Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected?


  • Please log in to reply
14 replies to this topic

#1 jrdaub89

jrdaub89

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 10 February 2016 - 08:50 AM

I was recommended to post here by usasma about my machine. I recently tried running GMER and when I do i get a BSOD. I was informed by usasma that the cause of the stop was axryqpow.sys which I have no idea what file this is. Any help is appreciated and if you need more info let me know please. Thanks.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 AM

Posted 10 February 2016 - 09:25 AM

See what the two programs below can find and remove. If you are unable to install and complete a scan using them then

follow the directions for starting a new topic in the Malware Removal forum.

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 jrdaub89

jrdaub89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 10 February 2016 - 02:38 PM

Here is the MBAM Log:

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/10/2016
Scan Time: 9:38 AM
Logfile: MBAMSCAN.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.10.03
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Jeremy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 455054
Time Elapsed: 36 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.SimpleMediaPlayer, C:\Program Files (x86)\Simple Media, Quarantined, [c94293cc623742f4b01251fb7193d52b], 
PUP.Optional.SimpleMediaPlayer, C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Media, Quarantined, [7794e27db1e8c96dd1d295534db59d63], 
 
Files: 1
PUP.Optional.SimpleMediaPlayer, C:\Program Files (x86)\Simple Media\Simple Media.url, Quarantined, [c94293cc623742f4b01251fb7193d52b], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
And the ESET Scan:
C:\GEGeek_Toolkit\ProgramFiles\AV Uninstallers\AV Uninstall Tools\Tools\ZoneAlarm\Uninstall Tool\clean.exe Win32/Toolbar.Conduit potentially unwanted application deleted
C:\GEGeek_Toolkit\ProgramFiles\System Tools\Unlocker\Unlocker.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application deleted
C:\Users\%Username%\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VCSUFWX8\b4b64cda6a44d2df[1].htm HTML/Iframe.B trojan deleted
C:\Users\%Username%\Desktop\ISOs\Hiren's.BootCD.15.2.iso a variant of Win32/Adware.SpeedingUpMyPC.AM application deleted
C:\Users\%Username%\Desktop\Security+\Lab Projects\Chapter 2\Keylogger\shadow keylogger for USB.zip Win32/KeyLogger.ShadowKeylogger.B application deleted
 


#4 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 AM

Posted 10 February 2016 - 03:06 PM

Eset found some malicious malware on your computer. One......HTML/Iframe.B trojan........"Microsoft says This threat can perform a number of actions of a malicious hacker's choice on your PC".

Another is a keylogger. I think you know what that is.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 jrdaub89

jrdaub89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 10 February 2016 - 05:34 PM

Here is the ADWCleaner log:

 

# AdwCleaner v5.033 - Logfile created 10/02/2016 at 17:21:25
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Jeremy - JEREMY-PC
# Running from : C:\Users\Jeremy\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\SpaceSoundPro
[-] Folder Deleted : C:\ProgramData\28341ff220e0446c9fff27c4493d622e
[-] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip
[-] Folder Deleted : C:\Users\Jeremy\AppData\Local\TVTime
[-] Folder Deleted : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : start.mysearchdial.com
[-] [C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : netscape-browser.en.softonic.com
[-] [C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3320047&octid=EB_ORIGINAL_CTID&ISID=M4A56D2D6-6ACC-4E2A-A2D4-CBA18C7F1301&SearchSource=55&CUI=&UM=6&UP=SP1807A433-DD13-4115-BD6C-6482EB78CB4A&SSPV=
[-] [C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hfmkllfplegemejikoabfpjdaoncphip
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : start.mysearchdial.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : netscape-browser.en.softonic.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3320047&octid=EB_ORIGINAL_CTID&ISID=M4A56D2D6-6ACC-4E2A-A2D4-CBA18C7F1301&SearchSource=55&CUI=&UM=6&UP=SP1807A433-DD13-4115-BD6C-6482EB78CB4A&SSPV=
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hfmkllfplegemejikoabfpjdaoncphip
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3037 bytes] ##########
 
 
and here is the JRT log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Pro x64 
Ran by Jeremy (Administrator) on Wed 02/10/2016 at 17:28:32.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 8 
 
Successfully deleted: C:\ProgramData\thunder network (Folder) 
Successfully deleted: C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File) 
Successfully deleted: C:\Users\Jeremy\AppData\Local\yuntnani (Folder) 
Successfully deleted: C:\Users\Jeremy\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\Users\Jeremy\AppData\Roaming\3909 (Folder) 
Successfully deleted: C:\Users\Public\thunder network (Folder) 
Successfully deleted: C:\WINDOWS\prefetch\DRIVERTALENT.EXE-6A2F7FEB.pf (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/10/2016 at 17:31:16.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 AM

Posted 10 February 2016 - 06:44 PM

Is axryqpow.sys still in your system files?

 

Did you know there was a keylogger on your computer? I should also ask if you know that a keylogger can capture every thing done on that computer

and send info such credit card, banking, passwords, screen names, etc to whoever installed the keylogger?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 jrdaub89

jrdaub89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 10 February 2016 - 08:04 PM

I'll have to double check. I'm at work right now so I'll put up a post in a few hours. Also I should've mentioned,and I for, this is my computer I use in my security+ course and we had downloaded spyrix to see what keyloggers do.

#8 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 AM

Posted 10 February 2016 - 08:43 PM

Thanks for explaining that...I kinda thought you may have installed it.

 

When you have the time...do this:

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


Edited by buddy215, 10 February 2016 - 08:47 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 jrdaub89

jrdaub89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 11 February 2016 - 08:39 AM

Windows Startup Log:

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Eqcption Microsoft Corporation regsvr32.exe C:\Users\Jeremy\AppData\Local\Eqcption\S32CtrlEnum.dll
Yes HKCU:Run GameJoltClient Lucent Web Creative, LLC "C:\Users\Jeremy\AppData\Local\GameJoltClient\app-0.2.0\GameJoltClient.exe" --silent-start
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Jeremy\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes HKCU:Run Usfnmedia Microsoft Corporation C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jeremy\AppData\Local\Ohnmics\lgblappr.dll
Yes HKCU:Run uTorrent BitTorrent Inc. "C:\Users\Jeremy\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
Yes HKCU:RunOnce Uninstall C:\Users\Jeremy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jeremy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
Yes HKLM:Run AcronisTibMounterMonitor Acronis C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run DiscWizardMonitor.exe Seagate "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"
Yes HKLM:Run DriveTheLife2013 Drive The Life Co., Ltd. "C:\Program Files (x86)\DTLSoft\DriveTheLife\DriveTheLife.exe" /start
Yes HKLM:Run IAStorIcon Intel Corporation "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
Yes HKLM:Run Seagate Scheduler2 Service Seagate "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
Yes HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run SystemExplorerAutoStart Mister Group "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
Yes Startup Common Wireless Configuration Utility.lnk TODO: <Company name> C:\Program Files\TRENDnet\TEW-703PI_TEW-703PIL\WlanCU.exe
Yes Startup User MEGAsync.lnk Mega Limited C:\Users\Jeremy\AppData\Local\MEGAsync\MEGAsync.exe
Yes Startup User Rainmeter.lnk Open Source Developer, Rainmeter C:\Program Files\Rainmeter\Rainmeter.exe
 
Scheduled Tasks Startup:
 
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Microsoft Office 15 Sync Maintenance for JEREMY-PC-Jeremy Jeremy-PC Microsoft Corporation C:\Program Files\Microsoft Office\Office15\MsoSync.exe
 
Program List:
 
3D Builder Microsoft Corporation 12/14/2015 10.10.38.0
7-Zip 15.08 beta (x64) Igor Pavlov 11/24/2015 4.68 MB 15.08
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 2/10/2016 8.40 MB 20.0.0.306
Adobe Shockwave Player 12.2 Adobe Systems, Inc. 2/1/2016 8.82 MB 12.2.3.183
Alarms & Clock Microsoft Corporation 1/4/2016 10.1512.58020.0
AMD Catalyst Control Center AMD 12/22/2015 1.00.0000
AOMEI Partition Assistant Pro Edition 5.6 AOMEI Technology Co., Ltd. 10/6/2015 47.2 MB
App connector Microsoft Corporation 11/17/2015 1.3.3.0
Avant Browser (remove only) Avant Force 2/8/2016 662 MB 12.5.0.0
Calculator Microsoft Corporation 1/21/2016 10.1601.49020.0
Camera Microsoft Corporation 2/4/2016 2016.128.10.0
CCleaner Piriform 2/8/2016 17.5 MB 5.14
Cheat Engine 6.4 Cheat Engine 12/22/2015 31.0 MB
CPUID CPU-Z 1.75 2/9/2016 3.92 MB
Driver Talent OSToto Co., Ltd. 1/12/2016 34.0 MB 6.4.38.128
EasyBCD 2.3 NeoSmart Technologies 1/18/2016 5.60 MB 2.3
Emily is Away Kyle Seeley 12/22/2015 60.1 MB
ESET Online Scanner v3 2/10/2016
EULAlyzer 2.2 BrightFort LLC 2/2/2016 3.22 MB 2.2.0
Euthanasia V.1.0 11/16/2015
Fallout 3 - Game of the Year Edition Bethesda Game Studios 2/1/2016 9.94 GB
Fallout Mod Manager 0.13.21 Q, Timeslip 10/15/2015 3.90 MB
Fallout: New Vegas Obsidian Entertainment 2/1/2016 19.6 GB
FOOK2 FOOK Team 11/24/2015 v1.0
Game Jolt Client Lucent Web Creative, LLC 1/14/2016 46.1 MB 0.2.0
Get Office Microsoft Corporation 2/2/2016 17.6628.23511.0
Get Skype Skype 11/17/2015 3.2.1.0
Get Started Microsoft Corporation 1/7/2016 2.6.12.0
Google Chrome Google Inc. 10/6/2015 472 MB 48.0.2564.109
Google Drive Google, Inc. 1/29/2016 68.4 MB 1.27.1227.2094
Groove Music Microsoft Corporation 11/17/2015 3.6.15131.0
Half-Life 2 Valve 2/8/2016 2.11 GB
Half-Life 2: Episode One Valve 2/8/2016 2.11 GB
Half-Life 2: Episode Two Valve 2/8/2016 2.11 GB
Half-Life 2: Lost Coast Valve 2/8/2016 2.11 GB
HP AiO Printer Remote HP Inc. 1/21/2016 59.1.124.0
HP LaserJet Professional P1100-P1560-P1600 Series 11/16/2015
HP Support Solutions Framework Hewlett-Packard Company 1/4/2016 12.3 MB 12.0.30.219
Intel® Management Engine Components Intel Corporation 10/6/2015 9.5.15.1730
Intel® Processor Graphics Intel Corporation 1/12/2016 20.19.15.4331
Intel® Rapid Storage Technology Intel Corporation 10/6/2015 13.0.3.1001
Java 8 Update 71 Oracle Corporation 1/20/2016 41.6 MB 8.0.710.15
LibreOffice 5.0.4.2 The Document Foundation 1/26/2016 0.95 GB 5.0.4.2
LOOT version 0.8.1 LOOT Team 10/15/2015 77.2 MB 0.8.1
Magic ISO Maker v5.5 (build 0281) 11/16/2015
Mail and Calendar Microsoft Corporation 2/10/2016 17.6568.16901.0
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 12/22/2015 55.9 MB 2.2.0.1024
Maps Microsoft Corporation 1/20/2016 4.1601.10150.0
MEGAsync Mega Limited 1/18/2016
Messaging + Skype Microsoft Corporation 1/26/2016 2.13.20000.0
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 10/15/2015 21.4 MB 3.5.92.0
Microsoft Games for Windows Marketplace Microsoft Corporation 10/15/2015 8.87 MB 3.5.67.0
Microsoft Office Professional Plus 2010 Microsoft Corporation 2/8/2016 36.5 MB 14.0.7015.1000
Microsoft Solitaire Collection Microsoft Studios 1/14/2016 3.7.1041.0
Microsoft Visio Professional 2013 Microsoft Corporation 2/8/2016 26.9 MB 15.0.4569.1506
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11/11/2015 9.69 MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 10/29/2015 20.0 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11/25/2015 13.3 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 10/29/2015 12.7 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 11/11/2015 27.7 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 11/11/2015 22.2 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 1/13/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 1/14/2016 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 11/16/2015 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 11/16/2015 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 Microsoft Corporation 1/28/2016 22.4 MB 14.0.23026.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 Microsoft Corporation 1/28/2016 18.6 MB 14.0.23026.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2/8/2016 19.7 MB 10.0.50903
Microsoft Wi-Fi Microsoft Corporation 12/1/2015 1.1511.2.0
Minecraft: Windows 10 Edition Beta Microsoft Studios 2/4/2016 0.132.0.0
Money Microsoft Corporation 1/26/2016 4.8.239.0
Movies & TV Microsoft Corporation 1/30/2016 3.6.16941.0
Mozilla Firefox 44.0 (x86 en-US) Mozilla 2/8/2016 87.3 MB 44.0
Mozilla Maintenance Service Mozilla 2/2/2016 375 KB 44.0
News Microsoft Corporation 1/26/2016 4.8.239.0
Nexus Mod Manager Black Tree Gaming 11/30/2015 23.3 MB 0.61.2
NINELIVES version 0.21.6 SmokymonkeyS 1/28/2016 462 MB 0.21.6
nLite 1.4.9.3 Dino Nuhagic (nuhi) 10/6/2015 11.3 MB 1.4.9.3
OneNote Microsoft Corporation 2/4/2016 17.6568.15721.0
Oracle VM VirtualBox 5.0.14 Oracle Corporation 2/2/2016 205 MB 5.0.14
Papers Please version 1.1.60-S 12/23/2015 1.80 MB 1.1.60-S
Paragon HFS+ for Windows™ 9.1 Paragon Software 10/13/2015 9.86 MB 1.00
People Microsoft Corporation 2/4/2016 10.0.10220.0
Phone Microsoft Corporation 1/7/2016 2.12.14001.0
Phone Companion Microsoft Corporation 2/8/2016 10.1602.3010.0
Photos Microsoft Corporation 2/8/2016 16.201.11370.0
PowerISO Power Software Ltd 11/24/2015 7.19 MB 6.3
Primordia Wormwood Studios 11/24/2015 1.38 GB
Rainmeter 11/16/2015 3.3 beta r2468
Realtek Ethernet Controller Driver Realtek 10/6/2015 3.45 MB 7.82.317.2014
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 11/24/2015 28.7 MB 6.0.1.7572
RogueKiller version 11 Adlice Software 2/8/2016 71.0 MB 11
Seagate DiscWizard Seagate 10/13/2015 606 MB 16.0.5861
Secunia PSI (3.0.0.11005) Secunia 2/2/2016 7.93 MB 3.0.0.11005
Should I Remove It Reason Software Company Inc. 11/16/2015 1.0.4
Source SDK Base 2007 Valve 2/1/2016 3.76 GB
Source SDK Base 2013 Singleplayer 2/8/2016 7.64 GB
Sports Microsoft Corporation 1/26/2016 4.8.239.0
Steam Valve Corporation 11/16/2015 2.10.91.91
Store Microsoft Corporation 1/28/2016 2015.25.24.0
Sway Microsoft Corporation 2/2/2016 17.6629.20261.0
System Explorer 7.0.0 Mister Group 12/22/2015 6.37 MB
System Requirements Lab Detection Husdawg, LLC 10/30/2015 1.31 MB 6.1.6.0
TeamViewer 10 TeamViewer 2/8/2016 36.3 MB 10.0.47484
The Last Door: Collector's Edition GAME TROOPERS 11/17/2015 1.0.0.49
TRENDnet TEW-703PI/TEW-703PIL Wireless N PCI Adapter TRENDnet 10/6/2015 1.12.0003
UE4 Prerequisites (x64) Epic Games, Inc. 2/1/2016 29.1 MB 1.0.10.0
UE4 Prerequisites (x86) Epic Games, Inc. 2/1/2016 21.9 MB 1.0.10.0
Universal Adb Driver ClockworkMod 1/18/2016 37.1 MB 1.0.4
Updated Unofficial Fallout 3 Patch v1.9.3 10/15/2015 321 MB 1.9.3
Voice Recorder Microsoft Corporation 12/22/2015 10.1512.21110.0
VueScan x64 1/11/2016
Weather Microsoft Corporation 1/26/2016 4.8.239.0
Windows DVD Player Microsoft Corporation 11/17/2015 3.6.13291.0
WinISO WinISO Computing Inc. 1/12/2016 25.1 MB 6.4.0.5170
WinRAR 5.31 (64-bit) win.rar GmbH 2/8/2016 5.31.0
Xbox Microsoft Corporation 1/11/2016 11.13.6008.0
µTorrent BitTorrent Inc. 2/8/2016 3.4.5.41712
 


#10 jrdaub89

jrdaub89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 11 February 2016 - 08:43 AM

and to answer your other question no axryqpow.sys is no longer in my Appdata folder



#11 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 AM

Posted 11 February 2016 - 11:19 AM

Disable these Windows Startups: Use CCleaner by clicking on each item and then choose Disable

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Eqcption Microsoft Corporation regsvr32.exe C:\Users\Jeremy\AppData\Local\Eqcption\S32CtrlEnum.dll Suspicious..Disable for a day or two and
if it causes no problem....Delete it
Yes HKCU:Run GameJoltClient Lucent Web Creative, LLC "C:\Users\Jeremy\AppData\Local\GameJoltClient\app-0.2.0\GameJoltClient.exe" --silent-start
Yes HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes HKCU:Run Usfnmedia Microsoft Corporation C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jeremy\AppData\Local\Ohnmics\lgblappr.dll
Yes HKCU:Run uTorrent BitTorrent Inc. "C:\Users\Jeremy\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED (VERY risky...Delete..not just Disable)
Yes HKCU:RunOnce Uninstall C:\Users\Jeremy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jeremy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run DriveTheLife2013 Drive The Life Co., Ltd. "C:\Program Files (x86)\DTLSoft\DriveTheLife\DriveTheLife.exe" /start
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes Startup User MEGAsync.lnk Mega Limited C:\Users\Jeremy\AppData\Local\MEGAsync\MEGAsync.exe
Yes Startup User Rainmeter.lnk Open Source Developer, Rainmeter C:\Program Files\Rainmeter\Rainmeter.exe
 
Disable these Scheduled Tasks:
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
 
Suggest Uninstalling These Programs:
Avant Browser (remove only) Avant Force 2/8/2016 662 MB 12.5.0.0
Driver Talent OSToto Co., Ltd. 1/12/2016 34.0 MB 6.4.38.128
ESET Online Scanner v3 2/10/2016
µTorrent BitTorrent Inc. 2/8/2016 3.4.5.41712

Edited by buddy215, 11 February 2016 - 11:20 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 jrdaub89

jrdaub89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 11 February 2016 - 11:39 AM

For the Startup Disabling am I disabling All in that list, or just the ones that say so in red?



#13 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 AM

Posted 11 February 2016 - 01:13 PM

Disable all items in the list that I posted. The red notes extra attention and comment.

If you find that an item you have disabled you would prefer to be in startup later, you can always reenable.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 jrdaub89

jrdaub89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 11 February 2016 - 05:28 PM

Ok all that you suggested were disabled/uninstalled. Should I just see how the pc runs for the next couple of days, or should I run more scans?

 

Thanks for all the help by the way!



#15 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 AM

Posted 11 February 2016 - 05:57 PM

Sounds like a plan...it should boot up a bit faster and run a bit smoother in your browsers. You're welcome....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users