Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 Hidden Unknown Background Application


  • Please log in to reply
16 replies to this topic

#1 giganut

giganut

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 16 January 2016 - 11:35 AM

Hello, I have what I believe to be a problem. On all my Windows 10 machines I have discovered a Hidden Unknown Background Process running at all times. This Unknown Process is not visible in the normal task manager, it's only visible in third party tools like cports and other networking tools. Dose any one know what this is, or if it's a problem or not. Sometimes the Unknown Process will launch many other Unknown Processes making windows 10 slow to react. Below is a list of hosts the Unknown Process is sending requests back and forth to.

w7chmnV.png

Not everything in the list below was coming from this Unknown Process but a lot of it was, I just copied out my block list from my host file and posted it, so some of the list may have been coming from other possesses but most of them are from this Unknown Background application in windows 10.
 

sirius.mwbsys.com
sirius-prod.elasticbeanstalk.com
prev.cloud.avg.com
v10.vortex-win.data.microsoft.com
v10.vortex-win.data.metron.live.com.nsatc.net
vortex.data.glbdns2.microsoft.com
VORTEX-cy2.metron.live.com.nsatc.net
tools.l.google.com
sns.dns.icann.org
settings-win.data.microsoft.com
OneSettings-bn2.metron.live.com.nsatc.net
stats.mbamupdates.com
Collection-Balancer-1322209416.us-east-1.elb.amazonaws.com
data-cdn.mbamupdates.com
vip0x062.ssl.hwcdn.net
prisoner.iana.org
settings.data.glbdns2.microsoft.com
ieonlinews.microsoft.com
ocsp2.globalsign.com
crl.usertrust.com
live.com
ns1.msft.net
rns02.charter.com
rns01.charter.com
akamaitechnologies.com
Vortex-db5.metron.live.com.nsatc.net
prev.explabs.net
vip098.ssl.hwcdn.net
ns1.gts.cz
ocsp.verisign.com
ocsp-ds.ws.symantec.com.edgekey.net
e8218.dscb1.akamaiedge.net
ns1.edgecastcdn.net
av.download.avg.com
aa.avg.com
aa.avg.com.edgesuite.net
a1019.g2.akamai.net
amazonaws.com
avg.cz
dm2306-a.1drv.com
av.update.avg.com
update.avg.com.edgekey.net
e11023.a.akamaiedge.net
s3-1.amazonaws.com
yk-in-f108.1e100.net
yv-in-f136.1e100.net
yx-in-f102.1e100.net
yv-in-f113.1e100.net
yv-in-f95.1e100.net
ns1.google.com
ns2.google.com
ns3.google.com
ns4.google.com
ec2-52-25-54-181.us-west-2.compute.amazonaws.com
ec2-52-35-210-189.us-west-2.compute.amazonaws.com
a23-61-187-27.deploy.static.akamaitechnologies.com
a104-79-133-115.deploy.static.akamaitechnologies.com
a104-91-166-96.deploy.static.akamaitechnologies.com
a104-91-166-96.deploy.static.akamaitechnologies.com    
a184-31-193-149.deploy.static.akamaitechnologies.com
c6945.sgvps.net
atl14s21-in-f6.1e100.net
yx-in-f156.1e100.net
yv-in-f102.1e100.net
yx-in-f101.1e100.net
yw-in-f95.1e100.net
a23-61-75-27.deploy.static.akamaitechnologies.com
xx-fbcdn-shv-01-ord1.fbcdn.net
a104-91-166-91.deploy.static.akamaitechnologies.com
a23-64-112-45.deploy.static.akamaitechnologies.com
a104-91-166-90.deploy.static.akamaitechnologies.com
a104-91-166-113.deploy.static.akamaitechnologies.com
a104-91-166-83.deploy.static.akamaitechnologies.com
mq-cov-osm-dtc-mapquest-a.evip.aol.com
ec2-54-175-215-216.compute-1.amazonaws.com
a23-64-126-247.deploy.static.akamaitechnologies.com
a-0001.a-msedge.net
coral.wiktel.com
71.10.216.1 : rns01.charter.com
ec2-23-23-131-45.compute-1.amazonaws.com
ec2-23-21-130-13.compute-1.amazonaws.com
ec2-52-11-75-113.us-west-2.compute.amazonaws.com
token.r53-2.services.mozilla.com
clients.l.google.com
youtube-ui.l.google.com
ec2-54-152-180-212.compute-1.amazonaws.com
www-google-analytics.l.google.com
a104-91-212-129.deploy.static.akamaitechnologies.com
a104-91-230-199.deploy.static.akamaitechnologies.com
a104-91-166-234.deploy.static.akamaitechnologies.com
a104-91-166-82.deploy.static.akamaitechnologies.com
a104-91-166-80.deploy.static.akamaitechnologies.com
a104-91-192-31.deploy.static.akamaitechnologies.com
ec2-50-17-192-248.compute-1.amazonaws.com
yv-in-f91.1e100.net
ec2-52-88-115-84.us-west-2.compute.amazonaws.com
ghs-vip-any-c46.ghs-ssl.googlehosted.com
den03s10-in-f36.1e100.net
yw-in-f190.1e100.net
ec2-54-209-5-173.compute-1.amazonaws.com
ec2-52-27-138-29.us-west-2.compute.amazonaws.com
yw-in-f113.1e100.net
a104-91-166-104.deploy.static.akamaitechnologies.com
166-22.amazon.com
a104-91-230-198.deploy.static.akamaitechnologies.com
ec2-50-16-234-116.compute-1.amazonaws.com
crl.comodoca.com
messengerskydrive.com
a23-64-119-117.deploy.static.akamaitechnologies.com
a72-246-104-169.deploy.akamaitechnologies.com
yx-in-f95.1e100.net
yv-in-f94.1e100.net
qh-in-f106.1e100.net
18-127-232-198.static.unitasglobal.net
120.0.0.1 d1-3-0-0-19.a01.nycmny03.us.ce.verio.net
120.0.0.1 ec2-54-183-163-208.us-west-1.compute.amazonaws.com
120.0.0.1 ya-in-f139.1e100.net
120.0.0.1 ya-in-f94.1e100.net
120.0.0.1 ec2-52-25-54-181.us-west-2.compute.amazonaws.com
120.0.0.1 ql-in-f105.1e100.net
120.0.0.1 a23-61-75-27.deploy.static.akamaitechnologies.com
server-52-84-7-171.ord54.r.cloudfront.net
ya-in-f94.1e100.net
94.31.29.154.IPYX-077437-ZYO.above.net
yx-in-f94.1e100.net
5b.89.7e4b.ip4.static.sl-reverse.com

I would like to add that I can't find this application at this time on my machine. I also can't kill it and when it's tampered with it seem to go into a protection mode and go's dormant for some time and then relaunches it's self.

 

q5JIcJj.png

 

I'm not sure and I could be wrong but it seems to send information about the websites I'm looking at at the time.


Edited by giganut, 16 January 2016 - 11:38 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,300 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:28 AM

Posted 16 January 2016 - 01:16 PM

You have adware on the computer for sure. Suggest running the programs below to find and remove adware and malware.

Do you use amazonaws.com......cloud computing services.?

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:28 AM

Posted 16 January 2016 - 01:41 PM

FWIW:  This exact same post appears at www.malwarebytes.com , as a General Chat post.

 

I'm curious as to why it's a Gen Chat item there...while you posted the exact same thing as an Am I Infected item.

 

FWIW:  Posting the same content at various websites is subject to be possibly viewed as spam or possibly result in conflicting suggestions/comments from each of the differing websites.  Edither result is probably not what you wish.

 

Louis



#4 giganut

giganut
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 16 January 2016 - 01:56 PM

 

You have adware on the computer for sure. Suggest running the programs below to find and remove adware and malware.

Do you use amazonaws.com......cloud computing services.?

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 

Hello and thank you for your detailed reply, I have been a long time user of ccleaner and Malwarebytes' Anti-Malware (Premium) for years, I run ccleaner multiple times a day and run Malwarebytes' Anti-Malware (Premium) at least a few times a week.  Both of these tools have failed to come up with any positives for this Unknown Background Application.

I'm not using any of amazon services.

 

I'm going to start running all your suggestions now and I will let you know what it comes up with.


Edited by giganut, 16 January 2016 - 02:06 PM.


#5 giganut

giganut
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 16 January 2016 - 01:57 PM

FWIW:  This exact same post appears at www.malwarebytes.com , as a General Chat post.

 

I'm curious as to why it's a Gen Chat item there...while you posted the exact same thing as an Am I Infected item.

 

FWIW:  Posting the same content at various websites is subject to be possibly viewed as spam or possibly result in conflicting suggestions/comments from each of the differing websites.  Edither result is probably not what you wish.

 

Louis

 

Yes I'm a premium user of Malwarebytes' Anti-Malware and felt they needed to know about the problem. As of yet no software is detecting this problem so far. I'm not sure what you mean by spam? I'm not selling or promoting any products or sites? Just trying to get help.


Edited by giganut, 16 January 2016 - 02:07 PM.


#6 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 16 January 2016 - 03:07 PM

Just my 2 cents...  :wink:

 

Those "Unknown" processes in CurrPorts are nothing to worry about, they're processes exiting during the testing. CurrPorts detects an open port but cannot find the process because it exited already.

 

And the content of your hosts file has nothing to do with the connections being made (rather the opposite).

But there are indeed strange things in your hosts file that aren't supposed to be there and the formatting is not correct...

 

I'm going to leave you in the hands of the "malware-hunters" for further advise on that.  :thumbup2:

 

Greets!



#7 giganut

giganut
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 16 January 2016 - 03:18 PM

# AdwCleaner v5.029 - Logfile created 16/01/2016 at 14:36:04
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [Server]
# Operating system : Windows 10 Home  (x64)
# ############################################
# Running from : C:\Users\my-username\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\my-username\AppData\Local\PackageAware
[#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\Driver Detective

***** [ Files ] *****

[-] File Deleted : C:\Users\my-username\AppData\Roaming\Mozilla\Firefox\Profiles\7nj2ge4n.default\Extensions\linky@gemal.dk.xpi

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Driver Detective-RTMRules
[-] Task Deleted : Driver Detective-RTMScan
[-] Task Deleted : Driver Detective-RTMScanRunOnce
[-] Task Deleted : Driver Detective-RTMUpdater

***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1108 bytes] ##########
 



#8 giganut

giganut
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 16 January 2016 - 03:30 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by my-username (Administrator) on Sat 01/16/2016 at 15:20:39.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\my-username\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\BOTREVOLT_STARTUP_TASK_918CB0F9_1EF8_4c60_8205_7AAB364CD162 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Detective (Task)
Successfully deleted: C:\WINDOWS\SysWOW64\REN3C31.tmp (File)
Successfully deleted: C:\WINDOWS\SysWOW64\REN8AC2.tmp (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/16/2016 at 15:24:24.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#9 buddy215

buddy215

  • Moderator
  • 13,300 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:28 AM

Posted 16 January 2016 - 04:03 PM

Okay...after posting Eset scan results, do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 giganut

giganut
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 16 January 2016 - 07:26 PM

Eset

C:\Users\my-username\Documents\Output\setup.exe    a variant of MSIL/Ubot.D potentially unsafe application    deleted
C:\Users\my-username\AppData\Local\Temp\tmpBE0A.tmp    a variant of MSIL/Ubot.D potentially unsafe application    deleted
C:\Windows\Installer\d299a9.msi    a variant of MSIL/Ubot.D potentially unsafe application    deleted


#11 giganut

giganut
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 16 January 2016 - 07:29 PM

Startup

No    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    GlassWire    SecureMix LLC    "C:\Program Files (x86)\GlassWire\glasswire.exe" -hide
No    HKCU:Run    Greenshot    Greenshot    "C:\Program Files\Greenshot\Greenshot.exe"
Yes    HKCU:RunOnce    Uninstall C:\Users\my-username\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64    Microsoft Corporation    C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\my-username\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
Yes    HKCU:RunOnce    Uninstall C:\Users\my-username\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_2\amd64    Microsoft Corporation    C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\my-username\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_2\amd64"
Yes    HKLM:Run    AVG_UI    AVG Technologies CZ, s.r.o.    "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
Yes    HKLM:Run    AvgUi    AVG Technologies CZ, s.r.o.    "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
Yes    HKLM:Run    ClamWin    alch    "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
No    HKLM:Run    Dropbox    Dropbox, Inc.    "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
Yes    HKLM:Run    ETDCtrl    ELAN Microelectronics Corp.    %ProgramFiles%\Elantech\ETDCtrl.exe
Yes    HKLM:Run    HotKeysCmds    Intel Corporation    "C:\WINDOWS\system32\hkcmd.exe"
Yes    HKLM:Run    IgfxTray    Intel Corporation    "C:\WINDOWS\system32\igfxtray.exe"
Yes    HKLM:Run    Immunet Protect    Immunet    "C:\Program Files\Immunet\3.1.13\iptray.exe"
Yes    HKLM:Run    KeyScrambler    QFX Software Corporation    C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
No    HKLM:Run    LiveZilla    LiveZilla GmbH    "C:\Program Files (x86)\LiveZilla\LiveZilla.exe" -minimize
No    HKLM:Run    Logitech Download Assistant    Microsoft Corporation    C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Yes    HKLM:Run    Persistence    Intel Corporation    "C:\WINDOWS\system32\igfxpers.exe"
No    HKLM:Run    RadioController    Dritek System Inc.    "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run
Yes    HKLM:Run    RTHDVCPL    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"


#12 buddy215

buddy215

  • Moderator
  • 13,300 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:28 AM

Posted 16 January 2016 - 08:30 PM

Two lists missing...Scheduled Tasks and Installed programs

 

Disable these Windows Startups: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes    HKLM:Run    ClamWin    alch    "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon

Yes    HKLM:Run    IgfxTray    Intel Corporation    "C:\WINDOWS\system32\igfxtray.exe"

Yes    HKLM:Run    Immunet Protect    Immunet    "C:\Program Files\Immunet\3.1.13\iptray.exe"


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 giganut

giganut
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 16 January 2016 - 09:03 PM

Sorry about that:

 

Scheduled Tasks:

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    ALU    Acer Incorporated    C:\Program Files (x86)\Gateway\Live Updater\updater.exe -auto
Yes    Task    ALUAgent    Acer Incorporated    C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe
Yes    Task    AVG_SYS_TASK_1214avt        C:\ProgramData\Avg_Update_1214avt\AVG-Secure-Search-Update_1214avt.exe --TASK_START_SYS --CMPID=1214avt --mid=326bbd72a59747cd9dcdf1c0c2608897-dda20e05772a5dab0a42dcabf135159be01c4d8f
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    DropboxUpdateTaskMachineCore    Dropbox, Inc.    C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Yes    Task    DropboxUpdateTaskMachineUA    Dropbox, Inc.    C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes    Task    GoogleUpdateTaskMachineCore        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
No    Task    Optimize Start Menu Cache Files-S-1-5-21-4280757100-3285367282-2467022108-1001        
Yes    Task    WpsNotifyTask_my-username Zhuhai Kingsoft Office Software Co.,Ltd    C:\Users\my-username\AppData\Local\Kingsoft\WPS Office\9.1.0.5234\wtoolex\wpsnotify.exe -from=task
Yes    Task    WpsUpdateTask_my-username    Zhuhai Kingsoft Office Software Co.,Ltd    C:\Users\my-username\AppData\Local\Kingsoft\WPS Office\9.1.0.5234\wtoolex\wpsupdate.exe -from=task
Yes    Task    {56042E45-88C0-42E0-9015-F8E96270D94C}    Microsoft Corporation    C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{7987B0C6-5AAD-4D30-899F-481F95C7F931}\setup.exe" -c -runfromtemp -l0x0409  -removeonly
Yes    Task    {F26989D9-3EE3-4F61-BD84-A722EC348059}    Microsoft Corporation    C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1

Installed Programs:

7-Zip 9.20 (x64 edition)    Igor Pavlov    7/31/2015    9.06 MB    9.20.00.0
Adobe Acrobat Reader DC    Adobe Systems Incorporated    1/15/2016    378 MB    15.010.20056
Adobe Flash Player 20 NPAPI    Adobe Systems Incorporated    12/29/2015    18.1 MB    20.0.0.267
AVG    AVG Technologies    1/6/2016        1.31.1.48846
AVG Protection    AVG Technologies    1/16/2016        2016.31.7357
Broadcom 802.11 Network Adapter    Broadcom Corporation    11/25/2015        6.30.59.96
Broadcom Card Reader Driver Installer    Broadcom Corporation    3/24/2013    3.62 MB    15.4.7.1
CCleaner    Piriform    12/22/2015    17.4 MB    5.13
ClamWin Free Antivirus 0.98.7    alch    1/8/2016    27.0 MB    
Dropbox    Dropbox, Inc.    12/15/2015    119 MB    3.12.5
ELAN Touchpad 11.15.0.18_X64    ELAN Microelectronic Corp.    11/25/2015        11.15.0.18
Fiddler    Telerik    1/15/2016    9.15 MB    4.6.1.5
Fiddler Syntax-Highlighting Addons        11/25/2015        
FileZilla Client 3.14.1    Tim Kosse    12/2/2015    21.7 MB    3.14.1
Gateway Recovery Management    Gateway Incorporated    3/24/2013    19.6 MB    6.00.3012
GlassWire 1.1 (remove only)    SecureMix LLC    12/29/2015        1.1.39
Greenshot 1.2.6.7    Greenshot    7/31/2015    4.20 MB    1.2.6.7
HP AiO Printer Remote    Hewlett-Packard Company    11/25/2015        58.1.78.0
Identity Card    Gateway Incorporated    12/27/2012    3.66 MB    2.00.3004
Immunet 3    Sourcefire, Inc.    1/15/2016        3.1.13.9671
Intel(R) Management Engine Components    Intel Corporation    11/23/2014        8.1.0.1252
Intel(R) Processor Graphics    Intel Corporation    7/31/2015        9.17.10.4229
Intel(R) Rapid Storage Technology    Intel Corporation    1/16/2016        11.5.4.1001
Intel(R) SDK for OpenCL - CPU Only Runtime Package    Intel Corporation    11/23/2014        2.0.0.37149
Java 8 Update 66    Oracle Corporation    11/23/2015    177 MB    8.0.660.18
Java 8 Update 66 (64-bit)    Oracle Corporation    11/23/2015    46.4 MB    8.0.660.18
Java SE Development Kit 8 Update 65 (64-bit)    Oracle Corporation    11/9/2015    537 MB    8.0.650.17
JetBrains dotPeek 10.0.1    JetBrains s.r.o.    11/25/2015    203 MB    10.0.1
KeyScrambler    QFX Software Corporation    12/3/2015        3.8.2.0
Live Updater    Gateway Incorporated    12/27/2012    6.88 MB    2.00.3006
LiveZilla    LiveZilla GmbH    1/15/2016    23.5 MB    6.0.0.5
Malwarebytes Anti-Malware version 2.2.0.1024    Malwarebytes    12/1/2015    43.3 MB    2.2.0.1024
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack    Microsoft Corporation    10/18/2015    69.2 MB    4.5.51209
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU)    Microsoft Corporation    10/18/2015    69.2 MB    4.5.51209
Microsoft Calculator Plus    Microsoft    12/30/2015    1.85 MB    1.0.0
Microsoft Help Viewer 2.2    Microsoft Corporation    12/2/2015    4.93 MB    2.2.23107
Microsoft Network Monitor 3.4    Microsoft Corporation    1/8/2016    22.4 MB    3.4.2350.0
Microsoft Network Monitor: NetworkMonitor Parsers 3.4    Microsoft Corporation    1/8/2016    40.7 MB    3.4.2350.0
Microsoft Silverlight    Microsoft Corporation    1/16/2016    151 MB    5.1.41212.0
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022    Microsoft Corporation    10/20/2015    1.31 MB    9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17    Microsoft Corporation    12/15/2015    1.31 MB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    12/15/2015    508 KB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022    Microsoft Corporation    10/20/2015    1.21 MB    9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    12/15/2015    1.21 MB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    12/15/2015    580 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319    Microsoft Corporation    1/5/2016    14.5 MB    10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030    Microsoft Corporation    1/15/2016    20.5 MB    11.0.61030.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026    Microsoft Corporation    11/25/2015    22.4 MB    14.0.23026.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026    Microsoft Corporation    11/25/2015    18.6 MB    14.0.23026.0
Microsoft Wi-Fi    Microsoft Corporation    12/1/2015        1.1511.2.0
Mozilla Firefox 43.0.4 (x86 en-US)    Mozilla    1/15/2016    89.2 MB    43.0.4
Mozilla Maintenance Service    Mozilla    12/15/2015    390 KB    43.0
Mozilla Thunderbird 38.5.0 (x86 en-US)    Mozilla    1/15/2016    79.5 MB    38.5.0
Notepad++    Notepad++ Team    1/16/2016        6.8.8
Process Hacker 2.36 (r6153)    wj32    1/16/2016    5.22 MB    2.36.0.6153
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    12/2/2015    40.7 MB    6.0.1.7535
Recovery Management    Gateway Incorporated    3/24/2013    19.6 MB    6.00.3012
Snagit 11    TechSmith Corporation    1/6/2016    172 MB    11.2.1
USBPcap 1.1.0.0-g794bf26        12/2/2015        
VeraCrypt    IDRIX    1/16/2016        1.16
Video Web Camera    CYBERLINK COM CORP    11/25/2015        2.0.1804.25604
VirusTotal Uploader 2.2        12/22/2015        
Visual Studio 2012 x64 Redistributables    AVG Technologies    11/20/2015    13.0 MB    14.0.0.1
Visual Studio 2012 x86 Redistributables    AVG Technologies CZ, s.r.o.    11/20/2015    40.0 KB    14.0.0.1
WinPcap 4.1.3    Riverbed Technology, Inc.    12/2/2015        4.1.0.2980
Wireshark 2.0.0 (64-bit)    The Wireshark developer community, https://www.wireshark.org    1/15/2016    159 MB    2.0.0
WPS Office (9.1.0.5234)    Kingsoft Corp.    1/7/2016    359 MB    9.1.0.5234
Zimbra Desktop (64-bit)    Zimbra    7/31/2015    222 MB    7.2.7.12059

Edited by giganut, 16 January 2016 - 09:26 PM.


#14 giganut

giganut
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 16 January 2016 - 09:05 PM

I also have installed

eclipse mars & snort



#15 buddy215

buddy215

  • Moderator
  • 13,300 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:28 AM

Posted 16 January 2016 - 09:54 PM

Disable these Scheduled Tasks: Use CCleaner by clicking on each item and then choosing Disable on the right.

Yes    Task    ALU    Acer Incorporated    C:\Program Files (x86)\Gateway\Live Updater\updater.exe -auto
Yes    Task    ALUAgent    Acer Incorporated    C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe
Yes    Task    AVG_SYS_TASK_1214avt        C:\ProgramData\Avg_Update_1214avt\AVG-Secure-Search-Update_1214avt.exe --TASK_START_SYS --CMPID=1214avt --mid=326bbd72a59747cd9dcdf1c0c2608897-dda20e05772a5dab0a42dcabf135159be01c4d8f

Yes    Task    DropboxUpdateTaskMachineCore    Dropbox, Inc.    C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Yes    Task    DropboxUpdateTaskMachineUA    Dropbox, Inc.    C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes    Task    GoogleUpdateTaskMachineCore        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

es    Task    WpsNotifyTask_giganut    Zhuhai Kingsoft Office Software Co.,Ltd    C:\Users\my-username\AppData\Local\Kingsoft\WPS Office\9.1.0.5234\wtoolex\wpsnotify.exe -from=task
Yes    Task    WpsUpdateTask_my-username    Zhuhai Kingsoft Office Software Co.,Ltd    C:\Users\my-username\AppData\Local\Kingsoft\WPS Office\9.1.0.5234\wtoolex\wpsupdate.exe -from=task
Yes    Task    {56042E45-88C0-42E0-9015-F8E96270D94C}    Microsoft Corporation    C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{7987B0C6-5AAD-4D30-899F-481F95C7F931}\setup.exe" -c -runfromtemp -l0x0409  -removeonly

 

Uninstall these programs:

ClamWin Free Antivirus 0.98.7    alch    1/8/2016    27.0 MB 

Immunet 3    Sourcefire, Inc.    1/15/2016        3.1.13.9671

LiveZilla    LiveZilla GmbH    1/15/2016    23.5 MB    6.0.0.5 (Unless you use this and someone else didn't install it)

WinPcap 4.1.3    Riverbed Technology, Inc.    12/2/2015        4.1.0.2980

 

Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.


To do it:

  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue

Suggest you install Adblock Plus in Firefox. Once installed click on the ABP icon and choose Filter Preferences. UNcheck the box next to Allow some non-intrusive advertisements.

Adblock Plus :: Add-ons for Firefox

 

Block the Third Party cookies (ad and tracking cookies) from installing in browsers. Once you have blocked the install...run CCleaner to remove the existing ones.

How to disable third-party cookies in all major web browsers


Edited by buddy215, 16 January 2016 - 09:55 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users