Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Notthebomba - Yahoo Toolbar Hijack


  • Please log in to reply
12 replies to this topic

#1 notthebomba

notthebomba

  • Validating
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 20 September 2015 - 01:57 PM

per buddy215, I am starting a new thread.
Yahoo Toolbar Hijack 09-9-2105
 
Preamble:
Home brew desktop PC running Win7 Home Premium 64 bit with 120 GB SSD and 1TB HDD originally built in 2011.
Had BSOD problems, so bought brand new SSD (250GB) and new 2TB HDD.
Removed existing SSD and HDD, installed SSD only, reinstalled Win7 OS.
Still had BSOD, so on advice from BleepingComputer Kernal Dump Expert (usasma) tweaked BIOS to disable USB3.0.
This solved BSOD, but while downloading SSD testing utility (CrystalDiskMark5), inadvertantly picked up Yahoo Browser Hijacker.
 
 
Work thus far:
 
1. Tried resetting Chrome settings.
2. Ran CCleaner
3. Ran Malwarebytes - removed lots of PUP with yahoo and yonto files
4. Ran Junkware Removal - nothing found, but log created
5. Ran AdwCleaner - nothing found
6. CCleaner Startup and Install logs created
7. Ran ESET Online scanner - log created.
 
Unless I'm doing something wrong, this post is not letting me attach files.
Notthebomba


BC AdBot (Login to Remove)

 


#2 notthebomba

notthebomba
  • Topic Starter

  • Validating
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 21 September 2015 - 05:05 PM

buddy215:

notthebomba...it would be best if you copied and pasted logs into a new topic... I posted new thread, but can't seem to attach files.

I also suggest you look in your list of installed programs and uninstall all Yahoo related items listed there. I did a search and no Yahoo programs are found.

NTB



#3 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:19 AM

Posted 27 September 2015 - 03:14 PM

Simply copy and paste the logs in your next reply.....attachments are not allowed in this forum.

These logs...

3. Ran Malwarebytes - removed lots of PUP with yahoo and yonto files
6. CCleaner Startup and Install logs created
7. Ran ESET Online scanner - log created.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 notthebomba

notthebomba
  • Topic Starter

  • Validating
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 28 September 2015 - 07:36 AM

Malwarebytes log:

 

<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
-<header>
<date>2015/09/19 09:13:16 -0700</date>
<logfile>mbam-log-2015-09-19 (09-13-15).xml</logfile>
<isadmin>yes</isadmin>
</header>
-<engine>
<version>2.1.8.1057</version>
<malware-database>v2015.09.19.03</malware-database>
<rootkit-database>v2015.09.18.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
-<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Roger</username>
<filesys>NTFS</filesys>
</system>
 
-<summary>
<type>threat</type>
<result>completed</result>
<objects>338082</objects>
<time>204</time>
<processes>0</processes>
<modules>0</modules>
<keys>4</keys>
<values>4</values>
<datas>1</datas>
<folders>0</folders>
<files>3</files>
<sectors>0</sectors>
</summary>
 
-<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
 
-<items>
 
 
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}</path>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
<hash>6659220f9cef3cfab61b785810f433cd</hash>
</key>
 
-<key>
<path>HKLM\SOFTWARE\WOW6432NODE\RESULTSHUB</path>
<vendor>PUP.Optional.ResultsHub</vendor>
<action>success</action>
<hash>19a681b0266593a3689e565d60a49e62</hash>
</key>
 
-<key>
<path>HKU\S-1-5-21-766380769-3913007773-4166863875-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{940F3F68-8E69-4CE3-93E5-D6CE05E80127}</path>
<vendor>PUP.Optional.BDYahoo</vendor>
<action>success</action>
<hash>a81782afdcaff2449fc1c7bee91b48b8</hash>
</key>
 
-<key>
<path>HKU\S-1-5-21-766380769-3913007773-4166863875-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}</path>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
<hash>b609ff329ceffb3b745c08c8cb397090</hash>
</key>
 
-<value>
<path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path>
<valuename>URL</valuename>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
<hash>6659220f9cef3cfab61b785810f433cd</hash>
</value>
 
-<value>
<path>HKLM\SOFTWARE\WOW6432NODE\RESULTSHUB</path>
<valuename>cg</valuename>
<vendor>PUP.Optional.ResultsHub</vendor>
<action>success</action>
<valuedata>305f1d2e-0616-4276-a397-b1041381f3d3</valuedata>
<hash>19a681b0266593a3689e565d60a49e62</hash>
</value>
 
-<value>
<path>HKU\S-1-5-21-766380769-3913007773-4166863875-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{940F3F68-8E69-4CE3-93E5-D6CE05E80127}</path>
<valuename>URL</valuename>
<vendor>PUP.Optional.BDYahoo</vendor>
<action>success</action>
<hash>a81782afdcaff2449fc1c7bee91b48b8</hash>
</value>
 
-<value>
<path>HKU\S-1-5-21-766380769-3913007773-4166863875-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path>
<valuename>URL</valuename>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
<hash>b609ff329ceffb3b745c08c8cb397090</hash>
</value>
 
-<data>
<path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path>
<valuename>Start Page</valuename>
<vendor>PUP.Optional.Yontoo</vendor>
<action>replaced</action>
<gooddata>www.google.com</gooddata>
<hash>a01f1e13028996a082c7a9cb58ad8b75</hash>
</data>
-<file>
<path>C:\ods.exe</path>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
 
<hash>b906e8490c7f072f1fe7c31a43bed62a</hash>
</file>
-<file>
<path>C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_resultshub-a.akamaihd.net_0.localstorage</path>
<vendor>PUP.Optional.ResultsHub</vendor>
<action>delete-on-reboot</action>
<hash>f6c9dc556d1e053121e2555e21e346ba</hash>
</file>
-<file>
<path>C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_resultshub-a.akamaihd.net_0.localstorage-journal</path>
<vendor>PUP.Optional.ResultsHub</vendor>
<action>delete-on-reboot</action>
<hash>10af83ae107b0432af54387ba163fb05</hash>
</file>
</items>
</mbam-log>


#5 notthebomba

notthebomba
  • Topic Starter

  • Validating
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 28 September 2015 - 07:38 AM

CCleaner Startup and Install logs

 

Startup Log
Yes App Gmail 8.1 First user C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
Yes App Google Drive 14.0 First user C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0
Yes App Google Search 0.0.0.30 First user C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0
Yes App YouTube 4.2.7 First user C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0
No Extension Google Docs 0.9 First user C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0
No Extension Google Docs Offline 0.5 First user C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_2
No Extension Google Sheets 1.1 First user C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0
No Extension Google Slides 0.9 First user C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0

 

 
Install log
Adobe Acrobat 9 Pro Adobe Systems 9/17/2015 9.0.0
Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia Technology 9/17/2015 2.22 MB 1.10.0.0
Bing Bar Microsoft Corporation 9/18/2015 464 KB 7.1.361.0
Bluetooth Win7 Suite (64) Atheros Communications 9/17/2015 59.4 MB 7.2.0.65
CCleaner Piriform 9/19/2015 5.09
CrystalDiskMark 5.0.2 Crystal Dew World 9/17/2015 6.83 MB 5.0.2
Dropbox Dropbox, Inc. 9/16/2015 3.8.9
Google Chrome Google Inc. 9/16/2015 45.0.2454.93
HP Officejet Pro 8600 Basic Device Software Hewlett-Packard Co. 9/17/2015 187 MB 25.0.619.0
HP Officejet Pro 8600 Help Hewlett Packard 9/17/2015 22.5 MB 140.0.2.2
HP Officejet Pro 8600 Product Improvement Study Hewlett-Packard Co. 9/17/2015 8.28 MB 25.0.619.0
HP Update Hewlett-Packard 9/17/2015 3.98 MB 5.003.000.004
I.R.I.S. OCR HP 9/17/2015 68.9 MB 12.3.4.0
Intel® Management Engine Components Intel Corporation 9/17/2015 7.0.0.1144
Intel® Network Connections 16.5.2.0 Intel 9/16/2015 14.3 MB 16.5.2.0
Intel® Rapid Storage Technology Intel Corporation 9/17/2015 10.6.0.1002
JMicron JMB36X Driver JMicron Technology Corp. 9/17/2015 1.17.58.2
Malwarebytes Anti-Malware version 2.1.8.1057 Malwarebytes Corporation 9/19/2015 64.5 MB 2.1.8.1057
marvell 91xx driver Marvell 9/17/2015 1.0.0.1045
Microsoft .NET Framework 4.5.2 Microsoft Corporation 9/16/2015 38.8 MB 4.5.51209
Microsoft Office Home and Student 2010 Microsoft Corporation 9/17/2015 14.0.7015.1000
Microsoft Security Essentials Microsoft Corporation 9/16/2015 4.8.204.0
Microsoft Silverlight Microsoft Corporation 9/16/2015 50.7 MB 5.1.40728.0
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 9/17/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 9/17/2015 11.1 MB 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 9/17/2015 10.0.50903
NVIDIA 3D Vision Controller Driver 352.65 NVIDIA Corporation 9/16/2015 352.65
NVIDIA 3D Vision Driver 353.82 NVIDIA Corporation 9/16/2015 353.82
NVIDIA GeForce Experience 2.5.12.11 NVIDIA Corporation 9/16/2015 2.5.12.11
NVIDIA Graphics Driver 353.82 NVIDIA Corporation 9/16/2015 353.82
NVIDIA HD Audio Driver 1.3.34.3 NVIDIA Corporation 9/16/2015 1.3.34.3
NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 9/16/2015 9.15.0428
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 9/17/2015 6.0.1.6251
Samsung Magician Samsung Electronics 9/17/2015 57.2 MB 4.7
Skype™ 7.3 Skype Technologies S.A. 9/16/2015 49.2 MB 7.3.101
 


#6 notthebomba

notthebomba
  • Topic Starter

  • Validating
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 28 September 2015 - 07:39 AM

ESET Online scanner - log 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\updater.bak.vir a variant of Win32/BrowseFox.AM potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\updater.exe.vir a variant of Win32/BrowseFox.AM potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugincontainer.bak.vir a variant of Win32/BrowseFox.AU potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugincontainer.exe.vir a variant of Win32/BrowseFox.AU potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\10\Plugin.exe.vir a variant of Win32/BrowseFox.BZ potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\3\Plugin.exe.vir a variant of Win32/BrowseFox.BZ potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\3bak\Plugin.exe.vir a variant of Win32/BrowseFox.BZ potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\5\Plugin.exe.vir a variant of Win32/BrowseFox.BZ potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\5bak\Plugin.exe.vir a variant of Win32/BrowseFox.BZ potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\6\Plugin.exe.vir a variant of Win32/BrowseFox.BZ potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\6bak\Plugin.exe.vir a variant of Win32/BrowseFox.BZ potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\7\Plugin.exe.vir a variant of Win32/BrowseFox.BZ potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\7bak\Plugin.exe.vir a variant of Win32/BrowseFox.BZ potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\8\Plugin.exe.vir a variant of Win32/BrowseFox.BZ potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\8bak\Plugin.exe.vir a variant of Win32/BrowseFox.BZ potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Roger\AppData\Roaming\OpenCandy\9416863917C34559A0FB493B414A9B39\setup.exe.vir Win32/BrowseFox.CC potentially unwanted application deleted - quarantined
C:\Users\Roger\Downloads\ccsetup509.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Roger\Downloads\CrystalDiskMark5_0_2-en.exe Win32/OpenCandy potentially unsafe application deleted - quarantined


#7 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:19 AM

Posted 28 September 2015 - 08:43 AM

I don't see the list of Scheduled Tasks...please post it.

 

Disable these Windows Startups: Use CCleaner by clicking on each item to highlight and then choose to Disable or Delete or Uninstall on the right

Yes App Gmail 8.1 First user C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
Yes App Google Drive 14.0 First user C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0
Yes App Google Search 0.0.0.30 First user C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0
Yes App YouTube 4.2.7 First user C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0
 
Uninstall These programs:
Bing Bar Microsoft Corporation 9/18/2015 464 KB 7.1.361.0
CrystalDiskMark 5.0.2 Crystal Dew World 9/17/2015 6.83 MB 5.0.2

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 notthebomba

notthebomba
  • Topic Starter

  • Validating
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 28 September 2015 - 09:32 AM

buddy215:

Interesting development.

I could not disable the Apps (Gmail, Google Drive, Google Search, YouTube) via CCleaner Tools (CCleaner->Tools->Startup->Google Chrome)

When I tried, I got the following error: "Some of the selected items cannot be changed as they are protected by the browser."

However, I was able to delete Bing Bar and CrystalDiskMark and the hijacking has ceased!

Roger

 

PS: I have a BoostSpeed 8 license (Auslogics), but have not reinstalled it as I was waiting for the new OS reinstall to stabilize.

Question: Will I encounter problems if I have competing cleanup systems (MicroSoft Security Essentials, CCleaner, AdwCleaner, BoostSpeed)?



#9 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:19 AM

Posted 28 September 2015 - 10:29 AM

You really don't want to use BoostSpeed...it serves no purpose and has the potential to cause damage. The others are okay to keep...use CCleaner

often to clean up the gunk and yard trash.

 

Please post the Scheduled Tasks list....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 notthebomba

notthebomba
  • Topic Starter

  • Validating
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 28 September 2015 - 12:04 PM

Scheduled Tasks (Advanced Mode):

Yes Task ActivateWindowsSearch Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch \Microsoft\Windows\Media Center
No Task AD RMS Rights Policy Template Management (Automated) \Microsoft\Windows\Active Directory Rights Management Services Client
Yes Task AD RMS Rights Policy Template Management (Manual) \Microsoft\Windows\Active Directory Rights Management Services Client
Yes Task AitAgent aitagent \Microsoft\Windows\Application Experience
Yes Task AnalyzeSystem Microsoft Corporation %SystemRoot%\System32\powercfg.exe -energy -auto \Microsoft\Windows\Power Efficiency Diagnostics
No Task AutoWake \Microsoft\Windows\SideShow
Yes Task CacheTask \Microsoft\Windows\Wininet
No Task Calibration Loader \Microsoft\Windows\WindowsColorSystem
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) \
Yes Task ConfigNotification Microsoft Corporation %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION \Microsoft\Windows\WindowsBackup
Yes Task ConfigureInternetTimeService Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService \Microsoft\Windows\Media Center
Yes Task Consolidator Microsoft Corporation %SystemRoot%\System32\wsqmcons.exe \Microsoft\Windows\Customer Experience Improvement Program
Yes Task DispatchRecoveryTasks Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) \Microsoft\Windows\Media Center
Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c \
Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler \
Yes Task ehDRMInit Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DRMInit \Microsoft\Windows\Media Center
Yes Task GadgetManager \Microsoft\Windows\SideShow
Yes Task GatherNetworkInfo %windir%\system32\gatherNetworkInfo.vbs \Microsoft\Windows\NetTrace
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c \
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler \
No Task HiveUploadTask \Microsoft\Windows\User Profile Service
Yes Task HotStart \Microsoft\Windows\MobilePC
Yes Task HPCustParticipation HP Officejet Pro 8600 Hewlett-Packard Co. "C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x1000 \
Yes Task hpUrlLauncher.exe_{336F6168-F734-4277-B7AF-DB9810F23CCD} Hewlett-Packard Co. C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe https://h30495.www3.hp.com/printers/add?jumpID=in_instKarnak5%2F&cc=us&modelName=HP%20Officejet%20Pro%208600&serialNo=CN27NBR0KP&serialNo_Extra=05KD&modelID=CN579A&serviceID=22357&invitation=no \
Yes Task InstallPlayReady Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) \Microsoft\Windows\Media Center
Yes Task IpAddressConflict1 Microsoft Corporation %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem \Microsoft\Windows\Tcpip
Yes Task IpAddressConflict2 Microsoft Corporation %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem \Microsoft\Windows\Tcpip
Yes Task launchtrayprocess Microsoft Corporation %windir%\system32\GWX\GWX.exe /tasklaunch \Microsoft\Windows\Setup\gwx
Yes Task Logon-5d Microsoft Corporation %windir%\system32\GWX\GWX.exe /event:7 \Microsoft\Windows\Setup\GWXTriggers
Yes Task LPRemove Microsoft Corporation %windir%\system32\lpremove.exe \Microsoft\Windows\MUI
Yes Task MachineUnlock-5d Microsoft Corporation %windir%\system32\GWX\GWX.exe /event:8 \Microsoft\Windows\Setup\GWXTriggers
Yes Task mcupdate %SystemRoot%\ehome\mcupdate $(Arg0) \Microsoft\Windows\Media Center
Yes Task MediaCenterRecoveryTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask \Microsoft\Windows\Media Center
Yes Task Microsoft Antimalware Scheduled Scan Microsoft Corporation c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges \Microsoft\Microsoft Antimalware
Yes Task Microsoft Compatibility Appraiser Microsoft Corporation %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly \Microsoft\Windows\Application Experience
Yes Task MobilityManager \Microsoft\Windows\Ras
Yes Task Notifications Microsoft Corporation %windir%\System32\LocationNotifications.exe \Microsoft\Windows\Location
Yes Task ObjectStoreRecoveryTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask \Microsoft\Windows\Media Center
Yes Task OCURActivate Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate \Microsoft\Windows\Media Center
Yes Task OCURDiscovery Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) \Microsoft\Windows\Media Center
Yes Task OutOfIdle-5d Microsoft Corporation %windir%\system32\GWX\GWX.exe /event:6 \Microsoft\Windows\Setup\GWXTriggers
Yes Task OutOfSleep-5d Microsoft Corporation %windir%\system32\GWX\GWX.exe /event:9 \Microsoft\Windows\Setup\GWXTriggers
Yes Task PBDADiscovery Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery \Microsoft\Windows\Media Center
Yes Task PBDADiscoveryW1 Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery \Microsoft\Windows\Media Center
Yes Task PBDADiscoveryW2 Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery \Microsoft\Windows\Media Center
No Task PeriodicScanRetry Microsoft Corporation %windir%\ehome\MCUpdate.exe -pscn 0 \Microsoft\Windows\Media Center
No Task PolicyConverter Microsoft Corporation %windir%\system32\appidpolicyconverter.exe \Microsoft\Windows\AppID
Yes Task ProgramDataUpdater Microsoft Corporation %windir%\system32\rundll32.exe invagent.dll,RunUpdate -noappraiser \Microsoft\Windows\Application Experience
Yes Task Proxy Microsoft Corporation %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations \Microsoft\Windows\Autochk
Yes Task PvrRecoveryTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask \Microsoft\Windows\Media Center
Yes Task PvrScheduleTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -PvrSchedule \Microsoft\Windows\Media Center
Yes Task QueueReporting Microsoft Corporation %windir%\system32\wermgr.exe -queuereporting \Microsoft\Windows\Windows Error Reporting
No Task RecordingRestart %SystemRoot%\ehome\ehrec /RestartRecording \Microsoft\Windows\Media Center
Yes Task refreshgwxconfig Microsoft Corporation %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig \Microsoft\Windows\Setup\gwx
Yes Task refreshgwxconfig-B Microsoft Corporation %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent \Microsoft\Windows\Setup\GWXTriggers
Yes Task refreshgwxconfigandcontent Microsoft Corporation %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent \Microsoft\Windows\Setup\gwx
Yes Task refreshgwxcontent Microsoft Corporation %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent \Microsoft\Windows\Setup\gwx
Yes Task RegisterSearch Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) \Microsoft\Windows\Media Center
Yes Task ReindexSearchRoot Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot \Microsoft\Windows\Media Center
Yes Task SamsungMagician Samsung Electronics. "C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe" /AUTOHIDE \
Yes Task ScheduledDefrag Microsoft Corp. %windir%\system32\defrag.exe -c \Microsoft\Windows\Defrag
No Task SessionAgent \Microsoft\Windows\SideShow
Yes Task SqlLiteRecoveryTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask \Microsoft\Windows\Media Center
Yes Task SR Microsoft Corporation %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation \Microsoft\Windows\SystemRestore
Yes Task SynchronizeTime Microsoft Corporation %windir%\system32\sc.exe start w32time task_started \Microsoft\Windows\Time Synchronization
No Task SystemDataProviders \Microsoft\Windows\SideShow
Yes Task SystemSoundsService \Microsoft\Windows\Multimedia
Yes Task SystemTask \Microsoft\Windows\CertificateServicesClient
Yes Task Telemetry-4xd Microsoft Corporation %windir%\system32\GWX\GWX.exe /event:11 \Microsoft\Windows\Setup\GWXTriggers
Yes Task Time-5d Microsoft Corporation %windir%\system32\GWX\GWX.exe /event:10 \Microsoft\Windows\Setup\GWXTriggers
Yes Task UninstallDeviceTask Microsoft Corporation BthUdTask.exe $(Arg0) \Microsoft\Windows\Bluetooth
Yes Task UpdateLibrary "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" \Microsoft\Windows\Windows Media Sharing
Yes Task UpdateRecordPath Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) \Microsoft\Windows\Media Center
Yes Task UPnPHostConfig Microsoft Corporation sc.exe config upnphost start= auto \Microsoft\Windows\UPnP
Yes Task UserTask \Microsoft\Windows\CertificateServicesClient
No Task UserTask-Roam \Microsoft\Windows\CertificateServicesClient
No Task VerifiedPublisherCertStoreCheck Microsoft Corporation %windir%\system32\appidcertstorecheck.exe \Microsoft\Windows\AppID
Yes Task WinSAT \Microsoft\Windows\Maintenance


#11 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:19 AM

Posted 28 September 2015 - 01:13 PM

Disable these Tasks:

Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c \
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler \
Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c \
Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler \
 
If the problem comes back in Google Chrome you will need to completely uninstall Chrome including your profile. You can save your Bookmarks before 
uninstalling. You can use  Download Revo Uninstaller Freeware in Advanced Mode to uninstall Chrome.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 notthebomba

notthebomba
  • Topic Starter

  • Validating
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 28 September 2015 - 02:06 PM

buddy215: Done.

Thanks for all of your help!

If it comes back, I'll uninstall Chrome.

Roger



#13 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:19 AM

Posted 28 September 2015 - 03:10 PM

Enjoyed working with you...happy surfin'..


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users