
C:\Program Files\Common Files\System\SysMenu.dll a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\Program Files\Common Files\System\SysMenu64.dll a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\Users\Ginimini\AppData\Local\nsrBE91.tmp Win32/VOPackage.BC potentially unwanted application deleted - quarantined
C:\Users\Ginimini\AppData\Local\nswDE0F.tmp Win32/VOPackage.BC potentially unwanted application deleted - quarantined
C:\Users\Ginimini\Documents\Anthroposophy\FLVPlayer-Chrome.exe NSIS/TrojanDownloader.Adload.AA trojan cleaned by deleting - quarantined
C:\Users\Ginimini\Documents\Anthroposophy\JavaSetup.exe a variant of Win32/DownloadAssistant.A potentially unwanted application deleted - quarantined
C:\Users\Ginimini\Documents\Anthroposophy\jvlsetup (1).exe a variant of Win32/SoftPulse.S potentially unwanted application deleted - quarantined
C:\Users\Ginimini\Documents\Anthroposophy\jvlsetup.exe a variant of Win32/SoftPulse.S potentially unwanted application deleted - quarantined
C:\Users\Ginimini\Documents\RECOVERED\backups\Documents and Settings\Owner\Local Settings\Application Data\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\Users\Ginimini\Documents\RECOVERED\backups\Documents and Settings\Owner\Local Settings\Temp\iet158.tmp.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\Ginimini\Documents\RECOVERED\backups\Documents and Settings\Owner\My Documents\Downloads\iLividSetupV1.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application deleted - quarantined
C:\Users\Ginimini\Documents\RECOVERED\backups\Documents and Settings\Owner\My Documents\Downloads\mplayer_tuguu_1285.exe a variant of Win32/InstallIQ.A potentially unwanted application deleted - quarantined


#4 buddy215

buddy215

  • Moderator
  • 13,512 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:05 AM

Posted 25 December 2014 - 07:40 AM

Is Trovi still around and did you check out the method used to remove it at

How to Remove Trovi / Conduit / Search Protect Browser Hijack Malware

 

Was Trovi in your list of installed programs?

 

Open CCleaner and click on Tools. Choose Startups. At that page you will see a list of programs that starts

when Windows is booted up. At the top of the page are buttons for Browsers and Tasks.

At the bottom right is a button when clicked will allow you to copy and paste each of those lists in your next

post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 aslum

aslum
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 25 December 2014 - 02:50 PM

think Trovi is gone... *fingers crossed* I did follow the instructions on the "how to remove trovi" link... though I think it was mostly gone by the time i did, so it didn't show up everywhere.

 

I now occasionally get an error message that says:

There was a problem starting C:\ ... \System\SysMenu.dll The specified module could not be found.

 

Here are the logs from CCleaner:

Windows:

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run Google Update "C:\Users\Ginimini\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run MusicManager Google Inc. "C:\Users\Ginimini\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
Yes HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run CanonMyPrinter CANON INC. C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Yes HKLM:Run CanonSolutionMenu CANON INC. C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
Yes HKLM:Run Hotkey Utility Acer Incorporated C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run IJNetworkScanUtility CANON INC. C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
Yes HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run RemoteControl10 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
Yes HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run TkBellExe RealNetworks, Inc. "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
Yes HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes HKLM:Run zBrowser Launcher Logitech Inc. C:\Program Files (x86)\Logitech\iTouch\iTouch.exe
Yes Startup Common Logitech Desktop Messenger.lnk Logitech C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Yes Startup Common RealPlayer Cloud Service UI.lnk RealNetworks, Inc. C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
Yes Startup User EvernoteClipper.lnk Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
Yes Startup User Microsoft Outlook 2010.lnk Microsoft Corporation C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe
 

IE:

 

Yes Extension Add to Evernote 4 C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html

Yes Extension Blog This Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Yes Extension OneNote Linked Notes Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Yes Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Yes Extension Send to OneNote Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
Yes Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
Yes Helper Canon Easy-WebPrint EX BHO CANON INC. C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
Yes Helper Evernote extension Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
Yes Helper Java™ Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
Yes Helper Java™ Plug-In SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
Yes Helper Office Document Cache Handler Microsoft Corporation C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
Yes Helper Office Document Cache Handler Microsoft Corporation C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
Yes Helper RealNetworks Download and Record Plugin for Internet Explorer RealDownloader C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
Yes Helper RealNetworks Download and Record Plugin for Internet Explorer RealDownloader C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
Yes Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Yes Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Yes Toolbar Canon Easy-WebPrint EX CANON INC. C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
 

Firefo:

 

Yes Extension Fast Discountz 3.1 Fast Discountz default Firefox 24.0 C:\Users\Ginimini\AppData\Roaming\Mozilla\Firefox\Profiles\iv9jcasv.default\extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d}

No Extension RealDownloader 17.0.9 Real Networks, Inc. default Firefox 24.0 C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Yes Plugin Adobe Acrobat 10.1.12.15 Adobe Systems Inc. default Firefox 24.0 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Yes Plugin CANON iMAGE GATEWAY Album Plugin Utility 3.0.5.0 default Firefox 24.0 C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
Yes Plugin Intel® Identity Protection Technology 2.0.59.0 Intel Corporation default Firefox 24.0 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
Yes Plugin Intel® Identity Protection Technology 2.0.59.0 Intel Corporation default Firefox 24.0 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
Yes Plugin Java Deployment Toolkit 8.0.250.18 11.25.2.18 Oracle Corporation default Firefox 24.0 C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
Yes Plugin Java™ Platform SE 8 U25 11.25.2.18 Oracle Corporation default Firefox 24.0 C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
Yes Plugin Microsoft Office 2010 14.0.4730.1010 Microsoft Corporation default Firefox 24.0 C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
Yes Plugin Microsoft Office 2010 14.0.4761.1000 Microsoft Corporation default Firefox 24.0 C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
Yes Plugin RealPlayer Download Plugin 17.0.9.17 RealPlayer Cloud default Firefox 24.0 c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
Yes Plugin RealPlayer Video Downloader  (32-bit) 17.0.9.18 RealNetworks, Inc. default Firefox 24.0 C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
Yes Plugin RealPlayer Video Downloader for HTML5  (32-bit) 17.0.9.18 RealNetworks, Inc. default Firefox 24.0 C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
Yes Plugin RealPlayer Video Downloader for PepperFlash  (32-bit) 17.0.9.18 RealNetworks, Inc. default Firefox 24.0 C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
Yes Plugin RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) 17.0.9.17 RealNetworks, Inc. default Firefox 24.0 c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
Yes Plugin Silverlight Plug-In 5.1.30514.0 Microsoft Corporation default Firefox 24.0 c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
Yes Plugin VLC Web Plugin 2.1.3.0 VideoLAN default Firefox 24.0 C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
No Plugin WildTangent Games App V2 Presence Detector 4.0.5.13 default Firefox 24.0 C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
Yes Plugin Windows Live Photo Gallery 15.4.3538.513 Microsoft Corporation default Firefox 24.0 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
 

Chrome:

 

Yes App Bejeweled 2 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0

Yes App Bubble Shooter - Deluxe 1.5 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehebfpjkmkfjlfffcmnejglggpmpgclb\1.5_0
Yes App Gmail 7 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
Yes App Google Drive 6.3 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
Yes App Pandora 1.0 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0
Yes App Picasa 6.2.2 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0
Yes App Search 0.0.0.20 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
No App Tetris 13.2334.9140 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfpkpcnigdggonhlcmbekffepnaflofk\13.2334.9140_0
Yes App The Old Reader 4 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhdpibondcndkgpoobpnndbbelpidhpk\4_0
Yes App YouTube 4.2.6 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
Yes Extension Add to Amazon Wish List 1.0.0.10 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
Yes Extension Bloglovin' 1.1 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcgnofbabeggkbjcogfmjfaojpdnehm\1.1_0
No Extension Evernote Web Clipper 6.2.6 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.2.6_0
Yes Extension feedly 34 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\34_0
Yes Extension Pin It Button 1.35 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.35_0
No Extension RealPlayer Downloader 17.0.9 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.9_0
Yes Extension Sticky Notes 1.9.2 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfklpmdfldnnjbkdmamhokiphfkfieg\1.9.2_0
Yes Extension WOT 2.5.16 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.16_0
Yes Plugin Adobe Acrobat 10.1.0.534 First user C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
Yes Plugin Chrome PDF Viewer First user C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
Yes Plugin Chrome Remote Desktop Viewer First user internal-remoting-viewer
Yes Plugin Google Update 1.3.21.124 First user C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
Yes Plugin Intel® Identity Protection Technology 2.0.59.0 First user C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
Yes Plugin Native Client First user C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
Yes Plugin Norton Confidential 2012.5.0.140 First user C:\Users\Ginimini\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll
Yes Plugin Shockwave Flash 11.5.31.2 First user C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
Yes Plugin Silverlight Plug-In 4.0.50401.0 First user c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
Yes Plugin Windows Live Photo Gallery 15.4.3538.0513_ship.wlx.w4m4 (ship) First user C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
 

Startup Tasks:

 

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-2153092962-4169373229-2462852601-1001Core C:\Users\Ginimini\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-2153092962-4169373229-2462852601-1001UA C:\Users\Ginimini\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d Intel Corporation C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
Yes Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon Intel Corporation C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
Yes Task NBAgent Nero AG C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart
Yes Task RealDownloaderRealUpgradeLogonTaskS-1-5-21-2153092962-4169373229-2462852601-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe /logoncheck
Yes Task RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2153092962-4169373229-2462852601-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe /scheduledcheck
Yes Task RealPlayerRealUpgradeLogonTaskS-1-5-21-2153092962-4169373229-2462852601-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes Task RealPlayerRealUpgradeScheduledTaskS-1-5-21-2153092962-4169373229-2462852601-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes Task SUPERAntiSpyware Scheduled Task 2f1ef64d-a38d-4939-a873-bbf6821984d1 SUPERAdBlocker.com C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:2f1ef64d-a38d-4939-a873-bbf6821984d1
Yes Task SUPERAntiSpyware Scheduled Task a09160c8-6bed-430a-a4e2-b0ab11c37868 SUPERAdBlocker.com C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:a09160c8-6bed-430a-a4e2-b0ab11c37868
Yes Task UALU notificatin Acer Incorporated "C:\Program Files\Gateway\Gateway Updater\UALU.exe"
 

Context Menu: 

 

Yes Directory Add to VLC media player's Playlist VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"

Yes Directory Play with VLC media player VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Yes File SysMenuExt
Yes File SysMenuExt
Yes File {4A7C4306-57E0-4C0C-83A9-78C1528F618C} RealNetworks, Inc. c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll
 


#6 buddy215

buddy215

  • Moderator
  • 13,512 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:05 AM

Posted 25 December 2014 - 05:27 PM

Concerning the SysMenu.dll....In the context menu try changing yes to no in Context Menu.

Yes File SysMenuExt

Yes File SysMenuExt

 

or you can use this solution:

Download AutoRuns for Windows

2nd: Find the yellow highlighted Image Paths that ends with sysmenu.dll. Usually you can locate those image paths from Scheduled Task.

3rd: Right click then delete.

4th: Try to find all yellow highlighted Image Paths that ends with sysmenu.dll from "Everything tabs, delete them.

NOTE: Carefully choose image paths that ends sysmenu.dll only, if you deleted paths that are not high lightened then it might cause some trouble booting your PC.

5th: Reboot Computer

 

My recommendations for reducing boot time and lessen memory usage: (you should discuss with user before changing. It is also easy to reverse changes)

Disable all listed items in all categories.

Windows Startup:

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run Google Update "C:\Users\Ginimini\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run MusicManager Google Inc. "C:\Users\Ginimini\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
Yes HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (unless it is the paid version)
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run CanonMyPrinter CANON INC. C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Yes HKLM:Run CanonSolutionMenu CANON INC. C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run IJNetworkScanUtility CANON INC. C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run TkBellExe RealNetworks, Inc. "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
Yes Startup Common RealPlayer Cloud Service UI.lnk RealNetworks, Inc. C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
Yes Startup User EvernoteClipper.lnk Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
 
IE:
Yes Extension Add to Evernote 4 C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
Yes Extension OneNote Linked Notes Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Yes Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Yes Extension Send to OneNote Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
Yes Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
Yes Helper Canon Easy-WebPrint EX BHO CANON INC. C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
Yes Helper Evernote extension Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
Yes Helper Java™ Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
Yes Helper Java™ Plug-In SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
Yes Helper RealNetworks Download and Record Plugin for Internet Explorer RealDownloader C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
Yes Helper RealNetworks Download and Record Plugin for Internet Explorer RealDownloader C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
Yes Toolbar Canon Easy-WebPrint EX CANON INC. C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
 
Firefox:
Yes Extension Fast Discountz 3.1 Fast Discountz default Firefox 24.0 C:\Users\Ginimini\AppData\Roaming\Mozilla\Firefox\Profiles\iv9jcasv.default\extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d} (Uninstall if that option is offered)
Yes Plugin Adobe Acrobat 10.1.12.15 Adobe Systems Inc. default Firefox 24.0 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Firefox has its own pdf reader)
Yes Plugin CANON iMAGE GATEWAY Album Plugin Utility 3.0.5.0 default Firefox 24.0 C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
Yes Plugin Java Deployment Toolkit 8.0.250.18 11.25.2.18 Oracle Corporation default Firefox 24.0 C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
Yes Plugin Java™ Platform SE 8 U25 11.25.2.18 Oracle Corporation default Firefox 24.0 C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
Yes Plugin RealPlayer Download Plugin 17.0.9.17 RealPlayer Cloud default Firefox 24.0 c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
Yes Plugin RealPlayer Video Downloader  (32-bit) 17.0.9.18 RealNetworks, Inc. default Firefox 24.0 C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
Yes Plugin RealPlayer Video Downloader for HTML5  (32-bit) 17.0.9.18 RealNetworks, Inc. default Firefox 24.0 C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
Yes Plugin RealPlayer Video Downloader for PepperFlash  (32-bit) 17.0.9.18 RealNetworks, Inc. default Firefox 24.0 C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
Yes Plugin RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) 17.0.9.17 RealNetworks, Inc. default Firefox 24.0 c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
Yes Plugin Silverlight Plug-In 5.1.30514.0 Microsoft Corporation default Firefox 24.0 c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
Yes Plugin Windows Live Photo Gallery 15.4.3538.513 Microsoft Corporation default Firefox 24.0 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
 
Startup Tasks:

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-2153092962-4169373229-2462852601-1001Core C:\Users\Ginimini\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-2153092962-4169373229-2462852601-1001UA C:\Users\Ginimini\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d Intel Corporation C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
Yes Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon Intel Corporation C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
Yes Task RealDownloaderRealUpgradeLogonTaskS-1-5-21-2153092962-4169373229-2462852601-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe /logoncheck
Yes Task RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2153092962-4169373229-2462852601-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe /scheduledcheck
Yes Task RealPlayerRealUpgradeLogonTaskS-1-5-21-2153092962-4169373229-2462852601-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes Task RealPlayerRealUpgradeScheduledTaskS-1-5-21-2153092962-4169373229-2462852601-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes Task SUPERAntiSpyware Scheduled Task 2f1ef64d-a38d-4939-a873-bbf6821984d1 SUPERAdBlocker.com C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:2f1ef64d-a38d-4939-a873-bbf6821984d1 (Disable all SAS Tasks unless it is the paid version)
Yes Task SUPERAntiSpyware Scheduled Task a09160c8-6bed-430a-a4e2-b0ab11c37868 SUPERAdBlocker.com C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:a09160c8-6bed-430a-a4e2-b0ab11c37868
Yes Task UALU notificatin Acer Incorporated "C:\Program Files\Gateway\Gateway Updater\UALU.exe"
 
Reset Google Chrome:
 

Google Chrome gives you the option to reset your browser settings in one easy click. In some cases, programs that you install can change your Chrome settings without your knowledge. You may see additional extensions and toolbars or a different search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

Reset your browser settings
  1. In the top-right corner of the browser window, click the Chrome menu
  2. Select Settings.
  3. At the bottom, click Show advanced settings.
  4. Under the section "Reset settings,” click Reset settings.
  5. In the dialog that appears, click Reset.

Edited by buddy215, 25 December 2014 - 07:40 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 aslum

aslum
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 25 December 2014 - 08:43 PM

Thanks for all your help! I hope you had a Merry Christmas, and/or have a Happy Whatever special days. (:



#8 buddy215

buddy215

  • Moderator
  • 13,512 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:05 AM

Posted 26 December 2014 - 10:19 AM

You're welcome


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users