Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pix.impdesk


  • Please log in to reply
15 replies to this topic

#1 EddieLizzard

EddieLizzard

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 01 February 2016 - 03:59 PM

Hi all,

 

When using Google this evening I couldn't go back to the previous page, and when right clicking on the back arrow noticed an address relating to pix.impdesk.  I have no knowledge of this.  Is this a problem and if so how do I resolve it?

 

Thanks.


Edited by Chris Cosgrove, 01 February 2016 - 04:24 PM.
Moved to 'Am I infected'


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:44 PM

Posted 01 February 2016 - 09:18 PM

Welcome to BC...

 

Use the programs below to cleanup and remove adware and malware including pix.impdesk.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 EddieLizzard

EddieLizzard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 08 February 2016 - 02:07 PM

Here's the log - in two parts because I messed up first time!

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 08/02/2016
Scan Time: 18:04
Logfile: log 1.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.08.03
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 59878
Time Elapsed: 5 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.MindSpark, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, 6040, Delete-on-Reboot, [59ea2c32346513230d832b68c73b02fe]

Modules: 0
(No malicious items detected)

Registry Keys: 18
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{14d02517-c8be-4735-a344-3c8366c77aa0}, Quarantined, [59ea2c32346513230d832b68c73b02fe],
PUP.Optional.MindSpark, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, Quarantined, [59ea2c32346513230d832b68c73b02fe],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{14D02517-C8BE-4735-A344-3C8366C77AA0}, Quarantined, [59ea2c32346513230d832b68c73b02fe],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{14D02517-C8BE-4735-A344-3C8366C77AA0}, Quarantined, [59ea2c32346513230d832b68c73b02fe],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{14D02517-C8BE-4735-A344-3C8366C77AA0}, Quarantined, [59ea2c32346513230d832b68c73b02fe],
PUP.Optional.MindSpark, HKU\S-1-5-21-685160351-2209658244-3524408110-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{14D02517-C8BE-4735-A344-3C8366C77AA0}, Quarantined, [59ea2c32346513230d832b68c73b02fe],
PUP.Optional.MindSpark, HKU\S-1-5-21-685160351-2209658244-3524408110-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{14D02517-C8BE-4735-A344-3C8366C77AA0}, Quarantined, [59ea2c32346513230d832b68c73b02fe],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{af94b35c-3ac5-4030-9f9c-15fb4e3dc339}, Quarantined, [6ad99bc38d0c5dd98b33dbb9e71b0df3],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AF94B35C-3AC5-4030-9F9C-15FB4E3DC339}, Quarantined, [6ad99bc38d0c5dd98b33dbb9e71b0df3],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AF94B35C-3AC5-4030-9F9C-15FB4E3DC339}, Quarantined, [6ad99bc38d0c5dd98b33dbb9e71b0df3],
PUP.Optional.MindSpark, HKU\S-1-5-21-685160351-2209658244-3524408110-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{AF94B35C-3AC5-4030-9F9C-15FB4E3DC339}, Quarantined, [6ad99bc38d0c5dd98b33dbb9e71b0df3],
PUP.Optional.MindSpark, HKU\S-1-5-21-685160351-2209658244-3524408110-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AF94B35C-3AC5-4030-9F9C-15FB4E3DC339}, Quarantined, [6ad99bc38d0c5dd98b33dbb9e71b0df3],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{b1df253a-9e7a-480d-b6a5-7a435b520dbb}, Quarantined, [82c10d5155447abc269c61335da51be5],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B1DF253A-9E7A-480D-B6A5-7A435B520DBB}, Quarantined, [82c10d5155447abc269c61335da51be5],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B1DF253A-9E7A-480D-B6A5-7A435B520DBB}, Quarantined, [82c10d5155447abc269c61335da51be5],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B1DF253A-9E7A-480D-B6A5-7A435B520DBB}, Quarantined, [82c10d5155447abc269c61335da51be5],
PUP.Optional.MindSpark, HKU\S-1-5-21-685160351-2209658244-3524408110-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B1DF253A-9E7A-480D-B6A5-7A435B520DBB}, Quarantined, [82c10d5155447abc269c61335da51be5],
PUP.Optional.MindSpark, HKU\S-1-5-21-685160351-2209658244-3524408110-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B1DF253A-9E7A-480D-B6A5-7A435B520DBB}, Quarantined, [82c10d5155447abc269c61335da51be5],

Registry Values: 6
PUP.Optional.MindSpark, HKU\S-1-5-21-685160351-2209658244-3524408110-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{AF94B35C-3AC5-4030-9F9C-15FB4E3DC339}, \³”¯Å:0@Ÿœ ûN=Ã9, Quarantined, [6ad99bc38d0c5dd98b33dbb9e71b0df3]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{AF94B35C-3AC5-4030-9F9C-15FB4E3DC339}, Quarantined, [6ad99bc38d0c5dd98b33dbb9e71b0df3],
PUP.Optional.MindSpark, HKU\S-1-5-21-685160351-2209658244-3524408110-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{AF94B35C-3AC5-4030-9F9C-15FB4E3DC339}, Quarantined, [2a19f8667a1ff343c1fdeba9ab57fc04],
PUP.Optional.MindSpark, HKU\S-1-5-21-685160351-2209658244-3524408110-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{8040829d-1177-46e2-9157-8282438b79c7}, Quarantined, [b88b0f4fdebb063092dbc2d27c8654ac],
PUP.Optional.MindSpark, HKU\S-1-5-21-685160351-2209658244-3524408110-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{8040829D-1177-46E2-9157-8282438B79C7}, Quarantined, [b88b0f4fdebb063092dbc2d27c8654ac],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{af94b35c-3ac5-4030-9f9c-15fb4e3dc339}, Quarantined, [73d009556039a690b80696febc46b848],

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.MindSpark, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Delete-on-Reboot, [59ea2c32346513230d832b68c73b02fe],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 08/02/2016
Scan Time: 18:14
Logfile: log 2.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.08.03
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352776
Time Elapsed: 30 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{20C72C4C-20B3-433C-A899-5B7A0CEA0DDE}, Quarantined, [ab98d48a8a0f31054610a940ef14f709],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2263BE11-ACB7-49D9-8313-6B1D5CC42FAA}, Quarantined, [b09386d8fe9b300674e206e3a45f7d83],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3E256749-36D6-4BF9-8713-80C97CA7CAE9}, Quarantined, [0d365a04a7f2ba7ccb8bd910a06320e0],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6372C122-1E82-494A-9D5A-DE31ED303036}, Quarantined, [ff447ee05b3e8da95cfa38b17b889c64],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{768AF043-5C5B-408B-A3E0-671B60E3FCD3}, Quarantined, [db6881dd2376b77fc29441a8c53ebe42],

Registry Values: 6
PUP.Optional.MindSpark, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MyWebFace Home Page Guard 64 bit, "C:\PROGRA~2\MYWEBF~2\bar\1.bin\APPINT~2.EXE", Quarantined, [f05387d7cacf57df9708398bb94ae719]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{20c72c4c-20b3-433c-a899-5b7a0cea0dde}|AppPath, C:\Program Files (x86)\MyWebFace_5a\bar\1.bin, Quarantined, [ab98d48a8a0f31054610a940ef14f709]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2263be11-acb7-49d9-8313-6b1d5cc42faa}|AppPath, C:\Program Files (x86)\MyWebFace_5a\bar\1.bin, Quarantined, [b09386d8fe9b300674e206e3a45f7d83]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3e256749-36d6-4bf9-8713-80c97ca7cae9}|AppPath, C:\Program Files (x86)\MyWebFace_5a\bar\1.bin, Quarantined, [0d365a04a7f2ba7ccb8bd910a06320e0]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6372c122-1e82-494a-9d5a-de31ed303036}|AppPath, C:\Program Files (x86)\MyWebFace_5a\bar\1.bin, Quarantined, [ff447ee05b3e8da95cfa38b17b889c64]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{768af043-5c5b-408b-a3e0-671b60e3fcd3}|AppPath, C:\Program Files (x86)\MyWebFace_5a\bar\1.bin, Quarantined, [db6881dd2376b77fc29441a8c53ebe42]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.MindSpark, C:\Users\owner\AppData\LocalLow\MyWebFace_5aEI, Quarantined, [de659fbf8e0b2313facd6c6510f29d63],
PUP.Optional.MindSpark, C:\Users\owner\AppData\LocalLow\MyWebFace_5aEI\Installr, Quarantined, [de659fbf8e0b2313facd6c6510f29d63],
PUP.Optional.MindSpark, C:\Users\owner\AppData\LocalLow\MyWebFace_5aEI\Installr\Cache, Quarantined, [de659fbf8e0b2313facd6c6510f29d63],

Files: 1
PUP.Optional.MindSpark, C:\Users\owner\AppData\LocalLow\MyWebFace_5aEI\Installr\Cache\files.ini, Quarantined, [de659fbf8e0b2313facd6c6510f29d63],

Physical Sectors: 0
(No malicious items detected)

(end)



#4 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:44 PM

Posted 08 February 2016 - 02:19 PM

One down....three scans to go. Please continue.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 EddieLizzard

EddieLizzard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 08 February 2016 - 02:23 PM

Adwcleaner

 

# AdwCleaner v5.033 - Logfile created 08/02/2016 at 19:18:41
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : owner - HP
# Running from : C:\Users\owner\AppData\Local\Microsoft\Windows\INetCache\IE\22EFVEMF\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [781 bytes] ##########



#6 EddieLizzard

EddieLizzard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 08 February 2016 - 02:29 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 x64
Ran by owner (Administrator) on 08/02/2016 at 19:25:50.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 0

 

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16} (Registry Key)

 



#7 EddieLizzard

EddieLizzard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 08 February 2016 - 04:30 PM

No infections found by eset.

 

Thanks.



#8 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:44 PM

Posted 08 February 2016 - 04:50 PM

Last Check: Post the Windows Startups, Scheduled Tasks and Installed Programs using the instructions below.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 EddieLizzard

EddieLizzard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 08 February 2016 - 05:29 PM

Start up

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run MyDriveConnect.exe TomTom "C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe"
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
No HKCU:Run Power2GoExpress8 CyberLink Corp. "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
Yes HKCU:Run SocialSafe.Helper  C:\Program Files (x86)\SocialSafe\SocialSafe files\native-helpers\SocialSafe.Helper.exe "C:\Users\owner\AppData\Roaming\com.1minus1.socialsafe.D675411CF670AA3EFAC13BDD847989BEDE2115E2.1\Local Store\native-helpers\tasks.json"
No HKCU:Run Sony PC Companion Sony "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
Yes HKLM:Run AccelerometerSysTrayApplet Hewlett-Packard Company C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
No HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run HotKeysCmds  "C:\Windows\system32\hkcmd.exe"
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
Yes HKLM:Run IgfxTray Intel Corporation - pGFX "C:\Windows\system32\igfxtray.exe"
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run Persistence  "C:\Windows\system32\igfxpers.exe"
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run Windows Mobile Device Center Microsoft Corporation %windir%\WindowsMobile\wmdc.exe
Yes HKLM:Run YouCam Service CyberLink Corp. "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
No Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

 

Scheduled Tasks

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run MyDriveConnect.exe TomTom "C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe"
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
No HKCU:Run Power2GoExpress8 CyberLink Corp. "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
Yes HKCU:Run SocialSafe.Helper  C:\Program Files (x86)\SocialSafe\SocialSafe files\native-helpers\SocialSafe.Helper.exe "C:\Users\owner\AppData\Roaming\com.1minus1.socialsafe.D675411CF670AA3EFAC13BDD847989BEDE2115E2.1\Local Store\native-helpers\tasks.json"
No HKCU:Run Sony PC Companion Sony "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
Yes HKLM:Run AccelerometerSysTrayApplet Hewlett-Packard Company C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
No HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run HotKeysCmds  "C:\Windows\system32\hkcmd.exe"
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
Yes HKLM:Run IgfxTray Intel Corporation - pGFX "C:\Windows\system32\igfxtray.exe"
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run Persistence  "C:\Windows\system32\igfxpers.exe"
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run Windows Mobile Device Center Microsoft Corporation %windir%\WindowsMobile\wmdc.exe
Yes HKLM:Run YouCam Service CyberLink Corp. "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
No Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

 

Programs

7-Zip 9.20 (x64 edition) Igor Pavlov 22/07/2013 4.53 MB 9.20.00.0
Adobe Flash Player 18 NPAPI Adobe Systems Incorporated 17/07/2015 17.6 MB 18.0.0.209
Adobe Reader XI (11.0.13) Adobe Systems Incorporated 14/10/2015 186 MB 11.0.13
Adobe Shockwave Player 12.0 Adobe Systems, Inc. 29/09/2014  12.0.2.122
Apple Application Support Apple Inc. 13/12/2014 95.2 MB 3.1
Apple Mobile Device Support Apple Inc. 13/12/2014 22.2 MB 8.0.5.6
Apple Software Update Apple Inc. 30/12/2013 2.38 MB 2.1.3.127
BBC iPlayer Downloads BBC 18/05/2014 47.4 MB 1.7.4
Bonjour Apple Inc. 10/10/2013 2.00 MB 3.0.0.10
Box for Windows 8 Box, Inc. 15/11/2015  2.1.4.4
CCleaner Piriform 08/02/2016  5.14
CyberLink LabelPrint CyberLink Corp. 09/02/2014 280 MB 2.5.5.6902
CyberLink Media Suite 10 CyberLink Corp. 09/02/2014 61.0 MB 10.0.5.3606
Cyberlink PhotoDirector CyberLink Corp. 10/10/2013 219 MB 3.0.2.4128
CyberLink Power2Go 8 CyberLink Corp. 09/02/2014 405 MB 8.0.5.3416
CyberLink PowerDirector 10 CyberLink Corp. 10/10/2013 615 MB 10.0.4.3021
CyberLink PowerDVD 12 CyberLink Corp. 09/02/2014 309 MB 12.0.2.3305
CyberLink YouCam CyberLink Corp. 10/10/2013 278 MB 5.0.1.2922
eBay eBay, Inc 05/11/2014  1.6.0.34
Energy Star Hewlett-Packard Company 10/10/2013 5.56 MB 1.0.9
Games Microsoft Corporation 29/09/2014  2.0.139.0
Getting Started with Windows 8 Hewlett-Packard Company 09/03/2015  1.6.0.0
HP 3D DriveGuard Hewlett-Packard Company 09/02/2014 1.60 MB 6.0.15.1
HP AiO Printer Remote Hewlett-Packard Company 11/06/2015  55.1.43.0
HP Connected Music (Meridian - installer) Meridian Audio Ltd 29/09/2014 605 KB 1.0
HP Connected Music (Meridian - player) Meridian Audio Ltd 29/09/2014 24.2 MB 1.1 (build 99) hp
HP CoolSense Hewlett-Packard Company 09/02/2014 10.9 MB 2.20.21
HP Deskjet 2540 series Basic Device Software Hewlett-Packard Co. 29/06/2014 154 MB 32.0.1180.44630
HP Deskjet 2540 series Help Hewlett Packard 29/06/2014 6.69 MB 30.0.0
HP Documentation Hewlett-Packard 10/10/2013 255 MB 1.1.0.0
HP FWUpdateEDO2 Hewlett-Packard 06/07/2014 1.53 MB 1.2.0.0
HP Games Hewlett-Packard Company 29/09/2014  1.0.0.50
HP Photo Creations HP 29/09/2014 14.6 MB 1.0.0.7702
HP Quick Start Hewlett-Packard 10/10/2013 1.67 MB 1.0.4660.30220
HP Registration Hewlett-Packard Company 28/11/2014  1.2.1.166
HP Registration Service Hewlett-Packard 10/10/2013 29.5 MB 1.2.6838.4521
HP Scan and Capture Hewlett-Packard Company 15/12/2015  40.0.245.0
HP Support Assistant Hewlett-Packard Company 22/07/2013 80.2 MB 7.2.23.56
HP System Event Utility Hewlett-Packard Company 09/02/2014 5.86 MB 1.0.10
HP Update Hewlett-Packard 29/06/2014 4.04 MB 5.005.002.002
HP Utility Center Hewlett-Packard Company 10/10/2013 4.77 MB 2.2.2
HP Wireless Button Driver Hewlett-Packard Company 09/02/2014 733 KB 1.1.2.1
Intel® Management Engine Components Intel Corporation 22/07/2013  9.5.3.1520
Intel® Processor Graphics Intel Corporation 29/09/2014  10.18.10.3907
Intel® Rapid Storage Technology Intel Corporation 10/10/2013  12.6.0.1033
Intel® SDK for OpenCL - CPU Only Runtime Package Intel Corporation 10/10/2013  3.0.0.66956
iTunes Apple Inc. 13/12/2014 245 MB 12.0.1.26
Knowhow Cloud Livedrive 10/10/2015  2.2.0.7
KnowHow ReadMe Dixons Retail 20/12/2013 1.61 MB 1.00.0000
Mail, Calendar and People  03/07/2015  
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 08/02/2016 66.1 MB 2.2.0.1024
Maps Microsoft Corporation 10/10/2014  2.1.3230.2048
Microsoft Office Home and Student 2013 - en-us Microsoft Corporation 22/01/2016  15.0.4787.1002
Microsoft OneDrive Microsoft Corporation 15/12/2015 37.6 MB 17.3.6281.1202
Microsoft Silverlight Microsoft Corporation 17/01/2016 348 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 22/07/2013 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10/10/2013 4.84 MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10/10/2013 8.85 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10/10/2013 8.69 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 31/12/2013 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 13/02/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 13/02/2015 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 20/02/2015 20.5 MB 11.0.61030.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 13/02/2015  10.0.50903
Mozilla Firefox 41.0.2 (x86 en-GB) Mozilla 08/11/2015 85.4 MB 41.0.2
Mozilla Maintenance Service Mozilla 08/11/2015 214 KB 41.0.2.5765
MSN Food & Drink Microsoft Corporation 19/07/2015  3.0.4.336
MSN Health & Fitness Microsoft Corporation 19/07/2015  3.0.4.336
MSN Money Microsoft Corporation 19/07/2015  3.0.4.336
MSN News Microsoft Corporation 19/07/2015  3.0.4.336
MSN Sport Microsoft Corporation 19/07/2015  3.0.4.336
MSN Travel Microsoft Corporation 19/07/2015  3.0.4.336
MSN Weather Microsoft Corporation 25/10/2015  3.0.4.337
Music Microsoft Corporation 14/03/2015  2.6.672.0
MyDriveConnect 4.0.4.2260 TomTom 19/08/2015  4.0.4.2260
OneNote Microsoft Corporation 24/07/2015  16.0.3327.1048
PC VGA Camera PC Camera 28/11/2014 15.4 MB 1.0.2.13
Product Improvement Study for HP Deskjet 2540 series Hewlett-Packard Co. 29/06/2014 9.57 MB 32.0.1180.44630
Reader Microsoft Corporation 10/08/2015  6.4.9926.17994
Realtek Card Reader Realtek Semiconductor Corp. 10/10/2013  1.1.9200.15
Realtek Ethernet Controller Driver Realtek 10/10/2013  8.15.410.2013
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 29/09/2014  6.0.1.6923
REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 10/10/2013  1.00.12.0906
Snapfish HP Inc. 15/11/2015  5.4.2.2
Sony Mobile Update Engine Sony Mobile Communications Inc. 07/12/2015  2.15.16.201511171525
Sony PC Companion 2.10.303 Sony 17/12/2015 21.7 MB 2.10.303
Synaptics Pointing Device Driver Synaptics Incorporated 29/09/2014 46.4 MB 16.5.3.3
Video Microsoft Corporation 07/11/2015  2.6.446.0
Visual Studio 2012 x64 Redistributables AVG Technologies 17/11/2014 12.9 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 17/11/2014 10.5 MB 14.0.0.1
Visual Studio C++ 10.0 Runtime TomTom International B.V. 27/05/2015 8.00 KB 10.0.0
WildTangent Games WildTangent 29/09/2014  1.0.4.0
Windows Alarms Microsoft Corporation 29/09/2014  6.3.9654.20335
Windows Calculator Microsoft Corporation 29/09/2014  6.3.9600.20278
Windows Help+Tips Microsoft Corporation 10/10/2014  6.3.9654.20559
Windows Live Essentials Microsoft Corporation 22/07/2013  16.4.3505.0912
Windows Mobile Device Center Microsoft Corporation 23/05/2015 27.4 MB 6.1.6965.0
Windows Reading List Microsoft Corporation 14/08/2015  6.3.9654.20947
Windows Scan Microsoft Corporation 05/11/2014  6.3.9654.17133
Windows Sound Recorder Microsoft Corporation 29/09/2014  6.3.9600.20280
YouCam for HP CYBERLINKCOM CORP 10/10/2014  1.0.2.29632

 

 

 



#10 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:44 PM

Posted 08 February 2016 - 06:09 PM

You posted the Windows Startups twice with one labeled Scheduled Tasks...:)

 

Disable these Windows Startups: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run SocialSafe.Helper  C:\Program Files (x86)\SocialSafe\SocialSafe files\native-helpers\SocialSafe.Helper.exe "C:\Users\owner\AppData\Roaming\com.1minus1.socialsafe.D675411CF670AA3EFAC13BDD847989BEDE2115E2.1\Local Store\native-helpers\tasks.json"

Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
Yes HKLM:Run IgfxTray Intel Corporation - pGFX "C:\Windows\system32\igfxtray.exe"

 

 Uninstall these programs:

Adobe Flash Player 18 NPAPI Adobe Systems Incorporated 17/07/2015 17.6 MB 18.0.0.209 (Or update...old Flash is a malware magnet)

Adobe Reader XI (11.0.13) Adobe Systems Incorporated 14/10/2015 186 MB 11.0.13 (Or update...Firefox has its own PDF reader)

eBay eBay, Inc 05/11/2014  1.6.0.34

Mozilla Firefox 41.0.2 (x86 en-GB) Mozilla 08/11/2015 85.4 MB 41.0.2 (Or update to 44)

Product Improvement Study for HP Deskjet 2540 series Hewlett-Packard Co. 29/06/2014 9.57 MB 32.0.1180.44630

WildTangent Games WildTangent 29/09/2014  1.0.4.0 (Unless you actually play these games....adware possible)

 

To update flash and other Firefox plugins....open Firefox > Tools > Add-ons > Plugins > Check for updates


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 EddieLizzard

EddieLizzard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 09 February 2016 - 12:33 PM

Done.  Are there any other actions to take?



#12 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:44 PM

Posted 09 February 2016 - 02:14 PM

Yes, please post the list of Scheduled Tasks


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#13 EddieLizzard

EddieLizzard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 10 February 2016 - 06:27 PM

Here we go - scheduled tasks

 

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask Microsoft Corporation C:\Windows\BrowserChoice\browserchoice.exe /launch
Yes Task HPCustParticipation HP Deskjet 2540 series Hewlett-Packard Co. "C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe" /UA 12.5 /DDV 0x0b00
Yes Task Microsoft OneDrive Auto Update Task-S-1-5-21-685160351-2209658244-3524408110-1001 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDrive.exe
Yes Task Optimize Start Menu Cache Files-S-1-5-21-685160351-2209658244-3524408110-1001  
Yes Task Optimize Start Menu Cache Files-S-1-5-21-685160351-2209658244-3524408110-500  
Yes Task Synaptics TouchPad Enhancements Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
 



#14 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:44 PM

Posted 10 February 2016 - 06:57 PM

Disable these Scheduled Tasks:

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask Microsoft Corporation C:\Windows\BrowserChoice\browserchoice.exe /launch
Yes Task HPCustParticipation HP Deskjet 2540 series Hewlett-Packard Co. "C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe" /UA 12.5 /DDV 0x0b00

Yes Task Optimize Start Menu Cache Files-S-1-5-21-685160351-2209658244-3524408110-1001  
Yes Task Optimize Start Menu Cache Files-S-1-5-21-685160351-2209658244-3524408110-500

 

Is the computer performing up to par or not?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#15 EddieLizzard

EddieLizzard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 12 February 2016 - 10:19 AM

Thanks for your help.  Laptop now performing up to expectations!

 

Much appreciated.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users