Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bigseekpro.com internet explorer hijacker, malwarebytes failed to install


  • Please log in to reply
9 replies to this topic

#1 rbrtwhill

rbrtwhill

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 28 December 2015 - 11:28 PM

Hi,  I have a laptop running Windows 7 that I just powered up after not using for about a year.  The SSD was dead so I installed the old hard drive that I upgraded from.  The old hard drive works but it appears it has a bigseekpro.com hijacker on Internet Explorer but not Chrome.  I do not recall that it was a problem before I installed the SSD.  The last thing I remember doing with the old hard drive was to download some software from the SSD manufacturer (PNY) to transfer the data (image?) on the old HD to the SSD.  The transfer software didn't work so I just did a fresh install on the SSD.

 

I tried installing Malwarebytes but the installer said it was finished but would never close.  I tried closing the installer but it just hung the system.  I rebooted fine but malwarebytes won't start and it gives me the following error when I try to uninstall:

 

Runtime Error (at 102:80): External exception E06D7363

 

I tried running in safe mode with networking but it doesn't help.

 

I tried installing the malwarebytes root kit tool but that hangs up in the middle of the scan on some dll when running in safe mode.  I have to reboot the computer at that point.

 

Thank you for any assistance,

 

Bob



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,878 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:37 AM

Posted 29 December 2015 - 05:58 AM

Use the programs below in regular mode. If there is a problem doing that, let me know.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 rbrtwhill

rbrtwhill
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 30 December 2015 - 02:01 AM

Thanks for the quick reply.  I had to run programs in safe mode with networking as Chrome and Windows Explorer wouldn't open up.
 
# AdwCleaner v5.026 - Logfile created 29/12/2015 at 22:35:20
# Updated 21/12/2015 by Xplode
# Database : 2015-12-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Mr. Boxty - TIMELINE-X
# Running from : C:\Users\Mr. Boxty\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\Mr. Boxty\AppData\LocalLow\Toolbar4
 
***** [ Files ] *****
 
File Found : C:\Users\Bailey's Dad\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
File Found : C:\Users\Bailey's Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKCU\Software\APN PIP
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.bigseekpro.com/worldoftanksskins6/{5DAEEFDC-E9FA-48BB-985E-C4AE9EECFA7C}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.bigseekpro.com/worldoftanksskins6/{5DAEEFDC-E9FA-48BB-985E-C4AE9EECFA7C}
Data Found : HKU\S-1-5-21-3698338962-2533034098-1129603006-1000_Classes\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.bigseekpro.com/worldoftanksskins6/{5DAEEFDC-E9FA-48BB-985E-C4AE9EECFA7C}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
 
***** [ Web browsers ] *****
 
[C:\Users\Mr. Boxty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : isearch.avg.com
[C:\Users\Mr. Boxty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Mr. Boxty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Bailey's Dad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : isearch.avg.com
[C:\Users\Bailey's Dad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Bailey's Dad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4485 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64 
Ran by Mr. Boxty (Limited) on Tue 12/29/2015 at 22:56:15.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Program Files (x86)\GUTBECC.tmp (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/29/2015 at 22:57:34.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#4 buddy215

buddy215

  • BC Advisor
  • 12,878 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:37 AM

Posted 30 December 2015 - 06:39 AM

EDIT: Move AdwCleaner to the Desktop...it is running from Downloads

 

Rerun AdwCleaner and be sure to choose Clean after the scan finishes.

 

Uninstall MBAM by following the instructions at Malwarebytes | How do I uninstall Malwarebytes Anti-Mal... for using their Clean Uninstall Tool.

 

Run a Scan using RKill after uninstalling MBAM. DO NOT reboot after scanning with Rkill until you have downloaded MBAM, installed MBAM and

run a scan with it using the settings below.

 

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed. Use this obfuscated link to download Rkill: iExplore.exe Download Link

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

If the MBAM scan is successful, run a scan using Eset Online Scanner.

 

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by buddy215, 30 December 2015 - 06:45 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 rbrtwhill

rbrtwhill
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 30 December 2015 - 02:10 PM

I wasn't sure if you wanted the adwcleaner file or not but I'm including it below with the Malwarebytes and eset logs:
 
# AdwCleaner v5.026 - Logfile created 30/12/2015 at 07:46:47
# Updated 21/12/2015 by Xplode
# Database : 2015-12-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Mr. Boxty - TIMELINE-X
# Running from : C:\Users\Mr. Boxty\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [592 bytes] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/30/2015
Scan Time: 8:15 AM
Logfile: mbytes scan log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.30.04
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mr. Boxty
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 423945
Time Elapsed: 55 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 2
PUP.Optional.Softomate, HKU\S-1-5-21-3698338962-2533034098-1129603006-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{CA3EB689-8F09-4026-AA10-B9534C691CE0}, Quarantined, [77c5f9b2454669cdd49c1059a45ec53b], 
PUP.Optional.Softomate, HKU\S-1-5-21-3698338962-2533034098-1129603006-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{CA3EB689-8F09-4026-AA10-B9534C691CE0}, Quarantined, [77c5f9b2454669cdd49c1059a45ec53b], 
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
Here is the eset file:
 
C:\$Recycle.Bin\S-1-5-21-3698338962-2533034098-1129603006-1001\$R85EDJ8.exe Win32/DownWare.W potentially unwanted application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-3698338962-2533034098-1129603006-1001\$RACFG8V.exe a variant of Win32/OpenInstall potentially unwanted application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3698338962-2533034098-1129603006-1001\$RVNHE6F.exe Win32/DownWare.W potentially unwanted application deleted - quarantined
 


#6 buddy215

buddy215

  • BC Advisor
  • 12,878 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:37 AM

Posted 30 December 2015 - 03:44 PM

Good...MBAM problem solved. Some adware found and removed including .bigseekpro.com.

 

Last step unless something else pops up:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 rbrtwhill

rbrtwhill
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 30 December 2015 - 05:27 PM

It took me two attempts to get the cccleaner startup files because  CCCleaner and Chrome are both freezing up (says "not responding").  Even notepad is freezing up and the hour glass is spinning.  At some point Chrome crashed twice.  First is the Windows Startup:

 

No HKCU:Run EADM All users "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
No HKCU:Run EasyTether All users "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"
No HKCU:Run Fitbit Connect All users "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
Yes HKCU:Run Google Update Google Inc. Mr. Boxty "C:\Users\Mr. Boxty\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run HydraVisionDesktopManager AMD Mr. Boxty "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
No HKCU:Run RadeonPro John Mautari All users "C:\Program Files (x86)\RadeonPro\RadeonPro.exe"
No HKCU:Run Steam Valve Corporation All users "C:\Program Files (x86)\Steam\Steam.exe" -silent
Yes HKLM:Run avast All users "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
Yes HKLM:Run AVG_UI AVG Technologies CZ, s.r.o. All users "C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
Yes HKLM:Run AvgUi AVG Technologies CZ, s.r.o. All users "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
Yes HKLM:Run HotKeysCmds Intel Corporation All users C:\Windows\system32\hkcmd.exe
Yes HKLM:Run IgfxTray Intel Corporation All users C:\Windows\system32\igfxtray.exe
Yes HKLM:Run Launch LCore Logitech Inc. All users C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
Yes HKLM:Run Persistence Intel Corporation All users C:\Windows\system32\igfxpers.exe
No HKLM:Run PlayClaw All users "C:\Program Files (x86)\PlayClaw 5\PlayClawLauncher.exe"
No HKLM:Run Raptr All users C:\PROGRA~2\Raptr\raptrstub.exe --startup
Yes HKLM:Run StartCCC Advanced Micro Devices, Inc. All users "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation All users "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run SynTPEnh Synaptics Incorporated All users %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
No Startup User OpenOffice.org 3.4.1.lnk Mr. Boxty C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE 
 
Here is the scheduled tasks:
 
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated All users C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd Mr. Boxty "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-3698338962-2533034098-1129603006-1000Core Mr. Boxty C:\Users\Mr. Boxty\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-3698338962-2533034098-1129603006-1000UA Mr. Boxty C:\Users\Mr. Boxty\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
 
Installed apps:
 
7-Zip 9.22beta 4/25/2013 All users
Acer System Information Acer 6/11/2014 129 KB 1.0.0 All users
Adobe AIR Adobe Systems Incorporated 9/22/2012 3.4.0.2540 All users
Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 12/28/2015 17.6 MB 20.0.0.267 All users
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 12/29/2015 18.1 MB 20.0.0.267 All users
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 6/12/2014 26.3 MB 8.0.916.0 All users
Aslain's XVM mod version 3.0.25 Aslain 11/24/2013 12.2 MB 3.0.25 All users
Aslain's XVM Mod version 3.6.5 Aslain 6/12/2014 200 MB 3.6.5 All users
Atheros Client Installation Program Atheros 9/3/2012 9.0 All users
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 9/3/2012 1.0.0.23 All users
AVG AVG Technologies 12/29/2015 1.22.1.40089 All users
AVG Protection AVG Technologies 12/29/2015 2016.12.7303 All users
CCleaner Piriform 12/28/2015 5.13 All users
Creative ALchemy Creative Technology Limited 2/21/2013 1.43 All users
Creative Audio Control Panel Creative Technology Limited 2/21/2013 3.00 All users
DisplayLink Core Software DisplayLink Corp. 6/11/2014 26.2 MB 7.6.55673.0 All users
DisplayLink Graphics DisplayLink Corp. 6/11/2014 85.0 KB 7.6.55705.0 All users
Dokan Library 0.6.0 3/28/2013 All users
ESET Online Scanner v3 12/30/2015 All users
Google Chrome Google Inc. 9/3/2012 47.0.2526.106 Mr. Boxty
Google Chrome Frame Google Inc. 10/26/2012 32.0.1700.107 All users
Google Earth Plug-in Google 12/31/2013 83.8 MB 7.1.2.2041 All users
Host OpenAL Creative Technology Limited 2/21/2013 2.02 All users
Java 7 Update 60 Oracle 3/15/2013 129 MB 7.0.600 All users
Logitech Gaming Software 8.45 Logitech Inc. 4/27/2013 83.1 MB 8.45.88 All users
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 12/30/2015 66.0 MB 2.2.0.1024 All users
Microsoft .NET Framework 4.5.1 Microsoft Corporation 5/30/2014 38.8 MB 4.5.50938 All users
Microsoft Silverlight Microsoft Corporation 3/18/2014 199 MB 5.1.30214.0 All users
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 9/18/2012 300 KB 8.0.56336 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 4/27/2013 252 KB 9.0.30729 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 9/3/2012 788 KB 9.0.30729.4148 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 9/11/2012 788 KB 9.0.30729.6161 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 9/18/2012 2.87 MB 9.0.21022 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10/30/2012 238 KB 9.0.30729 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9/3/2012 596 KB 9.0.30729.4148 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 9/11/2012 600 KB 9.0.30729.6161 All users
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 12/28/2015 13.8 MB 10.0.40219 All users
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 12/10/2012 15.0 MB 10.0.40219 All users
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 Microsoft Corporation 6/12/2014 20.4 MB 11.0.50727.1 All users
NVIDIA PhysX NVIDIA Corporation 10/30/2012 78.9 MB 9.10.0513 All users
OpenOffice.org 3.4.1 Apache Software Foundation 9/19/2012 314 MB 3.41.9593 All users
PlayClaw 5 fast codec 6/11/2014 1.37 MB 5 All users
PunkBuster Services Even Balance, Inc. 1/12/2013 0.986 All users
RadeonPro 1.0 (Build 1.1.1.0) 6/11/2014 26.5 MB All users
Steam 11/23/2013 All users
Steam Valve Corporation 11/23/2013 All users
Synaptics Pointing Device Driver Synaptics Incorporated 3/2/2013 14.0.6.0 All users
Third Age - Total War 3.0 (Part 1of2) 12/29/2015 Mr. Boxty
Third Age - Total War 3.0 (Part 2of2) 12/29/2015 Mr. Boxty
Visual Studio 2012 x64 Redistributables AVG Technologies 12/29/2015 12.9 MB 14.0.0.1 All users
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 12/29/2015 10.5 MB 14.0.0.1 All users
World of Tanks Wargaming.net 6/11/2014 16.5 MB All users
 
 


#8 buddy215

buddy215

  • BC Advisor
  • 12,878 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:37 AM

Posted 30 December 2015 - 06:19 PM

Disable these Windows Startups: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes HKCU:Run Google Update Google Inc. Mr. Boxty "C:\Users\Mr. Boxty\AppData\Local\Google\Update\GoogleUpdate.exe" /c

Yes HKLM:Run avast All users "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui (Avast is a better choice of Free antivirus programs)

Yes HKLM:Run IgfxTray Intel Corporation All users C:\Windows\system32\igfxtray.exe

Yes HKLM:Run SunJavaUpdateSched Oracle Corporation All users "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

Disable ALL Six Scheduled Tasks

 

Uninstall these programs:

7-Zip 9.22beta 4/25/2013 All users

Adobe AIR Adobe Systems Incorporated 9/22/2012 3.4.0.2540 All users

ESET Online Scanner v3 12/30/2015 All users

Google Chrome Frame Google Inc. 10/26/2012 32.0.1700.107 All users

Java 7 Update 60 Oracle 3/15/2013 129 MB 7.0.600 All users

Microsoft Silverlight Microsoft Corporation 3/18/2014 199 MB 5.1.30214.0 All users

PlayClaw 5 fast codec 6/11/2014 1.37 MB 5 All users

 

Reset Google Chrome

Google Chrome gives you the option to reset your browser settings in one easy click. In some cases, programs that you install can change your Chrome settings without your knowledge. You may see additional extensions and toolbars or a different search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

 

 

Reset your Chrome browser settings
  1. In the top-right corner of the browser window, click the Chrome menu
  2. Select Settings.
  3. At the bottom, click Show advanced settings.
  4. Under the section "Reset settings,” click Reset settings.
  5. In the dialog that appears, click Reset.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 rbrtwhill

rbrtwhill
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 01 January 2016 - 01:35 PM

Okay, disabled or uninstalled all the items you listed.  Played with the laptop a bit yesterday and seems to be working fine.  No lags or freezes so far.  Anything else I need to check?



#10 buddy215

buddy215

  • BC Advisor
  • 12,878 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:37 AM

Posted 01 January 2016 - 01:39 PM

I think that was what you wanted....working fine....happy surfin'

Enjoyed working with you...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users