Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Virus?


  • Please log in to reply
15 replies to this topic

#1 EskiePal

EskiePal

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 24 January 2016 - 08:28 AM

Hi all,
 
I am currently running a Vista Home Premium System that seems to be slow.  I updated the bios because the fan was running hot and that fixed that problem along with other drivers that needed to be updated.  The weird thing is that when I check the web to look for virus information the laptop fan speeds up and when I click over to my resource manager to see what's going on the fan slows down right away and things start to disappear.  Even the listing for the antivirus protection disappeared..nothing listed under disk.  Then I go back to the internet to look again and it speeds up again and back to the resource manager and it slows again and disc info disappears.  I've never seen this happen before.  It isn't happening when I search normal sites and do normal things.
 
There was an odd java command that kept popping up at one point.  There were about three instances of it in the task manager processes and I thought that I had gotten rid of them.  Perhaps there are still remnants lurking about?
 
Anyway, I don't know where to start to investigate. I don't want to say that that's normal and not run some sort of scan to check, but I'm not that savvy to understand what I'm running.  Could you guys help me out?
 
Thanks a bunch!

Edited by Queen-Evie, 24 January 2016 - 05:59 PM.
moved from Vista to Am I Infected


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,397 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:16 AM

Posted 24 January 2016 - 09:57 AM

WELCOME TO BC....

 

See if you can download, install and run scans using the programs below.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 EskiePal

EskiePal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 24 January 2016 - 10:15 AM

Thanks for your help..I'm working on it now.  Will post as you requested.  I have to leave soon and will report back by 3:00 pm



#4 EskiePal

EskiePal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 24 January 2016 - 01:25 PM

Malwarebytes result...
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/24/2016
Scan Time: 12:51:35 PM
Logfile: mal.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.24.05
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313435
Time Elapsed: 27 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 6
PUP.Optional.JustCloud, C:\Program Files\JustCloud, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\Config, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\Database, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\Resources, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\Resources\cache, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
 
Files: 25
PUP.Optional.JustCloud, C:\Program Files\JustCloud\pt_PT.mo, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\de_DE.mo, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\es_ES.mo, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\fr_FR.mo, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\it_IT.mo, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\Config\api.ts2, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\Database\mpcb_file_cache.db, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\Database\mpcb_settings.db, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\Database\mpcb_version_queue.db, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\APPLICATION.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\AUTH.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\BACKOFF.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\CLIENT.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\GRID_RECOVERY.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\GRID_RECOVERY_INIT.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\LICENCE.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\NETWORK_SHARES.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\REMOTING.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\REQUEST.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\SCHEDULE.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\SERVICE.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\SIGNUP_WIZ.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\UPDATER.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\UTC_MIGRATION.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
PUP.Optional.JustCloud, C:\Program Files\JustCloud\log\WAIT_HANDLES.log, , [c2b36ecf8c0d58de954e606f679c3bc5], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#5 EskiePal

EskiePal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 24 January 2016 - 03:19 PM

Eset scan log

 

C:\Users\Owner\Desktop\JustCloud_Installer.exe MSIL/MyPCBackup.D potentially unwanted application deleted
 
Is this the issue?


#6 buddy215

buddy215

  • Moderator
  • 13,397 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:16 AM

Posted 24 January 2016 - 03:52 PM

According to the web that is a program once named MyPC BACKUP...a program often bundled with free stuff.

 

Run these two scans and then let me know what problem still exists.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 EskiePal

EskiePal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 24 January 2016 - 04:40 PM

OK here's the adwcleaner text

 

# AdwCleaner v4.001 - Report created 24/01/2016 at 15:58:11
# DB v
# Updated 20/10/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Owner - RUTH
# Running from : C:\Users\Owner\Desktop\Geek Squad Support Tools\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16737
 
 
-\\ Google Chrome v48.0.2564.82
 
 
*************************
 
AdwCleaner[R0].txt - [5795 octets] - [25/10/2014 09:56:44]
AdwCleaner[R1].txt - [3763 octets] - [22/11/2014 14:08:13]
AdwCleaner[R2].txt - [3886 octets] - [14/02/2015 09:50:13]
AdwCleaner[R3].txt - [1158 octets] - [20/01/2016 17:50:41]
AdwCleaner[R4].txt - [1235 octets] - [24/01/2016 15:56:06]
AdwCleaner[S0].txt - [5959 octets] - [25/10/2014 10:01:06]
AdwCleaner[S1].txt - [3860 octets] - [22/11/2014 14:11:04]
AdwCleaner[S2].txt - [3864 octets] - [14/02/2015 09:55:34]
AdwCleaner[S3].txt - [1216 octets] - [20/01/2016 17:53:30]
AdwCleaner[S4].txt - [1150 octets] - [24/01/2016 15:58:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1210 octets] ##########
 
 
And here's the JRT text
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows Vista ™ Home Premium x86 
Ran by Owner (Limited) on Sun 01/24/2016 at 16:13:52.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 23 
 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\coupons (Folder) 
Successfully deleted: C:\Users\Owner\AppData\Local\{01CA6852-83AD-493E-8F04-B7A13F184CA4} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{765C6C08-3A4E-4F9E-9464-299330CE81C8} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\ysearchutil (Folder) 
Successfully deleted: C:\Users\Owner\AppData\Roaming\iobit\driver booster (Folder) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Program Files\coupons (Folder) 
Successfully deleted: C:\Program Files\GUT5DF8.tmp (File) 
Successfully deleted: C:\ProgramData\SPL20A0.tmp (File) 
Successfully deleted: C:\ProgramData\SPL253A.tmp (File) 
Successfully deleted: C:\ProgramData\SPL3D3B.tmp (File) 
Successfully deleted: C:\ProgramData\SPL4D4.tmp (File) 
Successfully deleted: C:\ProgramData\SPL4E21.tmp (File) 
Successfully deleted: C:\ProgramData\SPL5255.tmp (File) 
Successfully deleted: C:\ProgramData\SPLAC4D.tmp (File) 
Successfully deleted: C:\ProgramData\SPLC06A.tmp (File) 
Successfully deleted: C:\ProgramData\SPLFB8D.tmp (File) 
Successfully deleted: C:\ProgramData\SPLFE89.tmp (File) 
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4B01BAFL (Folder) 
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9SKX2AY4 (Folder) 
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBTNC48D (Folder) 
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU8P51R5 (Folder) 
 
 
 
Registry: 7 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\YahooAUService (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/24/2016 at 16:17:51.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 buddy215

buddy215

  • Moderator
  • 13,397 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:16 AM

Posted 24 January 2016 - 05:23 PM

Is the fan still behaving the same...and is the computer responding quicker?

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 EskiePal

EskiePal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 24 January 2016 - 05:35 PM

Yes Extension Blog This Microsoft Corporation C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
Yes Extension Messenger Companion (Ctrl+Shift+C) Microsoft Corporation C:\Program Files\Windows Live\Companion\companioncore.dll
No Extension Research Microsoft Corporation C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
No Extension Send to OneNote Microsoft Corporation C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
Yes Helper avast! Online Security AVAST Software C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
No Helper SingleInstance Class Yahoo! Inc C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
No Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
No Helper Windows Live Messenger Companion Helper Microsoft Corporation C:\Program Files\Windows Live\Companion\companioncore.dll
Yes App Gmail 8.1 Person 1 C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
Yes App Google Drive 14.1 Person 1 C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0
Yes App Google Search 0.0.0.60 Person 1 C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0
Yes App YouTube 4.2.8 Person 1 C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0
Yes Extension Ghostery 5.4.9 Person 1 C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.9_0
Yes Extension Google Docs 0.9 Person 1 C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0
Yes Extension Google Docs Offline 1.1 Person 1 C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_1
Yes Extension Google Sheets 1.1 Person 1 C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0
Yes Extension Google Slides 0.9 Person 1 C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineCore1d006a063dcf6ac Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HP Health Check Hewlett-Packard "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" /Scan
Yes Task HPCeeScheduleForOwner Hewlett-Packard C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe HPCeeScheduleForOwner (null)
Yes Task {1468EBA7-74F3-438B-90C8-53C2255EE112} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Desktop\sp42654.exe -d C:\Users\Owner\Desktop
Yes Task {438AAED4-39F5-4E7F-A63B-6B444B67E4EE} Microsoft Corporation C:\Windows\system32\pcalua.exe -a F:\netsetup.exe -d F:\
Yes Task {4FAE380B-0561-48D9-A252-805625862E80} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Downloads\sp43672.exe -d C:\Users\Owner\Downloads
 


#10 EskiePal

EskiePal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 24 January 2016 - 05:38 PM

The fan is calm and the resource monitor info under disk isn't disappearing when I check for info about viruses.



#11 buddy215

buddy215

  • Moderator
  • 13,397 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:16 AM

Posted 24 January 2016 - 05:52 PM

Looks like progress....thanks for posting that.

 

Please go back and read the instructions for posting the list of Windows Startups and the list of Installed Programs.

 

You've posted the lists for browser startups...which is okay....and the Scheduled Tasks.

 

Disable ALL Scheduled Tasks items. Use CCleaner by clicking on each and then choosing Disable on the right.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 EskiePal

EskiePal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 24 January 2016 - 06:06 PM

Sorry about that..

 

Here's the windows start ups

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes HKCU:Run WMPNSCFG Microsoft Corporation C:\Program Files\Windows Media Player\WMPNSCFG.exe
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run ArcSoft Connection Service ArcSoft Inc. C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Yes HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Yes HKLM:Run hpWirelessAssistant Hewlett-Packard Development Company, L.P. C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
Yes HKLM:Run lxdnmon.exe Lexmark International, Inc. "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
Yes HKLM:Run NvCplDaemon Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Yes HKLM:Run SynTPEnh Synaptics, Inc. C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
No HKLM:Run UpdateLBPShortCut CyberLink Corp. "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
No HKLM:Run UpdateP2GoShortCut CyberLink Corp. "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
No HKLM:Run UpdatePDIRShortCut CyberLink Corp. "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
No HKLM:Run UpdatePSTShortCut CyberLink Corp. "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
 
 
Here's the installed programs
 
ABBYY FineReader 6.0 Sprint ABBYY Software House 12/10/2010 116 MB 6.00.1990.41618
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 5/31/2009 14.0 MB
Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 1/20/2016 20.0.0.286
Adobe Reader X (10.1.16) Adobe Systems Incorporated 1/23/2016 10.1.16
Apple Application Support (32-bit) Apple Inc. 5/14/2015 95.4 MB 3.1.3
Apple Mobile Device Support Apple Inc. 5/14/2015 22.5 MB 8.1.1.3
Apple Software Update Apple Inc. 10/7/2012 2.38 MB 2.1.3.127
ArcSoft Print Creations ArcSoft 5/18/2011 64.8 MB 2.8.255.384
ArcSoft Print Creations - Album Page ArcSoft 5/18/2011 2.07 MB
ArcSoft Print Creations - Funhouse ArcSoft 5/18/2011 2.80 MB
ArcSoft Print Creations - Greeting Card ArcSoft 5/18/2011 1.16 MB
ArcSoft Print Creations - Photo Book ArcSoft 5/18/2011 1.25 MB
ArcSoft Print Creations - Photo Calendar ArcSoft 5/18/2011 3.90 MB
ArcSoft Print Creations - Scrapbook ArcSoft 5/18/2011 7.19 MB
ArcSoft Print Creations - Slimline Card ArcSoft 5/18/2011 1.03 MB
Atheros Driver Installation Program Atheros 1/23/2016 2.35 MB 5.2
Avast Free Antivirus AVAST Software 1/23/2016 433 MB 11.1.2245
Bonjour Apple Inc. 10/7/2012 1.02 MB 3.0.0.10
CCleaner Piriform 1/24/2016 9.31 MB 5.13
Cisco EAP-FAST Module Cisco Systems, Inc. 11/6/2012 1.15 MB 2.2.10
Cisco LEAP Module Cisco Systems, Inc. 11/6/2012 488 KB 1.0.16
Cisco PEAP Module Cisco Systems, Inc. 11/6/2012 924 KB 1.1.3
Compatibility Pack for the 2007 Office system Microsoft Corporation 1/18/2016 12.0.6612.1000
Conexant HD Audio Conexant 1/23/2016 1.28 MB 4.58.1.0
CyberLink DVD Suite CyberLink Corp. 4/20/2009 16.5 MB 6.0.2203
Google Chrome Google Inc. 1/20/2016 442 MB 48.0.2564.82
HDAUDIO Soft Data Fax Modem with SmartCP 5/31/2009 1.26 MB
HP Active Support Library Hewlett-Packard 4/20/2009 20.5 MB 3.1.9.1
HP Customer Experience Enhancements Hewlett-Packard 4/20/2009 0.98 MB 5.7.0.2664
HP DVD Play 3.7 Hewlett-Packard 5/31/2009 74.7 MB 3.7.0.5723
HP Help and Support Hewlett-Packard Company 10/31/2012 30.6 MB 2.1.3.0
HP Product Detection HP 10/31/2012 3.85 MB 11.14.0004
HP Quick Launch Buttons 6.40 H2 Hewlett-Packard 4/20/2009 16.3 MB 6.40 H2
HP Total Care Advisor Hewlett-Packard 4/20/2009 21.7 MB 2.4.4941.2798
HP Total Care Setup Hewlett-Packard Company 4/20/2009 1.1.1983.2818
HP Update Hewlett-Packard 11/22/2014 2.56 MB 5.005.002.002
HP User Guides 0118 Hewlett-Packard 4/20/2009 144 MB 1.01.0000
HP Wireless Assistant Hewlett-Packard 4/20/2009 3.85 MB 3.00 K2
iCloud Apple Inc. 12/30/2014 112 MB 2.1.3.25
Juno Preloader Juno, Inc. 4/20/2009 1.99 MB 1.0.0
LabelPrint CyberLink Corp. 4/20/2009 241 MB 2.5.0926
Lexmark 2600 Series Lexmark International, Inc. 12/10/2010 133 MB
Lexmark Tools for Office 12/10/2010 312 KB 1.24.0.0
LightScribe System Software  1.14.17.1 LightScribe 5/31/2009 21.0 MB 1.14.17.1
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 1/20/2016 47.3 MB 2.2.0.1024
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 1/20/2016 27.8 MB
Microsoft .NET Framework 4.5.2 Microsoft Corporation 1/20/2016 251 MB 4.5.51209
Microsoft Office File Validation Add-In Microsoft Corporation 5/23/2014 14.0.5130.5003
Microsoft Office Home and Student 2007 Microsoft Corporation 11/2/2012 341 MB 12.0.6612.1000
Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Corporation 1/18/2016 12.0.6612.1000
Microsoft Silverlight Microsoft Corporation 1/18/2016 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2/13/2015 1.74 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11/2/2012 293 KB 8.0.56336
Microsoft Works Microsoft Corporation 11/2/2012 9.7.0621
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 7/1/2009 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 12/2/2009 1.33 MB 4.20.9876.0
muvee Reveal muvee Technologies Pte Ltd 5/31/2009 152 MB 7.0.35.6951
My HP Games WildTangent 5/31/2009 170 MB 1.0.0.62
NetWaiting BVRP Software, Inc 5/31/2009 5.23 MB 2.5.52
NetZero Preloader NetZero, Inc. 4/20/2009 2.07 MB 1.0.0
NirSoft BlueScreenView 11/5/2012 148 KB
NVIDIA Drivers NVIDIA Corporation 1/23/2016 3.28 GB 1.5
Power2Go CyberLink Corp. 4/20/2009 164 MB 6.0.2202
PowerDirector CyberLink Corp. 4/20/2009 467 MB 7.0.2201
PowerTools Lite 2013 Macecraft Software 11/23/2014 11.4 MB
QuickTime 7 Apple Inc. 5/14/2015 70.3 MB 7.76.80.95
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 5/31/2009 6.60 MB 6.0.6000.20133
Revo Uninstaller 1.95 VS Revo Group 10/25/2014 6.62 MB 1.95
Skype™ 7.18 Skype Technologies S.A. 1/23/2016 79.7 MB 7.18.109
SPORE Creature Creator Trial Edition Electronic Arts 5/31/2009 1.85 MB 1.00.0000
SUPERAntiSpyware SUPERAntiSpyware.com 11/22/2014 9.37 MB 6.0.1164
Synaptics Pointing Device Driver Synaptics 5/31/2009 14.0 MB 11.1.3.0
Windows Driver Kit Microsoft Corporation 11/5/2012 960 KB 8.59.25584
Windows Live Essentials Microsoft Corporation 2/13/2015 15.4.3555.0308
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 2/13/2015 5.57 MB 15.4.5722.2
Yahoo! Install Manager 7/6/2009 28.7 MB
Yahoo! Internet Mail 7/6/2009 28.7 MB
Yahoo! Search Protection 7/6/2009 524 KB
Yahoo! Software Update 7/6/2009 692 KB


#13 EskiePal

EskiePal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 24 January 2016 - 06:10 PM

Unable to disable 2 scheduled tasks.  Error 'the system cannot find the file specified'

 

No Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
No Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
No Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
No Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineCore1d006a063dcf6ac Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
No Task HP Health Check Hewlett-Packard "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" /Scan
No Task HPCeeScheduleForOwner Hewlett-Packard C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe HPCeeScheduleForOwner (null)
No Task {1468EBA7-74F3-438B-90C8-53C2255EE112} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Desktop\sp42654.exe -d C:\Users\Owner\Desktop
No Task {438AAED4-39F5-4E7F-A63B-6B444B67E4EE} Microsoft Corporation C:\Windows\system32\pcalua.exe -a F:\netsetup.exe -d F:\
No Task {4FAE380B-0561-48D9-A252-805625862E80} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Downloads\sp43672.exe -d C:\Users\Owner\Downloads


#14 buddy215

buddy215

  • Moderator
  • 13,397 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:16 AM

Posted 24 January 2016 - 06:40 PM

Uninstall these programs: I see you have Revo so you can use that or use CCleaner.

PowerTools Lite 2013 Macecraft Software 11/23/2014 11.4 MB

Yahoo! Install Manager 7/6/2009 28.7 MB
Yahoo! Internet Mail 7/6/2009 28.7 MB
Yahoo! Search Protection 7/6/2009 524 KB
Yahoo! Software Update 7/6/2009 692 KB
 
Disable these Windows Startups: Use CCleaner by clicking on each item and then choose Disable on the right
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes HKCU:Run WMPNSCFG Microsoft Corporation C:\Program Files\Windows Media Player\WMPNSCFG.exe
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run ArcSoft Connection Service ArcSoft Inc. C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

Yes HKLM:Run lxdnmon.exe Lexmark International, Inc. "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"

 

No file...no task...no problem

 

After performing the above and rebooting....any problem noted?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 EskiePal

EskiePal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 24 January 2016 - 08:08 PM

Everything looks good here.  

 

Thanks so much for helping me today..that's a big deal!!  :thumbup2:  :thumbup2:  :thumbup2:  :thumbup2:  :thumbup2:

 

Have a great day!! :)  :smilers:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users