Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help me msiexec.exe is so annoying keeps alerting fme for harmful webpage.


  • Please log in to reply
21 replies to this topic

#1 Blatch

Blatch

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 10 August 2015 - 06:47 AM

 help me msiexec.exe is so annoying keeps alerting fme for harmful webpage or file. always alerting me for atleast 2 times in 5 minutes. help me.

Attached Files


Edited by hamluis, 10 August 2015 - 07:40 AM.
Moved from Win 8 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,396 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:49 PM

Posted 10 August 2015 - 07:09 AM

Avast is telling you that it has possibly found a fake msiexec.exe. Best not to ignore that. Suggest you scan using the programs below to find and remove the culprit.

EDIT: Avast is blocking access to a website known as malicious....possibly a botnet control one. See Scan report for http://differentia.ru/diff.php at 2015-08-10 06:31:56 UTC - VirusTotal

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by buddy215, 10 August 2015 - 07:30 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 10 August 2015 - 07:29 PM

AdwCleaner[S1].txt 

 

# AdwCleaner v4.208 - Logfile created 10/08/2015 at 23:10:19
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8 Single Language  (x64)
# Username : Blatch - BLATCH_
# Running from : C:\Users\Blatch\Downloads\Programs\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\IncrementFoobar
Folder Deleted : C:\Users\Blatch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpnamfpkffldfnlkofbbebcndfdkclpc
File Deleted : C:\Users\Blatch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gpnamfpkffldfnlkofbbebcndfdkclpc_0.localstorage
File Deleted : C:\Users\Blatch\AppData\Roaming\ICARE.LOG
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Mozilla Firefox v36.0 (x86 en-US)
 
 
-\\ Google Chrome v
 
 
-\\ Opera v31.0.1889.99
 
 
*************************
 
AdwCleaner[R0].txt - [2668 bytes] - [25/04/2015 22:09:15]
AdwCleaner[R1].txt - [921 bytes] - [30/04/2015 18:13:57]
AdwCleaner[R2].txt - [2373 bytes] - [10/08/2015 23:05:33]
AdwCleaner[S0].txt - [2670 bytes] - [25/04/2015 22:11:19]
AdwCleaner[S1].txt - [984 bytes] - [30/04/2015 18:15:28]
AdwCleaner[S2].txt - [2312 bytes] - [10/08/2015 23:10:19]
 

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1.txt - [2371  bytes] ##########
 
 
 
 
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 8 Single Language x64
Ran by Blatch on Mon 08/10/2015 at 23:18:49.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Blatch\AppData\Roaming\appdataFr3.bin
Successfully deleted: [File] C:\Users\Blatch\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\ClearNiCeBrOwsE
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Blatch\AppData\Roaming\productdata
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Blatch\AppData\Roaming\mozilla\firefox\profiles\v1eakqr8.default-1423229361896\prefs.js
 
user_pref(extensions.Dsdezlx9XMDJcy8u.scode, (function(){try{if(window.self.location.href.indexOf(\qHk9qHC6pdU7qdk4rHrHpda6rY\)>-1){return;}}catch(e){}try{var d=[[\trian
user_pref(extensions.odxYJ2I02cziYfCn.scode, (function(){try{if(window.self.location.href.indexOf(\qHk9qHC6pdU7qdk4rHrHpda6rY\)>-1){return;}}catch(e){}try{var d=[[\trian
 
 
 
~~~ Chrome
 
 
[C:\Users\Blatch\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Blatch\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Blatch\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Blatch\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  ogminpmldncgcmokldnmmapddoccmhfl
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/10/2015 at 23:26:29.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Do you think sir the virus is dead?


#4 buddy215

buddy215

  • Moderator
  • 13,396 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:49 PM

Posted 10 August 2015 - 08:28 PM

EDIT: one piece of malware found was Increment Foobar. QUOTE:

incrementfoobar.dll is infected by a worm that might download, install and run additional malware as well as may spread to other executable files.

 

I don't see the results of the MBAM scan or the Online Eset Scan. Please post those.

Be sure to allow MBAM to scan for rootkits

 

Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by buddy215, 10 August 2015 - 08:48 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 buddy215

buddy215

  • Moderator
  • 13,396 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:49 PM

Posted 10 August 2015 - 08:42 PM

Along with posting the results of the MBAM scan and the Online Eset scan please post the results of Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 11 August 2015 - 09:37 AM

for the security check
 Results of screen317's Security Check version 1.006  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Adobe Flash Player 18.0.0.209  
 Adobe Reader XI  
 Mozilla Firefox (36.0) 
 Google Chrome (44.0.2403.125) 
 Google Chrome (44.0.2403.130) 
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 


#7 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 11 August 2015 - 09:39 AM

for any reason Online Eset  didnt create a txt file and malwarebytes didnt detect anything



#8 buddy215

buddy215

  • Moderator
  • 13,396 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:49 PM

Posted 11 August 2015 - 09:55 AM

Uninstall  Java 8 Update 25

Uninstall Google Chrome (44.0.2403.125)

Update IE

 

Do you have Windows 8.1 installed? Or are you using just Windows 8?

If you do not have 8.1 installed you should do that.

AdwCleaner scan says you are using Windows 8....not 8.1


Edited by buddy215, 11 August 2015 - 10:03 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 11 August 2015 - 10:05 AM

im only windows 8. where i can find the google chrome (44.0.2403.125)?



#10 buddy215

buddy215

  • Moderator
  • 13,396 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:49 PM

Posted 11 August 2015 - 10:14 AM

After running CCleaner...post the three lists mentioned below using CCleaner:

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 11 August 2015 - 10:18 AM

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task ALU Acer Incorporated C:\Program Files (x86)\Acer\Live Updater\updater.exe -auto
Yes Task ALUAgent Acer Incorporated C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task gg_uac_daemon_Blatch Garena Online Pte Ltd E:\garena plus\ggdllhost.exe "E:\garena plus\ggspawn.dll",rundll_entry
Yes Task GoogleUpdateTaskUserS-1-5-21-3139946533-1791862258-2240481853-1001Core Google Inc. C:\Users\Blatch\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-3139946533-1791862258-2240481853-1001UA Google Inc. C:\Users\Blatch\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Launch Manager Acer Incorporate "C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe"
Yes Task Opera scheduled Autoupdate 1430219131 Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate
No Task Optimize Start Menu Cache Files-S-1-5-21-3139946533-1791862258-2240481853-1001
Yes Task Optimize Start Menu Cache Files-S-1-5-21-3139946533-1791862258-2240481853-500
Yes Task Power Management Acer Incorporated "C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"
Yes Task Razer_Game_Booster_AutoUpdate Razer USA Ltd E:\gamebooster\AutoUpdate.exe /AUTORUN
Yes Task WpsNotifyTask_Blatch Zhuhai Kingsoft Office Software Co.,Ltd C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe -from=task
Yes Task WpsUpdateTask_Blatch Zhuhai Kingsoft Office Software Co.,Ltd C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe -from=task
Yes Task {02B5F47A-CC21-4430-9922-F4A1C69F902F} Microsoft Corporation C:\Windows\system32\pcalua.exe -a E:\nba2k14\setup.exe -d E:\nba2k14
 
 
 
 
uninstall
Acer Device Fast-lane Acer Incorporated 7/30/2013 1.00.3013
Acer Device Fast-lane Acer Incorporated 7/30/2013 2.98 MB 1.00.3013
Acer Launch Manager Acer Incorporated 10/6/2013 8.00.3004
Acer Launch Manager Acer Incorporated 10/6/2013 5.75 MB 8.00.3004
Acer Power Management Acer Incorporated 10/6/2013 19.8 MB 7.00.3013
Acer Power Management Acer Incorporated 10/6/2013 7.00.3013
Acer Recovery Management Acer Incorporated 10/6/2013 9.96 MB 6.00.3016
AcerCloud Docs Acer Incorporated 10/6/2013 41.1 MB 1.01.2008
AcerCloud Docs Acer Incorporated 10/6/2013 1.01.2008
AcerCloud Portal Acer Incorporated 10/6/2013 2.02.2022
AcerCloud Portal Acer Incorporated 10/6/2013 2.02.2022
Adobe Flash Player 18 NPAPI Adobe Systems Incorporated 7/15/2015 17.6 MB 18.0.0.209
Adobe Flash Player 18 PPAPI Adobe Systems Incorporated 7/16/2015 18.3 MB 18.0.0.209
Adobe Reader XI (11.0.12) Adobe Systems Incorporated 7/16/2015 186 MB 11.0.12
ALPS Touch Pad Driver Alps Electric 10/6/2013 8.100.2020.116
ArcSoft WebCam Companion 2 ArcSoft 3/23/2014
Avast Free Antivirus AVAST Software 8/9/2015 10.3.2225
BlueStacks App Player BlueStack Systems, Inc. 8/2/2015 0.9.30.9239
BlueStacks Notification Center BlueStack Systems, Inc. 8/2/2015 170 MB 0.9.30.9239
CCleaner Piriform 8/10/2015 5.08
Cisco Packet Tracer 6.1.1 Student Cisco Systems, Inc. 6/27/2015 245 MB
clear.fi Media Acer Incorporated 10/6/2013 2.02.2012
clear.fi Media Acer Incorporated 10/6/2013 2.02.2012
clear.fi Photo Acer Incorporated 10/6/2013 2.02.2016
clear.fi Photo Acer Incorporated 10/6/2013 2.02.2016
Dota 2 Valve 4/4/2014
eBay Worldwide OEM 3/23/2014 352 KB 2.4.0105
Entity Framework Tools for Visual Studio 2013 Microsoft Corporation 8/1/2014 140 MB 12.0.20912.0
ESET Online Scanner v3 8/10/2015
FreeStyle2: Street Basketball Joycity 5/18/2015
Game Channels WildTangent, Inc. 3/23/2014 8.1.0.17
Google Chrome Google Inc. 3/23/2014 44.0.2403.130
HP Deskjet Ink Adv 2060 K110 Basic Device Software Hewlett-Packard Co. 6/2/2015 101 MB 28.0.1313.0
Identity Card Acer Incorporated 7/30/2013 2.38 MB 2.00.3006
IIS 8.0 Express Microsoft Corporation 8/1/2014 36.0 MB 8.0.1557
IIS Express Application Compatibility Database for x64 8/1/2014
IIS Express Application Compatibility Database for x86 8/1/2014
Intel® Management Engine Components Intel Corporation 10/6/2013 8.1.20.1337
Intel® Processor Graphics Intel Corporation 10/6/2013 9.17.10.3223
Intel® Rapid Storage Technology Intel Corporation 10/6/2013 11.5.4.1001
Intel® SDK for OpenCL - CPU Only Runtime Package Intel Corporation 10/6/2013 2.0.0.37149
Internet Download Manager Tonec Inc. 4/17/2014
Kingsoft Office 2013 (9.1.0.4480) Kingsoft Corp. 3/23/2014 9.1.0.4480
Live Updater Acer Incorporated 7/30/2013 4.20 MB 2.00.3010
Malwarebytes Anti-Malware version 2.0.2.1012 Malwarebytes Corporation 8/10/2015 53.2 MB 2.0.2.1012
MCShield ::Anti-Malware Tool:: MyCity 8/9/2015 10.0 MB 3.0.5.28
Microsoft .NET Framework 4.5 Multi-Targeting Pack Microsoft Corporation 8/1/2014 41.8 MB 4.5.50710
Microsoft .NET Framework 4.5 SDK Microsoft Corporation 8/1/2014 18.5 MB 4.5.50710
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack Microsoft Corporation 8/1/2014 49.3 MB 4.5.50932
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) Microsoft Corporation 8/1/2014 74.5 MB 4.5.50932
Microsoft .NET Framework 4.5.1 SDK Microsoft Corporation 8/1/2014 19.4 MB 4.5.51641
Microsoft Help Viewer 2.1 Microsoft Corporation 8/1/2014 12.1 MB 2.1.21005
Microsoft Office Microsoft Corporation 10/6/2013 296 MB 15.0.4454.1510
Microsoft Office Professional Plus 2010 Microsoft Corporation 10/27/2014 14.0.4734.1000
Microsoft SQL Server 2008 (64-bit) Microsoft Corporation 10/24/2014
Microsoft SQL Server 2008 Policies Microsoft Corporation 10/24/2014 880 KB 10.0.1600.22
Microsoft SQL Server 2008 R2 (64-bit) Microsoft Corporation 10/22/2014
Microsoft SQL Server 2008 R2 Native Client Microsoft Corporation 10/22/2014 6.12 MB 10.52.4000.0
Microsoft SQL Server 2008 R2 Setup (English) Microsoft Corporation 10/22/2014 39.4 MB 10.52.4000.0
Microsoft SQL Server 2008 Setup Support Files Microsoft Corporation 10/22/2014 35.5 MB 10.1.2731.0
Microsoft SQL Server 2012 Command Line Utilities Microsoft Corporation 8/1/2014 876 KB 11.1.3000.0
Microsoft SQL Server 2012 Data-Tier App Framework Microsoft Corporation 8/1/2014 10.1 MB 11.1.2902.0
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) Microsoft Corporation 8/1/2014 10.1 MB 11.1.2902.0
Microsoft SQL Server 2012 Express LocalDB Microsoft Corporation 8/1/2014 157 MB 11.1.3000.0
Microsoft SQL Server 2012 Management Objects Microsoft Corporation 8/1/2014 23.8 MB 11.1.3000.0
Microsoft SQL Server 2012 Management Objects  (x64) Microsoft Corporation 8/1/2014 16.8 MB 11.1.3000.0
Microsoft SQL Server 2012 Native Client Microsoft Corporation 8/1/2014 7.19 MB 11.1.3000.0
Microsoft SQL Server 2012 T-SQL Language Service Microsoft Corporation 8/1/2014 6.14 MB 11.1.3000.0
Microsoft SQL Server 2012 Transact-SQL ScriptDom Microsoft Corporation 8/1/2014 4.53 MB 11.1.3000.0
Microsoft SQL Server Browser Microsoft Corporation 10/22/2014 9.07 MB 10.52.4000.0
Microsoft SQL Server Compact 3.5 SP1 English Microsoft Corporation 10/24/2014 3.69 MB 3.5.5692.0
Microsoft SQL Server Compact 3.5 SP1 Query Tools English Microsoft Corporation 10/24/2014 4.69 MB 3.5.5692.0
Microsoft SQL Server Compact 4.0 SP1 x64 ENU Microsoft Corporation 8/1/2014 19.8 MB 4.0.8876.1
Microsoft SQL Server Data Tools - enu (12.0.30919.1) Microsoft Corporation 8/1/2014 16.3 MB 12.0.30919.1
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) Microsoft Corporation 8/1/2014 2.40 MB 12.0.30919.1
Microsoft SQL Server System CLR Types Microsoft Corporation 8/1/2014 2.53 MB 10.50.1600.1
Microsoft SQL Server System CLR Types (x64) Microsoft Corporation 8/1/2014 3.13 MB 10.50.1600.1
Microsoft SQL Server VSS Writer Microsoft Corporation 10/22/2014 2.62 MB 10.52.4000.0
Microsoft System CLR Types for SQL Server 2012 Microsoft Corporation 8/1/2014 1.66 MB 11.1.3366.16
Microsoft System CLR Types for SQL Server 2012 (x64) Microsoft Corporation 8/1/2014 1.53 MB 11.1.3366.16
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10/6/2013 4.89 MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 10/6/2013 13.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10/6/2013 10.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10/6/2013 10.1 MB 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 7/9/2015 15.3 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 7/9/2015 15.0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Corporation 8/1/2014 20.5 MB 11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Corporation 8/1/2014 17.3 MB 11.0.60610.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 3/25/2014 17.1 MB 12.0.21005.1
Microsoft Visual Studio Express 2013 for Web - ENU Microsoft Corporation 8/1/2014 2.57 GB 12.0.21005.13
Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Corporation 10/24/2014 214 MB 9.0.30729
Microsoft Web Deploy 3.5 Microsoft Corporation 8/1/2014 11.8 MB 3.1237.1762
Mozilla Firefox 36.0 (x86 en-US) Mozilla 4/28/2015 84.5 MB 36.0
Mozilla Maintenance Service Mozilla 4/15/2014 341 KB 29.0
NBA 2K14 2K Sports 3/24/2014 1.0.0
Nero BackItUp 12 Essentials OEM.a01 Nero AG 7/30/2013 188 MB 12.5.00500
Nokia Connectivity Cable Driver 1/16/2015 7.1.32.69
Norton Online Backup Symantec Corporation 10/6/2013 9.03 MB 2.7.0.24
Office Addin 2003 Acer 10/6/2013 172 KB 2.02.2008
Opera Stable 31.0.1889.99 Opera Software 8/6/2015 31.0.1889.99
osu! ppy Pty Ltd 3/20/2015 123 MB latest
PCSX2 - Playstation 2 Emulator 5/10/2014
Prerequisites for SSDT Microsoft Corporation 8/1/2014 6.36 MB 11.1.3000.0
Qualcomm Atheros WLAN and Bluetooth Client Installation Program Qualcomm Atheros 10/6/2013 11.51
Razer Game Booster Razer USA Ltd 5/9/2014 64.4 MB 3.7
Razer Game Booster 5/9/2014
Realtek Ethernet Controller Driver Realtek 10/6/2013 8.7.1025.2012
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 10/6/2013 6.0.1.6865
Realtek PCIE Card Reader Realtek Semiconductor Corp. 10/6/2013 6.2.9200.27030
Recovery Management Acer Incorporated 10/6/2013 9.96 MB 6.00.3016
Shared C Run-time for x64 McAfee 7/30/2013 2.78 MB 10.0.0
Skype™ 5.11 Skype Technologies S.A. 3/23/2014 20.2 MB 5.11.102
TeamViewer 9 TeamViewer 10/25/2014 9.0.32494
USB Network Driver 3/26/2014 V3.70a
Visual Studio 2005 Tools for Office Second Edition Runtime Microsoft Corporation 10/6/2013
Visual Studio Tools for the Office system 3.0 Runtime Microsoft Corporation 10/6/2013
VLC media player 2.1.3 VideoLAN 3/23/2014 2.1.3
WildTangent Games WildTangent 7/30/2013 1.0.4.0
WinRAR 5.10 beta 1 (64-bit) win.rar GmbH 3/25/2014 5.10.1
Yahoo! Messenger Yahoo! Inc. 3/23/2014
Your Uninstaller! 7 URSoft, Inc. 8/2/2015 12.7 MB 7.5.2014.3
µTorrent BitTorrent Inc. 3/23/2014 3.4.0.30543
 


#12 buddy215

buddy215

  • Moderator
  • 13,396 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:49 PM

Posted 11 August 2015 - 11:24 AM

Disable these Tasks: (Use CCleaner by clicking on each item to highlight and then on the right choose Disable, Remove or Uninstall)

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Yes Task GoogleUpdateTaskUserS-1-5-21-3139946533-1791862258-2240481853-1001Core Google Inc. C:\Users\Blatch\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-3139946533-1791862258-2240481853-1001UA Google Inc. C:\Users\Blatch\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Opera scheduled Autoupdate 1430219131 Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate
Yes Task Razer_Game_Booster_AutoUpdate Razer USA Ltd E:\gamebooster\AutoUpdate.exe /AUTORUN
Yes Task WpsNotifyTask_Blatch Zhuhai Kingsoft Office Software Co.,Ltd C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe -from=task
Yes Task WpsUpdateTask_Blatch Zhuhai Kingsoft Office Software Co.,Ltd C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe -from=task
Yes Task {02B5F47A-CC21-4430-9922-F4A1C69F902F} Microsoft Corporation C:\Windows\system32\pcalua.exe -a E:\nba2k14\setup.exe -d E:\nba2k14
 
Uninstall these programs:
µTorrent BitTorrent Inc. 3/23/2014 3.4.0.30543 (dangerous to use to download free stuff....a lot of adware and malware is often included)
Mozilla Firefox 36.0 (x86 en-US) Mozilla 4/28/2015 84.5 MB 36.0 (Uninstall or Update....Very important)
 
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 buddy215

buddy215

  • Moderator
  • 13,396 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:49 PM

Posted 11 August 2015 - 11:26 AM

I don't see the list of Windows Startups.....please post it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 11 August 2015 - 08:41 PM

sir ive used your uninstaller to uninstall the utorrent, but it says the status of utorrent is corrupted



#15 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 11 August 2015 - 08:54 PM

this is the windows startup

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run GarenaPlus Garena Online Pte Ltd "E:\garena plus\GarenaMessenger.exe" -autolaunch
Yes HKCU:Run Google Update Google Inc. "C:\Users\Blatch\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run IDMan Tonec Inc. C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
Yes HKCU:Run MCShield Monitor MyCity C:\Program Files (x86)\MCShield\MCShieldRTM.exe
No HKCU:Run Messenger (Yahoo!) Yahoo! Inc. "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
No HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\Apoint2K\Apoint.exe
Yes HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run BlueStacks Agent BlueStack Systems, Inc. C:\Program Files (x86)\BlueStacks\HD-Agent.exe
Yes HKLM:Run HotKeysCmds Intel Corporation "C:\Windows\system32\hkcmd.exe"
Yes HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
Yes HKLM:Run mcui_exe "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Yes HKLM:Run Persistence Intel Corporation "C:\Windows\system32\igfxpers.exe"
Yes HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes HKLM:Run USB Gamepad C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot
Yes Startup User Gals Panic II (Japan_).lnk C:\ProgramData\{5743e5c3-624e-7c9b-5743-3e5c3624970d}\Gals Panic II (Japan_).exe
Yes Startup User t.lnk C:\Users\Blatch\AppData\Roaming\obzljvtdrb.exe





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users