Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Frequent Avast "Threat Detected" Warnings - No Infectionions Found


  • This topic is locked This topic is locked
16 replies to this topic

#1 Dancing_Bear

Dancing_Bear

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 19 June 2015 - 04:39 PM

[Edit] Apologies for spelling mistake in my post title. I don't think I can edit that...

 

Windows 7 Home Premium Service Pack 1, Automatic Updates (so I presume the system is up to date) running Avast Free antivirus (fully updated with latest definitions)

 

Hello - I hope someone might be able to help me. Several weeks ago I downloaded and installed what I thought was a legitimate program for driving a new digital microscope that I use for my work. I'm usually a very cautious browser, and only download from legitimate sites, but this time it looks like I goofed. The installer made the usual offers of adware, which I declined, but then went ahead and installed a bunch anyway. The immediate symptoms were attempted browser hijacks (some successful, some blocked by Avast). I cleaned up what I could manually (including uninstalling the digital microscope program), but there was at least one adware program that would not fully uninstall through add/remove programs. Over the next week or so I looked up what to do about it, and eventually ran through the malware removal guide listed here: https://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/. The tools found a bunch of things (all apparently adware, nothing nasty) and removed them. After three cycles through the malware tools, everything was coming up clean (no reported threats/infections).

 

However, since that time, I get periodic Avast "threat detected" warnings (this happens at least every time I wake my computer up, and at intervals between 30 min and several hours thereafter). These only happen on one computer - other computers I have running Avast don't do this. Avast appears to be blocking attempts by my computer to connect to a range of websites. Example text from one such warning reads:

 

Infection blocked

Infection details:

URL: <aitchteeteepee>://bestdriverstar.net/4141/CutterGeneration_142669028246641.dll

Infection: URL:Mal

Process: C:\Windows\System32\svchost.exe

 

The websites and exact URL are different each time, but the common theme is that they appear to be trying to download a .dll file.

 

Examples of the last few URLs are:

 

alwaysisobar.com/4141/TroubleFix_142669690001746.dll

simplesitescan.net/4141/LibraryProc_142667285206710.dll

bestdriverstar.net/4141/CutterGeneration_142669028246641.dll

 

The tools I have used to date (all run as administrator, and in roughly the order run) are:

 

Avast full system scans, and boot-time scans

rkill.com

MalwareBytes Anti Malware

ADWCleaner

Junkware Removal Tool

TDSSKiller.exe

Hitman Pro (trial version - no threats found so I did not need to start a 30 day trial)

 

The latter found a bunch of tracking cookies and flagged one .exe file as suspicious. That .exe file is in my downloads folder, and as it turns out is part of the installer package for the original digital microscope program that I believe started this whole problem in the first place (which I still have in my 'Downloads' folder if anyone needs to look at it). However, Hitman Pro did not find any threats, [Edit] and all the other malware tools come up clean.

 

So - to sum up - I downloaded and installed a dodgy file and either that file, or the installer, infected me with a bunch of adware. I successfully removed apparently everything, all malware and junkware and antivirus tools are coming up clean, but I am STILL getting Avast warnings about attempts by my computer to contact dodgy websites to download a .dll. It looks like I still have stealthy infection somewhere on my system but I don't know what or where. Can anyone help me with what I should do next?

 

Thank you!


Edited by Dancing_Bear, 20 June 2015 - 01:27 AM.


BC AdBot (Login to Remove)

 


#2 Dancing_Bear

Dancing_Bear
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 22 June 2015 - 06:09 AM

Follow up: I can now add RogueKiller to the list of programs run that report an apparently clean system.

 

Avast threat detections continue - a partial list is:

 

alwaysisobar.com/4141/TroubleFix_142669690001746.dll
simplesitescan.net/4141/LibraryProc_142667285206710.dll
bestdriverstar.net/4141/CutterGeneration_142669028246641.dll
anythicago.com/4141/CutterSystem_142669222915982.dll
simplesitescan.net/4141/CutterGeneration_142669028215736.dll
alwaysisobar.com/4141/SystemInclude_142652930467594.dll
opticguardzip.net/4141/RelayTurbo_142668814316255.dll
simplesitescan.net/4141/SystemVisual_142669159151878.dll
simplesitescan.net/4141/TrimModule_142669092997470.dll
alwaysisobar.com/4141/afterguard_142667076317268.dll



#3 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:33 PM

Posted 22 June 2015 - 06:44 AM

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Rerun AdwCleaner and post what it found and cleaned. In case you have uninstalled it or need instructions for using, I've included instructions.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

download MiniToolBox and run it.
Checkmark following boxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • Click Go and post the result.

 

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


Edited by buddy215, 22 June 2015 - 07:06 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 Dancing_Bear

Dancing_Bear
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 22 June 2015 - 07:45 AM

Hi BC Advisor. Thank you very much for assisting me! I will get on to running the tools asap but may not finish before tomorrow (it is nearly 1:00 am here).

Incidentally - the following (resolved) posting to the Avast forums appears to describe identical symptoms to those I am experiencing: https://forum.avast.com/index.php?topic=169680.0



#5 Dancing_Bear

Dancing_Bear
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 22 June 2015 - 08:06 AM

ADWCleaner Log:


# AdwCleaner v4.207 - Logfile created 23/06/2015 at 01:02:37
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : <name> - <name>-SAMSUN
# Running from : C:\Users\<name>\Downloads\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [3391 bytes] - [15/06/2015 00:09:03]
AdwCleaner[R1].txt - [930 bytes] - [15/06/2015 23:01:14]
AdwCleaner[R2].txt - [1046 bytes] - [15/06/2015 23:06:27]
AdwCleaner[R3].txt - [1165 bytes] - [23/06/2015 01:01:35]
AdwCleaner[S0].txt - [3282 bytes] - [15/06/2015 00:10:19]
AdwCleaner[S1].txt - [993 bytes] - [15/06/2015 23:02:57]
AdwCleaner[S2].txt - [1111 bytes] - [15/06/2015 23:07:58]
AdwCleaner[S3].txt - [1091 bytes] - [23/06/2015 01:02:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1150  bytes] ##########

 


Edited by Dancing_Bear, 22 June 2015 - 08:25 AM.


#6 Dancing_Bear

Dancing_Bear
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 22 June 2015 - 08:13 AM

Results from MiniToolBox. Note - I haven't had the Avast warning since running CCleaner, and would have expected one by now (especially upon the reboot initiated by ADWCleaner).


MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by <name> (administrator) on 23-06-2015 at 01:08:54
Running from "C:\Users\<name>\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: 700Z3A/700Z4A/700Z5A/700Z5B Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6230 = Wireless Network Connection (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 = Local Area Connection 3 (Hardware not present)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection 3" forwarding=enabled advertise=enabled metric=1 nud=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : <name>-samsung
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : station

Ethernet adapter Local Area Connection* 18:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
   Physical Address. . . . . . . . . : 00-FF-10-40-ED-07
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 88-53-2E-B6-B9-40
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 88-53-2E-B6-B9-40
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : station
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6230
   Physical Address. . . . . . . . . : 88-53-2E-B6-B9-3F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::61c2:5671:a14e:30df%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, June 23, 2015 1:04:01 AM
   Lease Expires . . . . . . . . . . : Tuesday, June 23, 2015 2:04:05 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 310924078
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-37-F0-60-E8-03-9A-91-53-C8
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E8-03-9A-91-53-C8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-80-69
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::432:3479:a0b3:3048%22(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.48.72(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 705167399
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-37-F0-60-E8-03-9A-91-53-C8
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  vodafone.station
Address:  192.168.1.1

Name:    google.com
Addresses:  2404:6800:4003:804::200e
      203.118.141.181
      203.118.141.166
      203.118.141.165
      203.118.141.174
      203.118.141.155
      203.118.141.187
      203.118.141.177
      203.118.141.185
      203.118.141.163
      203.118.141.176
      203.118.141.148
      203.118.141.159
      203.118.141.170
      203.118.141.152
      203.118.141.144
      203.118.141.154


Pinging google.com [203.118.141.181] with 32 bytes of data:
Reply from 203.118.141.181: bytes=32 time=24ms TTL=61
Reply from 203.118.141.181: bytes=32 time=22ms TTL=61

Ping statistics for 203.118.141.181:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 24ms, Average = 23ms
Server:  vodafone.station
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=179ms TTL=53
Reply from 206.190.36.45: bytes=32 time=179ms TTL=53

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 179ms, Maximum = 179ms, Average = 179ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 25...00 ff 10 40 ed 07 ......Juniper Network Connect Virtual Adapter
 14...88 53 2e b6 b9 40 ......Microsoft Virtual WiFi Miniport Adapter #2
 13...88 53 2e b6 b9 40 ......Microsoft Virtual WiFi Miniport Adapter
 12...88 53 2e b6 b9 3f ......Intel® Centrino® Advanced-N 6230
 11...e8 03 9a 91 53 c8 ......Realtek PCIe GBE Family Controller
 22...08 00 27 00 80 69 ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.5     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link     169.254.48.72    276
    169.254.48.72  255.255.255.255         On-link     169.254.48.72    276
  169.254.255.255  255.255.255.255         On-link     169.254.48.72    276
      192.168.1.0    255.255.255.0         On-link       192.168.1.5    281
      192.168.1.5  255.255.255.255         On-link       192.168.1.5    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.5    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     169.254.48.72    276
        224.0.0.0        240.0.0.0         On-link       192.168.1.5    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     169.254.48.72    276
  255.255.255.255  255.255.255.255         On-link       192.168.1.5    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 22    276 fe80::/64                On-link
 12    281 fe80::/64                On-link
 22    276 fe80::432:3479:a0b3:3048/128
                                    On-link
 12    281 fe80::61c2:5671:a14e:30df/128
                                    On-link
  1    306 ff00::/8                 On-link
 22    276 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

**** End of log ****

 


Edited by Dancing_Bear, 22 June 2015 - 08:26 AM.


#7 Dancing_Bear

Dancing_Bear
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 22 June 2015 - 08:17 AM

CCleaner Startups:

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No    HKCU:Run    CUCore Agent    Avaya, Inc.    "C:\Users\<name>\AppData\Local\Radvision\Conference Client\8.3.000.62\confagent.exe" /minimize
Yes    HKCU:Run    Dropbox Update    Dropbox, Inc.    "C:\Users\<name>\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
No    HKCU:Run    DVDFab Passkey    Fengtao Software Inc.    "C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe"
Yes    HKCU:Run    Google Update    Google Inc.    "C:\Users\<name>\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes    HKCU:Run    Power2GoExpress        NA
No    HKCU:Run    Skype    Skype Technologies S.A.    "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
No    HKCU:Run    TomTomHOME.exe    TomTom    "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
No    HKLM:Run    Absolute Notifier    Absolute Software    "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
Yes    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No    HKLM:Run    APSDaemon    Apple Inc.    "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes    HKLM:Run    AvastUI.exe    Avast Software s.r.o.    "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Yes    HKLM:Run    BCSSync    Microsoft Corporation    "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
No    HKLM:Run    BDRegion    cyberlink    C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
Yes    HKLM:Run    BTMTrayAgent    Microsoft Corporation    rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
No    HKLM:Run    Cisco AnyConnect Secure Mobility Agent for Windows    Cisco Systems, Inc.    "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
No    HKLM:Run    CLMLServer    CyberLink    "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
Yes    HKLM:Run    DriveUtilitiesHelper    Western Digital Technologies, Inc.    C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
Yes    HKLM:Run    ETDCtrl    ELAN Microelectronics Corp.    %ProgramFiles%\Elantech\ETDCtrl.exe
No    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"
Yes    HKLM:Run    QuickTime Task    Apple Inc.    "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
No    HKLM:Run    RemoteControl10    CyberLink Corp.    "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
Yes    HKLM:Run    RtHDVCpl    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes    Startup User    Dropbox.lnk    Dropbox, Inc.    C:\Users\<name>\AppData\Roaming\Dropbox\bin\Dropbox.exe
No    Startup User    EvernoteClipper.lnk    Evernote Corp., 305 Walnut Street, Redwood City, CA 94063    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

 


Edited by Dancing_Bear, 22 June 2015 - 08:27 AM.


#8 Dancing_Bear

Dancing_Bear
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 22 June 2015 - 08:19 AM

CCleaner Installs:

7-Zip 9.22beta        4/9/2015        
Absolute Notifier    Absolute Software    7/21/2014    301 KB    1.4.3.24
Adobe Acrobat 9 Pro    Adobe Systems    5/16/2013        9.5.5
Adobe Flash Player 17 ActiveX    Adobe Systems Incorporated    5/26/2015    6.00 MB    17.0.0.188
Adobe Flash Player 18 NPAPI    Adobe Systems Incorporated    6/13/2015    17.5 MB    18.0.0.160
Adobe Reader XI (11.0.10)    Adobe Systems Incorporated    4/9/2015    183 MB    11.0.10
Adobe Shockwave Player 12.0    Adobe Systems, Inc.    11/16/2013        12.0.5.146
Allway Sync version 14.1.7    Botkind Inc    4/17/2014    25.8 MB    
Amazon Kindle    Amazon    1/25/2013        
AMD Catalyst Install Manager    Advanced Micro Devices, Inc.    2/17/2012    26.2 MB    3.0.864.0
Apple Application Support (32-bit)    Apple Inc.    3/10/2015    94.2 MB    3.1.2
Apple Application Support (64-bit)    Apple Inc.    3/10/2015    107 MB    3.1.2
Apple Mobile Device Support    Apple Inc.    3/10/2015    27.9 MB    8.1.1.3
Apple Software Update    Apple Inc.    5/1/2012    2.38 MB    2.1.3.127
Asmedia ASM104x USB 3.0 Host Controller Driver    Asmedia Technology    2/17/2012    2.27 MB    1.14.3.0
Avast Free Antivirus    AVAST Software    5/1/2015        10.2.2218
Avaya Scopia® Desktop Client    Avaya, Inc.    8/2/2014        
Bastion    Supergiant Games    7/16/2012        
Beyond Good & Evil        4/26/2012        1.01.000
Bonjour    Apple Inc.    5/16/2012    2.00 MB    3.0.0.10
Canon Auto Update Service    Canon Inc.    9/19/2012        1.1.0.13
Canon DIGITAL CAMERA Solution Disk Software Guide    Canon Inc.    9/19/2012        1.6.0.1
CANON iMAGE GATEWAY MyCamera Download Plugin    Canon Inc.    9/19/2012        3.1.1.2
CANON iMAGE GATEWAY Task for ZoomBrowser EX    Canon Inc.    9/19/2012        1.9.0.9
Canon MOV Decoder    Canon Inc.    9/19/2012        1.9.0.8
Canon MOV Encoder    Canon Inc.    9/19/2012        1.8.0.1
Canon MovieEdit Task for ZoomBrowser EX    Canon Inc.    9/19/2012        3.9.0.6
Canon PowerShot S100 Camera User Guide    Canon Inc.    9/19/2012        1.0.0.1
Canon Utilities CameraWindow DC 8    Canon Inc.    9/19/2012        8.6.0.11
Canon Utilities CameraWindow Launcher    Canon Inc.    9/19/2012        7.6.0.1
Canon Utilities Digital Photo Professional 3.11    Canon Inc.    9/19/2012        3.11.3.10
Canon Utilities Map Utility    Canon Inc.    9/19/2012        1.1.0.4
Canon Utilities MyCamera    Canon Inc.    9/19/2012        7.5.0.1
Canon Utilities PhotoStitch    Canon Inc.    9/19/2012        3.1.22.46
Canon Utilities ZoomBrowser EX    Canon Inc.    9/19/2012        6.8.0.10
Canon ZoomBrowser EX Memory Card Utility    Canon Inc.    9/19/2012        1.6.0.15
CanoScan Toolbox Ver4.9        2/8/2013        
CCleaner    Piriform    6/23/2015        5.06
CDex - Open Source Digital Audio CD Extractor    Georgy Berdyshev    11/11/2012        1.70.4.2009
Cisco AnyConnect Secure Mobility Client    Cisco Systems, Inc.    5/10/2014        3.1.05160
Citrix Online Launcher    Citrix    3/24/2015    294 KB    1.0.258
Cosmo Player 2.1.1        12/6/2013        
CyberLink BD_3D Advisor 2.0    CyberLink Corp.    1/22/2015        2.0.5913
CyberLink Media Suite 10    CyberLink Corp.    1/22/2015    1.01 GB    10.0
CyberLink Media+ Player10    CyberLink Corp.    2/17/2012    103 MB    10.0.1110.00
CyberLink MediaShow    CyberLink Corp.    2/17/2012    381 MB    5.0.1130a
CyberLink PowerDirector    CyberLink Corp.    2/17/2012    287 MB    8.0.3306
CyberLink YouCam    CyberLink Corp.    2/17/2012    135 MB    3.1.4417
Deus Ex: Game of the Year Edition    Eidos    5/17/2012        
Dropbox    Dropbox, Inc.    6/19/2015        3.6.7
Duplicate Finder    Ashisoft    4/25/2012    1.92 MB    4.2.1.0
DVD Decrypter (Remove Only)        9/8/2012        
DVD Shrink 3.2    DVD Shrink    9/8/2012        
DVDFab Passkey 8.2.4.1 (12/06/2015)    Fengtao Software Inc.    6/13/2015    8.89 MB    
Easy File Share    Samsung Electronics CO., LTD.    11/15/2012    37.8 MB    1.3.1
Easy Migration    Samsung Electronics Co., Ltd.    2/17/2012        1.0
Easy Settings    Samsung Electronics CO., LTD.    6/27/2012        1.1
Easy Support Center    Samsung Electronics CO., LTD.    9/20/2013    86.8 MB    1.2.32
EndNote X6    Thomson Reuters    1/27/2014    76.5 MB    16.0.1.6599
ETDWare PS/2-X64 10.7.16.1_WHQL    ELAN Microelectronic Corp.    6/2/2012        10.7.16.1
Evernote v. 4.6.7    Evernote Corp.    8/27/2013    137 MB    4.6.7.8409
ExpressCache    Diskeeper Corporation    2/17/2012    7.60 MB    1.0.64
Garmin USB Drivers    Garmin Ltd or its subsidiaries    9/12/2014    573 KB    2.3.1.0
GIMP 2.8.0    The GIMP Team    6/25/2012    241 MB    2.8.0
Google Chrome    Google Inc.    5/1/2012        43.0.2357.124
Google Earth    Google    6/12/2015    179 MB    7.1.5.1557
Google SketchUp 8    Google, Inc.    5/1/2012    65.3 MB    3.0.11752
Google Talk Plugin    Google    4/22/2015    15.0 MB    5.41.2.0
GoToMeeting 7.2.1.2856    CitrixOnline    6/15/2015        7.2.1.2856
HandBrake 0.10.1        5/11/2015        0.10.1
HOBOware 3.7.1    Onset Computer Corporation    9/3/2014    90.5 MB    3.7.1
Hugin 2011.4.0    The Hugin Development Team    8/22/2012    187 MB    2011.4.0 hg_cf9be9344356
Igor Pro    WaveMetrics, Inc.    4/30/2015        6.3.6.4 (6.36)
ImageJ 1.48v    NIH    5/6/2014    93.1 MB    
Inkscape 0.48.2        7/28/2012        0.48.2
Intel® Display Audio Driver    Intel Corporation    4/29/2012        6.14.00.3086
Intel® Management Engine Components    Intel Corporation    2/22/2012        7.0.0.1144
Intel® PROSet/Wireless for Bluetooth® + High Speed    Intel Corporation    11/15/2012    5.47 MB    15.3.0.0398
Intel® PROSet/Wireless Software for Bluetooth® Technology    Intel Corporation    4/24/2012    90.1 MB    1.2.1.0608
Intel® Rapid Storage Technology    Intel Corporation    6/23/2015        10.1.5.1001
Intel® WiDi    Intel Corporation    3/27/2013    120 MB    3.5.40.0
Intel® PROSet/Wireless WiFi Software    Intel Corporation    11/15/2012    140 MB    15.03.1000.1637
Interactive Guide        2/17/2012        1.2
iTunes    Apple Inc.    3/10/2015    234 MB    12.1.1.4
Java 8 Update 40    Oracle Corporation    4/9/2015    76.9 MB    8.0.400
Java 8 Update 40 (64-bit)    Oracle Corporation    4/9/2015    88.8 MB    8.0.400
Java 8 Update 45    Oracle Corporation    4/17/2015    77.1 MB    8.0.450
Java 8 Update 45 (64-bit)    Oracle Corporation    4/17/2015    89.0 MB    8.0.450
Juniper Networks Network Connect 7.4.0    Juniper Networks    10/9/2013        7.4.0.23727
Juniper Networks, Inc. Setup Client    Juniper Networks, Inc.    10/9/2013    800 KB    7.4.1.32327
Juniper Networks, Inc. Setup Client 64-bit Activex Control    Juniper Networks, Inc.    10/9/2013        2.1.1.1
Juniper Networks, Inc. Setup Client Activex Control    Juniper Networks, Inc.    10/9/2013        2.1.1.1
LazyCam 3.00.2    ArtSoft Inc.    6/4/2012        3.00.2
LEGO Digital Designer    LEGO A/S    7/2/2014        
LG USB Modem driver        9/27/2012        
Mach3    ArtSoft USA    6/4/2012        3.043.022
Machinarium    Amanita Design, s.r.o.    6/16/2012        23.10.09
MakeMKV v1.8.12    GuinpinSoft inc    8/26/2014        v1.8.12
Malwarebytes Anti-Malware version 2.1.6.1022    Malwarebytes Corporation    6/14/2015    57.5 MB    2.1.6.1022
Maxima 5.31.2    The Maxima Development Team    11/22/2013    105 MB    5.31.2
Microsoft .NET Framework 4.5.2    Microsoft Corporation    1/23/2015    38.8 MB    4.5.51209
Microsoft Office Professional Plus 2010    Microsoft Corporation    11/21/2013        14.0.7015.1000
Microsoft Silverlight    Microsoft Corporation    5/14/2015    398 MB    5.1.40416.0
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    1/23/2015    2.38 MB    8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17    Microsoft Corporation    2/17/2012    788 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    2/17/2012    788 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    4/24/2012    788 KB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    2/17/2012    596 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    2/17/2012    595 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    4/24/2012    600 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    2/16/2015    13.8 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    2/16/2015    11.1 MB    10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)    Microsoft Corporation    2/16/2015        10.0.50903
Microsoft XNA Framework Redistributable 3.1    Microsoft Corporation    7/15/2012    7.55 MB    3.1.10527.0
Minimal ADB and Fastboot version 1.1.3        12/2/2014    6.51 MB    1.1.3
Mozilla Firefox 38.0.5 (x86 en-US)    Mozilla    6/5/2015    85.3 MB    38.0.5
Mozilla Maintenance Service    Mozilla    5/13/2014    341 KB    29.0.1
Mozilla Thunderbird 11.0.1 (x86 en-US)    Mozilla    4/25/2012    38.0 MB    11.0.1
Mp3tag v2.54    Florian Heidenreich    2/14/2013        v2.54
Multimedia POP        2/17/2012        1.0
ncBrowse        5/28/2013        1.0.0.0
Ocean Data View 4 (remove only)        2/14/2013        
Oracle VM VirtualBox 4.1.18    Oracle Corporation    7/14/2012    139 MB    4.1.18
PHREEQC for Windows version 2.18        1/31/2013    6.53 MB    
QuickTime 7    Apple Inc.    10/28/2014    70.2 MB    7.76.80.95
R for Windows 3.0.2    R Core Team    10/23/2013    83.7 MB    3.0.2
Realtek Ethernet Controller Driver    Realtek    2/17/2012        7.45.516.2011
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    2/17/2012        6.0.1.6428
ResearchSoft Direct Export Helper        3/4/2013        
Samsung Kies    Samsung Electronics Co., Ltd.    2/17/2012    188 MB    2.0.0.11044_11
Samsung Recovery Solution 5    Samsung Electronics CO., LTD.    11/15/2012        5.6.0.2
Samsung Update Plus    Samsung Electronics Co., Ltd.    4/28/2012        3.0.0.17
SAMSUNG USB Driver for Mobile Phones    SAMSUNG Electronics Co., Ltd.    2/17/2012    37.8 MB    1.4.10.0
SecureW2 Enterprise Client 3.5.5        4/26/2012        
Skype Click to Call    Microsoft Corporation    5/31/2015    13.1 MB    7.4.0.9058
Skype™ 7.5    Skype Technologies S.A.    5/26/2015    49.4 MB    7.5.101
Software Launcher    Samsung    2/17/2012    7.14 MB    1.0.2
Steam    Valve Corporation    5/16/2012    1.59 MB    1.0.0.0
SW Update    Samsung Electronics CO., LTD.    9/17/2014    26.3 MB    2.2.0
TomTom HOME    TomTom    12/30/2013    49.1 MB    2.9.7
TomTom HOME Visual Studio Merge Modules    TomTom International B.V.    6/13/2013    1.88 MB    1.0.2
TreeSize Free V2.7    JAM Software    4/25/2012    3.62 MB    2.7
User Guide        2/17/2012        1.6
VirtualCloneDrive    Elaborate Bytes    4/26/2012        
VLC media player    VideoLAN    5/1/2015        2.2.1
WD Drive Utilities    Western Digital Technologies, Inc.    1/4/2015    19.6 MB    1.1.0.51
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)    Garmin    9/12/2014        04/19/2012 2.3.1.0
 



#9 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:33 PM

Posted 22 June 2015 - 09:14 AM

I don't see the list of Scheduled Tasks...

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Get some sleep !....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Dancing_Bear

Dancing_Bear
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 23 June 2015 - 01:29 AM

Sorry - missed that part of your email. Incidenally - Avast threat detections continue.

Internet Explorer

Yes    Extension    Add to Evernote 4        C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
Yes    Extension    OneNote Linked Notes    Microsoft Corporation    C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Yes    Extension    OneNote Linked Notes    Microsoft Corporation    C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Yes    Extension    Send to OneNote    Microsoft Corporation    C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
Yes    Extension    Send to OneNote    Microsoft Corporation    C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
Yes    Extension    Skype Click to Call settings    Microsoft Corporation    C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Yes    Extension    Skype Click to Call settings    Microsoft Corporation    C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
No    Helper    Adobe PDF Conversion Toolbar Helper    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
No    Helper    avast! Online Security    Avast Software s.r.o.    C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
No    Helper    avast! Online Security    Avast Software s.r.o.    C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
Yes    Helper    Evernote extension    Evernote Corp., 305 Walnut Street, Redwood City, CA 94063    C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
No    Helper    Groove GFS Browser Helper    Microsoft Corporation    C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
No    Helper    Groove GFS Browser Helper    Microsoft Corporation    C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
Yes    Helper    Java™ Plug-In 2 SSV Helper    Oracle Corporation    C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
Yes    Helper    Java™ Plug-In 2 SSV Helper    Oracle Corporation    C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
Yes    Helper    Java™ Plug-In SSV Helper    Oracle Corporation    C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
Yes    Helper    Java™ Plug-In SSV Helper    Oracle Corporation    C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
Yes    Helper    Office Document Cache Handler    Microsoft Corporation    C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
Yes    Helper    Office Document Cache Handler    Microsoft Corporation    C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
No    Helper    Skype Click to Call for Internet Explorer    Microsoft Corporation    C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
No    Helper    Skype Click to Call for Internet Explorer    Microsoft Corporation    C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
No    Helper    SmartSelect Class    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
No    Toolbar    Adobe PDF    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

Firefox

Yes    Extension    Avast Online Security    10.2.0.187    AVAST Software    default    Firefox 38.0.5    C:\Program Files\AVAST Software\Avast\WebRep\FF
Yes    Extension    FireFTP    2.0.24.1-signed    Mime ÄŒuvalo    default    Firefox 38.0.5    C:\Users\<name>\AppData\Roaming\Mozilla\Firefox\Profiles\tm96p9g1.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
Yes    Extension    Flashblock    1.5.18.1-signed    The Flashblock Team    default    Firefox 38.0.5    C:\Users\<name>\AppData\Roaming\Mozilla\Firefox\Profiles\tm96p9g1.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
Yes    Extension    Skype Click to Call    7.4.0.9058    Microsoft Corporation    default    Firefox 38.0.5    C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
Yes    Plugin    ActiveTouch General Plugin Container    27.20.2010.715    Cisco WebEx LLC    default    Firefox 38.0.5    C:\Users\<name>\AppData\Roaming\Mozilla\plugins\npatgpc.dll
Yes    Plugin    Adobe Acrobat    11.0.10.32    Adobe Systems Inc.    default    Firefox 38.0.5    C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
Yes    Plugin    Adobe Acrobat    9.5.5.316    Adobe Systems Inc.    default    Firefox 38.0.5    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
Yes    Plugin    Citrix Online Web Deployment Plugin 1.0.0.104    1.0.0.104    Citrix Online    default    Firefox 38.0.5    C:\Users\<name>\AppData\Local\Citrix\Plugins\104\npappdetector.dll
Yes    Plugin    Conference Client Dispatcher    1.5.0.5    Avaya, Inc.    default    Firefox 38.0.5    C:\Users\<name>\AppData\Local\Radvision\Installer\1.5.0.5\npClientInstMgr.dll
Yes    Plugin    Google Earth Plugin    7.1.5.1557    Google    default    Firefox 38.0.5    C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Yes    Plugin    Google Talk Plugin    5.41.2.0    Google    default    Firefox 38.0.5    C:\Users\<name>\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
Yes    Plugin    Google Talk Plugin Video Renderer    5.41.2.0    Google    default    Firefox 38.0.5    C:\Users\<name>\AppData\Roaming\Mozilla\plugins\npo1d.dll
Yes    Plugin    Google Update    1.3.27.5    Google Inc.    default    Firefox 38.0.5    C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
Yes    Plugin    iTunes Application Detector    1.0.1.1    Apple Inc.    default    Firefox 38.0.5    C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
Yes    Plugin    Java Deployment Toolkit 8.0.450.14    11.45.2.14    Oracle Corporation    default    Firefox 38.0.5    C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
Yes    Plugin    Java™ Platform SE 8 U45    11.45.2.14    Oracle Corporation    default    Firefox 38.0.5    C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
Yes    Plugin    Microsoft Office 2010    14.0.4730.1010    Microsoft Corporation    default    Firefox 38.0.5    C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
Yes    Plugin    Microsoft Office 2010    14.0.4761.1000    Microsoft Corporation    default    Firefox 38.0.5    C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
Yes    Plugin    NPCIG.dll    1.0.0.5    CANON INC.    default    Firefox 38.0.5    C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
Yes    Plugin    QuickTime Plug-in 7.7.6    7.7.6.0    Apple Inc.    default    Firefox 38.0.5    C:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
Yes    Plugin    Shockwave Flash    18.0.0.160    Adobe Systems Incorporated    default    Firefox 38.0.5    C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll
Yes    Plugin    Shockwave for Director    12.0.5.146    Adobe Systems, Inc.    default    Firefox 38.0.5    C:\windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
Yes    Plugin    Silverlight Plug-In    5.1.40416.0     Microsoft Corporation    default    Firefox 38.0.5    c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll
Yes    Plugin    VLC Web Plugin    2.2.1.0    VideoLAN    default    Firefox 38.0.5    C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

Google Chrome

Yes    App    Gmail    8.1    Person 1    C:\Users\<name>\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_1
Yes    App    Google Drive    6.4    Person 1    C:\Users\<name>\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0
Yes    App    Google Search    0.0.0.30    Person 1    C:\Users\<name>\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_1
Yes    App    YouTube    4.2.7    Person 1    C:\Users\<name>\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_1
Yes    Extension    Avast Online Security    10.2.0.190    Person 1    C:\Users\<name>\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_1
No    Extension    Avast SafePrice    10.2.0.190    Person 1    C:\Users\<name>\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\10.2.0.190_0
Yes    Extension    Google Docs    0.9    Person 1    C:\Users\<name>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0
Yes    Extension    Google Sheets    1.1    Person 1    C:\Users\<name>\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0
Yes    Extension    Google Slides    0.9    Person 1    C:\Users\<name>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0

Scheduled Tasks

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    advSRS5    SEC    "C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe"
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    DropboxUpdateTaskUserS-1-5-21-2691382955-3789416768-595039784-1000Core    Dropbox, Inc.    C:\Users\<name>\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes    Task    DropboxUpdateTaskUserS-1-5-21-2691382955-3789416768-595039784-1000UA    Dropbox, Inc.    C:\Users\<name>\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes    Task    G2MUpdateTask-S-1-5-21-2691382955-3789416768-595039784-1000    Citrix Online, a division of Citrix Systems, Inc.    C:\Users\<name>\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe
Yes    Task    G2MUploadTask-S-1-5-21-2691382955-3789416768-595039784-1000    Citrix Online, a division of Citrix Systems, Inc.    C:\Users\<name>\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    GoogleUpdateTaskUserS-1-5-21-2691382955-3789416768-595039784-1000Core    Google Inc.    C:\Users\<name>\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskUserS-1-5-21-2691382955-3789416768-595039784-1000UA    Google Inc.    C:\Users\<name>\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    KiesHelper    Samsung    "C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe" "/s"
Yes    Task    SecureW2 Task    SecureW2 B.V.    C:\Program Files (x86)\SecureW2\sw2_tray.exe
Yes    Task    {F7F295EC-F233-47BD-9F9D-6D2253FB1919}    Microsoft Corporation    C:\windows\system32\pcalua.exe -a "C:\Users\<name>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PC2QLTYM\RADS7_web.exe" -d C:\Users\<name>\Desktop

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    advSRS5    SEC    "C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe"
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    DropboxUpdateTaskUserS-1-5-21-2691382955-3789416768-595039784-1000Core    Dropbox, Inc.    C:\Users\<name>\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes    Task    DropboxUpdateTaskUserS-1-5-21-2691382955-3789416768-595039784-1000UA    Dropbox, Inc.    C:\Users\<name>\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes    Task    G2MUpdateTask-S-1-5-21-2691382955-3789416768-595039784-1000    Citrix Online, a division of Citrix Systems, Inc.    C:\Users\<name>\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe
Yes    Task    G2MUploadTask-S-1-5-21-2691382955-3789416768-595039784-1000    Citrix Online, a division of Citrix Systems, Inc.    C:\Users\<name>\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    GoogleUpdateTaskUserS-1-5-21-2691382955-3789416768-595039784-1000Core    Google Inc.    C:\Users\<name>\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskUserS-1-5-21-2691382955-3789416768-595039784-1000UA    Google Inc.    C:\Users\<name>\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    KiesHelper    Samsung    "C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe" "/s"
Yes    Task    SecureW2 Task    SecureW2 B.V.    C:\Program Files (x86)\SecureW2\sw2_tray.exe
Yes    Task    {F7F295EC-F233-47BD-9F9D-6D2253FB1919}    Microsoft Corporation    C:\windows\system32\pcalua.exe -a "C:\Users\<name>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PC2QLTYM\RADS7_web.exe" -d C:\Users\<name>\Desktop

Context Menu

Yes    Directory    7-Zip    Igor Pavlov    C:\Program Files (x86)\7-Zip\7-zip.dll
Yes    Directory    Add to VLC media player's Playlist    VideoLAN    "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Yes    Directory    Digital Photo Professional    CANON INC.    C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1"
Yes    Directory    DropboxExt    Dropbox, Inc.    C:\Users\<name>\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
Yes    Directory    Play with VLC media player    VideoLAN    "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Yes    Directory    TreeSize Free    JAM Software    "C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe" /CONTEXT "%1"
Yes    Drive    TreeSize Free    JAM Software    "C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe" /CONTEXT "%1"
Yes    Drive    VirtualCloneDrive    Elaborate Bytes AG    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
Yes    File    00avast    Avast Software s.r.o.    C:\Program Files\AVAST Software\Avast\ashShA64.dll
Yes    File    7-Zip    Igor Pavlov    C:\Program Files (x86)\7-Zip\7-zip.dll
Yes    File    Adobe.Acrobat.ContextMenu    Adobe Systems Inc.    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll
Yes    File    avast    Avast Software s.r.o.    C:\Program Files\AVAST Software\Avast\ashShA64.dll
Yes    File    BTMSentToExt    Intel Corporation    C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
Yes    File    DropboxExt    Dropbox, Inc.    C:\Users\<name>\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
Yes    File    VirtualCloneDrive    Elaborate Bytes AG    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
Yes    Folder    Adobe.Acrobat.ContextMenu    Adobe Systems Inc.    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll
Yes    Folder    avast    Avast Software s.r.o.    C:\Program Files\AVAST Software\Avast\ashShA64.dll
 



#11 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:33 PM

Posted 23 June 2015 - 07:12 AM

Nothing jumps out and says to me "there's the problem". Whichever browser is your default and most used browser, can be reset. Resetting

the browsers removes all extensions. Before going that route try blocking 3rd party cookies aka Ad/ tracking cookies. Once you have blocked them,

you can remove the existing ones using CCleaner by running the cleaner.

Disable third-party cookies in IE, Firefox, and Google Chrome | How To - CNET

 

Run an online scan using Eset.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 Dancing_Bear

Dancing_Bear
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 24 June 2015 - 02:19 AM

Results from ESET scanner. No Threats Found, so no log available.

 

Scanned Files: 390505

Infected Files: 0

Cleaned Files: 0

Total scan time: 02:06:47

Scan status: Finished

 

However, Avast's "threat detected" warnings continue.

 

Did you take a look at this thread over at the Avast forum https://forum.avast.com/index.php?topic=169680.0?



#13 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:33 PM

Posted 24 June 2015 - 07:41 AM

If blocking the ad cookies and resetting your browser didn't stop the alerts then it's time to seek some expert help.

 

You can get an expert opinion and help for removing malware by following the directions below. Once you have posted the new topic

DO NOT bump it....wait for a response which could be several days.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 Dancing_Bear

Dancing_Bear
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 24 June 2015 - 08:55 AM

Thank you BC Advisor. I really appreciate your help. As per your instructions, I have created a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs Forum. The link is here: http://www.bleepingcomputer.com/forums/t/580648/frequent-avast-threat-detected-warnings-but-malware-tools-find-nothing/



#15 MidnightShadow

MidnightShadow

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 25 June 2015 - 07:57 AM

Just realized that I can reply here, just not the other thread. Anyhow, this feels very familiar. I've dealt with quite a few infections like this in the past. I've highlighted your related symptom below.

If any of these symptoms exist:

- Several instances of dllhost.exe are running
- A random blank window pops up. Window title starts with: javascript:\..\mshtml,RunHTMLApplication ";eval . . .
- MBAM (or other antivirus software) produces constant warnings that a malicious dllhost.exe is attempting to connect to a malicious website
- Null registry data may reside in HKEY_CURRENT_USER\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32
- Nnull registry data may reside in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Most anti-malware software and removal tools find no malware infections to remove
- Event viewer throws a DCOM error to CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
- Internet Explorer Security Zones keep changing on their own
- Internet Explorer Protected Mode cannot be enabled
- Internet Explorer cannot download files

Then you may have a Poweliks infection. You can clear it up one of a few ways. Even if you don't have the infection, running this tool is safe and will not cause any issues if the infection doesn't exist. It should only take around 15 minutes to complete from start to finish.

1- (Easiest and fastest) Automated solution - 
MBAM: Download and run MBAR (Malware Bytes Anti Rootkit), which should remove the infection and any related registry keys.

Symantec:
- Download and run the appropriate tool for the architecture of the computer you're on (gslink.us/symantecpoweliks64 or (gslink.us/symantecpoweliks32)
- Download RegDelNull from https://technet.microsoft.com/en-us/sysinternals/bb897448.aspx
- Open an elevated command prompt and run the following command: regdelnull -s hkcu
- Open regedit and navigate to the following key: HKEY_CURRENT_USER\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32
- If you get an error, the key was not removed properly. If there is no error when trying to open the key, the infection should be removed.

Automated tools may not work for every infection. Run the Symantec tool and if you still experience symptoms, let me know. Keep me posted!


Edited by MidnightShadow, 25 June 2015 - 07:58 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users