Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Theft of computer data


  • Please log in to reply
12 replies to this topic

#1 jaejstep

jaejstep

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 17 August 2015 - 06:08 PM

Got a call from person with heavy Indian accent ( India Indian ) who claimed to be contractor for Microsoft and stated my computer was hacked into and my MS  windows s/n was being used by other computers for no-good and this concerned MS greatly. He convinced me to allow him access to my computer to prove this to me. I allowed access during which time he showed me various programs which were "stopped" by this intrusion and how important they were and how Windows needed them to function. After about 5 minutes of his gaining access , I became increasingly suspicious and got his name and phone # on the context of calling him back and immediately shut the power off to my computer and my internet modem . After repowering, I immediately changed all my important passwords and notified my broker, my bank, and credit card people. My question, is there any way I can tell if anything was compromised  and if anything was left behind that my security programs will not pick up?  I have three security programs; AVG, Malwarebytes, and SUPERantiSpyware. I have run all three and none picked up anything unusal.

Edited by Orange Blossom, 17 August 2015 - 08:48 PM.
Moved to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 13,001 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 PM

Posted 18 August 2015 - 06:00 AM

Welcome to BC !

That was, as you figured out, a scam. No one from Microsoft will ever call you. The scammers use popup ads to get users to call them, too.

You likely have the remote access program used by the scammer. Nothing malicious was likely installed. The scam was to sell you some really junky

security program and/ or useless maintenance contract....for hundreds of dollars.

 

Use the programs below to clean up the computer and find the remote access program. Be sure to run a scan using your MBAM after updating it, too.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

After posting the results of the two scans above, do this:

 

Post the three lists mentioned below using CCleaner:

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


Edited by buddy215, 18 August 2015 - 06:03 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Dualcomm

Dualcomm

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 PM

Posted 18 August 2015 - 07:47 AM

Yes, it was a scam. Unless he tried to download anything i believe your safe.



#4 jaejstep

jaejstep
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 19 August 2015 - 05:25 PM

 
 Thank you both for taking the time to help me. Your inputs immediately lessened my concerns and made me feel that maybe things weren't as bad as I imagined. I've been beating myself up for not realizing quicker that the situation was a scam. I've learned my lesson. I hope someone else will benefit from my mistake. Just keep in mind these people are very convincing
 
To Buddy215: Attached are the results of running (1)J unkware Removal tool  and (2) Adwcleaner programs.  I will provide the CCleaner startup data at next posting.
 
Again thank you both. 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows Vista ™ Home Premium x86
Ran by jim on Wed 08/19/2015 at  8:56:49.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully deleted: [Service] swdumon [Reboot required]
Successfully deleted: [Service] vToolbarUpdater18.8.0 [Reboot required]
Successfully deleted: [Service] yahooauservice [Reboot required]
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1246285503-1609816980-3878668152-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220122982266}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550155985566}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660166986666}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5EAE46E2-7321-4B4A-A66B-8D5530A21494}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{81B7F471-5EFC-46A3-875E-CEE420EA7633}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E6F2A398-5724-48CB-A893-C4951C3B3D99}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550155985566}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660166986666}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5EAE46E2-7321-4B4A-A66B-8D5530A21494}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E6F2A398-5724-48CB-A893-C4951C3B3D99}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\System32\drivers\swdumon.sys
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\jim\Appdata\Local\{124E755D-58A0-4B07-9124-F320D9423E33}
Successfully deleted: [Empty Folder] C:\Users\jim\Appdata\Local\{1CC49E2B-78E6-44B9-A6CE-69CDAFF320F1}
Successfully deleted: [Empty Folder] C:\Users\jim\Appdata\Local\{3333D7B8-18DB-4858-9E03-B3FD741BD0E9}
Successfully deleted: [Empty Folder] C:\Users\jim\Appdata\Local\{418B6859-6711-4FC4-82F3-B1DD3DA21C6C}
Successfully deleted: [Empty Folder] C:\Users\jim\Appdata\Local\{7FA25AF2-8094-46E4-9A02-BE0756C03071}
Successfully deleted: [Empty Folder] C:\Users\jim\Appdata\Local\{850B9AB6-4081-4307-8A88-F245C75C5D24}
Successfully deleted: [Empty Folder] C:\Users\jim\Appdata\Local\{8A608FD3-F655-41BC-8A8C-3080A81459C8}
Successfully deleted: [Empty Folder] C:\Users\jim\Appdata\Local\{8C1DBC4F-2D92-4B08-9203-66D59BC37EA9}
Successfully deleted: [Empty Folder] C:\Users\jim\Appdata\Local\{9F448EC3-8923-4BFE-9145-6E87E3E028A7}
Successfully deleted: [Empty Folder] C:\Users\jim\Appdata\Local\{9F775811-43B6-4DA2-A9F4-EEA4A699F060}
Successfully deleted: [Empty Folder] C:\Users\jim\Appdata\Local\{C328824B-8705-4202-B953-C89332F7791A}
Successfully deleted: [Empty Folder] C:\Users\jim\Appdata\Local\{C7DA2AD1-099E-4DB3-A70B-BA29B61C52EC}
Successfully deleted: [Empty Folder] C:\Users\jim\Appdata\Local\{F5FF8965-C2BD-430F-8276-7C58C809E156}
Successfully deleted: [Folder] C:\Program Files\flvplayer
Successfully deleted: [Folder] C:\Program Files\probit software
Successfully deleted: [Folder] C:\ProgramData\avg security toolbar
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\ProgramData\paretologic\regcure pro
Successfully deleted: [Folder] C:\ProgramData\pc drivers headquarters
Successfully deleted: [Folder] C:\ProgramData\pc1data
Successfully deleted: [Folder] C:\Users\jim\Appdata\Local\cre
Successfully deleted: [Folder] C:\Users\jim\Appdata\Local\slimware utilities inc
Successfully deleted: [Folder] C:\Users\jim\AppData\Roaming\babsolution
Successfully deleted: [Folder] C:\Users\jim\AppData\Roaming\drivercure
Successfully deleted: [Folder] C:\Users\jim\AppData\Roaming\getrighttogo
Successfully deleted: [Folder] C:\Users\jim\AppData\Roaming\paretologic\regcure pro
Successfully deleted: [Folder] C:\Users\jim\AppData\Roaming\pc cleaners
Successfully deleted: [Folder] C:\Users\jim\Documents\add-in express
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\jim\AppData\Roaming\mozilla\firefox\profiles\5gctqzqh.default\user.js
Successfully deleted: [File] C:\Users\jim\AppData\Roaming\mozilla\firefox\profiles\5gctqzqh.default\invalidprefs.js
Successfully deleted: [File] C:\Users\jim\AppData\Roaming\mozilla\firefox\profiles\5gctqzqh.default\searchplugins\bing-zugo.xml
Successfully deleted the following from C:\Users\jim\AppData\Roaming\mozilla\firefox\profiles\5gctqzqh.default\prefs.js
 
user_pref(extensions.delta.admin, false);
user_pref(extensions.delta.aflt, babsst);
user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
user_pref(extensions.delta.autoRvrt, false);
user_pref(extensions.delta.bbDpng, 29);
user_pref(extensions.delta.cntry, US);
user_pref(extensions.delta.dfltLng, en);
user_pref(extensions.delta.excTlbr, false);
user_pref(extensions.delta.ffxUnstlRst, true);
user_pref(extensions.delta.hdrMd5, 62806098341D2DC2C83BCCFA76050DB4);
user_pref(extensions.delta.id, 4ca7c9bd000000000000001a922efc18);
user_pref(extensions.delta.instlDay, 15915);
user_pref(extensions.delta.instlRef, sst);
user_pref(extensions.delta.lastVrsnTs, 1.8.22.012:25:31);
user_pref(extensions.delta.newTab, false);
user_pref(extensions.delta.prdct, delta);
user_pref(extensions.delta.prtnrId, delta);
user_pref(extensions.delta.rvrt, false);
user_pref(extensions.delta.sg, tzb);
user_pref(extensions.delta.smplGrp, none);
user_pref(extensions.delta.tlbrId, base);
user_pref(extensions.delta.tlbrSrchUrl, );
user_pref(extensions.delta.vrsn, 1.8.22.0);
user_pref(extensions.delta.vrsnTs, 1.8.22.012:25:31);
user_pref(extensions.delta.vrsni, 1.8.22.0);
user_pref(extensions.delta_i.babExt, );
user_pref(extensions.delta_i.babTrack, affID=119360&tsp=4958);
user_pref(extensions.delta_i.srcExt, ss);
user_pref(extensions.searchtoolbar@zugo.com.install-event-fired, true);
Emptied folder: C:\Users\jim\AppData\Roaming\mozilla\firefox\profiles\5gctqzqh.default\minidumps [1952 files]
 
 
 
~~~ Chrome
 
 
[C:\Users\jim\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\jim\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\jim\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\jim\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/19/2015 at  9:05:53.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
***********************************************************************************************************************************************************************************************
 
 
# AdwCleaner v5.002 - Logfile created 19/08/2015 at 09:15:27
# Updated 18/08/2015 by Xplode
# Database : 2015-08-18.2 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : jim - JIM-PC2
# Running from : C:\Users\jim\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : YahooAUService
Service Found : swdumon
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files\Uniblue
Folder Found : C:\Program Files\SPD
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\~0
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\ProgramData\Driver Boost
Folder Found : C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
Folder Found : C:\Users\jim\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\jim\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\jim\AppData\Roaming\download Manager
Folder Found : C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\5gctqzqh.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
***** [ Files ] *****
 
File Found : C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKCU\Software\5f558fdee735be15
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Found : HKU\.DEFAULT\Software\AVG Secure Search
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\spd
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKCU\Software\PCCleaners
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Converter Free Online_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner[R1].txt - [15259 bytes] - [25/07/2013 14:54:23]
C:\AdwCleaner[R2].txt - [15320 bytes] - [25/07/2013 14:55:57]
C:\AdwCleaner[S1].txt - [15027 bytes] - [25/07/2013 14:56:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4243 bytes] ##########
 


#5 buddy215

buddy215

  • BC Advisor
  • 13,001 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 PM

Posted 19 August 2015 - 05:45 PM

After you post the lists from CCleaner, rerun AdwCleaner and allow it to delete what it found by choosing to Clean.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 jaejstep

jaejstep
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 20 August 2015 - 03:31 PM

 
 
 
Startup Windows
 
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes HKCU:Run ehTray.exe Microsoft Corporation C:\Windows\ehome\ehTray.exe
Yes HKCU:Run ISUSPM Flexera Software, Inc. C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
Yes HKCU:Run ISUSPM Startup InstallShield Software Corporation C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
Yes HKCU:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Yes HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Yes HKCU:Run WMPNSCFG Microsoft Corporation C:\Program Files\Windows Media Player\WMPNSCFG.exe
Yes HKLM:Run AVG_UI AVG Technologies CZ, s.r.o. "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
Yes HKLM:Run BrHelp Brother Industries, Ltd. C:\Program Files\Brother\Brother Help\BrotherHelp.exe /AUTORUN
Yes HKLM:Run BrStsMon00 Brother Industries, Ltd. C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
Yes HKLM:Run ControlCenter4 Brother Industries, Ltd. C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
Yes HKLM:Run hpsysdrv Hewlett-Packard Company c:\hp\support\hpsysdrv.exe
Yes HKLM:Run IndexSearch Nuance Communications, Inc. "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
Yes HKLM:Run ISUSScheduler InstallShield Software Corporation "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run KBD C:\HP\KBD\KbdStub.EXE
Yes HKLM:Run PaperPort PTD Nuance Communications, Inc. "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
Yes HKLM:Run PDF5 Registry Controller Nuance Communications, Inc. C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
Yes HKLM:Run PDFHook Nuance Communications, Inc. C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
Yes HKLM:Run PMBVolumeWatcher Sony Corporation C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run RtHDVCpl Realtek Semiconductor RtHDVCpl.exe
Yes HKLM:Run SMSTray SAMSUNG ELECTRONICS C:\Program Files\Samsung\EmoDio\SMSTray.exe
Yes HKLM:Run Windows Defender Microsoft Corporation C:\Program Files\Windows Defender\MSASCui.exe -hide
Yes Startup Common EPSON Status Monitor 3 Environment Check 2.lnk SEIKO EPSON CORPORATION C:\Windows\System32\spool\drivers\w32x86\3\E_SRCV02.EXE
 
 
Startup Internet Explorer
 
Yes Extension Blog This Microsoft Corporation C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
Yes Extension Messenger Companion (Ctrl+Shift+C) Microsoft Corporation C:\Program Files\Windows Live\Companion\companioncore.dll
No Helper Easy Photo Print SEIKO EPSON CORPORATION / CyCom Technology Corp. C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
No Helper Java™ Plug-In 2 SSV Helper Sun Microsystems, Inc. C:\Program Files\Java\jre6\bin\jp2ssv.dll
No Helper PC Tools Browser Defender BHO Threat Expert Ltd. C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
Yes Helper PlusIEEventHelper Class Zeon Corporation C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
No Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
No Helper Windows Live Messenger Companion Helper Microsoft Corporation C:\Program Files\Windows Live\Companion\companioncore.dll
No Toolbar Easy Photo Print SEIKO EPSON CORPORATION / CyCom Technology Corp. C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
No Toolbar PC Tools Browser Defender Threat Expert Ltd. C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
 

 

Startup Fire Fox

 

No Extension Browser Defender Toolbar 4.0.0.0 Threat Expert Pty Ltd default C:\Program Files\PC Tools Security\BDT\Firefox
No Extension FirefoxAdKiller 0.87 Eric Ries default C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\5gctqzqh.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
Yes Extension Microsoft .NET Framework Assistant 0.0.0 Microsoft default c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
No Extension Strict Pop-up Blocker 0.2 Nikos Asimakis default C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\5gctqzqh.default\extensions\jid1-P34HaABBBpOerQ@jetpack.xpi
No Extension Updated Ad Blocker for Firefox 11+ 0.7.7 Ognean Dragos default C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\5gctqzqh.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
Yes Extension Yahoo! Toolbar 3.2.9.20150120035321 Yahoo! default C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\5gctqzqh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Yes Plugin Adobe Acrobat 10.1.13.16 Adobe Systems Inc. default C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Yes Plugin Garmin Communicator Plug-In 2.9.3.0 GARMIN Corp. default C:\Program Files\Garmin GPS Plugin\npGarmin.dll
Yes Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
Yes Plugin Java Deployment Toolkit 6.0.290.11 6.0.290.11 Sun Microsystems, Inc. default C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
No Plugin Java™ Platform SE 6 U29 6.0.290.11 Sun Microsystems, Inc. default C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Yes Plugin OpenH264 Video Codec 1.1 default C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\5gctqzqh.default\gmp-gmpopenh264\1.1\gmpopenh264.dll
Yes Plugin QuickTime Plug-in 7.7.4 7.7.4.0 Apple Inc. default C:\Program Files\QuickTime\Plugins\npqtplugin5.dll
Yes Plugin Shockwave Flash 16.0.0.296 default C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll
Yes Plugin Silverlight Plug-In 5.1.30514.0 default c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
Yes Plugin Windows Live Photo Gallery 15.4.3555.308 Microsoft Corporation default C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
No Plugin Windows Presentation Foundation 3.5.30729.1 Microsoft Corporation default c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
 
Startup Google Chrome
 
Yes App Gmail 8.1 Person 1 C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
Yes App Google Drive 14.0 Person 1 C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0
Yes App Google Search 0.0.0.30 Person 1 C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0
Yes App YouTube 4.2.7 Person 1 C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0
No Extension AVG Web TuneUp 4.1.4.948 Person 1 C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn\4.1.4.948_0
Yes Extension eBay for Chrome 4.1.2 Person 1 C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\4.1.2_0
No Extension Google Docs 0.9 Person 1 C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0
No Extension Google Sheets 1.1 Person 1 C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0
No Extension Google Slides 0.9 Person 1 C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0
 
 
Startup Scheduled Tasks
 
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task InstallShield Software online update program InstallShield Software Corporation C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup
Yes Task Secunia PSI Logon Task C:\Program Files\Secunia\PSI\psi.exe --start-in-tray
Yes Task {05003122-1915-4523-B1A3-BD8A01DBC0B5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\Secunia\PSI\uninstall.exe"
Yes Task {1458B845-82D8-46E5-8E41-7881AB4BBCCB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Yes Task {1D8BDF55-25D0-43D2-9175-0BF0662E0AB8} Microsoft Corporation C:\Windows\system32\pcalua.exe -a E:\Driver\OEMINF.EXE -d E:\Driver
Yes Task {2151499F-70F4-4E10-AFD3-DF828C37758B} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Yes Task {66D03898-D0B1-44B2-AC70-AE1DCDEC91D0} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\jim\Desktop\NN_drv_rub_w01_ENU.exe -d C:\Users\jim\Desktop
Yes Task {6B47631B-3900-4650-9FF9-05B5665B01AC} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Yes Task {A86D5AAA-FEEE-4EDB-8466-8167E9A56410} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" -c /u
Yes Task {AE79A7B7-1018-4C70-BD78-9B2834B6E7D0} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\AVG\AVG2013\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Yes Task {D925E7CD-2089-404D-898C-B38DD7DEA574} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\jim\Downloads\avg75f_447a967.exe -d C:\Users\jim\Downloads
 
 
Startup Context Menu
 
Yes File AVG Shell Extension AVG Technologies CZ, s.r.o. C:\Program Files\AVG\AVG2015\avgse.dll
Yes File EPP SEIKO EPSON CORPORATION C:\Program Files\Epson Software\Easy Photo Print\EPPShell.dll
Yes File MBAMShlExt C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
Yes File ShellExt
Yes Folder AVG Shell Extension AVG Technologies CZ, s.r.o. C:\Program Files\AVG\AVG2015\avgse.dll
Yes Folder MBAMShlExt C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
Yes Folder ShellExt
==============================================================================================================================
 
After I post this I will rerun Adwcleaner and delete what it found and post it accomplished.


#7 buddy215

buddy215

  • BC Advisor
  • 13,001 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 PM

Posted 20 August 2015 - 04:38 PM

Looks like you missed this:

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 jaejstep

jaejstep
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 21 August 2015 - 09:21 AM

Sorry about that, below is as requested:

 

Adobe Flash Player 18 ActiveX Adobe Systems Incorporated 8/11/2015 18.0.0.232
Adobe Flash Player 18 NPAPI Adobe Systems Incorporated 8/11/2015 18.0.0.232
Adobe Reader X (10.1.15) Adobe Systems Incorporated 7/16/2015 10.1.15
Any Video Converter 3.5.6 Any-Video-Converter.com 10/25/2012 102 MB
Apple Application Support (32-bit) Apple Inc. 4/15/2015 94.2 MB 3.1.3
Apple Mobile Device Support Apple Inc. 4/1/2015 22.5 MB 8.1.1.3
Apple Software Update Apple Inc. 7/20/2011 2.38 MB 2.1.3.127
Audacity 1.2.6 1/5/2008 18.2 MB
AudibleManager Audible, Inc. 1/30/2011 8.94 MB 4759644.48.2147348480.4759644
AVG 2015 AVG Technologies 8/13/2015 91.4 MB 2015.0.6125
AVG Web TuneUp AVG Technologies 7/23/2015 68.2 MB 4.1.5.143
Belarc Advisor 8.1 7/13/2010 3.82 MB
Better Homes and Gardens Landscaping and Deck Designer 7.5 Chief Architect Inc 3/21/2007 753 MB 7.5
Bonjour Apple Inc. 12/17/2013 1.12 MB 3.0.0.10
Brother MFL-Pro Suite MFC-J475DW Brother Industries, Ltd. 7/30/2015 28.7 MB 1.0.3.0
Browser Defender 4.0 Threat Expert Ltd. 1/15/2012 13.3 MB 4.0.0.0
CCleaner Piriform 8/19/2015 9.10 MB 5.08
Compatibility Pack for the 2007 Office system Microsoft Corporation 8/12/2015 167 MB 12.0.6612.1000
DivX DivXNetworks, Inc. 2/20/2007 324 KB 5.2.1
DVD Decrypter (Remove Only) 9/27/2012 932 KB
DVD Flick 1.3.0.7 Dennis Meuwissen 9/27/2012 43.1 MB 1.3.0.7
DVDFab 8.2.1.3 (28/09/2012) Qt Fengtao Software Inc. 10/7/2012 54.7 MB
EmoDio Samsung 3/5/2013 82.1 MB 1.0
Enhanced Multimedia Keyboard Solution Hewlett-Packard 2/20/2007 8.23 MB
Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 8/18/2009 82.0 MB 2.0.0.0
EPSON EPIC 2/20/2007 19.0 MB
Epson Event Manager SEIKO EPSON Corporation 7/26/2010 20.0 MB 2.30.01
EPSON NX100 Series Printer Uninstall SEIKO EPSON Corporation 8/18/2009
EPSON Scan 8/18/2009 27.5 MB
Family Tree Maker Version 16 3/26/2007 49.7 MB
FTMVistaUpdater Family Tree Maker 3/26/2007 2.52 MB 1.0.0
Garmin City Navigator Europe NT 2009 Update Garmin Ltd or its subsidiaries 1/12/2009 1.92 GB 11.0.0.0
Garmin Communicator Plugin Garmin Ltd or its subsidiaries 1/6/2011 11.6 MB 2.9.3
Garmin POI Loader Garmin Ltd or its subsidiaries 1/1/2011 38.5 MB 2.5.4.0
Garmin USB Drivers Garmin Ltd or its subsidiaries 1/1/2011 124 KB 2.3.0.0
Garmin WebUpdater Garmin Ltd or its subsidiaries 1/1/2011 4.98 MB 2.4.2
Google Chrome Google Inc. 2/1/2015 305 MB 44.0.2403.157
honestech VHS to DVD 2.0 SE honestech 5/2/2013 16.2 MB 2.0
HP Advisor Hewlett-Packard 10/26/2009 47.3 MB 3.1.9152.3107
HP Customer Experience Enhancements Hewlett-Packard 12/30/2006 1.00.0000
HP Customer Participation Program 8.0 HP 3/31/2007 8.0
HP Easy Setup - Core Hewlett-Packard 12/30/2006 1.02 MB 1.00.0000
HP Easy Setup - Frontend Hewlett-Packard 12/30/2006 1.82 MB 5.00.0000
HP Imaging Device Functions 8.0 HP 3/31/2007 1.52 MB 8.0
HP OCR Software 8.0 HP 3/31/2007 1.51 MB 8.0
HP Photosmart Essential HP 3/31/2007 11.4 MB 1.12.0.46
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B HP 3/31/2007 75.7 MB 8.0
HP Solution Center 8.0 HP 3/31/2007 1.51 MB 8.0
HP Update Hewlett-Packard 4/9/2011 3.96 MB 5.002.008.001
HPSSupply Hewlett Packard Development Company L.P. 3/31/2007 987 KB 2.1.3.0000
iTunes Apple Inc. 4/15/2015 221 MB 12.1.2.27
J2SE Runtime Environment 5.0 Update 3 Sun Microsystems, Inc. 5/29/2007 143 MB 1.5.0.30
Java™ 6 Update 2 Sun Microsystems, Inc. 9/16/2007 133 MB 1.6.0.20
Java™ 6 Update 29 Sun Microsystems, Inc. 8/26/2010 97.2 MB 6.0.290
Java™ 6 Update 3 Sun Microsystems, Inc. 11/1/2007 133 MB 1.6.0.30
Java™ 6 Update 5 Sun Microsystems, Inc. 3/26/2008 136 MB 1.6.0.50
Kyodai 3/12/2007 7.91 MB
Landscaping and Deck Designer 7.5 Training Videos Chief Architect Inc 3/25/2007 832 KB 1.00.000
LizardTech DjVu Control 8/27/2010 868 KB
Logitech Gaming Software 3/7/2007 10.3 MB 4.40
Malwarebytes Anti-Malware version 2.1.8.1057 Malwarebytes Corporation 8/6/2015 47.3 MB 2.1.8.1057
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 5/19/2009 27.8 MB
Microsoft .NET Framework 4.5.2 Microsoft Corporation 1/18/2015 251 MB 4.5.51209
Microsoft Automap Trip Planner (Requires CD-ROM) 9/20/2014 39.6 MB
Microsoft Flight Simulator 98 2/20/2007 177 MB
Microsoft Flight Simulator X Microsoft Game Studios 2/6/2008 12.7 GB 10.0.61355.0
Microsoft Office 2000 Professional Microsoft Corporation 2/22/2007 164 MB 9.00.2720
Microsoft Silverlight Microsoft Corporation 8/12/2015 5.1.40728.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10/15/2012 1.74 MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 7/29/2009 251 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 6/17/2011 294 KB 8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 12/31/2009 199 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 5/21/2011 592 KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12/30/2009 590 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 8/1/2012 225 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 6/17/2011 594 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 11/2/2012 10.0.40219
Microsoft Works Microsoft Corporation 12/7/2009 08.05.0818
MobileMe Control Panel Apple Inc. 9/29/2010 9.71 MB 3.1.2.0
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 2/20/2007 1.23 MB 4.20.9841.0
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 8/16/2007 1.26 MB 4.20.9848.0
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 10/11/2007 1.26 MB 4.20.9849.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11/11/2008 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 12/4/2009 1.33 MB 4.20.9876.0
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 7/26/2007 36.0 KB 4.20.9818.0
MSXML 4.0 SP3 Parser Microsoft Corporation 7/16/2015 1.47 MB 4.30.2100.0
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 7/17/2015 1.54 MB 4.30.2117.0
muvee autoProducer 5.0 muvee Technologies 2/20/2007 105 MB 5.00.050
Nuance PaperPort 12 Nuance Communications, Inc. 7/30/2015 199 MB 12.1.0006
Nuance PDF Viewer Plus Nuance Communications, Inc 7/30/2015 38.2 MB 5.30.3290
NVIDIA Drivers NVIDIA Corporation 7/19/2010 1.8
NVIDIA Graphics Driver 307.83 NVIDIA Corporation 4/11/2013 45.1 MB 307.83
NVIDIA Update 1.10.8 NVIDIA Corporation 11/17/2012 3.53 MB 1.10.8
One-click DVD Ripper Streamware Development 10/30/2012 3.37 MB 1.1.1
PaperPort Image Printer Nuance Communications, Inc. 7/16/2015 513 KB 14.00.0000
Perfect Attorney Premium Cosmi Corporation 3/26/2007 89.1 MB 1.00.0000
PlayMemories Home Sony Corporation 12/15/2014 4.1.00.12152
QuickTime 7 Apple Inc. 2/13/2015 70.3 MB 7.76.80.95
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 4/6/2008 9.73 MB 6.0.1.5789
Roxio Creator Audio Roxio 12/30/2006 1.14 MB 3.3.0
Roxio Creator Basic v9 Roxio 12/30/2006 26.2 MB 3.3.0
Roxio Creator Copy Roxio 12/30/2006 640 KB 3.3.0
Roxio Creator Data Roxio 12/30/2006 844 KB 3.3.0
Roxio Creator EasyArchive Roxio 12/30/2006 1.50 MB 3.3.0
Roxio Creator Tools Roxio 12/30/2006 353 KB 3.3.0
Roxio Easy VHS to DVD 3 Roxio 2/27/2013 211 MB 3.0
Soft Data Fax Modem with SmartCP Conexant Systems 6/23/2008 0.98 MB 7.74.00
SUPERAntiSpyware SUPERAntiSpyware.com 1/3/2012 77.2 MB 5.0.1142
Switch Sound File Converter NCH Software 8/7/2010 2.94 MB
URGE MTV Networks 2/20/2007 5.27 MB 1.1.8115.0
USB2.0 ATV Regulus 4/23/2013 2.82 MB 6.10.000.001
USB2.0 Grabber Youyan 5/2/2013 2.69 MB 7.12.000.003
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 10/2/2013 10.2 MB 14.0.0.1
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) Garmin 1/1/2011 06/03/2009 2.3.0.0
Windows Live Essentials Microsoft Corporation 10/15/2012 15.4.3555.0308
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 10/15/2012 5.57 MB 15.4.5722.2
Windows Media Player Firefox Plugin Microsoft Corp 6/23/2007 296 KB 1.0.0.8
Windows Movie Maker 2.6 Microsoft Corporation 12/29/2010 2.6.4040.0


#9 buddy215

buddy215

  • BC Advisor
  • 13,001 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 PM

Posted 21 August 2015 - 10:52 AM

Did you rerun AdwCleaner and allow it to CLEAN what it found?

 

Uninstall these programs: (Use CCleaner by clicking on each item to highlight and then choosing on the right to either Disable, Remove or Uninstall)

AVG Web TuneUp AVG Technologies 7/23/2015 68.2 MB 4.1.5.143

Belarc Advisor 8.1 7/13/2010 3.82 MB

Browser Defender 4.0 Threat Expert Ltd. 1/15/2012 13.3 MB 4.0.0.0

Java™ 6 Update 2 Sun Microsystems, Inc. 9/16/2007 133 MB 1.6.0.20
Java™ 6 Update 29 Sun Microsystems, Inc. 8/26/2010 97.2 MB 6.0.290
Java™ 6 Update 3 Sun Microsystems, Inc. 11/1/2007 133 MB 1.6.0.30
Java™ 6 Update 5 Sun Microsystems, Inc. 3/26/2008 136 MB 1.6.0.50
Windows Media Player Firefox Plugin Microsoft Corp 6/23/2007 296 KB 1.0.0.8
 
Disable these Windows Startups:

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes HKCU:Run ehTray.exe Microsoft Corporation C:\Windows\ehome\ehTray.exe
Yes HKCU:Run ISUSPM Flexera Software, Inc. C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
Yes HKCU:Run ISUSPM Startup InstallShield Software Corporation C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
Yes HKCU:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Yes HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Unless this is an Updated and Paid Version...not FREE)
Yes HKCU:Run WMPNSCFG Microsoft Corporation C:\Program Files\Windows Media Player\WMPNSCFG.exe
Yes HKLM:Run BrHelp Brother Industries, Ltd. C:\Program Files\Brother\Brother Help\BrotherHelp.exe /AUTORUN
Yes HKLM:Run BrStsMon00 Brother Industries, Ltd. C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
Yes HKLM:Run ControlCenter4 Brother Industries, Ltd. C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
Yes HKLM:Run hpsysdrv Hewlett-Packard Company c:\hp\support\hpsysdrv.exe
Yes HKLM:Run IndexSearch Nuance Communications, Inc. "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
Yes HKLM:Run ISUSScheduler InstallShield Software Corporation "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run PaperPort PTD Nuance Communications, Inc. "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
Yes HKLM:Run PDF5 Registry Controller Nuance Communications, Inc. C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
Yes HKLM:Run PDFHook Nuance Communications, Inc. C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run SMSTray SAMSUNG ELECTRONICS C:\Program Files\Samsung\EmoDio\SMSTray.exe
Yes Startup Common EPSON Status Monitor 3 Environment Check 2.lnk SEIKO EPSON CORPORATION C:\Windows\System32\spool\drivers\w32x86\3\E_SRCV02.EXE
 
REMOVE OR UNINSTALL these Firefox extensions: (not just disable)
No Extension Browser Defender Toolbar 4.0.0.0 Threat Expert Pty Ltd default C:\Program Files\PC Tools Security\BDT\Firefox
No Extension FirefoxAdKiller 0.87 Eric Ries default C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\5gctqzqh.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
No Extension Strict Pop-up Blocker 0.2 Nikos Asimakis default C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\5gctqzqh.default\extensions\jid1-P34HaABBBpOerQ@jetpack.xpi
No Extension Updated Ad Blocker for Firefox 11+ 0.7.7 Ognean Dragos default C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\5gctqzqh.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
Yes Extension Yahoo! Toolbar 3.2.9.20150120035321 Yahoo! default C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\5gctqzqh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
Disable these Firefox plugins:
Yes Plugin Adobe Acrobat 10.1.13.16 Adobe Systems Inc. default C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Yes Plugin Java Deployment Toolkit 6.0.290.11 6.0.290.11 Sun Microsystems, Inc. default C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
Yes Plugin QuickTime Plug-in 7.7.4 7.7.4.0 Apple Inc. default C:\Program Files\QuickTime\Plugins\npqtplugin5.dll
 
Disable these Scheduled Tasks:
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task InstallShield Software online update program InstallShield Software Corporation C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup
Yes Task Secunia PSI Logon Task C:\Program Files\Secunia\PSI\psi.exe --start-in-tray
Yes Task {05003122-1915-4523-B1A3-BD8A01DBC0B5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\Secunia\PSI\uninstall.exe"
Yes Task {1458B845-82D8-46E5-8E41-7881AB4BBCCB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Yes Task {1D8BDF55-25D0-43D2-9175-0BF0662E0AB8} Microsoft Corporation C:\Windows\system32\pcalua.exe -a E:\Driver\OEMINF.EXE -d E:\Driver
Yes Task {2151499F-70F4-4E10-AFD3-DF828C37758B} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Yes Task {66D03898-D0B1-44B2-AC70-AE1DCDEC91D0} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\jim\Desktop\NN_drv_rub_w01_ENU.exe -d C:\Users\jim\Desktop
Yes Task {6B47631B-3900-4650-9FF9-05B5665B01AC} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Yes Task {A86D5AAA-FEEE-4EDB-8466-8167E9A56410} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" -c /u
Yes Task {D925E7CD-2089-404D-898C-B38DD7DEA574} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\jim\Downloads\avg75f_447a967.exe -d C:\Users\jim\Downloads
 
 
 
 
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 buddy215

buddy215

  • BC Advisor
  • 13,001 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 PM

Posted 21 August 2015 - 11:05 AM

The best ad blocker that I have used for years is Adblock Plus....it works in both Firefox and Chrome.

Adblock Plus :: Add-ons for Firefox

Adblock Plus - Chrome Web Store

 

Once you have installed Adblock Plus you will want to click on its ABP icon and choose Filter Preferences. UNcheck Allow Some Non-intrusive Advertising


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 jaejstep

jaejstep
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 27 August 2015 - 09:50 AM

I did run adwcleaner and cleaned the results.  

 

Using CCleaner, I took the requested actions except for the following:

   Under "Firefox Extensions";

             Item #1 Browser Defender Toolbar - Could not delete. Action option boxes did not highlight to allow any action

             item #5 Yahoo Toolbar - Could not delete, but could and did "Disable".

 

   Under "Scheduled Tasks";

              items #4 and #6 thru #13 - could not disable due to statement "No mapping between acct. names and security I D was done". It seems I can delete them, but not disable them, Should I "delete" them?

 

Reqarding Adblocker-plus, I activated Adblocker-plus for Chrome. I no longer use Firefox as it had a problem with AVG Security. I have noticed a great reduction in the number of cookies I pick up.

 

 

In general, my computer has been running well and I have detected nothing out of the ordinary. Would it be of benefit to run Junkware Removal Tool and CCleaner  on my other desktop and my laptop?  



#12 buddy215

buddy215

  • BC Advisor
  • 13,001 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 PM

Posted 27 August 2015 - 10:17 AM

I think it is safe to delete these:

Yes Task {A86D5AAA-FEEE-4EDB-8466-8167E9A56410} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" -c /u

Yes Task {05003122-1915-4523-B1A3-BD8A01DBC0B5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\Secunia\PSI\uninstall.exe"

 

If you are not using Firefox, uninstall it using Download Revo Uninstaller Freeware in Advanced Mode. That will remove all of Firefox including your Firefox profile.

 

AVG installs adware in browsers. It's extensions in Firefox would serve no useful purpose. Same goes for Google Chrome.

 

Adobe Flash allows 3rd Party cookies. You can block that from happening using the Adobe - Flash Player : Settings Manager - Global Privacy Settings Panel


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#13 buddy215

buddy215

  • BC Advisor
  • 13,001 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 PM

Posted 27 August 2015 - 04:14 PM

........Would it be of benefit to run Junkware Removal Tool and CCleaner  on my other desktop and my laptop? 

 

Won't know until you scan with them...and MBAM.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users