Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected? Finding Discount


  • Please log in to reply
10 replies to this topic

#1 tcl53

tcl53

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 18 January 2016 - 08:21 PM

I believe I have a virus called Finding Discount. It appears in my programs and when I attempt to uninstall it, it brings me to a website to download something else. It also seems to open Internet Explorer to survey websites at random times. It also seems to be affecting my antivirus software: Symantec Endpoint Protection. I am using a Dell Inspiron with Windows 10.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:50 AM

Posted 18 January 2016 - 09:56 PM

WELCOME TO BC....

 

First, look in your list of installed programs for Finding Discount...it may or may not be there. It may be using a different name.

If found, use Download Revo Uninstaller Freeware  in Advanced Mode to uninstall.

 

Use the programs below to clean up the computer and remove adware and malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 tcl53

tcl53
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 19 January 2016 - 12:19 AM

MBAM LOG

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/18/2016
Scan Time: 11:47 PM
Logfile: malwarebytes.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.19.01
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Tim
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401344
Time Elapsed: 20 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.FindingDiscount.PrxySvrRST, C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe, 12196, Delete-on-Reboot, [88f52b10f6a365d12b3911b77a88728e]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 8
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [3746aa915148ef47221833c338cb768a], 
PUP.Optional.FindingDiscount, HKLM\SOFTWARE\WOW6432NODE\Windows Discount, Quarantined, [7b021e1d8514db5b7342b31c9270649c], 
PUP.Optional.FindingDiscount, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FindingDiscount, Delete-on-Reboot, [3c4169d2c4d59b9b386fdbe39d665ea2], 
PUP.Optional.InstantSupport, HKU\S-1-5-21-529767067-1296436053-1665756600-1000\SOFTWARE\ISTab, Quarantined, [4934ce6d2970c2749ee568c36e96be42], 
PUP.Optional.FindingDiscount, HKU\S-1-5-21-529767067-1296436053-1665756600-1000\SOFTWARE\Windows Discount, Quarantined, [7a03f04bb7e2bc7af7bd17b8679b8f71], 
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-529767067-1296436053-1665756600-1000\SOFTWARE\APTAB, Quarantined, [fb82013a8f0ae84e8f96ad7f996b2dd3], 
PUP.Optional.WinYahoo, HKU\S-1-5-21-529767067-1296436053-1665756600-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [2c5116250e8b16203800678f55ae0ef2], 
PUP.Optional.ProductSetup, HKU\S-1-5-21-529767067-1296436053-1665756600-1000\SOFTWARE\PRODUCTSETUP, Quarantined, [dda07dbe3069ab8ba5a47d598e7539c7], 
 
Registry Values: 7
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_39&param1=1&param2=f[3746aa915148ef47221833c338cb768a]D4%26b[3746aa915148ef47221833c338cb768a]DIE%26cc[3746aa915148ef47221833c338cb768a]Dus%26pa[3746aa915148ef47221833c338cb768a]DWincy%26cd[3746aa915148ef47221833c338cb768a]D2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EtC0AzzzzyE0DtByDzytN0D0Tzu0StCtAyCtDtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBzy0ByE0F0AyB0FtG0DtAyCtCtGyEyEtAyEtG0B0EtD0EtG0ByDyBtDyB0Fzz0F0DzyyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyB0DyDyBzytAyBtGyDyCtAtBtGyE0AtB0DtGzztA0E0EtG0DtDyEtB0EtAtAtB0B0EtAyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyDtD%26cr[3746aa915148ef47221833c338cb768a]D590489345%26a[3746aa915148ef47221833c338cb768a]Dwncy_pwrisofs_15_39%26os[3746aa915148ef47221833c338cb768a]DWindowsQuarantinedB7QuarantinedBHomeQuarantinedBPremium&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_39&param1=1&param2=f[b2cb4dee3b5e8da961d918de7a89c63a]D4%26b[b2cb4dee3b5e8da961d918de7a89c63a]DIE%26cc[b2cb4dee3b5e8da961d918de7a89c63a]Dus%26pa[b2cb4dee3b5e8da961d918de7a89c63a]DWincy%26cd[b2cb4dee3b5e8da961d918de7a89c63a]D2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EtC0AzzzzyE0DtByDzytN0D0Tzu0StCtAyCtDtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBzy0ByE0F0AyB0FtG0DtAyCtCtGyEyEtAyEtG0B0EtD0EtG0ByDyBtDyB0Fzz0F0DzyyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyB0DyDyBzytAyBtGyDyCtAtBtGyE0AtB0DtGzztA0E0EtG0DtDyEtB0EtAtAtB0B0EtAyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyDtD%26cr[b2cb4dee3b5e8da961d918de7a89c63a]D590489345%26a[b2cb4dee3b5e8da961d918de7a89c63a]Dwncy_pwrisofs_15_39%26os[b2cb4dee3b5e8da961d918de7a89c63a]DWindowsQuarantinedB7QuarantinedBHomeQuarantinedBPremium&p={searchTerms}, %4, %5
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-529767067-1296436053-1665756600-1000\SOFTWARE\APTAB|hb, 1, Quarantined, [fb82013a8f0ae84e8f96ad7f996b2dd3]
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-529767067-1296436053-1665756600-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCAcceleratePro.exe, 8888, Quarantined, [97e6f8431980de58d6990727e81ce61a]
PUP.Optional.WinYahoo, HKU\S-1-5-21-529767067-1296436053-1665756600-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_39&param1=1&param2=f[2c5116250e8b16203800678f55ae0ef2]D4%26b[2c5116250e8b16203800678f55ae0ef2]DIE%26cc[2c5116250e8b16203800678f55ae0ef2]Dus%26pa[2c5116250e8b16203800678f55ae0ef2]DWincy%26cd[2c5116250e8b16203800678f55ae0ef2]D2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EtC0AzzzzyE0DtByDzytN0D0Tzu0StCtAyCtDtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBzy0ByE0F0AyB0FtG0DtAyCtCtGyEyEtAyEtG0B0EtD0EtG0ByDyBtDyB0Fzz0F0DzyyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyB0DyDyBzytAyBtGyDyCtAtBtGyE0AtB0DtGzztA0E0EtG0DtDyEtB0EtAtAtB0B0EtAyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyDtD%26cr[2c5116250e8b16203800678f55ae0ef2]D590489345%26a[2c5116250e8b16203800678f55ae0ef2]Dwncy_pwrisofs_15_39%26os[2c5116250e8b16203800678f55ae0ef2]DWindowsQuarantinedB7QuarantinedBHomeQuarantinedBPremium&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-529767067-1296436053-1665756600-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_39&param1=1&param2=f[b4c9a09b05947cba0b2d1adcc43fb44c]D4%26b[b4c9a09b05947cba0b2d1adcc43fb44c]DIE%26cc[b4c9a09b05947cba0b2d1adcc43fb44c]Dus%26pa[b4c9a09b05947cba0b2d1adcc43fb44c]DWincy%26cd[b4c9a09b05947cba0b2d1adcc43fb44c]D2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EtC0AzzzzyE0DtByDzytN0D0Tzu0StCtAyCtDtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBzy0ByE0F0AyB0FtG0DtAyCtCtGyEyEtAyEtG0B0EtD0EtG0ByDyBtDyB0Fzz0F0DzyyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyB0DyDyBzytAyBtGyDyCtAtBtGyE0AtB0DtGzztA0E0EtG0DtDyEtB0EtAtAtB0B0EtAyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyDtD%26cr[b4c9a09b05947cba0b2d1adcc43fb44c]D590489345%26a[b4c9a09b05947cba0b2d1adcc43fb44c]Dwncy_pwrisofs_15_39%26os[b4c9a09b05947cba0b2d1adcc43fb44c]DWindowsQuarantinedB7QuarantinedBHomeQuarantinedBPremium&p={searchTerms}, %4, %5
PUP.Optional.ProductSetup, HKU\S-1-5-21-529767067-1296436053-1665756600-1000\SOFTWARE\PRODUCTSETUP|tb, 0X1F1T1V1G1G, Quarantined, [dda07dbe3069ab8ba5a47d598e7539c7]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
PUP.Optional.FindingDiscount, C:\ProgramData\Windows Discount, Quarantined, [6f0e2b10c1d841f556788b24936f31cf], 
PUP.Optional.FindingDiscount, C:\ProgramData\Windows Discount\FindingDiscount, Quarantined, [6f0e2b10c1d841f556788b24936f31cf], 
PUP.Optional.FindingDiscount, C:\Program Files (x86)\Windows Discount, Quarantined, [c6b744f7d5c4f6400bc4e1ce24de8a76], 
PUP.Optional.FindingDiscount, C:\Program Files (x86)\Windows Discount\FindingDiscount, Quarantined, [c6b744f7d5c4f6400bc4e1ce24de8a76], 
PUP.Optional.FindingDiscount.PrxySvrRST, C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager, Delete-on-Reboot, [88f52b10f6a365d12b3911b77a88728e], 
 
Files: 2
PUP.Optional.WinYahoo, C:\Users\Tim\AppData\LocalLow\Microsoft\Internet Explorer\Services\Wincy.ico, Quarantined, [95e803382871ca6c1668d61fb2518f71], 
PUP.Optional.FindingDiscount.PrxySvrRST, C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe, Delete-on-Reboot, [88f52b10f6a365d12b3911b77a88728e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 tcl53

tcl53
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 19 January 2016 - 12:27 AM

ADWCLEANER LOG

 

# AdwCleaner v5.030 - Logfile created 19/01/2016 at 00:22:37
# Updated 17/01/2016 by Xplode
# Database : 2016-01-17.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Tim - TIM-PC
# Running from : C:\Users\Tim\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : RuntimeManager
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\Best Buy pc app
[-] Folder Deleted : C:\Users\Tim\AppData\Local\Best Buy pc app
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A1A857D-41B0-4122-9DB2-B5A9B21DE0B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A60671D2-CC17-4FDB-8CB7-87EFC561FB2C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search provided by yahoo.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1423 bytes] ##########


#5 tcl53

tcl53
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 19 January 2016 - 12:34 AM

JRT LOG
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64 
Ran by Tim (Administrator) on Tue 01/19/2016 at  0:29:46.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/19/2016 at  0:32:12.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:50 AM

Posted 19 January 2016 - 05:54 AM

After you have posted the results of the Eset Online scan, do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 tcl53

tcl53
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 19 January 2016 - 11:43 AM

ESET LOG

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application cleaned by deleting
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application cleaned by deleting
C:\Users\Tim\Downloads\ccsetup513.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Tim\Downloads\PowerISO_Pub_Download_manager.exe a variant of Win32/FusionCore.D potentially unwanted application deleted
C:\Users\Tim\Downloads\PowerISO6-x64\PowerISO_Pub_Download_manager.exe a variant of Win32/FusionCore.D potentially unwanted application deleted


#8 tcl53

tcl53
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 19 January 2016 - 11:52 AM

STARTUP LOG

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Tim\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
No HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. "C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe"
No HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
No HKLM:Run ADSKAppManager Autodesk Inc. "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
No HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run Broadcom Wireless Manager UI Dell Inc. C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
Yes HKLM:Run Dell Registration Dell, Inc. C:\Program Files (x86)\System Registration\prodreg.exe /boot
No HKLM:Run Dell Webcam Central Creative Technology Ltd "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
No HKLM:Run Desktop Disc Tool Sonic Solutions "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
Yes HKLM:Run dldtamon Lexmark International, Inc. "C:\Program Files (x86) (x86)\Dell V305\dldtamon.exe"
Yes HKLM:Run dldtmon.exe Lexmark International, Inc. "C:\Program Files (x86) (x86)\Dell V305\dldtmon.exe"
Yes HKLM:Run HotKeysCmds Intel Corporation C:\WINDOWS\system32\hkcmd.exe
No HKLM:Run IAStorIcon Intel Corporation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\WINDOWS\system32\igfxtray.exe
No HKLM:Run Logitech Download Assistant Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
No HKLM:Run NuTCSetupEnviron MKS Software Inc. C:\PROGRA~1\PTC\UTILIT~1\MKSTOO~1\bin\ncoeenv.exe
Yes HKLM:Run Persistence Intel Corporation C:\WINDOWS\system32\igfxpers.exe
Yes HKLM:Run QuickSet Dell Inc. C:\Program Files\Dell\QuickSet\QuickSet.exe
No HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
No HKLM:Run RoxWatchTray Sonic Solutions "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run SysTrayApp IDT, Inc. C:\Program Files\IDT\WDM\sttray64.exe
No Startup Common ClearPass OnGuard.lnk Aruba Networks C:\Program Files\Aruba Networks\ClearPassOnGuard\ClearPassOnGuard.exe
No Startup User OneDrive for Business.lnk Microsoft Corporation C:\Program Files\Microsoft Office 15\root\office15\groove.exe


#9 tcl53

tcl53
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 19 January 2016 - 11:54 AM

SCHEDULED TASKS LOG

 

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task MATLAB R2015b Startup Accelerator C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe
Yes Task {220381DE-8DCB-4A41-9A6A-C82DA1A906D0} C:\Users\Tim\Desktop\MatLab\bin\win64\setup.exe
Yes Task {682410C7-0D49-46BC-97C3-226744E44534} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\system32\javaws.exe -c -uninstall -prompt "http://phet.colorado.edu/sims/moving-man/moving-man_en.jnlp"
Yes Task {D2847F43-DC47-48F8-BF12-7358E76D3268} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\WNEn\WWE_uninstall.exe"
Yes Task {DEDDAC6C-BC2F-4A3D-BFB6-52E7D84B784C} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\PCAcceleratePro\uninstall.exe"
Yes Task {F3B360D7-2E7B-4173-B9ED-3F4C5BDB76B2} C:\Users\Tim\Desktop\MatLab\bin\win64\setup.exe


#10 tcl53

tcl53
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 19 January 2016 - 11:56 AM

INSTALL LOG

 

3D Builder Microsoft Corporation 12/13/2015 10.10.38.0
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 4/18/2011 5.43 MB 10.2.152.26
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 1/4/2016 10.0.45.2
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 4/18/2011 5.36 MB 10.2.152.26
Adobe Reader 9.1 Adobe Systems Incorporated 4/18/2011 122 MB 9.1.0
Advanced Audio FX Engine Creative Technology Ltd 11/28/2015 56.0 KB 1.12.05
Akamai NetSession Interface Akamai Technologies, Inc 11/25/2015
Alarms & Clock Microsoft Corporation 1/4/2016 10.1512.58020.0
Amazon Amazon.com 12/27/2015 3.1.2.8
App connector Microsoft Corporation 11/26/2015 1.3.3.0
Apple Application Support Apple Inc. 9/28/2015 83.6 MB 2.3.6
Apple Software Update Apple Inc. 9/28/2015 4.53 MB 2.1.3.127
Autodesk 360 Autodesk 9/28/2015 714 MB 5.2.3.1000
Autodesk App Manager Autodesk 9/28/2015 8.40 MB 1.2.0
Autodesk Application Manager Autodesk 11/28/2015 28.9 MB 5.0.142.5
Autodesk AutoCAD 2015 - English Autodesk 11/28/2015 462 MB 20.0.51.0
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 Autodesk 9/28/2015 6.12 MB 1.2.2.0
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit Autodesk 9/29/2015 3.95 MB 4.36.2452
Autodesk Content Service Autodesk 11/28/2015 46.1 MB 3.2.0.0
Autodesk Featured Apps Autodesk 9/28/2015 8.66 MB 1.2.0
Autodesk Material Library 2015 Autodesk 9/28/2015 86.3 MB 5.2.9.100
Autodesk Material Library Base Resolution Image Library 2015 Autodesk 9/28/2015 100 MB 5.2.9.100
Autodesk ReCap Autodesk 11/28/2015 111 MB 1.3.1.39
Calculator Microsoft Corporation 1/10/2016 10.1601.36020.0
Camera Microsoft Corporation 1/13/2016 2016.107.10.0
Candy Crush Soda Saga king.com 1/13/2016 1.57.700.0
CCleaner Piriform 1/18/2016 5.13
Cisco EAP-FAST Module Cisco Systems, Inc. 4/18/2011 1.52 MB 2.2.14
Cisco LEAP Module Cisco Systems, Inc. 4/18/2011 838 KB 1.0.19
Cisco PEAP Module Cisco Systems, Inc. 4/18/2011 1.28 MB 1.1.6
ClearPass OnGuard 6.5.4.76733 Aruba Networks 1/18/2016 15.6 MB 6.5.4.76733
Compatibility Pack for the 2007 Office system Microsoft Corporation 1/13/2016 250 MB 12.0.6612.1000
Dell DataSafe Local Backup Dell 4/18/2011 365 MB 9.4.60
Dell DataSafe Local Backup - Support Software Dell 4/18/2011 9.4.60
Dell PhotoStage ArcSoft 4/18/2011 143 MB 1.5.0.30
Dell Product Registration Dell Inc. 4/18/2011 7.91 MB 1.0.6
Dell V305 Dell, Inc. 12/10/2015
Dell VideoStage CyberLink Corp. 4/18/2011 31.8 MB 1.1.1.1408
Dell Webcam Central Creative Technology Ltd 11/28/2015 41.9 MB 1.40.05
DW WLAN Card Utility Dell Inc. 11/25/2015 5.60.48.35
Get Office Microsoft Corporation 1/7/2016 17.6605.23751.0
Get Skype Skype 11/26/2015 3.2.1.0
Get Started Microsoft Corporation 1/7/2016 2.6.12.0
Google Chrome Google Inc. 9/10/2015 570 MB 47.0.2526.111
Groove Music Microsoft Corporation 11/26/2015 3.6.15131.0
HP AiO Printer Remote Hewlett-Packard Company 11/26/2015 58.1.78.0
IDT Audio IDT 4/18/2011 32.5 MB 1.0.6289.0
Intel® Control Center Intel Corporation 9/9/2015 1.2.1.1007
Intel® Graphics Media Accelerator Driver Intel Corporation 9/9/2015 8.15.10.2202
Intel® Management Engine Components Intel Corporation 9/9/2015 6.0.0.1179
Intel® Rapid Storage Technology Intel Corporation 9/9/2015 9.6.4.1002
Java™ 6 Update 24 (64-bit) Oracle 4/18/2011 16.8 MB 6.0.240
LEGO MINDSTORMS Edu NXT - English Language Pack The LEGO Group 1/4/2016 132 MB 2.1.79.0
LEGO MINDSTORMS Edu NXT Software v2.1 LEGO 1/4/2016 306 MB 2.1.76.0
LEGO MINDSTORMS NXT Driver for x64 LEGO 1/4/2016 3.09 MB 1.19.768
Live! Cam Avatar Creator Creative Technology Ltd 4/18/2011 168 MB 4.6.3009.1
Mail and Calendar Microsoft Corporation 1/4/2016 17.6525.42271.0
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 1/18/2016 66.1 MB 2.2.0.1024
Maps Microsoft Corporation 12/18/2015 4.1512.3450.0
Mathcad PDSi viewable support Adobe Systems 11/28/2015 87.7 MB 9.0.0
MATLAB R2015b MathWorks 11/28/2015 6.62 GB 8.6
Messaging + Skype Microsoft Corporation 12/18/2015 2.12.15004.0
Microsoft Office 365 ProPlus - en-us Microsoft Corporation 1/8/2016 2.17 GB 15.0.4779.1002
Microsoft Silverlight Microsoft Corporation 1/13/2016 101 MB 5.1.41212.0
Microsoft Solitaire Collection Microsoft Studios 1/11/2016 3.7.1041.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 4/18/2011 3.39 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 9/24/2015 600 KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 4/18/2011 1.38 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 12/11/2015 1.56 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 4/18/2011 1.53 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 9/28/2015 472 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 9/25/2015 767 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 12/11/2015 6.12 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9/29/2015 480 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9/28/2015 1.14 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 9/28/2015 1.17 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 10/16/2015 18.0 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 10/16/2015 19.6 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 1/19/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Corporation 11/25/2015 11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 11/25/2015 17.3 MB 11.0.61030.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 11/28/2015 2.42 MB 10.0.50903
Microsoft Wi-Fi Microsoft Corporation 11/30/2015 1.1511.2.0
MKS Platform Components 9.x Mortice Kern Systems 9/29/2015 33.8 MB 9.5.0000
Money Microsoft Corporation 11/26/2015 4.7.118.0
Movies & TV Microsoft Corporation 12/11/2015 3.6.15731.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 9/10/2015 2.55 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 9/10/2015 2.67 MB 4.20.9876.0
Netflix Netflix, Inc. 1/7/2016 6.3.27.0
News Microsoft Corporation 11/26/2015 4.7.118.0
OneNote Microsoft Corporation 1/6/2016 17.6366.43091.0
People Microsoft Corporation 12/27/2015 10.0.3450.0
Phone Microsoft Corporation 1/7/2016 2.12.14001.0
Phone Companion Microsoft Corporation 11/26/2015 10.1511.18010.0
Photos Microsoft Corporation 12/11/2015 15.1208.10480.0
PowerISO Power Software Ltd 1/8/2016 7.24 MB 6.4
PTC Creo Direct Version 3.0 Datecode [M040] PTC 11/28/2015 49.0 MB 3.0
PTC Creo Layout Version 3.0 Datecode [M040] PTC 11/28/2015 49.0 MB 3.0
PTC Creo Parametric Version 3.0 Datecode [M040] PTC 11/28/2015 104 MB 3.0
PTC Creo Platform Agent 3.103 PTC 9/29/2015 138 MB 3.103.0
PTC Creo Simulate Version 3.0 Datecode [M040] PTC 11/28/2015 97.3 MB 3.0
PTC Creo Thumbnail Viewer 3.0 PTC 9/29/2015 7.68 MB 31.15.080
PTC Creo View Express 3.0 PTC 9/29/2015 390 MB 10.2.31.40
PTC Diagnostic Tools PTC 9/29/2015 58.1 MB 3.0.0.0
PTC Mathcad Prime 3.1 PTC 9/29/2015 884 MB 3.1.0
PTC Portmapper Version 3.0 Datecode [M040] PTC 11/28/2015 1.23 MB 3.0
Quickset64 Dell Inc. 4/18/2011 3.64 MB 10.5.0
QuickTime 7 Apple Inc. 9/28/2015 97.2 MB 7.78.80.95
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 4/18/2011 10.5 MB 6.1.7600.30127
Revo Uninstaller 1.95 VS Revo Group 1/18/2016 1.95
Roxio Creator Starter Roxio 11/28/2015 45.2 MB 12.1.77.0
SketchUp Import Autodesk 9/28/2015 65.3 MB 1.2.0
Skype™ 7.10 Skype Technologies S.A. 9/20/2015 143 MB 7.10.101
Sports Microsoft Corporation 11/26/2015 4.7.130.0
Spotify Spotify AB 12/7/2015 1.0.19.106.gb8a7150f
Store Microsoft Corporation 1/8/2016 2015.25.15.0
Sway Microsoft Corporation 12/11/2015 17.6509.20251.0
Symantec Endpoint Protection Symantec Corporation 9/9/2015 1.90 GB 12.1.6318.6100
Synaptics Pointing Device Driver Synaptics Incorporated 11/25/2015 15.0.0.1
Twitter Twitter Inc. 12/18/2015 4.3.3.0
Voice Recorder Microsoft Corporation 12/27/2015 10.1512.21110.0
Weather Microsoft Corporation 11/26/2015 4.7.118.0
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501) Broadcom Corporation 11/25/2015 03/24/2010 6.3.0.2501
Windows DVD Player Microsoft Corporation 11/27/2015 3.6.13291.0
Windows Live Essentials Microsoft Corporation 4/18/2011 15.4.3508.1109
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 4/18/2011 11.1 MB 15.4.5722.2
Xbox Microsoft Corporation 1/8/2016 11.13.6008.0


#11 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:50 AM

Posted 19 January 2016 - 12:29 PM

Disable these Scheduled Tasks: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task {D2847F43-DC47-48F8-BF12-7358E76D3268} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\WNEn\WWE_uninstall.exe"
Yes Task {DEDDAC6C-BC2F-4A3D-BFB6-52E7D84B784C} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\PCAcceleratePro\uninstall.exe"
 
Uninstall these programs:
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 4/18/2011 5.43 MB 10.2.152.26 (Use Uninstall Flash Player for Windows )
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 1/4/2016 10.0.45.2
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 4/18/2011 5.36 MB 10.2.152.26
Adobe Reader 9.1 Adobe Systems Incorporated 4/18/2011 122 MB 9.1.0 (Old Adobe programs are malware magnets) Update or uninstall)
Java™ 6 Update 24 (64-bit) Oracle 4/18/2011 16.8 MB 6.0.240
Candy Crush Soda Saga king.com 1/13/2016 1.57.700.0

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users