Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange files in Recent Files list. Files have Chinese names and zero byte size.


  • Please log in to reply
14 replies to this topic

#1 Duncan2015

Duncan2015

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 28 November 2015 - 10:28 AM

Good morning Bleeping Computer community,

 

I have the strangest thing happening in my Recent Files list on my Windows 10 computer.  Files with a ZERO byte size, NO create date, NO modify date and with name in Chinese characters appear in the Recent Files list.  This is the third time in 2 weeks I have noticed a batch of such files.  Below, I will paste in the file names that appear.  I tried copying the names into Google Translate, but that did not provide anything I understood.

These files do NOT exist if I browse to my desktop.  They are not it the Recycle Bin either.  I have unchecked all the HIDE options for File Explorer.

 

OS: Windows 10 Home

AV: Avast (purchased)

Make: Lenovo

 

What I have done so far:

1) Scan with Avast.  Nothing

2) Scan with Malware Bytes:  A few PUP that I removed.

 

Since those actions, the most recent batch of them appeared.  It seems a few repeat and here are the file names...

 

1) 㩅瑜牯敲瑮灜屴畊汥⁺敖瑮牵⁡湡⁤楍慣⁨潍牯履畊汥⁺敖瑮牵⁡湡⁤楍慣⁨潍牯⹥癡⹩灪g㈀䴰潯敲愮楶樮杰

2) 㩅瑜牯敲瑮灜屴畊汥⁺敖瑮牵⁡湡⁤楍慣⁨潍牯履畊汥⁺敖瑮牵⁡湡⁤楍慣⁨潍牯⹥癡i挀桡㈥䴰潯敲愮楶

3) 㩅瑜牯敲瑮灜屴慊浳湩⁥牁扡慩ⴠ䔠灸楬楣整䄭瑲挮浯嬠硅牴浥吠楲嵯孜硅汰捩瑩ⵥ牁嵴慊浳湩䅥慲楢ⵡ硅牴浥牔潩㈭ㄮ〱ㄵ⸴潭v吀楲ⵯ⸲ㄱ㔰㐱洮癯

4) 㩅瑜牯敲瑮灜屴睇湥䴠摥慩ⴠ匠敷瑥匠牵敲摮牥獜牣敥彮⸶灪g渀㙟樮杰

5) 㩅瑜牯敲瑮灜屴慇杮慢杮摥䈠⁹牔湡獳硥慵獬㌠䝜䉂㍔匠散敮㌠愮楶

6) 㩅瑜牯敲瑮灜屴慇杮慢杮摥䈠⁹牔湡獳硥慵獬㌠䝜䉂㍔匠散敮㈠愮楶

7) 㩅瑜牯敲瑮灜屴慇杮慢杮摥䈠⁹牔湡獳硥慵獬㌠䝜䉂㍔匠散敮ㄠ愮楶

8) 㩅瑜牯敲瑮灜屴癅汩倠湩⹫⸲䑛䑖䥒嵐䕜楶楐歮㈮嬮噄剄偉孝敌扳慩嵮倨牯潮楒⹰敮⥴䍛㉄⹝癡i瀀渮瑥┩䈵䑃┲䐵愮楶

9) 楶楐歮㈮嬮噄剄偉孝敌扳慩嵮倨牯潮楒⹰敮⥴䍛ㅄ⹝癡i瀀渮瑥┩䈵䑃┱䐵愮楶

10) 㩅瑜牯敲瑮灜屴癅汩倠湩⹫⸲䑛䑖䥒嵐䕜楶楐歮㈮嬮噄剄偉孝敌扳慩嵮倨牯潮楒⹰敮⥴䍛ㅄ⹝癡i瀀渮瑥┩䈵䑃┱䐵愮楶저ᅦ≠㗺ៀ謀䔯⼺潴牲湥⽴瑰䔯楶╬〲楐歮㈮┮䈵噄剄偉㔥⽄癅汩㈥倰湩⹫⸲㔥䑂䑖䥒═䐵㔥䱂獥楢湡㔥⡄潐湲副灩渮瑥┩䈵䑃┱䐵愮楶￟≳㗉ᣥ蠀ർ

 

 

Am I infected?

 

Thank you!

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:36 PM

Posted 28 November 2015 - 11:21 AM

Welcome to BC !

 

Try the programs below to see if they can find what is causing this.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the malware scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

Edited by buddy215, 28 November 2015 - 04:27 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Duncan2015

Duncan2015
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 28 November 2015 - 02:39 PM

Thank you for the reply.  Below are the results of the three scans...

 

ADWCLEANER LOG

 

# AdwCleaner v5.022 - Logfile created 28/11/2015 at 12:45:17
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Duncan - KITT
# Running from : C:\Users\Duncan\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Amazon\ABB
[-] Folder Deleted : C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
[-] Folder Deleted : C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc
[-] Folder Deleted : C:\Users\Duncan\AppData\Roaming\Search Protection
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pioclpoplcdbaefihamjohnefbikjilc_0.localstorage
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ch
[-] [C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mcbkbpnkkkipelfledbfocopglifcfmi
[-] [C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pioclpoplcdbaefihamjohnefbikjilc
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2174 bytes] ##########
 
JRT Log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64 
Ran by Duncan (Administrator) on Sat 11/28/2015 at 12:54:11.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol (Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CA97703F-B8A1-4367-8456-5A39177CA086} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/28/2015 at 12:57:10.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
EMSISOFT EMERGENCY KIT Log
 
Emsisoft Emergency Kit - Version 10.0
Last update: 11/28/2015 1:13:25 PM
User account: KITT\Duncan
 
Scan settings:
 
Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 11/28/2015 1:16:40 PM
C:\Users\Duncan\Desktop\New folder (2)\software\ipscan221.exe detected: Riskware.Win32.NetTool.Portscan (A)
C:\Users\Duncan\Downloads\Installed\cdbxp_setup_4.5.2.4214.exe detected: Application.Win32.InstallAd (A)
C:\Users\Duncan\Downloads\SetupImgBurn_2.5.8.0.exe detected: Application.Win32.InstallAd (A)
 
Scanned 348992
Found 3
 
Scan end: 11/28/2015 2:18:21 PM
Scan time: 1:01:41


#4 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:36 PM

Posted 28 November 2015 - 04:32 PM

Emsisoft found some malware.

Rerun Emsisoft using the malware scan and be sure to When the scan is finished click the Quarantine selected objects button.

 

Run another scan using Eset. This scan can take more than hour....sometimes 3 or 4 depending on size of data on the hdd and computer resources.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by buddy215, 28 November 2015 - 04:34 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Duncan2015

Duncan2015
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 28 November 2015 - 08:42 PM

Emisoft was run again and items quarantined.

 

ESET Online Scan Log

 

C:\Users\Duncan\AppData\Roaming\uTorrent\updates\3.3.1_29988.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined

C:\Users\Duncan\Downloads\Installed\utorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined


#6 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:36 PM

Posted 29 November 2015 - 04:28 AM

Post the three lists mentioned below using CCleaner.

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Duncan2015

Duncan2015
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 29 November 2015 - 07:31 AM

Good morning.

 

As you requested, the three lists are below.  In addition I noticed an advanced check box for the Scheduled Tasks listing.  As it provided more of info, I added that to the end of this thread as well.

 

Also, let me say Thank You for your help!  

 

CCleaner Windows Startups

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\Duncan\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run Google Update Google Inc. "C:\Users\Duncan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run Hobbyist Software VLC Streamer Hobbyist Software "C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup
Yes HKCU:Run Lync Microsoft Corporation "C:\Program Files\Microsoft Office 15\root\office15\lync.exe" /fromrunkey
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run Spotify Spotify Ltd "C:\Users\Duncan\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Duncan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:Run uTorrent BitTorrent Inc. "C:\Users\Duncan\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
Yes HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Yes HKLM:Run CitrixReceiver "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
Yes HKLM:Run CLMLServer CyberLink "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
Yes HKLM:Run ConnectionCenter Citrix Systems, Inc. "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
Yes HKLM:Run CrashPlanTray Code 42 Software, Inc. C:\Program Files\CrashPlan\CrashPlanTray.exe
Yes HKLM:Run Intel AppUp(SM) center Intel Corporation "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run jmekey Lenovo C:\windows\jmesoft\hotkey.exe
Yes HKLM:Run jmesoft C:\Windows\jmesoft\ServiceLoader.exe
Yes HKLM:Run LVT Lenovo C:\Program Files\Lenovo\LVT\LJYZ.exe 1
Yes HKLM:Run Redirector Citrix Systems, Inc. "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
Yes HKLM:Run RemoteControl10 CyberLink Corp. "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
Yes HKLM:Run UpdateP2GoShortCut CyberLink Corp. "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
Yes Startup User Citrix Receiver.lnk Citrix Systems, Inc. C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Duncan\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes Startup User EvernoteClipper.lnk Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
 
CCleaner Scheduled Tasks
 
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DropboxUpdateTaskUserS-1-5-21-2774201085-3614189751-1957685156-1001Core Dropbox, Inc. C:\Users\Duncan\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-2774201085-3614189751-1957685156-1001UA Dropbox, Inc. C:\Users\Duncan\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-2774201085-3614189751-1957685156-1001Core Google Inc. C:\Users\Duncan\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-2774201085-3614189751-1957685156-1001UA Google Inc. C:\Users\Duncan\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
No Task Optimize Start Menu Cache Files-S-1-5-21-2774201085-3614189751-1957685156-1001
 
CCleaner Uninstall
 
3D Builder Microsoft Corporation 9/16/2015 10.9.6.0
AccuWeather - Weather for Life AccuWeather 8/16/2015 4.1.0.24
Adobe AIR Adobe Systems Incorporated 8/16/2015 18.0.0.199
Adobe Reader XI (11.0.13) Adobe Systems Incorporated 10/16/2015 185 MB 11.0.13
Alarms & Clock Microsoft Corporation 11/18/2015 10.1511.61020.0
Angry IP Scanner Angry IP Scanner 9/4/2015 1.69 MB 3.2.1
AnyDVD SlySoft 8/16/2015 7.2.3.0
App connector Microsoft Corporation 8/16/2015 1.3.3.0
Apple Application Support Apple Inc. 7/16/2014 95.0 MB 3.0.5
Apple Mobile Device Support Apple Inc. 7/16/2014 21.3 MB 7.1.2.6
Apple Software Update Apple Inc. 7/16/2014 2.38 MB 2.1.3.127
Avast Internet Security AVAST Software 10/16/2015 10.4.2233
AviSynth 2.5 8/16/2015
AVStoDVD 2.7.1 MrC 8/16/2015 2.7.1
Battle.net Blizzard Entertainment 11/7/2015
Bonjour Apple Inc. 7/16/2014 2.00 MB 3.0.0.10
Calculator Microsoft Corporation 11/25/2015 10.1511.24020.0
Camera Microsoft Corporation 10/31/2015 2015.1078.40.0
Candy Crush Saga king.com 10/21/2015 1.620.1.0
CCleaner Piriform 11/28/2015 5.12
CDBurnerXP CDBurnerXP 8/9/2013 11.1 MB 4.5.2.4214
Citrix Online Launcher Citrix 2/9/2015 294 KB 1.0.258
Citrix Receiver Citrix Systems, Inc. 8/16/2015 14.1.200.13
CloneDVD2 Elaborate Bytes 8/16/2015 2.9.3.0
CloneDVDmobile SlySoft 8/16/2015 1.9.0.1
CopyTrans Suite Remove Only WindSolutions 8/16/2015 2.37
CrashPlan CrashPlan 12/3/2013 91.4 MB 3.5.3
CutePDF Writer 3.0 CutePDF.com 8/16/2015 3.0
Driver & Application Installation Lenovo 6/9/2013 6.12.0911
Dropbox Dropbox, Inc. 11/11/2015 3.10.11
eBay eBay, Inc 8/16/2015 1.6.0.34
Encyclopaedia Britannica Encyclopaedia Britannica 8/16/2015 1.1.1.20
ESET Online Scanner v3 11/28/2015
Evernote v. 5.8.8 Evernote Corp. 6/13/2015 233 MB 5.8.8.7837
ffdshow v1.2.4422 [2012-04-09] 8/10/2013 13.5 MB 1.2.4422.0
FileZilla Client 3.7.3 Tim Kosse 8/16/2015 8.93 MB 3.7.3
FreeRide Games Exent Technologies 6/9/2013 07.05.80.00
Get Office Microsoft Corporation 11/19/2015 17.6418.23501.0
Get Skype Skype 8/16/2015 3.2.1.0
Get Started Microsoft Corporation 11/10/2015 2.5.6.0
Google Chrome Google Inc. 8/5/2013 46.0.2490.86
Google Earth Google 10/6/2015 179 MB 7.1.5.1557
Google Talk Plugin Google 4/21/2015 15.0 MB 5.41.2.0
Groove Music Microsoft Corporation 11/11/2015 3.6.15131.0
Haali Media Splitter 8/16/2015
HDD Raw Copy Tool v1.10 HDDGURU 5/25/2015 2.65 MB
Intel AppUp(SM) center Intel 8/16/2015 3.6.1.33057.10
Intel® Management Engine Components Intel Corporation 8/5/2013 8.1.0.1252
Intel® Processor Graphics Intel Corporation 11/3/2015 10.18.10.4276
Intel® SDK for OpenCL - CPU Only Runtime Package Intel Corporation 8/5/2013
IrfanView (remove only) Irfan Skiljan 8/16/2015 2.00 MB 4.37
iTunes Apple Inc. 7/16/2014 220 MB 11.3.0.54
join.me LogMeIn, Inc. 8/16/2015 1.20.0.125
Kindle AMZN Mobile LLC 8/16/2015 2.1.0.2
Lenovo Assistant Lenovo 6/9/2013 2.0.0.23
Lenovo Blacksilk USB Keyboard Driver Lenovo 6/9/2013 V1.4.11.0608
Lenovo Cloud Storage by SugarSync SugarSync Inc. 8/16/2015 1.3.0.889
Lenovo Companion Lenovo, INC. 10/31/2015 3.34.0.0
Lenovo Photos CEWE COLOR AG u Co. OHG 8/16/2015 227 MB 4.8.5
Lenovo Power2Go CyberLink Corp. 6/9/2013 154 MB 6.0.6917
Lenovo PowerDVD10 CyberLink Corp. 6/9/2013 217 MB 10.0.4126.52
Lenovo Rescue System CyberLink Corp. 8/16/2015 4.0.0.0822
Lenovo Solution Center Lenovo Group Limited 8/16/2015 38.4 MB 2.8.004.00
Lenovo Support Lenovo, INC. 8/16/2015 2.0.5.0
Live TV FilmOn TV Inc. 8/16/2015 1.3.6.115
LVT Lenovo 6/9/2013 5.00.0914
Mail and Calendar Microsoft Corporation 11/17/2015 17.6416.42001.0
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 11/26/2015 66.1 MB 2.2.0.1024
Maps Microsoft Corporation 11/16/2015 4.1511.3161.0
McAfee® Central for Lenovo McAfee_Inc 8/16/2015 4.5.141.1
Merriam-Webster Dictionary Merriam-Webster, Inc. 8/16/2015 1.0.1.1
Microsoft Office 365 ProPlus - en-us Microsoft Corporation 11/27/2015 15.0.4771.1004
Microsoft Office Live Meeting 2007 Microsoft Corporation 10/7/2014 52.3 MB 8.0.6362.223
Microsoft RichCopy 4.0 Microsoft Corporation 6/9/2014 8.04 MB 4.0.216
Microsoft Silverlight Microsoft Corporation 8/13/2015 199 MB 5.1.40728.0
Microsoft Solitaire Collection Microsoft Studios 11/10/2015 3.5.11021.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 1/1/2015 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 1/2/2015 3.22 MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 6/9/2013 9.64 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 6/9/2013 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 2/12/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 2/12/2015 11.1 MB 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 8/16/2015 10.0.50903
Money Microsoft Corporation 11/17/2015 4.7.118.0
Movies & TV Microsoft Corporation 11/18/2015 3.6.15361.0
MSN Food & Drink Microsoft Corporation 8/16/2015 3.0.4.336
MSN Health & Fitness Microsoft Corporation 8/16/2015 3.0.4.336
MSN Travel Microsoft Corporation 8/16/2015 3.0.4.336
My Citrix Desktop Delivered by Citrix 8/16/2015 1.0
News Microsoft Corporation 11/17/2015 4.7.118.0
Nitro Pro 8 Nitro 6/9/2013 274 MB 8.0.10.7
OneKey Recovery CyberLink Corp. 8/5/2013 4.0.0.0822
OneNote Microsoft Corporation 11/20/2015 17.6366.15391.0
Pandora PANDORA MEDIA, INC. 8/16/2015 2.0.8
People Microsoft Corporation 11/3/2015 10.0.3030.0
Phone Companion Microsoft Corporation 11/20/2015 10.1511.18010.0
Photos Microsoft Corporation 11/21/2015 15.1120.13270.0
PowerDVD for Lenovo Idea CYBERLINK COM CORPORATION 8/16/2015 1.1.2618.24808
rara music RARA MEDIA GROUP LIMITED 8/16/2015 1.0.25.23
Reader Microsoft Corporation 8/16/2015 6.4.9926.17994
Realtek Ethernet Controller Driver Realtek 6/9/2013 8.2.612.2012
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 8/16/2015 6.0.1.7535
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 6/9/2013 6.1.8400.39030
REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 6/9/2013 1.00.0187
Shared C Run-time for x64 McAfee 6/9/2013 1.38 MB 10.0.0
SketchUp 2013 Trimble Navigation Limited 11/23/2013 164 MB 13.0.4812
Smilebox Smilebox, Inc. 8/16/2015 7.81 MB 1.0.0.28509
Sports Microsoft Corporation 11/24/2015 4.7.130.0
Spotify Spotify AB 11/28/2015 1.0.18.60.g5fe0413d
StarCraft II Blizzard Entertainment 11/7/2015
Store Microsoft Corporation 11/19/2015 2015.23.23.0
SugarSync Manager SugarSync, Inc. 8/16/2015 1.9.61.90905
The Ur-Quan Masters 0.7.0 8/16/2015 0.7.0
TMPGEnc Video Mastering Works 6 Trial Pegasys Inc. 9/19/2015 393 MB 6.0.7.19
Twitter Twitter Inc. 11/4/2015 4.2.5.0
UltraVnc uvnc bvba 5/17/2014 6.97 MB 1.1.9.6
Unity Web Player Unity Technologies ApS 8/16/2015 12.0 MB
Ur-Quan Masters High Definition Beta 1 8/16/2015
VLC media player 2.0.8 VideoLAN 8/16/2015 2.0.8
VLC Streamer 5.11 Hobbyist Software 9/28/2015 20.2 MB
Voice Recorder Microsoft Corporation 11/20/2015 10.1511.17110.0
Weather Microsoft Corporation 11/17/2015 4.7.118.0
Win32DiskImager version 0.9.5 ImageWriter Developers 2/14/2015 44.8 MB 0.9.5
Windows Live Essentials Microsoft Corporation 1/1/2015 16.4.3528.0331
Windows Reading List Microsoft Corporation 8/16/2015 6.3.9654.20947
Windows Scan Microsoft Corporation 8/16/2015 6.3.9654.17133
WinRAR 5.21 beta 2 (64-bit) win.rar GmbH 8/16/2015 5.21.2
Xbox Microsoft Corporation 11/20/2015 11.11.19012.0
Xbox 360 SmartGlass Microsoft Corporation 8/16/2015 1.4.3.0
Zinio Reader Zinio LLC 8/16/2015 2.1.0.317
µTorrent BitTorrent Inc. 10/7/2015 3.4.5.41202
 
 
CCleaner Scheduled Tasks ADVANCED
 
Yes Task AikCertEnrollTask \Microsoft\Windows\CertificateServicesClient
Yes Task AnalyzeSystem \Microsoft\Windows\Power Efficiency Diagnostics
No Task AUFirmwareInstall \Microsoft\Windows\WindowsUpdate
No Task AUScheduledInstall \Microsoft\Windows\WindowsUpdate
Yes Task AUSessionConnect \Microsoft\Windows\WindowsUpdate
No Task Automatic-Device-Join Microsoft Corporation %SystemRoot%\System32\dsregcmd.exe \Microsoft\Windows\Workplace Join
No Task AutoWake \Microsoft\Windows\SideShow
Yes Task BindingWorkItemQueueHandler \Microsoft\Windows\NetCfg
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) \
Yes Task CleanupTemporaryState Microsoft Corporation %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState \Microsoft\Windows\ApplicationData
Yes Task Consolidator Microsoft Corporation %SystemRoot%\System32\wsqmcons.exe \Microsoft\Windows\Customer Experience Improvement Program
No Task Data Integrity Scan \Microsoft\Windows\Data Integrity Scan
Yes Task Diagnostics Microsoft Corporation %windir%\system32\disksnapshot.exe \Microsoft\Windows\DiskFootprint
Yes Task DmClient Microsoft Corporation %windir%\system32\dmclient.exe \Microsoft\Windows\Feedback\Siuf
Yes Task DropboxUpdateTaskUserS-1-5-21-2774201085-3614189751-1957685156-1001Core Dropbox, Inc. C:\Users\Duncan\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c \
Yes Task DropboxUpdateTaskUserS-1-5-21-2774201085-3614189751-1957685156-1001UA Dropbox, Inc. C:\Users\Duncan\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler \
Yes Task DsSvcCleanup Microsoft Corporation %windir%\system32\dstokenclean.exe \Microsoft\Windows\ApplicationData
Yes Task EDP Policy Manager \Microsoft\Windows\AppID
Yes Task FamilySafetyMonitor Microsoft Corporation %windir%\System32\wpcmon.exe \Microsoft\Windows\Shell
Yes Task FamilySafetyRefresh \Microsoft\Windows\Shell
No Task FamilySafetyUpload \Microsoft\Windows\Shell
Yes Task File History (maintenance mode) \Microsoft\Windows\FileHistory
Yes Task ForceSynchronizeTime \Microsoft\Windows\Time Synchronization
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c \
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler \
Yes Task GoogleUpdateTaskUserS-1-5-21-2774201085-3614189751-1957685156-1001Core Google Inc. C:\Users\Duncan\AppData\Local\Google\Update\GoogleUpdate.exe /c \
Yes Task GoogleUpdateTaskUserS-1-5-21-2774201085-3614189751-1957685156-1001UA Google Inc. C:\Users\Duncan\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler \
No Task HiveUploadTask \Microsoft\Windows\User Profile Service
No Task HybridDriveCachePrepopulate \Microsoft\Windows\Sysmain
No Task HybridDriveCacheRebalance \Microsoft\Windows\Sysmain
Yes Task IndexerAutomaticMaintenance \Microsoft\Windows\Shell
Yes Task KeyPreGenTask \Microsoft\Windows\CertificateServicesClient
Yes Task Lenovo-31304 C:\ProgramData\Lenovo-31304.vbs \Lenovo
Yes Task Lenovo-31343 C:\ProgramData\Lenovo-31343.vbs \Lenovo
Yes Task LPRemove Microsoft Corporation %windir%\system32\lpremove.exe \Microsoft\Windows\MUI
No Task Maintenance Install Microsoft Corporation %systemroot%\system32\usoclient.exe StartInstall \Microsoft\Windows\UpdateOrchestrator
Yes Task MapsUpdateTask \Microsoft\Windows\Maps
Yes Task Microsoft Compatibility Appraiser Microsoft Corporation %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW \Microsoft\Windows\Application Experience
Yes Task MNO Metadata Parser Microsoft Corporation %SystemRoot%\System32\MbaeParserTask.exe \Microsoft\Windows\Mobile Broadband Accounts
Yes Task MobilityManager \Microsoft\Windows\Ras
Yes Task MRT_HB Microsoft Corporation C:\WINDOWS\system32\MRT.exe /EHB /Q \Microsoft\Windows\RemovalTools
Yes Task MusUx_UpdateInterval Microsoft Corporation C:\WINDOWS\system32\MusNotification.exe Display \Microsoft\Windows\UpdateOrchestrator
Yes Task Office Automatic Updates Microsoft Corporation C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False \Microsoft\Office
Yes Task Office ClickToRun Service Monitor Microsoft Corporation C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /WatchService \Microsoft\Office
Yes Task Office Subscription Maintenance Microsoft Corporation C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe \Microsoft\Office
No Task Optimize Start Menu Cache Files-S-1-5-21-2774201085-3614189751-1957685156-1001 \
Yes Task Plug and Play Cleanup \Microsoft\Windows\Plug and Play
No Task Policy Install Microsoft Corporation %systemroot%\system32\usoclient.exe StartInstall \Microsoft\Windows\UpdateOrchestrator
No Task PolicyConverter Microsoft Corporation %windir%\system32\appidpolicyconverter.exe \Microsoft\Windows\AppID
Yes Task ProactiveScan \Microsoft\Windows\Chkdsk
Yes Task ProgramDataUpdater Microsoft Corporation %windir%\system32\rundll32.exe generaltel.dll,RunTelemetry -maintenance \Microsoft\Windows\Application Experience
Yes Task Proxy Microsoft Corporation %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations \Microsoft\Windows\Autochk
Yes Task QueueReporting Microsoft Corporation %windir%\system32\wermgr.exe -upload \Microsoft\Windows\Windows Error Reporting
Yes Task Reboot Microsoft Corporation C:\WINDOWS\system32\MusNotification.exe Reboot \Microsoft\Windows\UpdateOrchestrator
Yes Task ResPriStaticDbSync \Microsoft\Windows\Sysmain
No Task Resume On Boot Microsoft Corporation %systemroot%\system32\usoclient.exe ResumeUpdate \Microsoft\Windows\UpdateOrchestrator
Yes Task Schedule Scan Microsoft Corporation %systemroot%\system32\usoclient.exe StartScan \Microsoft\Windows\UpdateOrchestrator
Yes Task Scheduled Start Microsoft Corporation C:\WINDOWS\system32\sc.exe start wuauserv \Microsoft\Windows\WindowsUpdate
Yes Task Scheduled Start With Network Microsoft Corporation C:\WINDOWS\system32\sc.exe start wuauserv \Microsoft\Windows\WindowsUpdate
Yes Task ScheduledDefrag Microsoft Corp. %windir%\system32\defrag.exe -c -h -o -$ \Microsoft\Windows\Defrag
Yes Task Secure-Boot-Update \Microsoft\Windows\PI
Yes Task SpaceAgentTask Microsoft Corporation %windir%\system32\SpaceAgent.exe \Microsoft\Windows\SpacePort
No Task SQM data sender \Microsoft\Windows\IME
Yes Task Sqm-Tasks \Microsoft\Windows\PI
Yes Task SR Microsoft Corporation %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation \Microsoft\Windows\SystemRestore
Yes Task StartComponentCleanup \Microsoft\Windows\Servicing
Yes Task SynchronizeTime Microsoft Corporation %windir%\system32\sc.exe start w32time task_started \Microsoft\Windows\Time Synchronization
Yes Task SynchronizeTimeZone Microsoft Corporation %windir%\system32\tzsync.exe \Microsoft\Windows\Time Zone
Yes Task Sysprep Generalize Drivers Microsoft Corporation %SystemRoot%\System32\drvinst.exe 6 \Microsoft\Windows\Plug and Play
No Task SystemDataProviders \Microsoft\Windows\SideShow
Yes Task SystemTask \Microsoft\Windows\CertificateServicesClient
Yes Task Tpm-HASCertRetr \Microsoft\Windows\TPM
Yes Task Tpm-Maintenance \Microsoft\Windows\TPM
No Task Uninstallation \Microsoft\Windows\LanguageComponentsInstaller
Yes Task UninstallDeviceTask Microsoft Corporation BthUdTask.exe $(Arg0) \Microsoft\Windows\Bluetooth
Yes Task UPnPHostConfig Microsoft Corporation sc.exe config upnphost start= auto \Microsoft\Windows\UPnP
Yes Task USO_UxBroker_Display Microsoft Corporation C:\windows\system32\MusNotification.exe Display \Microsoft\Windows\UpdateOrchestrator
Yes Task USO_UxBroker_ReadyToReboot Microsoft Corporation C:\windows\system32\MusNotification.exe ReadyToReboot \Microsoft\Windows\UpdateOrchestrator
No Task VerifiedPublisherCertStoreCheck Microsoft Corporation %windir%\system32\appidcertstorecheck.exe \Microsoft\Windows\AppID
Yes Task WIM-Hash-Management \Microsoft\Windows\WOF
No Task WIM-Hash-Validation \Microsoft\Windows\WOF
Yes Task WinSAT \Microsoft\Windows\Maintenance
Yes Task WsSwapAssessmentTask Microsoft Corporation %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask \Microsoft\Windows\Sysmain
Yes Task WSTask \Microsoft\Windows\WS
 


#8 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:36 PM

Posted 29 November 2015 - 08:17 AM

Uninstall these programs: Use CCleaner by clicking on each item and then choose uninstall on the right.

µTorrent BitTorrent Inc. 10/7/2015 3.4.5.41202

Unity Web Player Unity Technologies ApS 8/16/2015 12.0 MB

ESET Online Scanner v3 11/28/2015

 

Disable these Scheduled Tasks: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DropboxUpdateTaskUserS-1-5-21-2774201085-3614189751-1957685156-1001Core Dropbox, Inc. C:\Users\Duncan\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-2774201085-3614189751-1957685156-1001UA Dropbox, Inc. C:\Users\Duncan\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-2774201085-3614189751-1957685156-1001Core Google Inc. C:\Users\Duncan\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-2774201085-3614189751-1957685156-1001UA Google Inc. C:\Users\Duncan\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
 
Disable these Windows Startups:
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\Duncan\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run Google Update Google Inc. "C:\Users\Duncan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run Spotify Spotify Ltd "C:\Users\Duncan\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Duncan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:Run uTorrent BitTorrent Inc. "C:\Users\Duncan\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
Yes HKLM:Run CitrixReceiver "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Duncan\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes Startup User EvernoteClipper.lnk Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

Edited by buddy215, 29 November 2015 - 08:26 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Duncan2015

Duncan2015
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 29 November 2015 - 08:56 AM

Good morning,

 

Completed.  I uninstalled and disabled per your instructions.  I have not rebooted or doing anything other than reply to this thread since.



#10 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:36 PM

Posted 29 November 2015 - 09:04 AM

Is there any sign of the original problem...the files written in chinese? If it shows up again, please let me know.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Duncan2015

Duncan2015
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 29 November 2015 - 09:15 AM

Not yet.  I don't know if there was a pattern previously.  I will check it throughout the day as I use it.  Thank you!

If it does appear again, Should I reply to this thread?

 

Thank you again!



#12 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:36 PM

Posted 29 November 2015 - 09:34 AM

If it appeared again I was going to suggest you post a new topic in the Malware Removal Forum using the instructions below.

But I would also appreciate letting me know in this topic if it does show up again.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 Waves2017

Waves2017

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 26 February 2017 - 03:39 PM

Duncan2015, do you use VLC Video Player? I see it in your results, I encountered something similar and was in the process of submitting my own post when I stumbled upon people discussing the fact that VLC creates links that Windows does not like. It is possible that your files are being created by VLC creating soft links, discovered by someone booting into LIVE via a Linux distro and reviewing the files.

 

Here is "a" link to reddit where people are discussing VLC and another application. TL;DR a newer version of VLC resolved the issue, or unchecking the preference for saving recently viewed files in VLC.

 

https://www.reddit.com/r/AskReddit/comments/fvfuj/reddit_i_found_a_weird_link_to_an_unknown_folder/c1sy33b/

 

I don't know if this information may be helpful in identifying the cause of the files or not, but I hope it is additional information the two of you can use. My "file" shows up right next to the .ogg file I opened in VLC.

 

Cheers



#14 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:36 PM

Posted 27 February 2017 - 08:33 AM

Waves2017....you have commented on an old topic....November of 2015. The topic starter's problem was solved back then. But thanks for the

added info as someone may find it helpful.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 tinytoasterman

tinytoasterman

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 23 September 2017 - 04:51 AM

I was also having this type of problem but only 1 appeared,I tried to translate it and it said "楦敬⼺⼯㩃唯敳獲樯敯敶橮⽲牄灯潢⽸慷捴╨〲潨╷〲╩〲汰祡ㄭ洮㑰" "The last time you have been asked to do this, and you will be asked to do so." I was freaked out with this message so i am checking for any viruses.So far so good






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users