Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intrusion by Chinese Hacker


  • Please log in to reply
9 replies to this topic

#1 Maverick592

Maverick592

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paphos, Cyprus
  • Local time:10:05 PM

Posted 15 July 2015 - 09:33 AM

 I had a recent problem from a Chinese hacker using a Hao.Rising website. It came in on the back of an Intel Webcam driver .exe file, and caused similar problems to those related in another post. McAfee AV detected and deleted two Trojans that came with this intrusion, but not the rest. I then found Bleeping Computer, and thanks to this site, deleted the crap, and got my pc running again! I now have Voodoo Shield in operation, and a number of the anti-malware programs listed here. So far so good! Although the anti-malware and anti-virus programs are telling me my pc is clean, I still seem to have left-over files at various places - for example, my mp3/mp4 files now have a chinese mp3 extension. The files work fine, and Zemana/Malwarebytes say they are clean! Also, when I right-click on a file/folder, in the list of applications, there is a remnant of the chinese invasion called Rising Antivirus! Lastly in the hidden icons area of the toolbar, there's an icon named RaUI.exe calling itself 'Good Link and Associate'!! Again, every scan performed is coming up clean. While I no longer have any major concerns about this, especially after coming here and finding some real expertise, I am curious as to how to remove these unwanted labels, or whatever they are. Any advice would be gratefully received. Thank you.


Edited by Maverick592, 15 July 2015 - 11:29 AM.


BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:05 PM

Posted 15 July 2015 - 09:58 AM

Unwanted items listed in the installed program list can be removed by using Download Revo Uninstaller Freeware in Advanced mode.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

After running CCleaner...post the three lists mentioned below using CCleaner:

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

Please tell me which programs you used to remove the adware and malware .


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Maverick592

Maverick592
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paphos, Cyprus
  • Local time:10:05 PM

Posted 15 July 2015 - 12:08 PM

Hi Buddy215,

 

Thank you very much for your prompt reply. The programs I used, and am still using are: Voodoo Shield, Zemana, Malwarebytes Anti-Malware&Anti-exploit, plus Emsisoft Emergency Toolkit.

 

The text files you requested are below:

 

Yes HKCU:Run Amazon Music Amazon Services LLC Gary "C:\Users\Gary\AppData\Local\Amazon Music\Amazon Music Helper.exe"
Yes HKCU:Run CCleaner Monitoring Piriform Ltd Gary "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Desura Gary C:\Program Files (x86)\Desura\desura.exe -autostart
Yes HKCU:Run EADM Electronic Arts Gary "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
Yes HKCU:Run ehTray.exe Microsoft Corporation Gary C:\Windows\ehome\ehTray.exe
Yes HKCU:Run Google Update Google Inc. Gary "C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run GoogleChromeAutoLaunch_D8141F93E2B8BBDF887F2C7ECBC57A85 Google Inc. Gary "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
Yes HKCU:Run ISUSPM Startup InstallShield Software Corporation Gary C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
Yes HKCU:Run MobileDocuments Gary C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
Yes HKCU:Run NvLedServiceHost NVIDIA Corporation Gary C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe RunStartup
Yes HKCU:Run Packard Bell Auto Backup Gary "C:\Program Files (x86)\Packard Bell\AutoBackup\AutoBackup.exe" /run
Yes HKCU:Run S60 PC Suite Tray Gary "D:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
Yes HKCU:Run Skype Skype Technologies S.A. Gary "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run Steam Valve Corporation Gary "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes HKLM:Run APSDaemon Apple Inc. All users "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run FAHConsole WinZip Computing International, LLC All users C:\Program Files\File Association Helper\FAHConsole.exe
Yes HKLM:Run FijiKeyboard Packard Bell BV All users c:\Acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe
Yes HKLM:Run HP Software Update Hewlett-Packard All users C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run IAAnotif Intel Corporation All users "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
Yes HKLM:Run IAStorIcon Intel Corporation All users C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
Yes HKLM:Run ISUSScheduler InstallShield Software Corporation All users "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
Yes HKLM:Run iTunesHelper Apple Inc. All users "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run JMB36X IDE Setup All users C:\Windows\RaidTool\xInsIDE.exe
Yes HKLM:Run Malwarebytes Anti-Exploit Malwarebytes Corporation All users C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Yes HKLM:Run mcpltui_exe McAfee, Inc. All users "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey
Yes HKLM:Run Microsoft Default Manager Microsoft Corporation All users "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
Yes HKLM:Run NPSStartup All users
Yes HKLM:Run NUSB3MON Renesas Electronics Corporation All users "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
Yes HKLM:Run NvBackend NVIDIA Corporation All users "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run QuickTime Task Apple Inc. All users "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run RavTRAY All users "C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE" -system
Yes HKLM:Run RSDTRAY All users "C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
Yes HKLM:Run RTHDVCPL Realtek Semiconductor All users "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run ShadowPlay Microsoft Corporation All users C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run VoodooShield VoodooSoft, LLC All users C:\Program Files\VoodooShield\VoodooShield.exe
Yes HKLM:Run YMailAdvisor Yahoo! Inc. All users "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
Yes HKLM:Run ZAM Zemana Ltd. All users "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized
Yes Startup Common ASUS USB-AC55 WLAN Control Center.lnk ASUSTeK Computer Inc. All users C:\Program Files (x86)\ASUS\USB-AC55 WLAN Card Utilities\Common\RaUI.exe
Yes Startup Common GIGABYTE OC_GURU.lnk GIGABYTE Technology Co.,Ltd. All users C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
Yes Startup Common HP Digital Imaging Monitor.lnk Hewlett-Packard Co. All users C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
Yes Startup Common Install SafeKey IE RunOnce.lnk McAfee All users C:\Program Files (x86)\Common Files\lpuninstall.exe
Yes Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. All users C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
Yes Startup Common Secunia PSI Tray.lnk Secunia All users C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
 
Yes Task 0 Microsoft Corporation Gary c:\program files\internet explorer\iexplore.exe
Yes Task 4584 Microsoft Corporation Gary wscript.exe C:\Users\Gary\AppData\Local\Temp\launchie.vbs //B
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated All users C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd Gary "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask Microsoft Corporation Gary C:\Windows\System32\browserchoice.exe /launch
Yes Task GoogleUpdateTaskMachineCore Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-2604098673-2921266839-231067897-1000Core Google Inc. Gary C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task HPLJCustParticipation Hewlett Packard Gary "C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe"
Yes Task RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} Gary C:\Program Files (x86)\Rising\RAV\rsdelaylauncher.exe
Yes Task SamsungMagician Samsung Electronics. Gary "C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe" /AUTOHIDE
Yes Task {16321B60-FF48-4AC5-80A5-A04E7BA69425} Microsoft Corporation Gary C:\Windows\system32\pcalua.exe -a E:\Setup.Now.exe -d E:\
Yes Task {19A2A7FB-CDBE-455F-AF12-929E9FB1F935} Gary C:\Users\Gary\AppData\Local\Temp\intel easy pc camera driver windows 7__10924_i1549928631_il1571185.exe
Yes Task {5DF64DBD-60CC-4870-A49A-8EBD32AE2E3E} Gary C:\Sierra\Blue-Shift\bshift.exe
Yes Task {93F449D9-4778-4DE2-AB5D-97ED0A43F231} Gary C:\Users\Gary\Downloads\CS110-XP\CS110-XP.exe
Yes Task {A82D06D2-2739-49E5-8769-7B93955D09AE} Gary C:\Sierra\Blue-Shift\bshift.exe
Yes Task {C932CE04-EB45-4646-B5C7-AC0823A6046D} Gary C:\Sierra\Half-Life\hl.exe
Yes Task {FC326C6B-AFA0-457F-B93B-82CA65313E5D} Microsoft Corporation Gary C:\Windows\system32\pcalua.exe -a C:\Users\Gary\Downloads\CS110-XP\CS110-XP.exe -d C:\Users\Gary\Downloads\CS110-XP
Yes Task {FD0B2A85-37BF-4652-890F-63AACBC25648} Gary E:\Program Files (x86)\Sierra\FEAR\FEAR.exe
Yes Task {FFB38317-706A-48A0-88AF-6902AC3D4EA9} Microsoft Corporation Gary C:\Windows\system32\pcalua.exe -a E:\Install.exe -d E:\
 
Yes Directory 7-Zip Igor Pavlov All users C:\Program Files (x86)\7-Zip\7-zip.dll
Yes Directory ALZip ESTsoft Corp. All users C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll
Yes Directory RisingRavExt Beijing Rising Information Technology Co., Ltd. All users C:\Windows\system32\RavExt64.dll
Yes Directory WinZip WinZip Computing, S.L. All users C:\Program Files\WinZip\wzshls64.dll
Yes Drive ALZip ESTsoft Corp. All users C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll
Yes Drive ReflectShellExt Paramount Software UK Ltd All users C:\Program Files\Macrium\Reflect\RContextMenu.dll
Yes Drive RisingRavExt Beijing Rising Information Technology Co., Ltd. All users C:\Windows\system32\RavExt64.dll
Yes File 2.0 Zemana AntiMalware All users C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
Yes File 7-Zip Igor Pavlov All users C:\Program Files (x86)\7-Zip\7-zip.dll
Yes File AGpShellExt All users C:\IQIYI Video\GeePlayer\GpShlExt_64.dll
Yes File ALZip ESTsoft Corp. All users C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll
Yes File B1ShellEx All users C:\Program Files (x86)\B1 Free Archiver\B1Shellext64.dll
Yes File ExpressZip All users C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
Yes File FileAssociationHelper WinZip Computing International, LLC All users C:\Program Files\File Association Helper\FAHDll.dll
Yes File MBAMShlExt Malwarebytes Corporation All users C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes File McCtxMenuFrmWrk McAfee, Inc. All users c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll
Yes File ReflectShellExt Paramount Software UK Ltd All users C:\Program Files\Macrium\Reflect\RContextMenu.dll
Yes File RisingRavExt Beijing Rising Information Technology Co., Ltd. All users C:\Windows\system32\RavExt64.dll
Yes File WinZip WinZip Computing, S.L. All users C:\Program Files\WinZip\wzshls64.dll
Yes File Yahoo! Mail Yahoo! Inc. All users C:\Program Files (x86)\Yahoo!\Common\YMMAPI.dll
Yes Folder 2.0 Zemana AntiMalware All users C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
Yes Folder ALZip ESTsoft Corp. All users C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll
Yes Folder B1ShellEx All users C:\Program Files (x86)\B1 Free Archiver\B1Shellext64.dll
Yes Folder ExpressZip All users C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
Yes Folder MBAMShlExt Malwarebytes Corporation All users C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes Folder McCtxMenuFrmWrk McAfee, Inc. All users c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll
Yes Folder RisingRavExt Beijing Rising Information Technology Co., Ltd. All users C:\Windows\system32\RavExt64.dll
Yes Folder RUShellExt VS Revo Group All users C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll
Yes Folder WinZip WinZip Computing, S.L. All users C:\Program Files\WinZip\wzshls64.dll
 
7-Zip 4.65 07/01/2014 All users
7-Zip 9.20 (x64 edition) Igor Pavlov 14/07/2014 4.53 MB 9.20.00.0 All users
7-Zip 9.21 Igor Pavlov 02/06/2012 3.54 MB 9.21.00.0 All users
Acrobat.com Adobe Systems Incorporated 26/05/2011 1.1.377 All users
Adobe Acrobat Reader DC Adobe Systems Incorporated 16/04/2015 169 MB 15.007.20033 All users
Adobe AIR Adobe Systems Incorporated 10/07/2015 18.0.0.180 All users
Adobe Flash Player 10 ActiveX 64-bit Adobe Systems Incorporated 08/06/2011 6.00 MB 10.3.162.28 All users
Adobe Flash Player 18 ActiveX Adobe Systems Incorporated 10/07/2015 17.1 MB 18.0.0.203 All users
Adobe Flash Player 18 NPAPI Adobe Systems Incorporated 10/07/2015 17.6 MB 18.0.0.203 All users
Adobe Shockwave Player 12.0 Adobe Systems, Inc 04/02/2015 50.2 MB 12.0.7.148 All users
Adobe Shockwave Player 12.1 Adobe Systems, Inc. 28/06/2015 12.1.8.158 All users
Allgemeine Runtime Files (x86) Sereby Corporation 04/02/2015 39.3 MB 1.0.3.7 All users
ALTools Update ESTsoft Corp. 07/01/2014 v11.4 All users
ALZip 8.51 ESTsoft Corp. 07/01/2014 v8.51 All users
Amazon MP3 Downloader 1.0.17 Amazon Services LLC 02/03/2013 1.0.17 All users
Amazon Music Amazon Services LLC 14/08/2014 3.2.0.591 Gary
Apple Application Support (32-bit) Apple Inc. 03/07/2015 96.0 MB 3.2 All users
Apple Application Support (64-bit) Apple Inc. 03/07/2015 107 MB 3.2 All users
Apple Mobile Device Support Apple Inc. 03/07/2015 27.9 MB 8.2.1.3 All users
Apple Software Update Apple Inc. 06/07/2011 4.78 MB 2.1.3.127 All users
Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia Technology 01/07/2015 2.42 MB 1.16.18.16034 All users
ASTRA32 - Advanced System Information Tool 3.12 Sysinfo Lab 12/01/2014 3.12 All users
ASUS USB-AC55 WLAN Card Utilities & Driver ASUS 01/07/2015 1.0.0.6 All users
B1 Free Archiver Catalina Group Ltd 07/01/2014 1.4.69.4546 All users
Battlefield 3™ Electronic Arts 12/11/2011 1.0.0.0 All users
Bonjour Apple Inc. 11/03/2013 2.04 MB 3.0.0.10 All users
Call of Duty® 4 - Modern Warfare™ Activision 28/06/2010 6.19 GB 1.00.0000 All users
CCleaner Piriform 15/07/2015 5.07 All users
Crysis WARHEAD® Electronic Arts 18/09/2013 Gary
Crysis® Electronic Arts 05/09/2013 6.25 GB 1.21.0000 All users
Crysis® 2 Electronic Arts 27/02/2013 7.57 GB 1.0.0.0 All users
Crysis®3 Electronic Arts 01/04/2013 10.5 GB 1.0.0.0 All users
Doom 3 Activision 20/04/2010 1.45 GB 1.00.0000 All users
Dying Light Techland 03/02/2015 All users
Express Zip File Compression Software NCH Software 14/10/2011 All users
F.E.A.R. 2: Project Origin Monolith Productions, Inc. 26/05/2011 All users
F.E.A.R. 3 Day 1 Studios 26/06/2011 All users
FAKEFACTORY Cinematic Mod 2013 FAKEFACTORY 02/05/2015 alpha12 All users
Far Cry Ubisoft 18/04/2010 3.00 GB 1.00.0000 All users
Far Cry 2 Ubisoft 18/04/2010 1.03.00 All users
Far Cry 3 Ubisoft 01/12/2012 1.02 All users
File Association Helper WinZip Computing International, LLC 07/01/2014 771 KB 1.1.6.53763 All users
Fraps 20/03/2014 All users
GIGABYTE VGA @BIOS GIGABYTE 29/04/2014 11.6 MB 5.51 Gary
Google Chrome Google Inc. 10/01/2014 43.0.2357.134 All users
Google Earth Google 10/01/2014 180 MB 7.1.2.2041 All users
Google Toolbar for Internet Explorer 26/05/2011 All users
Half-Life 2 Valve 26/05/2011 All users
Half-Life 2: Episode One Valve 26/05/2011 All users
Half-Life 2: Episode Two Valve 26/05/2011 All users
HP Customer Participation Program 13.0 HP 26/05/2011 13.0 All users
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 HP 26/05/2011 14.0 All users
HP Imaging Device Functions 13.0 HP 26/05/2011 13.0 All users
HP LaserJet Professional CP1020 Series Hewlett-Packard 11/04/2012 All users
HP Print Projects 1.0 HP 26/05/2011 1.0 All users
HP Product Detection HP 06/05/2012 1.86 MB 11.14.0001 Gary
HP Smart Web Printing 4.60 HP 26/05/2011 4.60 All users
HP Solution Center 13.0 HP 26/05/2011 13.0 All users
HP Update Hewlett-Packard 27/08/2014 3.99 MB 5.005.002.002 All users
HPLaserJetHelp_LearnCenter Hewlett-Packard 11/04/2012 6.70 MB 1.02.0000 All users
Intel® Management Engine Components Intel Corporation 08/08/2013 7.1.21.1134 All users
Intel® Network Connections 18.5.54.0 Intel 10/12/2013 25.0 MB 18.5.54.0 All users
Intel® Rapid Storage Technology enterprise Intel Corporation 29/03/2013 3.0.0.3011 All users
Intel® Driver Update Utility Intel 04/07/2015 6.91 MB 2.0.0.29 All users
Intel® Matrix Storage Manager Intel Corporation 26/05/2011 All users
iTunes Apple Inc. 03/07/2015 238 MB 12.2.0.145 All users
Java 7 Update 71 Oracle 20/10/2014 119 MB 7.0.710 All users
Java 8 Update 25 Oracle Corporation 26/01/2015 73.3 MB 8.0.250 All users
Java 8 Update 31 Oracle Corporation 09/03/2015 74.0 MB 8.0.310 All users
Java 8 Update 40 Oracle Corporation 16/04/2015 76.9 MB 8.0.400 All users
Java 8 Update 45 Oracle Corporation 24/06/2015 77.1 MB 8.0.450 All users
JavaFX 2.1.1 Oracle Corporation 23/07/2012 20.8 MB 2.1.1 All users
JMB36X Raid Configurer JMICRON Technology Corp. 01/03/2010 1.00.0000 All users
LiveUpdate 3.2 (Symantec Corporation) Symantec Corporation 20/02/2013 3.2.0.68 All users
Macrium Reflect Free Edition Paramount Software (UK) Ltd. 06/02/2014 5.2 All users
Malwarebytes Anti-Exploit version 1.07.1.1011 Malwarebytes 09/07/2015 9.95 MB 1.07.1.1011 All users
Malwarebytes Anti-Malware version 2.1.8.1057 Malwarebytes Corporation 09/07/2015 64.5 MB 2.1.8.1057 All users
marvell 91xx driver Marvell 18/02/2013 1.2.0.1014 All users
Marvell Miniport Driver Marvell 15/02/2013 11.45.4.3 All users
McAfee All Access – Total Protection McAfee, Inc. 24/06/2015 14.0.1029 All users
McAfee SafeKey(uninstall only) McAfee, Inc. 08/07/2014 2.1.10 All users
McAfee Security Scan Plus McAfee, Inc. 18/03/2015 10.2 MB 3.8.150.1 All users
McAfee WebAdvisor McAfee, Inc. 07/07/2015 4.0.354 All users
Medal of Honor™ Warfighter Electronic Arts 06/03/2013 16.3 GB 1.0.0.3 All users
MetaBoli 08/04/2009 1.00.0000 All users
Metro 2033 4A Games 04/07/2013 All users
Metro: Last Light 4A Games 15/07/2013 All users
Microsoft .NET Framework 4.5.2 Microsoft Corporation 11/02/2015 38.8 MB 4.5.51209 All users
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 16/10/2014 1.59 MB 4.0.40804.0 All users
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Corporation 15/02/2013 10.3 MB 3.5.30730.0 Gary
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 09/05/2011 31.3 MB 3.5.88.0 All users
Microsoft Games for Windows Marketplace Microsoft Corporation 09/05/2011 6.03 MB 3.5.50.0 All users
Microsoft Office File Validation Add-In Microsoft Corporation 15/05/2014 15.7 MB 14.0.5130.5003 All users
Microsoft Office Home and Student 2010 Microsoft Corporation 16/08/2013 14.0.7015.1000 All users
Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Corporation 24/06/2015 197 MB 12.0.6612.1000 All users
Microsoft Office Suite Activation Assistant Microsoft Corporation 08/04/2009 8.36 MB 2.9 All users
Microsoft Silverlight Microsoft Corporation 24/06/2015 150 MB 5.1.40416.0 All users
Microsoft StarLancer 13/09/2012 All users
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 14/04/2010 259 KB 8.0.50727.4053 All users
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 14/04/2010 251 KB 8.0.50727.4053 All users
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16/06/2011 300 KB 8.0.59193 All users
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 08/04/2009 3.05 MB 8.0.61000 All users
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 16/04/2011 574 KB 8.0.51011 All users
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 14/04/2010 199 KB 9.0.30729.4148 All users
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 14/04/2011 592 KB 9.0.30729.5570 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 17/08/2012 780 KB 9.0.30729.4148 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 20/08/2012 788 KB 9.0.30729.6161 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 17/01/2011 1.41 MB 9.0.21022 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 14/04/2010 590 KB 9.0.30729 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 17/08/2012 224 KB 9.0.30729.4148 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16/06/2011 600 KB 9.0.30729.6161 All users
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 12/02/2015 13.0 MB 10.0.40219 All users
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 12/02/2015 15.0 MB 10.0.40219 All users
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 07/02/2015 20.5 MB 11.0.61030.0 All users
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 07/02/2015 17.3 MB 11.0.61030.0 All users
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 04/02/2015 20.5 MB 12.0.21005.1 All users
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 04/02/2015 17.1 MB 12.0.21005.1 All users
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) Microsoft Corporation 04/02/2015 All users
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 12/02/2015 10.0.50903 All users
MSI Afterburner 4.1.0 MSI Co., LTD 30/04/2015 4.1.0 All users
MSI Kombustor 2.5.0 MSI Co., LTD 01/05/2013 40.7 MB All users
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14/04/2010 1.27 MB 4.20.9870.0 All users
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 14/04/2010 1.33 MB 4.20.9876.0 All users
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 21/05/2010 36.0 KB 4.20.9818.0 All users
Norton Identity Safe Symantec Corporation 08/07/2014 2014.7.11.42 All users
NVIDIA 3D Vision Controller Driver 352.65 NVIDIA Corporation 24/06/2015 352.65 All users
NVIDIA 3D Vision Driver 353.30 NVIDIA Corporation 24/06/2015 353.30 All users
NVIDIA GeForce Experience 2.4.5.57 NVIDIA Corporation 01/07/2015 2.4.5.57 All users
NVIDIA Graphics Driver 353.30 NVIDIA Corporation 24/06/2015 353.30 All users
NVIDIA HD Audio Driver 1.3.34.3 NVIDIA Corporation 24/06/2015 1.3.34.3 All users
NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 24/06/2015 9.15.0428 All users
Origin Electronic Arts, Inc. 22/02/2013 9.1.10.2728 All users
PC Connectivity Solution Nokia 02/06/2012 17.5 MB 8.47.7.0 All users
Pixillion Image Converter NCH Software 10/10/2012 All users
PunkBuster Services Even Balance, Inc. 01/12/2012 0.993 All users
QuickTime 7 Apple Inc. 13/07/2015 70.3 MB 7.77.80.95 All users
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 10/12/2013 6.0.1.7069 All users
Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 28/03/2013 1.01 MB 2.0.34.0 All users
Revo Uninstaller Pro 3.1.2 VS Revo Group, Ltd. 15/07/2015 35.5 MB 3.1.2 All users
RivaTuner Statistics Server 6.3.0 Unwinder 30/04/2015 6.3.0 All users
Samsung Magician Samsung Electronics 04/02/2015 57.0 MB 4.5.1 All users
Samsung PC Studio 7 Samsung 02/06/2012 7.2.24.9 All users
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 02/06/2012 35.4 MB 1.3.650.0 All users
SamsungConnectivityCableDriver Samsung 02/06/2012 741 KB 6.83.6.2.1 All users
School House Shuffle 26/05/2011 All users
Secunia PSI (3.0.0.10004) Secunia 09/07/2015 8.92 MB 3.0.0.10004 All users
SetUpMyPC Packard Bell 26/05/2011 3.04.3002 All users
Shop for HP Supplies HP 26/05/2011 13.0 All users
Skype Click to Call Microsoft Corporation 24/06/2015 9.94 MB 7.4.0.9058 All users
Skype™ 7.6 Skype Technologies S.A. 24/06/2015 70.4 MB 7.6.103 All users
SOL Exodus Collector's Edition Iceberg Interactive 17/08/2012 1.12.5142 All users
Source SDK Base 2006 Valve 10/09/2012 All users
Source SDK Base 2007 Valve 17/09/2012 All users
Starship Troopers 19/10/2011 All users
Steam Valve Corporation 29/06/2010 1.49 MB 1.0.0.0 All users
Tactical Expansion Mod V1.1 05/09/2013 Gary
Teachers Report Assistant 26/05/2011 All users
The Elder Scrolls V: Skyrim Bethesda Game Studios 26/12/2011 All users
Trusteer Endpoint Protection Trusteer 24/06/2015 3.5.1412.176 All users
Ubisoft Game Launcher UBISOFT 26/12/2011 1.0.0.0 All users
VoodooShield version 2.75 VoodooSoft, LLC 06/07/2015 4.57 MB 2.75 All users
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) Nokia 02/06/2012 08/22/2008 7.0.0.0 All users
Windows Live ID Sign-in Assistant Microsoft Corporation 18/11/2010 8.12 MB 6.500.3165.0 All users
Winki MSI 29/03/2013 556 MB 3.2.118 All users
WinZip 18.0 WinZip Computing, S.L. 07/01/2014 138 MB 18.0.10661 All users
Wolfenstein: The New Order Machine Games 21/05/2014 All users
World Airports 3  upgrade 2 (Shared Components) Just Flight Limited 26/05/2011 2.65.10 All users
XviD MPEG-4 Video Codec XviD Development Team 01/01/2009 All users
Yahoo! Mail Advisor 26/05/2011 All users
Yahoo! Software Update 26/05/2011 All users
Zemana AntiMalware Zemana Ltd. 15/07/2015 12.9 MB 2.16.633 All users
 
As you can see, the Beijing Rising stuff has been found in the Context Menu search!!  Can't see any reference to them elsewhere in the text files. although the AGpShellExt VideoGee stuff in the same Menu is an associated file with Beijing Rising.
 
Hope this helps with your diagnosis. Thank you again for the time and trouble to look into this.
 
Regards, Gary
 

Edited by Maverick592, 15 July 2015 - 12:15 PM.


#4 buddy215

buddy215

  • BC Advisor
  • 12,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:05 PM

Posted 15 July 2015 - 12:36 PM

Okay....while I look through your last post please post the results using the programs below.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Maverick592

Maverick592
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paphos, Cyprus
  • Local time:10:05 PM

Posted 15 July 2015 - 01:23 PM

Hi, here are the logfiles you asked for:

 

# AdwCleaner v4.208 - Logfile created 15/07/2015 at 20:46:19
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Gary - GARY-PC
# Running from : C:\Users\Gary\Desktop\adwcleaner_4.208.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17909
 
 
-\\ Google Chrome v43.0.2357.134
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [22830 bytes] - [06/07/2015 17:17:03]
AdwCleaner[R1].txt - [1010 bytes] - [07/07/2015 08:55:55]
AdwCleaner[R2].txt - [1129 bytes] - [08/07/2015 10:44:27]
AdwCleaner[R3].txt - [1247 bytes] - [09/07/2015 10:32:47]
AdwCleaner[R4].txt - [1371 bytes] - [13/07/2015 17:15:55]
AdwCleaner[R5].txt - [1488 bytes] - [15/07/2015 20:43:22]
AdwCleaner[S0].txt - [21703 bytes] - [06/07/2015 17:19:17]
AdwCleaner[S1].txt - [1081 bytes] - [07/07/2015 08:58:08]
AdwCleaner[S2].txt - [1200 bytes] - [08/07/2015 10:46:40]
AdwCleaner[S3].txt - [1318 bytes] - [09/07/2015 10:37:54]
AdwCleaner[S4].txt - [1442 bytes] - [13/07/2015 17:22:46]
AdwCleaner[S5].txt - [1419 bytes] - [15/07/2015 20:46:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1478  bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.9 (07.14.2015:2)
OS: Windows 7 Home Premium x64
Ran by Gary on 15/07/2015 at 20:51:42.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\0
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_D8141F93E2B8BBDF887F2C7ECBC57A85
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Gary\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Gary\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Gary\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Gary\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/07/2015 at 21:11:24.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Thank you again for your help with this.
 
Regards, Gary


#6 buddy215

buddy215

  • BC Advisor
  • 12,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:05 PM

Posted 15 July 2015 - 02:04 PM

Disable these Windows Startups: (Use CCleaner by clicking on each item and on the right choose to Disable, Remove or Uninstall)

Yes HKCU:Run Amazon Music Amazon Services LLC Gary "C:\Users\Gary\AppData\Local\Amazon Music\Amazon Music Helper.exe"
Yes HKCU:Run CCleaner Monitoring Piriform Ltd Gary "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Desura Gary C:\Program Files (x86)\Desura\desura.exe -autostart
Yes HKCU:Run EADM Electronic Arts Gary "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
Yes HKCU:Run ehTray.exe Microsoft Corporation Gary C:\Windows\ehome\ehTray.exe
Yes HKCU:Run Google Update Google Inc. Gary "C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run GoogleChromeAutoLaunch_D8141F93E2B8BBDF887F2C7ECBC57A85 Google Inc. Gary "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
Yes HKCU:Run ISUSPM Startup InstallShield Software Corporation Gary C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
Yes HKCU:Run MobileDocuments Gary C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
Yes HKCU:Run S60 PC Suite Tray Gary "D:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
Yes HKCU:Run Steam Valve Corporation Gary "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes HKLM:Run APSDaemon Apple Inc. All users "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run FAHConsole WinZip Computing International, LLC All users C:\Program Files\File Association Helper\FAHConsole.exe
Yes HKLM:Run HP Software Update Hewlett-Packard All users C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run ISUSScheduler InstallShield Software Corporation All users "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
Yes HKLM:Run iTunesHelper Apple Inc. All users "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run QuickTime Task Apple Inc. All users "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run RavTRAY All users "C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE" -system (Remove...not just Disable)
Yes HKLM:Run RSDTRAY All users "C:\Program Files (x86)\Rising\RSD\popwndexe.exe" (Remove...not just Disable)
Yes HKLM:Run ShadowPlay Microsoft Corporation All users C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes Startup Common Secunia PSI Tray.lnk Secunia All users C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
 
Disable these Tasks:
Yes Task 0 Microsoft Corporation Gary c:\program files\internet explorer\iexplore.exe
Yes Task 4584 Microsoft Corporation Gary wscript.exe C:\Users\Gary\AppData\Local\Temp\launchie.vbs //B (Remove...not just Disable)
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated All users C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd Gary "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask Microsoft Corporation Gary C:\Windows\System32\browserchoice.exe /launch
Yes Task GoogleUpdateTaskMachineCore Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-2604098673-2921266839-231067897-1000Core Google Inc. Gary C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} Gary C:\Program Files (x86)\Rising\RAV\rsdelaylauncher.exe (Remove...not just Disable)
Yes Task {16321B60-FF48-4AC5-80A5-A04E7BA69425} Microsoft Corporation Gary C:\Windows\system32\pcalua.exe -a E:\Setup.Now.exe -d E:\
Yes Task {5DF64DBD-60CC-4870-A49A-8EBD32AE2E3E} Gary C:\Sierra\Blue-Shift\bshift.exe
Yes Task {A82D06D2-2739-49E5-8769-7B93955D09AE} Gary C:\Sierra\Blue-Shift\bshift.exe
Yes Task {C932CE04-EB45-4646-B5C7-AC0823A6046D} Gary C:\Sierra\Half-Life\hl.exe
Yes Task {FC326C6B-AFA0-457F-B93B-82CA65313E5D} Microsoft Corporation Gary C:\Windows\system32\pcalua.exe -a C:\Users\Gary\Downloads\CS110-XP\CS110-XP.exe -d C:\Users\Gary\Downloads\CS110-XP
Yes Task {FD0B2A85-37BF-4652-890F-63AACBC25648} Gary E:\Program Files (x86)\Sierra\FEAR\FEAR.exe
Yes Task {FFB38317-706A-48A0-88AF-6902AC3D4EA9} Microsoft Corporation Gary C:\Windows\system32\pcalua.exe -a E:\Install.exe -d E:\
 
Disable in Directory:
Yes Directory RisingRavExt Beijing Rising Information Technology Co., Ltd. All users C:\Windows\system32\RavExt64.dll (Remove...not just Disable)
Yes Drive RisingRavExt Beijing Rising Information Technology Co., Ltd. All users C:\Windows\system32\RavExt64.dll (Remove...not just Disable)
Yes File RisingRavExt Beijing Rising Information Technology Co., Ltd. All users C:\Windows\system32\RavExt64.dll (Remove...not just Disable)
Yes Folder RisingRavExt Beijing Rising Information Technology Co., Ltd. All users C:\Windows\system32\RavExt64.dll (Remove...not just Disable)
 
Uninstall these programs:
7-Zip 9.20 (x64 edition) Igor Pavlov 14/07/2014 4.53 MB 9.20.00.0 All users
7-Zip 9.21 Igor Pavlov 02/06/2012 3.54 MB 9.21.00.0 All users
Acrobat.com Adobe Systems Incorporated 26/05/2011 1.1.377 All users
Adobe Acrobat Reader DC Adobe Systems Incorporated 16/04/2015 169 MB 15.007.20033 All users
Adobe AIR Adobe Systems Incorporated 10/07/2015 18.0.0.180 All users
Adobe Flash Player 10 ActiveX 64-bit Adobe Systems Incorporated 08/06/2011 6.00 MB 10.3.162.28 All users (Use Uninstall Flash Player | Windows)
Express Zip File Compression Software NCH Software 14/10/2011 All users
Google Toolbar for Internet Explorer 26/05/2011 All users
Java 7 Update 71 Oracle 20/10/2014 119 MB 7.0.710 All users
Java 8 Update 25 Oracle Corporation 26/01/2015 73.3 MB 8.0.250 All users
Java 8 Update 31 Oracle Corporation 09/03/2015 74.0 MB 8.0.310 All users
Java 8 Update 40 Oracle Corporation 16/04/2015 76.9 MB 8.0.400 All users
JavaFX 2.1.1 Oracle Corporation 23/07/2012 20.8 MB 2.1.1 All users
LiveUpdate 3.2 (Symantec Corporation) Symantec Corporation 20/02/2013 3.2.0.68 All users
Shop for HP Supplies HP 26/05/2011 13.0 All users
Skype Click to Call Microsoft Corporation 24/06/2015 9.94 MB 7.4.0.9058 All users (unless you actually click on phone numbers in ads)
Yahoo! Software Update 26/05/2011 All users
 
I saw your results of the two scans. Looks good.....let me know how the computer is doing after completing above.
 
 
 
 
 
 
 
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 Maverick592

Maverick592
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paphos, Cyprus
  • Local time:10:05 PM

Posted 15 July 2015 - 03:11 PM

Hi, carried out your instructions to the letter! Got rid of everything linked to Beijing Rising, thank you very much for getting that sorted for me. Only minor glitch is the chinese extension label is still on my mp3/mp4 files. It doesn't affect the operation of the files. In addition, the RaUI.exe Good Link and Associate icons are still in the Hidden Icons part of the toolbar. I can't find RaUI.exe anywhere, so maybe it's just junk.

 

Your advice and help have been invaluable, and I really appreciate the time and trouble you have given me on this.

 

Regards, Gary



#8 buddy215

buddy215

  • BC Advisor
  • 12,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:05 PM

Posted 15 July 2015 - 03:50 PM

If you are using a wireless connection to the net that could explain those.

 

From the web: RaUI.exe - Should I Block It? (RaUI Application)  view the info in the link for a list of the hardware that this is installed in.

There are 3 versions of raui.exe in the wild, the latest version being 5.0.1.0. When the program is installed, it will add a shortcut pointer in the Start Menu which will execute the file as a process upon a user login. The average file size is about 12.72 MB. The file is a digitally signed and issued to Ralink Technology Corporation by VeriSign. The programs Ralink RT2870 Wireless LAN Card, Ralink RT2860 Wireless LAN Card and 802.11n Wireless PCI Express Card LAN Adapter have been observed as installing specific variations of raui.exe.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 Maverick592

Maverick592
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paphos, Cyprus
  • Local time:10:05 PM

Posted 15 July 2015 - 04:03 PM

Hi, had a look at info in RaUI link, that would definitely explain it, just installed new Asus wireless adapter. Looks like I am high and dry, then, and with all the right protection in place now.

 

Thank you again for your help, Sir, normal service can resume! Greatly appreciate it.

 

Best wishes,

 

Gary



#10 buddy215

buddy215

  • BC Advisor
  • 12,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:05 PM

Posted 15 July 2015 - 04:08 PM

Good...you're welcome....happy surfin' !


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users